{ "analysis_details": { "creation_time": "2017-11-30 15:34 (UTC+1)", "execution_successful": true, "number_of_processes": 13, "reputation_enabled": true, "termination_reason": "timeout", "type": "analysis_details", "version": 2, "vm_analysis_duration_time": "00:15:29" }, "artifacts": { "files": [ { "filename": "\\??\\C:\\Users\\CIiHmnxMn6Ps\\Desktop\\zeuspanda.vir.exe", "hashes": [], "norm_filename": "\\??\\c:\\users\\ciihmnxmn6ps\\desktop\\zeuspanda.vir.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\zeuspanda.vir.exe", "hashes": [ { "md5_hash": "c9522f83c60a595694b2e4c6657982d0", "sha1_hash": "8011fd0a959b7d17696306c4ab36c4974540cada", "sha256_hash": "b34abadaa54fa828fc3d1b1540004f5dd94873918d5b3f2a3eab49272b67415b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\zeuspanda.vir.exe", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_INPUT_HANDLE", "hashes": [], "norm_filename": "std_input_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_OUTPUT_HANDLE", "hashes": [], "norm_filename": "std_output_handle", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_ERROR_HANDLE", "hashes": [], "norm_filename": "std_error_handle", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\containers.exe", "hashes": [ { "md5_hash": "c9522f83c60a595694b2e4c6657982d0", "sha1_hash": "8011fd0a959b7d17696306c4ab36c4974540cada", "sha256_hash": "b34abadaa54fa828fc3d1b1540004f5dd94873918d5b3f2a3eab49272b67415b", "type": "file_hash", "version": 1 }, { "md5_hash": "2bbf4515f3f42a943b2732e24fc9f19e", "sha1_hash": "ce487e80749edeccbadefa9c6fb967ca743e70bd", "sha256_hash": "af1c61d4a742b3cb4a11b2bbbdc4b6a4ae77b215ad6aa57f1d51a309f2b77f9f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\containers.exe", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\containers.exe", "hashes": [ { "md5_hash": "c9522f83c60a595694b2e4c6657982d0", "sha1_hash": "8011fd0a959b7d17696306c4ab36c4974540cada", "sha256_hash": "b34abadaa54fa828fc3d1b1540004f5dd94873918d5b3f2a3eab49272b67415b", "type": "file_hash", "version": 1 }, { "md5_hash": "2bbf4515f3f42a943b2732e24fc9f19e", "sha1_hash": "ce487e80749edeccbadefa9c6fb967ca743e70bd", "sha256_hash": "af1c61d4a742b3cb4a11b2bbbdc4b6a4ae77b215ad6aa57f1d51a309f2b77f9f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\containers.exe", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\pgyFOAeI3.wix", "hashes": [ { "md5_hash": "51b6060100f780fce4687b38c704d5ce", "sha1_hash": "042c3d3f4b86f9f96e68920c0b901283bd970e74", "sha256_hash": "03740e5e8bdabe598aa134e8ddbc357e579862958521e3d29e6b132c2c1c141d", "type": "file_hash", "version": 1 }, { "md5_hash": "1a275f9e63c860ef608a51a5a3527307", "sha1_hash": "c9b3c104370936d1e60d676a90c7e84a35a82b24", "sha256_hash": "93076500f8ab254623272097c4c606fa1e6de92c2ba8cc8740864850ca5864ce", "type": "file_hash", "version": 1 }, { "md5_hash": "948fe2a5c930b6d9504679078f445a66", "sha1_hash": "5e4c7f692158a2b85f2cf38a24989012b040c102", "sha256_hash": "f7a66a9161b11249f4020df4ebfdd02ee989395e92577e8903425e0a87c16f06", "type": "file_hash", "version": 1 }, { "md5_hash": "b67ead1d72ba6a82978412b41ae0b19c", "sha1_hash": "dc9545e9632244d1e73aa2e66c9127e41107fe16", "sha256_hash": "bd7484200703ebc39ac41862d1dfc800c2747ba2f2c56556c18e073a38e8866e", "type": "file_hash", "version": 1 }, { "md5_hash": "c8d692d45464cec7ac72a410014618a1", "sha1_hash": "86337fe9402384748c740602d8f5b196da4f42fc", "sha256_hash": "c38850622b4e8f39f63f32a390f9c6ae6dbd995f97f915010feb352d9ac315f5", "type": "file_hash", "version": 1 }, { "md5_hash": "49747746e04d96ab1c4af1a3226a55ee", "sha1_hash": "36dc5b141b172b2713a9066a7cda901d52e602be", "sha256_hash": "62e8fef6ef9b4ab3643edc4c98d44ed12f977498c3a775780e020314ada02054", "type": "file_hash", "version": 1 }, { "md5_hash": "ecddd67cc1bb94b684d4bb7116c7c4d4", "sha1_hash": "e4789ae1ef0db80c39de1cd932169610d7a1bca0", "sha256_hash": "dc2860ef55a5c6ebe873ae1dbe5170c0980caa038c428fbc8852ecc03c991104", "type": "file_hash", "version": 1 }, { "md5_hash": "11f304d86594e21db142e4d5477062c9", "sha1_hash": "3c7f01ede74be6544ec703d59b14c172d1bbdc6c", "sha256_hash": "14657a3e73f8e5e77ad0e5cf7627765fbbd1ea30b82cf2cd51bb681d05065a95", "type": "file_hash", "version": 1 }, { "md5_hash": "5be86a9a54bb683c5dd22e6ccd6e8129", "sha1_hash": "2553416e93dcb6d1cca9762ac757c72c2ff0ead4", "sha256_hash": "fd4a1be1fa728d58a611eccfa621d1861511dd308147af1d7852050a9822225d", "type": "file_hash", "version": 1 }, { "md5_hash": "5d3538851bd0ecca9846381671ae62c7", "sha1_hash": "9cd12936f4234d55fc8d47e3e5c2e7fb8a4ef9f0", "sha256_hash": "95edcf90f9002af85a5a820903fb56248b5ce95709a66df6b443823b1a933b12", "type": "file_hash", "version": 1 }, { "md5_hash": "2ce03089882c124fc7e93e69e967a465", "sha1_hash": "0ad1882034ced37f2e9b1dd5b9ec891b33a406b7", "sha256_hash": "8ceb88a73a20dd2a8fc1d98e55e4e18fbb627f347b000ebe2940f886eb2c88e7", "type": "file_hash", "version": 1 }, { "md5_hash": "b701d42ccbf8f6bfa08728e994325c11", "sha1_hash": "87da3c9bcd2b15c9e9be7f50af6b0d803328175e", "sha256_hash": "fb6015ef2fe52d690b51ac76e5b78900a7946c02479e2f7c8cb692192a2fd56e", "type": "file_hash", "version": 1 }, { "md5_hash": "6be161c2953cae565b22a07e201f8726", "sha1_hash": "9c5b9455744dcdc3d950afeab16eedb5d20baf25", "sha256_hash": "a4d02adcbe9f8b2bafe87f7c1c96cf5156b3449eff825079c92a187e1a9978e8", "type": "file_hash", "version": 1 }, { "md5_hash": "bfbc0cdfb9d6f21a9fa39a14d8e96bc0", "sha1_hash": "9265f255415543b449a4d4b8cc57574067a0e121", "sha256_hash": "ce2e61a5890c0d208981dec87ad662f7c40bde22ceac84c445cc509716c350dc", "type": "file_hash", "version": 1 }, { "md5_hash": "999ad5e81467737e11970863123091ca", "sha1_hash": "92cb1de3bc8d9a70180f2bfa965373e7fc3302f8", "sha256_hash": "ed61788db9b00ea79918b068bef79c0af244a5dd6ddab7c692eb0361becd8622", "type": "file_hash", "version": 1 }, { "md5_hash": "54b20d7537b460847a75649fb0142a27", "sha1_hash": "3ab9fbee5b9e8bdd1d45238c4d6415ce68a82c90", "sha256_hash": "c1f1310bf8192b9760b04ac129ada80c4d8febfe9062f8a1bebb60ec65bf7045", "type": "file_hash", "version": 1 }, { "md5_hash": "3a2e7422dc29c5bfcba2bf3e33906bfc", "sha1_hash": "6bbdbf576600499933171f533b527ef589cfa3e2", "sha256_hash": "6c6b1751aea374e804aecdd3543826ce73aaf785124f74fdbf26b90d2546af46", "type": "file_hash", "version": 1 }, { "md5_hash": "a1592dfa53f9c764309db9727edea7ca", "sha1_hash": "7517c6396f46a4f0f6239954c5e5fbc305bcd9ca", "sha256_hash": "ddeceb8cddc56e5d5207a53d3be2c7756d3418be353fd959fc0f4b48c2ff1eab", "type": "file_hash", "version": 1 }, { "md5_hash": "53b08ad589b28aac3a88f3c35ce38c39", "sha1_hash": "5305e9b775a99d2021bb21fab6f88453feff1699", "sha256_hash": "9b0ea3d5aebbec0c1c59cfdb881d3dfd126a42f435b013bfd4de9de3a9d864d3", "type": "file_hash", "version": 1 }, { "md5_hash": "2c1a3d36b842dbc532141e89b7c626d5", "sha1_hash": "dfef1e8145ebda70f9cc7a95684ac141dc5c9b1b", "sha256_hash": "ececa735534ec922d178ed1bde6272662138867456807e72a6fb6bbebcb82c37", "type": "file_hash", "version": 1 }, { "md5_hash": "864e411b102ddac6e0df717316a0eaf1", "sha1_hash": "06735b9799bd44b1b36211569751cb20ff98e88a", "sha256_hash": "d5f8c0393c9b2516121ff25157de89d76d0a6ee0e66df30bdd4068f53ef03bb9", "type": "file_hash", "version": 1 }, { "md5_hash": "e43cbda4b6350cb4e7f415e3d3ea5506", "sha1_hash": "00729b2a545320e3c3a6aa2b307931bc9f2e9372", "sha256_hash": "db5a979a33461d2323fc0f63154071fdf3d12599ea01bb9f48e337b40ad530a1", "type": "file_hash", "version": 1 }, { "md5_hash": "c04415bfd79968e902df855136a9d018", "sha1_hash": "e8004c53ed2e92805439f503dc1c53356bdc2e14", "sha256_hash": "c2ad3b5608da3de3a47e6fcb12ba56ec1842afbdc82c63c7d202d94f3a775f81", "type": "file_hash", "version": 1 }, { "md5_hash": "fe927ca9fbc42f662033aa5c643d2bf3", "sha1_hash": "cd85ad97c06d7c65c800cf8f47f567dd6d4574c9", "sha256_hash": "1f5f4564ebbb8e12991bb510fa3f97a433ea78cb1ee1ce515971aa1f3190cfb8", "type": "file_hash", "version": 1 }, { "md5_hash": "ac35a77e5f471e14598cca890297ba16", "sha1_hash": "95ebdccb609b0d33306da88224d346ee5be88b7f", "sha256_hash": "aa0cd4e444571a2d10591893338fc5cab75c4ddc762b00c024f6c5dcce4fc66d", "type": "file_hash", "version": 1 }, { "md5_hash": "1385bb15ef5cca5c422d7d61c347ad5e", "sha1_hash": "73955aa3ae5a94ee80d09d0f4613683689b726a6", "sha256_hash": "95e2d27d5e772befcc7b611d7b808cbe46589134040e988a6a7347c1d089e567", "type": "file_hash", "version": 1 }, { "md5_hash": "8b3bfce1c16eb6566c2bbc0ed737e116", "sha1_hash": "691b0ec29bd493152b5b1639d8f60d89634eb10f", "sha256_hash": "69974b9832c0ea7404157c42f1e574bf38195e2dae84054675da2e48ce42a5a1", "type": "file_hash", "version": 1 }, { "md5_hash": "dfb2bf20712433200a0f34e89bfd1f8f", "sha1_hash": "b0309b2e99c4cacb66067c3aea3030a5db4b410f", "sha256_hash": "f9854d06c855c0952576fbb6ec99e620c83aff8d29c4f6f0d8a951629df831d5", "type": "file_hash", "version": 1 }, { "md5_hash": "1982212cfa01f20061a76a24946aed06", "sha1_hash": "119044373b3116f33c0aad617457ad3468dfc9b5", "sha256_hash": "c90ae99ea1f2aff36442e10f37fd34659f44c5af1812619a234b42e8469f062e", "type": "file_hash", "version": 1 }, { "md5_hash": "2fa430402ff82bbcd87c761c904aa8c1", "sha1_hash": "4a42bab79bfcc7893695048c3466d3283ed13d5f", "sha256_hash": "10a5bda3b3bf4ae81795228c425c0f943688254021757a2aed75917d107425b7", "type": "file_hash", "version": 1 }, { "md5_hash": "3e9f4dd5161fccfa15a1f3f04ac252b1", "sha1_hash": "b1f15b0caca81aad6a9a6d923bc7854c45d2510e", "sha256_hash": "911c87d7b39d72b455bc96d145e8b59860473c95f119cf374527678489a1c31b", "type": "file_hash", "version": 1 }, { "md5_hash": "37662643f607ec29fa5ce2ec030368b7", "sha1_hash": "1cd8ec22ca372961ba9c136d97b9860a592284da", "sha256_hash": "4b31703b7fb7e1210ff47e78f4a9aaedb1fa0691aa79b8f027904c609aad48fa", "type": "file_hash", "version": 1 }, { "md5_hash": "b3d656149a3a368dda644aef62d7d833", "sha1_hash": "79b7d2f2009e3d262c819aa53a3cc7d4bd49d438", "sha256_hash": "86898ed575082485010666ba1381f8063f941e8261f04801a84b3ab7d82d40b4", "type": "file_hash", "version": 1 }, { "md5_hash": "29f217ef55494025752782daf9fc6632", "sha1_hash": "11dce1c5f2eadd282343f6e8d9f277299fedac65", "sha256_hash": "6d918e52d15cc2e55603b6518a0de58b884fcf025c07a08ca541e2bfa46e9d9d", "type": "file_hash", "version": 1 }, { "md5_hash": "b615d164742b6ad031d2dc42da2c5f7b", "sha1_hash": "03b504c68552d8c9388a93ec23c52179c9840df6", "sha256_hash": "0d4c1176349e0a361d620d921daa66b5eb64162800c58da2f1fbb9a66d664b19", "type": "file_hash", "version": 1 }, { "md5_hash": "752c8cbfd672ce82e360c94525a7347e", "sha1_hash": "f76db3f323b9dc2e163e822a814bb03859e14aa9", "sha256_hash": "136083471ad4c48610a5c1e83153fb49ed79600f821d3209178fbccdbb8dfeef", "type": "file_hash", "version": 1 }, { "md5_hash": "2e2bf76537833d84beef91ecd1d48e17", "sha1_hash": "1de98b46afe330a05084d4538f65297781905da1", "sha256_hash": "4cc507d91ce1d63f640a4f1100e894cd57750c92b92d5d6788f6809917cdd84d", "type": "file_hash", "version": 1 }, { "md5_hash": "473efc736b09a566092bf99653f05d2a", "sha1_hash": "5b28e1d264659bf9f92ce9a90ab12684e2422ad1", "sha256_hash": "e9c9ac9772830aa1966cd4d298b9fb4fac604f95c9a3802bfba272fe68f62e35", "type": "file_hash", "version": 1 }, { "md5_hash": "abf99640d36285ef7e8049c771408e93", "sha1_hash": "9e2cb742a7b744a12da894b56d894bf71ce6b26a", "sha256_hash": "a855eccfc5f55dd134cb2b5edae3d0bdf48a45ae3a9049b460c2fdc665ba19ba", "type": "file_hash", "version": 1 }, { "md5_hash": "41dac4e0c067e6ca3d648e9acc387627", "sha1_hash": "018cd17aff1667a6d22587c4506269fdc03ef503", "sha256_hash": "cd1e4a09f4862bf13827da7f93c6c00228c468a647fa4a89ff9c55007fcda138", "type": "file_hash", "version": 1 }, { "md5_hash": "ec98f141b54c6ff63de52791893d9c27", "sha1_hash": "27613a6bf3727cb03a4f1dbbb2e6a775acca90ef", "sha256_hash": "2be661be6833a8f59f4e5b264bcf1de755ef54250515dc03083f85887acbc17a", "type": "file_hash", "version": 1 }, { "md5_hash": "0f9f674a0fa9515a5a4f67bcde4d0a0a", "sha1_hash": "fe85e045b59f07f85669bd46d63f660620761b2e", "sha256_hash": "df3d3a0ed7fc2ace8bfbca69645108d9d517cf701bb56c371120497b69a9bf5b", "type": "file_hash", "version": 1 }, { "md5_hash": "4cfbf93467a5a7a77b097bedfc117235", "sha1_hash": "79044e5abd1885e2dfc5851f03254f67af12a8c3", "sha256_hash": "4d01e326b22bc3a40735af6f23be57d5919cc5d1c2fc94894087c8fddea1300b", "type": "file_hash", "version": 1 }, { "md5_hash": "d52e836e928be5e360d4b78dc6207d87", "sha1_hash": "a9a0fedc4bee162254d518756886702b0e5f697c", "sha256_hash": "6fce4fd55701c36c02318fb9e378eb067703ee05ab8cf130efc8cfdded59644f", "type": "file_hash", "version": 1 }, { "md5_hash": "27556dfc48e76285833d8a04efa15ec6", "sha1_hash": "b43b66bfc978fb212cf13e7ec5992eb43178c0c3", "sha256_hash": "132ea79a4f8e7211d115b4fc0a75a810c078b6c3a7ffaea734ff17b826e160d5", "type": "file_hash", "version": 1 }, { "md5_hash": "3939683e91dafdbc8e732437daf6f42e", "sha1_hash": "869985d5f2213414cbab7c8bce75dba757e5a354", "sha256_hash": "0b2fdc46d17fcb3c9743ddc50ac08977715d2df0f8d550d1f2c33c6256535c47", "type": "file_hash", "version": 1 }, { "md5_hash": "31bee244631bc1a3227d34885c6f8616", "sha1_hash": "9f424e2b0159a7fbcb0aee21326744706ff59991", "sha256_hash": "60e2bb749b7447bc7113f8d25b4a966eeaf4599b0c17914b889c4d2b58331f00", "type": "file_hash", "version": 1 }, { "md5_hash": "7fcd6ef51678c5ae53e9d347e0f8f85c", "sha1_hash": "abf5e40323ce1404a0859386a168c70f2dffbc04", "sha256_hash": "8d071f88de460c436516464cc897546b285fdc7992c5802a64f35c6e7b3e0035", "type": "file_hash", "version": 1 }, { "md5_hash": "4a51932fcb2e4813035dec9f2eb79901", "sha1_hash": "d0bb19405c668ed997d5577332150a34ff3f295c", "sha256_hash": "1ddfd0d8f2f06baf655d9fc8ce2aa9c4e9e88b05e9e9190a84784760c139c7a2", "type": "file_hash", "version": 1 }, { "md5_hash": "eebc5d7055bbf07f9f7d36d387c0a3eb", "sha1_hash": "824026bd93be680e3363be0affafcdbde3a01870", "sha256_hash": "b1742de8db4a613bf95d18253c60c73de8482068e981ce6553454a180e2b16e8", "type": "file_hash", "version": 1 }, { "md5_hash": "0281ff2858afd8d48312017c7d7d314e", "sha1_hash": "8241f61be50bb183ce90452f02d5982ea584f23c", "sha256_hash": "8267d834dbc661a80a34424ec1701e49ad7b6851b8585fa5ea19f419cb59874d", "type": "file_hash", "version": 1 }, { "md5_hash": "2e6e202eb574878402d5cf5af694c084", "sha1_hash": "e7ee043118ba80e8eb8dcaf2a55e38d397468a44", "sha256_hash": "4683f1ecee37a999efcb39307e1dbae4d0aa389ba2d6d6f1496098fc47c3bdd7", "type": "file_hash", "version": 1 }, { "md5_hash": "325a9f04d866111efa0c4c055d2520a4", "sha1_hash": "002afe77b885b5e853f1df3b401f973cebc46f45", "sha256_hash": "ce32dcbb01c72579378d45d3969447faf69340cc4bf71840072a5d655ebeca43", "type": "file_hash", "version": 1 }, { "md5_hash": "79137110fa26ef93519c5f5fc06d6878", "sha1_hash": "0bd87ef5b998cdc9d49ae2b520dbdfe2f0377b03", "sha256_hash": "579ef5d991f11c40ee8f3a53b490264e68534b8ebb7730492d13463da74c96c3", "type": "file_hash", "version": 1 }, { "md5_hash": "50e4e3bd81a5a4c76edc7a06872f8910", "sha1_hash": "4df43ea7c52bdb2d8d353f863fb8182f5cc7502c", "sha256_hash": "0a530677589bc902a22292befb4fc81d5cf4c1cd1d470a0ea29c6e28212e0b1a", "type": "file_hash", "version": 1 }, { "md5_hash": "6ad3a7538b8a7b4760beb75c29cc549e", "sha1_hash": "6bce6136b2e7583a73a6729ea55e8a357c5109b9", "sha256_hash": "dcc29c6c645904bf50cc3269e20dd52d2c7264c02fd4abaf3bf45ff90d735282", "type": "file_hash", "version": 1 }, { "md5_hash": "82149ea6f13efb05a7a857c9524206c0", "sha1_hash": "8b5504f473005bfeeb6a4621931f45a594e39f99", "sha256_hash": "1b5b293b8bb69969b5edd1fae5cc1e9e253de799b943eb0d996c7b0d80855561", "type": "file_hash", "version": 1 }, { "md5_hash": "890881188a68d4d79d2b84eb9562faa0", "sha1_hash": "db21f887c9eeb6a231eea8c01e24980e272ee401", "sha256_hash": "3eee1f1cee768e487aa015ba44aa4819a35d57b824818640737c310ba706ac8b", "type": "file_hash", "version": 1 }, { "md5_hash": "c296662b42e3b5ee7be6dd9af55885f2", "sha1_hash": "c09f6e6e75acea7e909f23558c261c870516feb9", "sha256_hash": "2eb22f9abd8970fd5979d3c838791d3b0407103fee2fdb0fb175e169e98e3a92", "type": "file_hash", "version": 1 }, { "md5_hash": "a899a735ca54806f0e2e5370d06f0c98", "sha1_hash": "eb594bca29702261f94ef2c47e448e6c8a08dc1d", "sha256_hash": "63e9c849264425991071fbf13afc2181e22771a2e29f756df6538971519c51f0", "type": "file_hash", "version": 1 }, { "md5_hash": "ed450d8bb34ac18f53f98d9659e2257b", "sha1_hash": "e5fa0cd8ca4a010db979ae851a11d0edd4bd7b35", "sha256_hash": "a2ec6f8c3c15d6f2bcc9372bb88d84f28f86a8dac873c7c40bd8dc8866d4d5a8", "type": "file_hash", "version": 1 }, { "md5_hash": "51c39c010e918623bd866a52ec6da38d", "sha1_hash": "76c65a07447bc7d8cc4b25edb2f02f4abd738e61", "sha256_hash": "21b071de60d5e782dfd9081187bc6848e35cdf05f4999e11bad6e1b71f9c9351", "type": "file_hash", "version": 1 }, { "md5_hash": "43e3953ffdba1797aa3877c1517025b1", "sha1_hash": "9620b6c79f3ad5b68b1a3c2671c961fddee74e8a", "sha256_hash": "660fff60517b529b21b47b646664ab4746a4fdfeb1fc89cf87d00ee2a35700b9", "type": "file_hash", "version": 1 }, { "md5_hash": "f4350400ebc42cb6e8813c050ae7d516", "sha1_hash": "2000f96970f9446a9206380384b9f5bb52c55d28", "sha256_hash": "4259bf9b98280f07443819d7f30955ecf77c1bf2a8a1f67377340eef43d25e8e", "type": "file_hash", "version": 1 }, { "md5_hash": "ee07d6bf78d0be81801a915adcc02ca1", "sha1_hash": "c9971de09999df184fc368a619d73b1f3d58885c", "sha256_hash": "22a8c2ecadebbe79e961a81bdf68957ff97d072d2b1f1e6c627f0d3b77c2d4f9", "type": "file_hash", "version": 1 }, { "md5_hash": "63e81763e02bc00b58e52da6fc887a92", "sha1_hash": "4e2eafcba532d8dada6a7c38773fce2ab3c81d82", "sha256_hash": "4673b9dfe20e4c590f94207874ad592cdace907d55c612e766a96fb1e84a3042", "type": "file_hash", "version": 1 }, { "md5_hash": "e83c51b820041ef443e51d98e3f612be", "sha1_hash": "53737ac895fd42e4987108c721c87e207f357b25", "sha256_hash": "bcf3c5be012c9aacfa9a37b3d06338fdaf32d2de3a4ace62cf9320e90caa172e", "type": "file_hash", "version": 1 }, { "md5_hash": "3b12a168701971a21c9b571035c6a0f8", "sha1_hash": "0da0f43065298e392749160f2ff40fdbe445124d", "sha256_hash": "34ac8810b8abf4f8805071b5ecbfbde681e37a7962057d411c11cc596cb5dca6", "type": "file_hash", "version": 1 }, { "md5_hash": "2739399741830726c012701bd52b7ccc", "sha1_hash": "656c296562760815019ee973b7dd5378d8d6abc1", "sha256_hash": "f9c77921a460cc9b94a7491362527d1427b26823ed48158b631bc57ed33f652f", "type": "file_hash", "version": 1 }, { "md5_hash": "27f6f2152d9eb2234694e0877422ccb6", "sha1_hash": "0c861dc9db067c65e05f7f48fc677bc07966db22", "sha256_hash": "5adb193561f442021455ec68521dafe9af71d2fd93fb1ee228eb4e97a30ab54c", "type": "file_hash", "version": 1 }, { "md5_hash": "77f0193e8f6be3517577f1e1eda545be", "sha1_hash": "555b8e0d22e10e617564bf02fd3b7c3e82a8748f", "sha256_hash": "2a8ae96bde02e0862c3bae8bb8489d3f480e3eba6c9b24ca64ed106ce09c96b5", "type": "file_hash", "version": 1 }, { "md5_hash": "b63bc739a27f74eb3fe9e276a366f896", "sha1_hash": "3794137cdbe99f62b0097d737b5295e69a4193b9", "sha256_hash": "c653223195eeb21f55d4f1f004257fd43feb289a54ca10fbcaae382a87f89bb2", "type": "file_hash", "version": 1 }, { "md5_hash": "65c927cde4ddcff695818c5915114a3b", "sha1_hash": "d8b8f52e1cc755458d71d67e6d6460a78ae5a6cd", "sha256_hash": "9c5193f63248af045b9014b75ea5379eed0159b919c639c7aa3dd5f4d01ec0f4", "type": "file_hash", "version": 1 }, { "md5_hash": "aaeb7e4309d99bb808405b4e2cb7dc6d", "sha1_hash": "90fe10c790a5b55fdc7ea16301cb19f662441d52", "sha256_hash": "b06b37d2eabbd600a8c21a8fa8a05e61dc53b392048d2a4e67faefad02f65a13", "type": "file_hash", "version": 1 }, { "md5_hash": "6142480f697426d754adf0c6e7fb5497", "sha1_hash": "712666f6c412c29fea791c60a57ed9f3aaf667ec", "sha256_hash": "1457321593712996a5f299347a9277f397cbfe419bf3e4988dff3501dd2a2be5", "type": "file_hash", "version": 1 }, { "md5_hash": "f0b762838a58148af445925733cd9f86", "sha1_hash": "88e79bcd4894cb5e925478224fd699fa9e7058cf", "sha256_hash": "d719b2c869f90bf179a7dfe8b172d46fcac7d349bf20851c22973eba48675907", "type": "file_hash", "version": 1 }, { "md5_hash": "1e6e690e73680731887d430e0869762b", "sha1_hash": "1def27555742adec44d8ab74c884a27afdfcb9a3", "sha256_hash": "b886fa128a611ba1b079207e01b374ca8068ab4fddae8feaf2b858c1e3f36cc5", "type": "file_hash", "version": 1 }, { "md5_hash": "67fe90eff4a2f2650148f6f11e7a693d", "sha1_hash": "6ca287f3f0ed0201c7be6f5299419813fdb2a314", "sha256_hash": "33af58cf34284d20cfad224c064e48d4c9ff080b38f35d214da2b0b18824c2c9", "type": "file_hash", "version": 1 }, { "md5_hash": "56a1ece9daeb8537a56f19911a83b199", "sha1_hash": "99899656a32c2c593b848dd375f53ce580276a69", "sha256_hash": "15d63269a8dbfcce2099b9913ca67877cf662165de479943c83d1b72af4b5c11", "type": "file_hash", "version": 1 }, { "md5_hash": "03d9a4a10c71791249e80820860a4772", "sha1_hash": "c42acfe22aea70c470c0bbafbbc8f80230bd2a75", "sha256_hash": "fd395968c56a16d75076f1cd6a419a7e8b323a1123241efccf3328875a2b5e85", "type": "file_hash", "version": 1 }, { "md5_hash": "12b2fb63c9d060744945e33af1c1d6ef", "sha1_hash": "52ae7aed5e40f16d392afa7eb59408dca6113aa6", "sha256_hash": "47e873983d945ffb5758832dd38cb8ce4bbaa825daf9fb5916021734d521aa55", "type": "file_hash", "version": 1 }, { "md5_hash": "562718cc0f9dde290ed96144b8748924", "sha1_hash": "42a2d996649d6169dd012fd6ec4c8521c6d1d7dc", "sha256_hash": "b563f6a196269196c279309972f9a89acd9e2e4617189ab1f66aaa88bf75e2a6", "type": "file_hash", "version": 1 }, { "md5_hash": "0208276064edd371df9848924d2ce52d", "sha1_hash": "60f93d5902a52b9907367c4fc8c35e28bdc0aeec", "sha256_hash": "d0a1ec62d000edaa129c3222687eb7d88abe1a8bb85861a716d00d80d84708cb", "type": "file_hash", "version": 1 }, { "md5_hash": "b3e4bc7bce0449140c64a20417806736", "sha1_hash": "6a838d862582ad885d06c270bd7e53735319ce12", "sha256_hash": "cf71b8662a2d46c3719bfe02b97e9aab66be023de85dd6a49126f79cb6b134b7", "type": "file_hash", "version": 1 }, { "md5_hash": "ab7ddef34dd4e99db84d975b083de0d6", "sha1_hash": "aa71c4be3d1c4bc3aa1a3f114fc6749dcb8a4040", "sha256_hash": "315d798eadba544f89087288724ad849cf7cc25efaf9583804e3eb3e079ae930", "type": "file_hash", "version": 1 }, { "md5_hash": "658f9d71ddc6ec54bf9b6aec30d3cc5c", "sha1_hash": "a8a7679c5b026ee35aee89fd82977cd03184bd1d", "sha256_hash": "ef25c2ead97bd3d50fb29f2b839bd22de88aabcaf9be950257f5da707d309ba2", "type": "file_hash", "version": 1 }, { "md5_hash": "0b543aac930cd2d9562a2ae37a232394", "sha1_hash": "d55c49127a48a15e742c8301f1adfc5150644c24", "sha256_hash": "8f4de247957a1dcadc2e773f496449e7c8dd4a4f9e5757e070d3b9b86471df0e", "type": "file_hash", "version": 1 }, { "md5_hash": "777fb81ebcdc022b739ee4b76c9d5df8", "sha1_hash": "70b777c0c27c1671963967f24b848ec324e0b1b6", "sha256_hash": "65bc0257ba4496f4b6787110f355626018dd87874a6e63d56ffcb732f04fca9a", "type": "file_hash", "version": 1 }, { "md5_hash": "b792ee8d6e31c5581599e6a89954153a", "sha1_hash": "25e49f913f5429deef37440b2d365cd02e0c2ba0", "sha256_hash": "6a185d6e5d87ecf0d254fe8e47d9af25d1422fbdabfeb1013130719bbf4c536f", "type": "file_hash", "version": 1 }, { "md5_hash": "bf8342780823e7fa44222be101e34cfe", "sha1_hash": "b4b72399aba5fa5ef3300eb2f9b4897dcff4b7c3", "sha256_hash": "3e8699ac936f447bee469056d62db8c7301de1c7dc15e1ae24bd8fe4f438e220", "type": "file_hash", "version": 1 }, { "md5_hash": "0eec26117a364bab41c65b8be51bf2a4", "sha1_hash": "11f350a58a993bd65365e1d38861300df4edf846", "sha256_hash": "1b67bd51942f805a1c384bc2c52a2d6277663a023268dbd7c6da31bc2f9f935d", "type": "file_hash", "version": 1 }, { "md5_hash": "60dcaf9c56f8d66145f69c96a47d76fb", "sha1_hash": "4be74bc99b72d84fede317d5d732e4a271897723", "sha256_hash": "15fe4ca92da1c77194de1581042d01da407d6c8ce64d5fe0e883d49a3feabda2", "type": "file_hash", "version": 1 }, { "md5_hash": "60afd01276a7217536508e7d8dcf7722", "sha1_hash": "48b272c35290690ff2a7719b0e30d1dfd081c09c", "sha256_hash": "630d9367a0c625eb56828ee87ffde3e7d4c1a8fb1f7bc0d0882e404ac786c31c", "type": "file_hash", "version": 1 }, { "md5_hash": "c4e9d5d89ef582566b872e3df3baadac", "sha1_hash": "8eb453ea778bd905062afea5f2311d33ed679551", "sha256_hash": "6b2b6639e4d53535197d9bbc35f8b66924ab8de931c7e736a16620309f77304d", "type": "file_hash", "version": 1 }, { "md5_hash": "742a63b65e9f6e45ac49368d223529ad", "sha1_hash": "8d83f521c3a1deb650ad57bec34d034b337e5fe8", "sha256_hash": "271d6db98241bec76c1e506395c0b55b6f2362de0e30a3be2ceea129dab15768", "type": "file_hash", "version": 1 }, { "md5_hash": "01b7f7e06d6ab697fd90fd2bfb7a436f", "sha1_hash": "8146f3ce0707a8eba00321dc01c3933090ece463", "sha256_hash": "9bfefe3527f1ba567e6ecb8967f435b5039c04ac25113281e82fe824635c6105", "type": "file_hash", "version": 1 }, { "md5_hash": "3f9d60b99925d17d305c8de36efba69e", "sha1_hash": "1452bd2ed0e3a6d34f660e7c500779f77a3a3ab4", "sha256_hash": "12819b07bcfdc3ee0fb7c58332db4f18bd9fbee87ea5ec2c7d1dd8747476812f", "type": "file_hash", "version": 1 }, { "md5_hash": "ec89e8caae91162a4c14e37c3ee0f430", "sha1_hash": "36801dd88a32a839c211f1e88f813418397de0fc", "sha256_hash": "3dc0176abe4597044a51d5015e29f83e9d103cee9e8d555a7110fd309dc9a7fe", "type": "file_hash", "version": 1 }, { "md5_hash": "b65734e1f4fdd0ad4184482f1e3181bd", "sha1_hash": "70e650ac0e1f5ca5ae24ae87779ad54818075f76", "sha256_hash": "0bab7331b42fde8dad5c7c905bb5457b77807025122b182fcafe96e6946a6535", "type": "file_hash", "version": 1 }, { "md5_hash": "4e77889fc8fc893ddd18911ef58a2d80", "sha1_hash": "c0f447fe92b4e8e015b77b002e4f69a23d6bcc52", "sha256_hash": "f3eba3caf493ae6f20f1f471d2ee2a89f20a67b9049f14488d016fc7432370f2", "type": "file_hash", "version": 1 }, { "md5_hash": "06fe29029ef50296c78ca70fc8161ce2", "sha1_hash": "bd91aa1ff29a4dce613641ed503a8c5e7767bcf4", "sha256_hash": "8de91be2daf94ae434445478a545bc64ab66e3e46c6502d3ab5d6b5f3cdee346", "type": "file_hash", "version": 1 }, { "md5_hash": "b8959860eeb641326a8c1fea8b88c747", "sha1_hash": "1414a403573ca8ed711432b4411b2c40900b0874", "sha256_hash": "f7449b824eee3a46d9694a152b77865eda9efaa51670eeb3764b4296fde5ecbf", "type": "file_hash", "version": 1 }, { "md5_hash": "5f905eb958e44c3504454719df7830ee", "sha1_hash": "2d308753953c59878409e7aa63c945ec315d7801", "sha256_hash": "7a2f8c532146fa93821473e907e05e27b2df0633e79accc0d837be2a5a8998d4", "type": "file_hash", "version": 1 }, { "md5_hash": "f5de183a5d8b7fb45581d38d3a9d8996", "sha1_hash": "180472a99a10d21371fee89b7af6dbc5bfd9f1f5", "sha256_hash": "4b7b34da9e1cc63ee083c18b891cdd60b1d0c37be3a11bce981b4200ba4083f4", "type": "file_hash", "version": 1 }, { "md5_hash": "cf8e0558f3ebe23d18591c885e5cc90d", "sha1_hash": "85f405b7efb91ff6695a46a086ccd23db0abbeaa", "sha256_hash": "18276ea5d5978cdbc1c6958afd99d1310be7308a70e2d20272b57f04337a7461", "type": "file_hash", "version": 1 }, { "md5_hash": "4c79fd219ccba9da9aa4d940cab0643e", "sha1_hash": "76ae8b91ce20ce8a192eb89a685ce525f8600356", "sha256_hash": "4e82cc39c4ee7af1ca6902129d6dae03019e4631bc3c2843fda6948c62f5410c", "type": "file_hash", "version": 1 }, { "md5_hash": "977667f81f4c9395fac951940fe21608", "sha1_hash": "7e74ead716a09bbcdf763eedc9c07e3f7b0d4d9b", "sha256_hash": "74ad3170284612c1b4acfa5c03b20b0464f3838f8684f221c4a806413df2b56d", "type": "file_hash", "version": 1 }, { "md5_hash": "719eefaf8ed61dd59151a03ae5d7489c", "sha1_hash": "c4991e51668ce2b1368012e94fdd175f44bb0059", "sha256_hash": "64a059a6c66557c5d016e5eb4be0c16a473cdf8af26a38ad2751c37f998ffedd", "type": "file_hash", "version": 1 }, { "md5_hash": "e83d0a37f12fa9e077aebd6dc7196962", "sha1_hash": "7ec7656e4926b37bc18831931ee9672458f89200", "sha256_hash": "4e304ab43ac39dd7c0ad374a1e78f358a0961d18e9b3dbe2a05a715bf95e8557", "type": "file_hash", "version": 1 }, { "md5_hash": "35fd8847359a0d204fa890921bcfbd70", "sha1_hash": "1a52236fc03ca560abcf875d746323e9eaeeb2af", "sha256_hash": "5cd77d2d534397fceab04193c57cdeddb35183e98e9dcd325f9d973d5b83468f", "type": "file_hash", "version": 1 }, { "md5_hash": "5101d7a955e3ab8c8c99b2d3ecd64fb5", "sha1_hash": "1191cff510788667804fca47b8dbaa2b49f9531a", "sha256_hash": "869d6dfd5153cebd0d705bc1d1a9b5d5ef2380ce504a190ec48c1e707bdb4966", "type": "file_hash", "version": 1 }, { "md5_hash": "89d13e2e1ee97cd12ab6399ab713dba7", "sha1_hash": "3daac12bdc5e4b36c3d056b0f98e65f85fa50ce3", "sha256_hash": "d830abc9df6880dcf4e4f269d0b97f3b07cce833b6a85d5d78f77ae00dca1cc0", "type": "file_hash", "version": 1 }, { "md5_hash": "6aca05d501f8ee1356089497c803e7e8", "sha1_hash": "a1d710c54ae660f80379858bb3242e46a9227fea", "sha256_hash": "acbc12a2880b8dc30bc8b593f9401316052e0379879e56091bb3bab2ddc83dbe", "type": "file_hash", "version": 1 }, { "md5_hash": "74d7bba8446d3dd10539749ee3828bf0", "sha1_hash": "fc81b7afafdc6211a5799c67975b53a1a08ac427", "sha256_hash": "7c987505acc3664a81e0790b10f13e66166e40d34549816cd8478b99d24a3f4a", "type": "file_hash", "version": 1 }, { "md5_hash": "7b22368e6fa7be6a9367814f1140b7d0", "sha1_hash": "cdfe46b447c18ecfcc8544518e01397fb384a58f", "sha256_hash": "983dff21ea81b8e17e032bbba44bf1ea80b73a67b2710bce905bc998562f02ad", "type": "file_hash", "version": 1 }, { "md5_hash": "a12970b34917a4567691fe0cc637098b", "sha1_hash": "677b21967390ad5ab423d533d5656b2e857bfe7f", "sha256_hash": "b4e5db19ff959d6fd4b8a7165af593ea5995b0b2bb2fcbe06f825a9f32ce6100", "type": "file_hash", "version": 1 }, { "md5_hash": "e1423f9fd3d28137e487941bf42d59d2", "sha1_hash": "5982ac554ff115d5159671ba88f2ebe7bd45b357", "sha256_hash": "4518bcc0e6f8f524c42395ce3beec9e04c52e34caf83716d45328c9e6e350a61", "type": "file_hash", "version": 1 }, { "md5_hash": "e32fbd49fe8892e926ee9099f74a9406", "sha1_hash": "846845be56de8307b9d065253d0855c783c206d9", "sha256_hash": "fdd9ab6a7e272a8a0523c7f1ee23307057dd76c93eef0c6731f9d65e58a64782", "type": "file_hash", "version": 1 }, { "md5_hash": "41dee095438331c85337715471144b2b", "sha1_hash": "fa9d558bc5dd89e66e309e7c121c9f71bd913ac1", "sha256_hash": "ec47911cdfbcf12a5459876ede2946ec799e9272b67323a295eef03821da611c", "type": "file_hash", "version": 1 }, { "md5_hash": "d673e9072973fd465b31987dbc0611ee", "sha1_hash": "778a8394ba15345051af228735da0ba0b7ab9009", "sha256_hash": "559cffc7b745e6ba7b83b03950f3286eaa220ee2c922d03f3022a935e63c787a", "type": "file_hash", "version": 1 }, { "md5_hash": "dab78359a22d68a1e3936c59eb0fedc0", "sha1_hash": "01d315deb0f808282ced752c8d693ea8c2e05d2f", "sha256_hash": "52345e8c8ccf23e003b18121a74687b2fd466d6f5eac4760603b6582eeb4193f", "type": "file_hash", "version": 1 }, { "md5_hash": "fa0de1182a9bde039f0ec5d2cbc211af", "sha1_hash": "241af6d21cff774017f0eb9cff72f22bab8eab30", "sha256_hash": "4918121ec42b8b044919aa1d531be1f82a6789d06c213714ca1a996932a3be38", "type": "file_hash", "version": 1 }, { "md5_hash": "3371590e60e649b4de8a73afa9dcb93f", "sha1_hash": "6cb98960b6f0bbf7797d7244ca2d1b6d853ce097", "sha256_hash": "d73fcf1f6d1a6a7e907eef527aebc91c79a0ddb89b1242d184b3aba80e7c7159", "type": "file_hash", "version": 1 }, { "md5_hash": "3a3f49e988741e8e852de274921cafa8", "sha1_hash": "78372b93d84a597e8cb225708b3665c5c8832322", "sha256_hash": "2655969808e511b23ed29c1546e83a4c82d39889cc075bfc86bff8747325e066", "type": "file_hash", "version": 1 }, { "md5_hash": "ee8abd6ad7a0dda0a53cf8a22688c580", "sha1_hash": "91f83060394aa7674c9a135bc4c9d6508a534e13", "sha256_hash": "a15093931269db8f9281f5c4777546856f3c8f8adef3569a8052c1b16bc95b22", "type": "file_hash", "version": 1 }, { "md5_hash": "c73560dc36b9fa1406fee74e909a1928", "sha1_hash": "6d0bcf3936bfc4202f828e2921370a2aacfd280b", "sha256_hash": "41a68f203a733f0f4f2b56e001dba5a773eeee8b83b4fc0938a6c5436809650a", "type": "file_hash", "version": 1 }, { "md5_hash": "53054daedfef2d4df376fd30e8d05bec", "sha1_hash": "2c61e80cfd89b18cf6595b9c2d1d5740a2b642ef", "sha256_hash": "29e66449359c00285da96c5c30c97d4bb41e3618532059988531bf9176b99b56", "type": "file_hash", "version": 1 }, { "md5_hash": "f923413fcb241a839ff9dac023e67239", "sha1_hash": "368ea75d9e40ca03b81e0f5c1d993dc9e8e4e975", "sha256_hash": "43df8f131145a72bfc9e4ddfc662e3d104c0dc0f78f38fa56ab65993c552683c", "type": "file_hash", "version": 1 }, { "md5_hash": "cb604971b422caf88e36a7b9df2f34f5", "sha1_hash": "eff3450b4333718b638a52f856795b9f7341ce34", "sha256_hash": "333329b911c3bfb71cab7e282a5af8b98b5bf06094fceaf3333b5b382468de4f", "type": "file_hash", "version": 1 }, { "md5_hash": "98f2a758cc7a4f91784500c4611aba65", "sha1_hash": "a18863dba063432401ee1aabccb8e823bab8c760", "sha256_hash": "9dba5e3efea4789595a3377f7f05c6143f73a32b4d77a2f6eb6503798e92ee90", "type": "file_hash", "version": 1 }, { "md5_hash": "74cfc4d8677f142d44a5bc2e62fbbb76", "sha1_hash": "9a844e74f70fa704f220dc17d1cd106edd178af5", "sha256_hash": "6256c08a18c462914fdd78b08afc4507b6cb5317c2a9c309d332594bd28fb6c8", "type": "file_hash", "version": 1 }, { "md5_hash": "64f1830c9286c825ddb25313c564dcce", "sha1_hash": "dbd8ce6cedf20a300995e1a6202b7ac2527304e5", "sha256_hash": "d41480b84194701753760c6b52aa9bc577a96ae12d15e145f28bcfb883bf84b7", "type": "file_hash", "version": 1 }, { "md5_hash": "5f8a25cc1f314787827999f4673b1f83", "sha1_hash": "f48aca2b4ab2252c676a22b2e172ef2b1df5c614", "sha256_hash": "965259d90b623fc3e3c9c01acca7fed77aa84be1a7ef06a36a4e4877b26cd829", "type": "file_hash", "version": 1 }, { "md5_hash": "ad91b81d26949997ed07a5316154c8e2", "sha1_hash": "ae747597a7d8b1e3773d6ede29b22e89adb4cd6c", "sha256_hash": "4e4886c649821454eb4003911915b81d398dc3af9b7dbef733a7b5c91040d253", "type": "file_hash", "version": 1 }, { "md5_hash": "f99423713a627a420a6cb5fbf51e955a", "sha1_hash": "9cfd490da9ab6c96c3e2120a7fbc81cdd7017b0c", "sha256_hash": "58b2c86bede34764b794d5517e171c8e6547b0529db29c3c837b5f377f8e6214", "type": "file_hash", "version": 1 }, { "md5_hash": "69e2528c964f38a71bc8af808d3bcde0", "sha1_hash": "58e41afbadf13a58589d1559a9b831f12b111221", "sha256_hash": "96e34349cbb6b18028231e3ecf762a1b9c7c44e43851762a51122ad32744056a", "type": "file_hash", "version": 1 }, { "md5_hash": "c288f198ffffa440be84a8037277572b", "sha1_hash": "8ca8d273dcb495c8acac03c89e62bcaf9ca9266d", "sha256_hash": "ca11067f5a63b9b7b7417b49586580125bf15eaa63ef19b01d0900cf7a593703", "type": "file_hash", "version": 1 }, { "md5_hash": "9f589c1eb5d7c684b28468cb8797fea7", "sha1_hash": "d8ef50a0cd4c3dbdbd786e76199257dd489b0a6e", "sha256_hash": "f1b48fb832e3497a07985836c4dbf335168339574b844bf9e87234e117fd58ad", "type": "file_hash", "version": 1 }, { "md5_hash": "80f77b2c7ae13b70dc73079dd0f90458", "sha1_hash": "efcba073526fafc162456ff153485274eb6b3625", "sha256_hash": "2095255108dbe238b465278bdce6105b35dd7ebaecfd17e2cfd3a6ff04fc5405", "type": "file_hash", "version": 1 }, { "md5_hash": "c668bca5b35c9d76fba586282b49534f", "sha1_hash": "59b095861e759288fdcdccd696e71df60255e083", "sha256_hash": "a605ba00937e533eb3fac2fa4da6be900a86a80697f805a8aba896b6a2652f81", "type": "file_hash", "version": 1 }, { "md5_hash": "4beb05cf897cc4b3ca8204366a1c4db3", "sha1_hash": "8bcbd9d2c82f2fad61fea4abcb5da1fa68ee02cd", "sha256_hash": "486035ae475be0e61fecdfea8daaa99f50d470060f74737a4acca78df6489657", "type": "file_hash", "version": 1 }, { "md5_hash": "7c3af3e6e4dae95a9e2f9e0000d8da9f", "sha1_hash": "3cde48237a7876e1c761c0fc3c09863f332282de", "sha256_hash": "fd91cb3e5de4d8f8db8daa17a0d949e5199f42d885f6c48790527e8d2b6cf05c", "type": "file_hash", "version": 1 }, { "md5_hash": "3b51544a4da8ec239a2d018439ca3678", "sha1_hash": "fbbaf67886925695eae5f403ef5be956a8e6bbb5", "sha256_hash": "8d6b0c1c9e5fe6063d169f9dd41417976eac2ea4e2afbfba36decbde6ec7f32f", "type": "file_hash", "version": 1 }, { "md5_hash": "698254390007dd7faece68a269abd736", "sha1_hash": "8e8c7afdfc7883ad6cd34618adbf56cd96f06cb8", "sha256_hash": "f1aac149e8b8597ebd9d20154451c9788c73fee8a3542769663ca4c519e58159", "type": "file_hash", "version": 1 }, { "md5_hash": "a37c2debc8f32c5e7255c0c158f0a941", "sha1_hash": "cdad4f8149b67943dcf1db300223794829908c82", "sha256_hash": "4282dada6036552c9f7f23863ef69329d1dee1da7646358e79f12810b93ee79d", "type": "file_hash", "version": 1 }, { "md5_hash": "dc0a9e47cf7dcccf687fdde2b3513185", "sha1_hash": "fcb69f4f889481691da2ab56771f4e744648d0a8", "sha256_hash": "fad0a7fc37eb112ab190268b9a0fda2188b9ed62c20788036ecbdd1a3b727cb4", "type": "file_hash", "version": 1 }, { "md5_hash": "f841972a36ea5b6654c8b0a32790b821", "sha1_hash": "e76e2025503dda2fd621518ba90ae6104b7535f7", "sha256_hash": "1bc63479cec8c3780ef61bdf37ef4ab25e05469979dc1b7a170025c785a05ee3", "type": "file_hash", "version": 1 }, { "md5_hash": "7480c8cdc7b9b961a4783326fb826aae", "sha1_hash": "db5b49ca1a20e46d8b244547f98774ff69c38a64", "sha256_hash": "abc4087c1fa593f0d99eee65150e2dce17d2ba5d0b595d3a940c97ec35fc7b2f", "type": "file_hash", "version": 1 }, { "md5_hash": "a4e392de6f566e05819621bb73bcbdf6", "sha1_hash": "21569d3d1cc72323bc5ca8f6caaea917be8305eb", "sha256_hash": "b673d26910bd425fea48eb4d5958c321158932a50acabcf5cfd4000490ac7a61", "type": "file_hash", "version": 1 }, { "md5_hash": "621a855ede4bd70aef48943907b297f8", "sha1_hash": "61f759daebc70360f8171da11456d6404914d092", "sha256_hash": "a2c088557b827c66bc9bd108ca33be06d8f15d6cc68491587a20b41dfc6ddd98", "type": "file_hash", "version": 1 }, { "md5_hash": "63fa073673f9ab09af518521cd1b00fa", "sha1_hash": "e25092f15bd872ad26fa53d0edea620c67e81a5f", "sha256_hash": "a93198adebd0e49cddee3990139b7f01155c79d2251b0e5ba414535ae5b04328", "type": "file_hash", "version": 1 }, { "md5_hash": "067a9daf365c1efd630ac8a8af920a32", "sha1_hash": "40eab30e8c6d95c336853123e1f1f70b737e4547", "sha256_hash": "17b5b2b78a2364f0af1099e7cf1c3ed04e50533fdf9fec0e0a84c72fdf84d4d9", "type": "file_hash", "version": 1 }, { "md5_hash": "ad81fe88f09549cf2bcd0417668fe4da", "sha1_hash": "07147f70e260aa29a568104719fd22aa8e084686", "sha256_hash": "a020b455290e9b2e31a59350304698c91b4fa7fe8846bb310e41e3d85f7f1b37", "type": "file_hash", "version": 1 }, { "md5_hash": "06dda7053cfd4165953f7a353b2134a6", "sha1_hash": "e1df465c975ff322e1d6165f1a8113df85a33553", "sha256_hash": "c5fea23e6384bc807cedd16c27959a640971ad7b701bc306791d234bdd5d4eb4", "type": "file_hash", "version": 1 }, { "md5_hash": "6bc3c3afda7ff5a7dc2b559f5c41f65c", "sha1_hash": "553e54cce0e59c8e974f58807dd143bc712f322c", "sha256_hash": "c034b7a67650ce7b70cf533d069b0bf469e90805dbe107e7bcd59512e3ae5acd", "type": "file_hash", "version": 1 }, { "md5_hash": "27f3b86195fce58a40e9b32f14bff099", "sha1_hash": "43b464483c9e17967668bc91409d376be4f6cf16", "sha256_hash": "2c069299e49aa2c287dbf32e8bf0c427215a3ddbfe63793c11f6f315299dd3c7", "type": "file_hash", "version": 1 }, { "md5_hash": "45515a677d63c95eeedfaee2781dcb0f", "sha1_hash": "6667ced5877e6bf00907080a3cd1aa65257ae5ed", "sha256_hash": "ccaeebc91710297bfbb6f5b25fa5bb84d899b398d81e25b9d57e2bc5aa7fb68c", "type": "file_hash", "version": 1 }, { "md5_hash": "94f6be19ff82523b8e30082a617dc324", "sha1_hash": "a5a201ff6481f749ff7184629103426c86b6e12d", "sha256_hash": "71d40b8ac38a0b256115e8c1d656a4ea29387c28fde56634dcb8c09fb0994aac", "type": "file_hash", "version": 1 }, { "md5_hash": "29670c5d286f19a05daaa33a87b3d3df", "sha1_hash": "472724fd66d7a23bfdcba8dd651256da68dc042f", "sha256_hash": "c4ea6c33939d89e1a00f96ba432c2c50822faa11d55ff19fb75d305aa1730d61", "type": "file_hash", "version": 1 }, { "md5_hash": "719e9318cdaae5ad210f110815179c49", "sha1_hash": "9813d1589720682ffae4cf8386d74a4c8fdde38f", "sha256_hash": "82756da1587b57c96bfb939814c52d621d92dd3a85517e7b17bac8d8fbc3c8a4", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\niEo_GlbFe5Pi.qef", "hashes": [ { "md5_hash": "19e41a9bbee8b943fbffb11b43e91c6a", "sha1_hash": "6d982ea6d2f07cb2241e397d556491196500013a", "sha256_hash": "6e00e3dcb22d69648583f51e3192a927412f4d7ab2be7f0c36210e47a71f81c4", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\nieo_glbfe5pi.qef", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\kinto.pyi", "hashes": [ { "md5_hash": "e9a283db6371a73a5c62a14e2c170aa8", "sha1_hash": "cddebb3cd338765b636e0a08630d7c016a6ac307", "sha256_hash": "3bab6a563dcf574fec0f6098c360456b5f87ecc938e3719d130bb956ec9c6f2e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\kinto.pyi", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\popupkiller.exe", "hashes": [], "norm_filename": "c:\\popupkiller.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\stimulator.exe", "hashes": [], "norm_filename": "c:\\stimulator.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\TOOLS\\execute.exe", "hashes": [], "norm_filename": "c:\\tools\\execute.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\.\\NPF_NdisWanIp", "hashes": [], "norm_filename": "npf_ndiswanip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\.\\SICE", "hashes": [], "norm_filename": "sice", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\.\\SIWVID", "hashes": [], "norm_filename": "siwvid", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\.\\SIWDEBUG", "hashes": [], "norm_filename": "siwdebug", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\.\\NTICE", "hashes": [], "norm_filename": "ntice", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\.\\REGVXG", "hashes": [], "norm_filename": "regvxg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\.\\FILEVXG", "hashes": [], "norm_filename": "filevxg", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\.\\REGSYS", "hashes": [], "norm_filename": "regsys", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\.\\FILEM", "hashes": [], "norm_filename": "filem", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\.\\TRW", "hashes": [], "norm_filename": "trw", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\.\\ICEXT", "hashes": [], "norm_filename": "icext", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\containers.exe", "hashes": [], "norm_filename": "\\??\\c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\containers.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\upd7d80021e.bat", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "8af8618d93663f6360c20339ef5a5364", "sha1_hash": "4d591882d8ab227e1a26755190d09b6b902e5101", "sha256_hash": "3378fe0a23cbc25838f64841aee8cc0f589bb2bc6d5b901b3bf015aea3a04dc9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\upd7d80021e.bat", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users", "hashes": [], "norm_filename": "c:\\users", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp", "hashes": [], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\pgyFOAeI3.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "c8d692d45464cec7ac72a410014618a1", "sha1_hash": "86337fe9402384748c740602d8f5b196da4f42fc", "sha256_hash": "c38850622b4e8f39f63f32a390f9c6ae6dbd995f97f915010feb352d9ac315f5", "type": "file_hash", "version": 1 }, { "md5_hash": "6ad3a7538b8a7b4760beb75c29cc549e", "sha1_hash": "6bce6136b2e7583a73a6729ea55e8a357c5109b9", "sha256_hash": "dcc29c6c645904bf50cc3269e20dd52d2c7264c02fd4abaf3bf45ff90d735282", "type": "file_hash", "version": 1 }, { "md5_hash": "77f0193e8f6be3517577f1e1eda545be", "sha1_hash": "555b8e0d22e10e617564bf02fd3b7c3e82a8748f", "sha256_hash": "2a8ae96bde02e0862c3bae8bb8489d3f480e3eba6c9b24ca64ed106ce09c96b5", "type": "file_hash", "version": 1 }, { "md5_hash": "74cfc4d8677f142d44a5bc2e62fbbb76", "sha1_hash": "9a844e74f70fa704f220dc17d1cd106edd178af5", "sha256_hash": "6256c08a18c462914fdd78b08afc4507b6cb5317c2a9c309d332594bd28fb6c8", "type": "file_hash", "version": 1 }, { "md5_hash": "29670c5d286f19a05daaa33a87b3d3df", "sha1_hash": "472724fd66d7a23bfdcba8dd651256da68dc042f", "sha256_hash": "c4ea6c33939d89e1a00f96ba432c2c50822faa11d55ff19fb75d305aa1730d61", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.tmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\haawarq", "hashes": [], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\haawarq", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\tidyabxe", "hashes": [], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\tidyabxe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\updee12df24.exe", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "2bbf4515f3f42a943b2732e24fc9f19e", "sha1_hash": "ce487e80749edeccbadefa9c6fb967ca743e70bd", "sha256_hash": "af1c61d4a742b3cb4a11b2bbbdc4b6a4ae77b215ad6aa57f1d51a309f2b77f9f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\updee12df24.exe", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\updee12df24.exe", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "2bbf4515f3f42a943b2732e24fc9f19e", "sha1_hash": "ce487e80749edeccbadefa9c6fb967ca743e70bd", "sha256_hash": "af1c61d4a742b3cb4a11b2bbbdc4b6a4ae77b215ad6aa57f1d51a309f2b77f9f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\updee12df24.exe", "operations": [ "write", "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\pgyFOAeI3.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "c8d692d45464cec7ac72a410014618a1", "sha1_hash": "86337fe9402384748c740602d8f5b196da4f42fc", "sha256_hash": "c38850622b4e8f39f63f32a390f9c6ae6dbd995f97f915010feb352d9ac315f5", "type": "file_hash", "version": 1 }, { "md5_hash": "6ad3a7538b8a7b4760beb75c29cc549e", "sha1_hash": "6bce6136b2e7583a73a6729ea55e8a357c5109b9", "sha256_hash": "dcc29c6c645904bf50cc3269e20dd52d2c7264c02fd4abaf3bf45ff90d735282", "type": "file_hash", "version": 1 }, { "md5_hash": "77f0193e8f6be3517577f1e1eda545be", "sha1_hash": "555b8e0d22e10e617564bf02fd3b7c3e82a8748f", "sha256_hash": "2a8ae96bde02e0862c3bae8bb8489d3f480e3eba6c9b24ca64ed106ce09c96b5", "type": "file_hash", "version": 1 }, { "md5_hash": "74cfc4d8677f142d44a5bc2e62fbbb76", "sha1_hash": "9a844e74f70fa704f220dc17d1cd106edd178af5", "sha256_hash": "6256c08a18c462914fdd78b08afc4507b6cb5317c2a9c309d332594bd28fb6c8", "type": "file_hash", "version": 1 }, { "md5_hash": "29670c5d286f19a05daaa33a87b3d3df", "sha1_hash": "472724fd66d7a23bfdcba8dd651256da68dc042f", "sha256_hash": "c4ea6c33939d89e1a00f96ba432c2c50822faa11d55ff19fb75d305aa1730d61", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.tmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\agvufyy", "hashes": [], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\agvufyy", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\aduqmaq", "hashes": [], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\aduqmaq", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\updee12df24.exe", "hashes": [], "norm_filename": "\\??\\c:\\users\\ciihmn~1\\appdata\\local\\temp\\updee12df24.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "1FD2DA8383A3F98259159BBEE117BD1D", "hashes": [], "norm_filename": "c:\\windows\\system32\\1fd2da8383a3f98259159bbee117bd1d", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\upd3171fe7c.bat", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "a0db5e235a3bd5ca182e4a13ebaaae54", "sha1_hash": "cd66857e9c9884b4628aabb61efc1395720ca834", "sha256_hash": "bbab54e96dda0a86cd9ca1197fdb44a691b653ea5a3f6752180889b28a3d1828", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\upd3171fe7c.bat", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\system32", "hashes": [], "norm_filename": "c:\\windows\\system32", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\??\\C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\UPDEE1~1.EXE", "hashes": [], "norm_filename": "\\??\\c:\\users\\ciihmn~1\\appdata\\local\\temp\\updee1~1.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\UPDEE1~1.EXE", "hashes": [], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\updee1~1.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Program Files (x86)\\Mozilla Firefox", "hashes": [], "norm_filename": "c:\\program files (x86)\\mozilla firefox", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\addons.json", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\addons.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\AlternateServices.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\alternateservices.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\blocklist-addons.json", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\blocklist-addons.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\blocklist-gfx.json", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\blocklist-gfx.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\blocklist-plugins.json", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\blocklist-plugins.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\blocklist.xml", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\blocklist.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\bookmarkbackups\\bookmarks-2017-05-24_14_kL0o5I+exwq3TXuLDkMF9w==.jsonlz4", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\bookmarkbackups\\bookmarks-2017-05-24_14_kl0o5i+exwq3txuldkmf9w==.jsonlz4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cert8.db", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\cert8.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\compatibility.ini", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\compatibility.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\containers.json", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\containers.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\content-prefs.sqlite", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\content-prefs.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cookies.sqlite", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\cookies.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\crashes\\store.json.mozlz4", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\crashes\\store.json.mozlz4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\datareporting\\archived\\2017-05\\1495592260754.fe0bc3a3-866c-458a-ad46-a730981653d6.main.jsonlz4", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\datareporting\\archived\\2017-05\\1495592260754.fe0bc3a3-866c-458a-ad46-a730981653d6.main.jsonlz4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\datareporting\\archived\\2017-05\\1495592289365.f6bd7dec-4421-47ce-b829-1080689ec7ca.main.jsonlz4", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\datareporting\\archived\\2017-05\\1495592289365.f6bd7dec-4421-47ce-b829-1080689ec7ca.main.jsonlz4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\datareporting\\archived\\2017-05\\1495596278120.31e5ce24-c2bf-486b-b29e-534113b7c6dc.main.jsonlz4", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\datareporting\\archived\\2017-05\\1495596278120.31e5ce24-c2bf-486b-b29e-534113b7c6dc.main.jsonlz4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\datareporting\\archived\\2017-05\\1495597242414.2e462298-aeda-4ee5-bf23-a73bdf74947f.main.jsonlz4", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\datareporting\\archived\\2017-05\\1495597242414.2e462298-aeda-4ee5-bf23-a73bdf74947f.main.jsonlz4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\datareporting\\archived\\2017-05\\1495597261897.a7b36bf3-f762-448c-874e-9388e91739b4.main.jsonlz4", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\datareporting\\archived\\2017-05\\1495597261897.a7b36bf3-f762-448c-874e-9388e91739b4.main.jsonlz4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\datareporting\\archived\\2017-05\\1495599783008.23c86977-85eb-412a-ae39-c4c6ea9a5744.main.jsonlz4", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\datareporting\\archived\\2017-05\\1495599783008.23c86977-85eb-412a-ae39-c4c6ea9a5744.main.jsonlz4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\datareporting\\archived\\2017-05\\1495600032629.d896fec9-1a7a-4db1-a3a2-e46d95b631a5.main.jsonlz4", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\datareporting\\archived\\2017-05\\1495600032629.d896fec9-1a7a-4db1-a3a2-e46d95b631a5.main.jsonlz4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\datareporting\\session-state.json", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\datareporting\\session-state.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\datareporting\\state.json", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\datareporting\\state.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\extensions.ini", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\extensions.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\extensions.json", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\extensions.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\formhistory.sqlite", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\formhistory.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\gmp-gmpopenh264\\1.6\\gmpopenh264.dll", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-gmpopenh264\\1.6\\gmpopenh264.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\gmp-gmpopenh264\\1.6\\gmpopenh264.info", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-gmpopenh264\\1.6\\gmpopenh264.info", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\gmp-widevinecdm\\1.4.8.903\\LICENSE.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-widevinecdm\\1.4.8.903\\license.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\gmp-widevinecdm\\1.4.8.903\\manifest.json", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-widevinecdm\\1.4.8.903\\manifest.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\gmp-widevinecdm\\1.4.8.903\\widevinecdm.dll", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-widevinecdm\\1.4.8.903\\widevinecdm.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\gmp-widevinecdm\\1.4.8.903\\widevinecdm.dll.lib", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-widevinecdm\\1.4.8.903\\widevinecdm.dll.lib", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\key3.db", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\key3.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\kinto.sqlite", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\kinto.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\mimeTypes.rdf", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\mimetypes.rdf", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\parent.lock", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\parent.lock", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\permissions.sqlite", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\permissions.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\places.sqlite", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\places.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\pluginreg.dat", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\pluginreg.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\prefs.js", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\prefs.js", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\revocations.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\revocations.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\saved-telemetry-pings\\d896fec9-1a7a-4db1-a3a2-e46d95b631a5", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\saved-telemetry-pings\\d896fec9-1a7a-4db1-a3a2-e46d95b631a5", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\search.json.mozlz4", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\search.json.mozlz4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\secmod.db", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\secmod.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\SecurityPreloadState.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\securitypreloadstate.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\sessionCheckpoints.json", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\sessioncheckpoints.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\sessionstore-backups\\previous.js", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\sessionstore-backups\\previous.js", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\sessionstore-backups\\upgrade.js-20170518000419", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\sessionstore-backups\\upgrade.js-20170518000419", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\sessionstore.js", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\sessionstore.js", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\SiteSecurityServiceState.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\sitesecurityservicestate.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\chrome\\.metadata", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\chrome\\.metadata", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\chrome\\.metadata-v2", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\chrome\\.metadata-v2", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\.metadata", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\.metadata", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\.metadata-v2", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\.metadata-v2", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.files\\1", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.files\\1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage.sqlite", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\times.json", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\times.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\webappsstore.sqlite", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\webappsstore.sqlite", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\xulstore.json", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\xulstore.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20170518000419", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\crash reports\\installtime20170518000419", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\\\profiles.ini", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\user data\\default\\web data", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\8489XH4E.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\8489xh4e.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\8JC8NM7O.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\8jc8nm7o.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\OOUVZSZN.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\oouvzszn.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\TIGZFGLM.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\tigzfglm.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\VZZ1F97R.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\vzz1f97r.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\XNW1G0SM.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\xnw1g0sm.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Z3FJF3OM.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\z3fjf3om.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\0GHTMU6X.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\0ghtmu6x.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\0MDKR34W.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\0mdkr34w.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\0Z1JIEVI.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\0z1jievi.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\16DOE15M.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\16doe15m.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\16Y0X4V7.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\16y0x4v7.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\1L3KU69N.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\1l3ku69n.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\1LFQZEOH.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\1lfqzeoh.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\1LLUY7B7.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\1lluy7b7.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\1UYN2RFY.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\1uyn2rfy.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\23JC2UTD.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\23jc2utd.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\2EQ4E2OJ.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\2eq4e2oj.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\2HYILE1O.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\2hyile1o.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\3RW4K76X.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\3rw4k76x.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\3VVSZ2CO.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\3vvsz2co.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\4MN240WN.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\4mn240wn.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\4O6583I0.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\4o6583i0.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\4YWCPPXN.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\4ywcppxn.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\4Z6UDYLY.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\4z6udyly.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\5AFMRGRY.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\5afmrgry.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\5ARQYMIV.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\5arqymiv.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\5AV8L20N.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\5av8l20n.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\5NWXN3UI.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\5nwxn3ui.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\5STJ6NZL.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\5stj6nzl.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\5TAY54V0.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\5tay54v0.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\5WQEGNKI.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\5wqegnki.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\66I0OJL8.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\66i0ojl8.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\80J4IH0Y.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\80j4ih0y.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\8FFCGS26.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\8ffcgs26.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\9ABR37NL.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\9abr37nl.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\9IJPMFHZ.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\9ijpmfhz.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\9M7ZHW1Q.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\9m7zhw1q.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\9XACNSYG.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\9xacnsyg.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\9Z1Y5ICI.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\9z1y5ici.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\A0RK8A2H.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\a0rk8a2h.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\AA2IJ7JU.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\aa2ij7ju.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\B427TFXJ.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\b427tfxj.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\BK4HNAZ1.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\bk4hnaz1.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\CC7DS78R.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\cc7ds78r.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\CDGOWO27.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\cdgowo27.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\CYHYO8JD.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\cyhyo8jd.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\D9QO3KHK.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\d9qo3khk.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\DN8YUCVA.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\dn8yucva.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\DQI7WAG8.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\dqi7wag8.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\DRDF2EZX.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\drdf2ezx.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\E2KPI4ZI.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\e2kpi4zi.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\E978TFRK.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\e978tfrk.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\F68MFAMN.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\f68mfamn.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\FCGXHIFT.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\fcgxhift.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\FGTTES1V.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\fgttes1v.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\FLTMVY1F.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\fltmvy1f.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\FOLSAQT6.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\folsaqt6.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\GXB342YS.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\gxb342ys.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\H5LCJX1B.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\h5lcjx1b.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\HBPP9XXY.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\hbpp9xxy.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\HF8F6LU0.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\hf8f6lu0.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\HTVL5WIW.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\htvl5wiw.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\ILF13HLB.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\ilf13hlb.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\ISTFXHHR.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\istfxhhr.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\ITD4OUAR.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\itd4ouar.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\J4JSQG9R.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\j4jsqg9r.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\JQOCYKOH.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\jqocykoh.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\JWFWLAYR.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\jwfwlayr.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\K8249Y1G.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\k8249y1g.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\KNJ4AJDH.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\knj4ajdh.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\L78EW25D.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\l78ew25d.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\LC10XEWL.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\lc10xewl.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\LVARU12Y.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\lvaru12y.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\LY1NFEKN.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\ly1nfekn.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\LY3FDU65.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\ly3fdu65.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\M19117WZ.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\m19117wz.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\MA5WDFBR.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\ma5wdfbr.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\MBJX4MYA.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\mbjx4mya.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\MCAKE788.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\mcake788.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\MIL4MU1S.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\mil4mu1s.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\MM8KB9U2.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\mm8kb9u2.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\MMPF10F4.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\mmpf10f4.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\MOE7DCQU.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\moe7dcqu.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\NEHE4KDB.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\nehe4kdb.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\NOCAHPZ6.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\nocahpz6.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\NYCCG1AV.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\nyccg1av.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\O8FFFI2K.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\o8fffi2k.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\P778SMC9.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\p778smc9.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\PF9HBAFQ.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\pf9hbafq.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\PK3I34UV.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\pk3i34uv.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\QUMCK8L4.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\qumck8l4.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\RAYRHE6Z.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\rayrhe6z.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\RQK5QF4L.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\rqk5qf4l.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\RTEPN67M.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\rtepn67m.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\RYK7X1K4.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\ryk7x1k4.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\S0EK69P5.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\s0ek69p5.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\SEVCUJM3.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\sevcujm3.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\STGOZ493.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\stgoz493.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\T1LCPPSA.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\t1lcppsa.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\TCXQPY9L.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\tcxqpy9l.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\TEW946CI.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\tew946ci.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\TFCJHLEI.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\tfcjhlei.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\U2OYIS47.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\u2oyis47.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\U8FCPAKJ.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\u8fcpakj.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\UBUPNOZC.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\ubupnozc.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\UBXQG39X.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\ubxqg39x.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\UGL14QS0.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\ugl14qs0.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\UUEVXDWP.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\uuevxdwp.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\V7NNCJHO.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\v7nncjho.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\VD3GM2DA.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\vd3gm2da.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\WPEXKTDV.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\wpexktdv.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\WUT8M1Q8.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\wut8m1q8.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\WX75TEOR.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\wx75teor.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\XRS5D0N2.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\xrs5d0n2.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\XUAUK5R0.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\xuauk5r0.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\Y1I415YS.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\y1i415ys.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\Low\\Y3XU5OKR.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\low\\y3xu5okr.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\1ZJA02JO.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\1zja02jo.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\268TPJIA.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\268tpjia.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\6KWA3R8C.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\6kwa3r8c.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\85DGK2J5.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\85dgk2j5.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\FPNDV7T3.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\fpndv7t3.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\J9KFLZDX.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\j9kflzdx.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\JN00AKV9.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\jn00akv9.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\OR8K8VRM.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\or8k8vrm.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\TK0LXHBL.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\tk0lxhbl.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\VC62GJSF.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\vc62gjsf.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\VSMDVD55.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\vsmdvd55.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Cookies\\51TU1403.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\cookies\\51tu1403.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Cookies\\5GJKP08H.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\cookies\\5gjkp08h.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Cookies\\6NQ9V8CD.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\cookies\\6nq9v8cd.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Cookies\\JZ1UUUP9.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\cookies\\jz1uuup9.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Cookies\\KW0ULAFV.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\cookies\\kw0ulafv.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Cookies\\SW6Z4AI1.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\cookies\\sw6z4ai1.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Cookies\\TU6XBKFE.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\cookies\\tu6xbkfe.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Cookies\\U9PT9V3Q.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\cookies\\u9pt9v3q.txt", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\flaB587.tmp", "hashes": [ { "md5_hash": "d7859b496da03c0e61243641c65b6510", "sha1_hash": "0dea29cb67e5b6f628a3e440f10421d8df0ef574", "sha256_hash": "da9736e8fac8dba275bd2ae8fe5385b06de8bbf0267ddd628ea603f187e0fc93", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\flab587.tmp", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\sofB65D.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "b8721ab85c8da93e999be95a72cb0842", "sha1_hash": "f9a9ac562a4c289a4d3e815bb708c146a4a22fcc", "sha256_hash": "c8baea7bbcd82d9bceb0396e16650d95dfa381bbd5bec6c3169b56af4d9e4e6e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\sofb65d.tmp", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\cabB597.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "88fc36caeab09fb0080837c992f83183", "sha1_hash": "44e3c85cf97e9bdace6612865940024f28bebf75", "sha256_hash": "8d6b0fbf64768994f5555ce3676ba7c89d5bacdbf963f724b797e271981204fd", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb597.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\cabB598.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "645ae58ef1c1e4da7c05e45c57912c9b", "sha1_hash": "54ac5716b662c5f00d034708be935983bc0d3763", "sha256_hash": "12f4c98eda0ff3e8fb5d0e9a31fd94225f64728a5f10cbad6fbd523d5fa7f775", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb598.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\cabB599.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "6f2eb04f33941fc3a5c436f5fffc8c50", "sha1_hash": "c58ac82242d6f178ceeb9324254c6db8f8a88f00", "sha256_hash": "3bd89fc970eb49f1b132264519ba129e0024550bafc6bf76f74ea99be344c9b7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb599.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\cabB59A.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "645ae58ef1c1e4da7c05e45c57912c9b", "sha1_hash": "54ac5716b662c5f00d034708be935983bc0d3763", "sha256_hash": "12f4c98eda0ff3e8fb5d0e9a31fd94225f64728a5f10cbad6fbd523d5fa7f775", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb59a.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\cabB59B.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "7b5b6c7bf41e6055abd4e74476e08575", "sha1_hash": "5c05d3a68f69258d236f6d9677cc0a42e399e7cc", "sha256_hash": "2392619f397925a165cf31634781d68b006c396611c425f6c67f338356e47f8f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb59b.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\cabB5AC.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb5ac.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\cabB5AD.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb5ad.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\cabB5BE.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb5be.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\cabB5BF.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb5bf.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\cabB5C0.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb5c0.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\cabB597.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "88fc36caeab09fb0080837c992f83183", "sha1_hash": "44e3c85cf97e9bdace6612865940024f28bebf75", "sha256_hash": "8d6b0fbf64768994f5555ce3676ba7c89d5bacdbf963f724b797e271981204fd", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb597.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\cabB598.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "645ae58ef1c1e4da7c05e45c57912c9b", "sha1_hash": "54ac5716b662c5f00d034708be935983bc0d3763", "sha256_hash": "12f4c98eda0ff3e8fb5d0e9a31fd94225f64728a5f10cbad6fbd523d5fa7f775", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb598.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\cabB599.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "6f2eb04f33941fc3a5c436f5fffc8c50", "sha1_hash": "c58ac82242d6f178ceeb9324254c6db8f8a88f00", "sha256_hash": "3bd89fc970eb49f1b132264519ba129e0024550bafc6bf76f74ea99be344c9b7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb599.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\cabB59A.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "645ae58ef1c1e4da7c05e45c57912c9b", "sha1_hash": "54ac5716b662c5f00d034708be935983bc0d3763", "sha256_hash": "12f4c98eda0ff3e8fb5d0e9a31fd94225f64728a5f10cbad6fbd523d5fa7f775", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb59a.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\cabB59B.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "7b5b6c7bf41e6055abd4e74476e08575", "sha1_hash": "5c05d3a68f69258d236f6d9677cc0a42e399e7cc", "sha256_hash": "2392619f397925a165cf31634781d68b006c396611c425f6c67f338356e47f8f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb59b.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\cabB5AC.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb5ac.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\cabB5AD.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb5ad.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\cabB5BE.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb5be.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\cabB5BF.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb5bf.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\cabB5C0.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb5c0.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\flaB587.tmp", "hashes": [ { "md5_hash": "d7859b496da03c0e61243641c65b6510", "sha1_hash": "0dea29cb67e5b6f628a3e440f10421d8df0ef574", "sha256_hash": "da9736e8fac8dba275bd2ae8fe5385b06de8bbf0267ddd628ea603f187e0fc93", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\flab587.tmp", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\sofB65D.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "b8721ab85c8da93e999be95a72cb0842", "sha1_hash": "f9a9ac562a4c289a4d3e815bb708c146a4a22fcc", "sha256_hash": "c8baea7bbcd82d9bceb0396e16650d95dfa381bbd5bec6c3169b56af4d9e4e6e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\sofb65d.tmp", "operations": [ "access", "write", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\wcx_ftp.ini", "hashes": [], "norm_filename": "c:\\windows\\wcx_ftp.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\VirtualStore\\Windows\\wcx_ftp.ini", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\virtualstore\\windows\\wcx_ftp.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\wcx_ftp.ini", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\wcx_ftp.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\GHISLER\\wcx_ftp.ini", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\ghisler\\wcx_ftp.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\GHISLER\\wcx_ftp.ini", "hashes": [], "norm_filename": "c:\\programdata\\ghisler\\wcx_ftp.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\GHISLER\\wcx_ftp.ini", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\ghisler\\wcx_ftp.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\FileZilla\\sitemanager.xml", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\filezilla\\sitemanager.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\FileZilla\\recentservers.xml", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\filezilla\\recentservers.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\FileZilla\\filezilla.xml", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\filezilla\\filezilla.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\FileZilla\\sitemanager.xml", "hashes": [], "norm_filename": "c:\\programdata\\filezilla\\sitemanager.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\FileZilla\\recentservers.xml", "hashes": [], "norm_filename": "c:\\programdata\\filezilla\\recentservers.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\FileZilla\\filezilla.xml", "hashes": [], "norm_filename": "c:\\programdata\\filezilla\\filezilla.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\FileZilla\\sitemanager.xml", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\filezilla\\sitemanager.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\FileZilla\\recentservers.xml", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\filezilla\\recentservers.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\FileZilla\\filezilla.xml", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\filezilla\\filezilla.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\settings.sol", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\eckiiks", "hashes": [], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\eckiiks", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\ufykkeb", "hashes": [], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\ufykkeb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\upd9948.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\upd9948.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\CAB7DE7.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cab7de7.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\CAB7DE8.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cab7de8.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\CAB7DE9.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cab7de9.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\CAB7DEA.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cab7dea.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\CAB7DEB.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cab7deb.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\cab9948.tmp", "hashes": [], "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cab9948.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [ { "mutex_name": "8C5FF35F44C67C34381EFF128FE58575", "operations": [ "delete", "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "BA375714EF21E8EC8F43FB71FA3700CC", "operations": [ "delete", "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "4F35AC27449784784508471CC1E930C7", "operations": [ "delete", "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Sandboxie_SingleInstanceMutex_Control", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "Frz_State", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "ACD86ED691154353041C7827C4241C0D", "operations": [ "access", "delete" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "DD53550AC9EB25CC6151CE1EB2A70FC3", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "EF45F0E754F1354293A017BE4F985965", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "E69AF5C9A1CE7CC06B48F35248935FCD", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "8EB663269EDB2551D78D6BE980D8D1D5", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "8592029A1BBD0F5EDCA2A860E613ACDB", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "99DCC4F63896BA52D9D5D3F7098E00E5", "operations": [ "delete", "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "3A05CFF4EB7DE2EF8F3985678370FA5D", "operations": [ "access", "delete" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "55A4DE17653FCFB535BFCEB7986C3B1D", "operations": [ "access", "delete" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "843724E431E9542E94836F8E62819404", "operations": [ "access", "delete" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "BA6E0713253533C2BD32E023F51DAAB1", "operations": [ "access", "delete" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "5576A023ACFCB1DF07119694F5D31AAB", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "E60F35D6C376C5F82E917CA84B9C2F25", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "1F6114CF197C565BFF427879E00139DA", "operations": [ "delete", "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "690CE47B932790ABBAE4486C8750D5B2", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "B7B640FD598619C28BD4F0051E0616B4", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "C144897552FBD8087BCACE2DF5968566", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "8E6BA92214C9B423A575DAF2D449D162", "operations": [ "delete", "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [ { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\AppID\\{10000002-0000-0000-0000-000000000001}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\WINE", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\WINE", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\VBA", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\SQMClient", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Speech", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\WcmSvc", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Narrator", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\IMEMIP", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Poom", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\WAB", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Shared", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Sensors", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Siuf", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\wfs", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Notepad", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Fax", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\PeerNet", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Unistore", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Feeds", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\GameBar", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Pim", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Osk", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Wisp", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\F12", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\CTF", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Keyboard", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Ofumig", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Lineo", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Peet", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Exchange", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\MSF", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Abanz", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read", "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Ombi", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "write", "read", "delete" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Currentversion\\Run", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IntelliForms\\Storage2", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Mozilla", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Mozilla\\Firefox", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Mozilla\\Firefox\\TaskBarIDs", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Firefox", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Firefox\\TaskBarIDs", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Mozilla Firefox", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Mozilla Firefox\\53.0.3 (x86 en-GB)", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Mozilla Firefox\\53.0.3 (x86 en-GB)\\Main", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Mozilla Firefox\\53.0.3 (x86 en-GB)\\Uninstall", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Mozilla Firefox 53.0.3", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Mozilla Firefox 53.0.3\\bin", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Mozilla\\Mozilla Firefox 53.0.3\\extensions", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Account Manager\\Accounts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Identities", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Identities\\{CA8CA1BB-F2A6-4E9C-B7CC-FB56671763E8}\\Software\\Microsoft\\Internet Account Manager\\Accounts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\Outlook\\OMI Account Manager\\Accounts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Microsoft Outlook Internet Settings", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\03fea8ae12202041b643a9691e5b323c", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\09917dd29831004f89474b112e58e0ab", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\0a0d020000000000c000000000000046", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\13dbb0c8aa05101a9bb000aa002fc45a", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\3517490d76624c419a828607e2a54604", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\5b59a51e8457564ab95b73c6194dc831", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\626dbd3f36ef4b4b9263a867695919ec", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\8503020000000000c000000000000046", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9207f3e0a3b11019908b08002b2a56c2", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9907df9e4a472f499f281fc91ee2bca1", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\b4c13fbaf5f22f44b93e8bdd93521484", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\dc184acfc7e1614eb31843d1abdfd43e", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\f86ed2903a4a11cfb57e524153480001", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Martin Prikryl", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Martin Prikryl", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Ghisler\\Windows Commander", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Ghisler\\Total Commander", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Ghisler\\Windows Commander", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Ghisler\\Total Commander", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\FileZilla", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\FileZilla Client", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\FileZilla", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\FileZilla Client", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\IntelliForms\\FormData", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DXM_Runtime", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Google Chrome", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox 53.0.3 (x86 en-GB)", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MPlayer2", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{3c3aafc8-d898-43ec-998f-965ffdae065a}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{3D82C954-2957-418B-908F-FE78BF3A8BEB}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{4A03706F-666A-4037-7777-5F2748764D10}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{74d0e5db-b326-4dae-a6b2-445b9de1836e}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{9BE518E6-ECC6-35A9-88E4-87755C07200F}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A2563E55-3BEC-3828-8D67-E5E8B9E8B675}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{AC76BA86-0804-1033-1959-001824245926}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{B175520C-86A2-35A7-8619-86DC379688B9}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{BE960C1C-7BAD-3DE6-8B1A-2616FE532845}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{e52a6842-b0ac-476e-b48f-378a97a67346}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [ { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/31F9UVfEun/0I1aalj/7QGREH4HU/RK/5rEg", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/mtV/jshKPnn7S1/Vn/HMa/z/b-N/oK/Q", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/pW6teVTI/k-sq/J/2j7/cmhBJoSRZ8F/qDQ", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/8C1SLhHn/2_/8tA/E/H/Fbk/8JMoO2Tv/9/2Kg", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/xnecdWiG1/m9/J5MGn6/T/2YACd/yAYfNpLQ", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/SEP4vYw6/sPlMZ/3/v0URdi/NOLRdM5J/cg", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/NrY/r/c5FHX/_/0aFNoP8C8TO/VnC/g/", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/9piYZTuz9/2sx1Clf5U1sISMKMW81/q/MQ", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/l6yH/j4/plG2GbX2ldR8utbqF/HD/A", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/WJFCdFULD/tP/ZaEGn/rc/211/J/v/ijQ/fN4EQ", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/cIh/g/P/V0METF/RW/hZEvuN/Yd5W/J/w/", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/sTx52Lxwi/k/OhkZ/j_hXlZYAu/ad/N6VyPA", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/TkN2Lgy/t9dSY/UHKX3/Va/P4CpZe5q/Lw", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/3qeDwipy/0M/15F3rEV/lgCANe/hdf5/O/PQ", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/rSps/ke9sIH_-V/lJ/DI/sKWc/MRONw/", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/KbnKhnNec/qN/5/yGGXDaERSOtCLSf9QC/g", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/1R52/0u4pYTz_/ExM/AI/4f/XM8U/L/d/g", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/Ydqt/uth/tJ1TJV1Vo/FcOR/W_NPMA", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/OLKU5tAB/rPB/XBjjZZ2/N-Pfmw/N-N_Bg", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/BaoB/o/d1zEU_M/SWNz/EN/2nQPZRBg", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/De1Yth/p9kt/Cn/nFYkQAKMa/NRvIPHQ/", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/VTNb4H/t/ehSMTnlcHV_E4at/VMNw/Jg", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/YrhHB3/us5/0/G0-ef1/NZ/O/fDWW/-V/WDA/", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/ywhAhCZ/mst0E/m/Xuf/FhGG/fO/NQ/c1HMw", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/aV1M3/guotHj7McBB8QtOzM9oNJ/Q", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/gyRVM2W/hM/VOBU/C/fc/UZI/I-So/MMBZP/Q", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/6puLAJKud/1c/xpH0zn/bVRVR8KQTtZ0Dw", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/yl/mtBlP3TBX01/IHcuJe/_tHKA", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/PlKl8Vi16/s9BXP/zX7TxAHId6ubq9oLQ", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/4jfU08/19Z6B/j2VEkt/XJILd/Nv1YEQ", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/qE/kvltF/nzoV2/RANMO/gc9JP/AQ", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/DStLW/p-9oH1rpd/VV9/Jva2/dttpAA", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/3VIs/0OpV/I/D77b/1ICJ_uWMcF3N/w", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/Syy/sMVlAHTUdV/hI/I/sucUe/5HFw", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/eCf57FZh/hv9/6ZjrrfElUMtT/QNd/FkLA", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/5TGta2dCc5/1uhbJ2/y/f/QmJSRI/e/xRe/N/fdg", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/jypPt/ic/VsA3/n/HX1FhBdiccsdKLg", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/ddDmp7/h/9/hY/Pn/2aQkV1HML/S/Zv/N6KQ", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "330f35e9f647.loan/zrx/mc5kKX_VXFNJC8/Cd/eO/VGPg", "version": 1 }, { "operations": "GET", "type": "url_artifact", "url": "google.com/", "version": 1 } ], "version": 1 }, "extracted_files": [ { "archive_path": "extracted_files/8011fd0a959b7d17696306c4ab36c4974540cada", "file_type": "created_file", "id": "file_2", "md5_hash": "c9522f83c60a595694b2e4c6657982d0", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\containers.exe", "sha1_hash": "8011fd0a959b7d17696306c4ab36c4974540cada", "sha256_hash": "b34abadaa54fa828fc3d1b1540004f5dd94873918d5b3f2a3eab49272b67415b", "size": 404480, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_5", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\upd7d80021e.bat", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_10", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_50", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\updee12df24.exe", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_82", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\upd3171fe7c.bat", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_121", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb597.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_122", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb598.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_123", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb599.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_124", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb59a.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_125", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb59b.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_126", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb5ac.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_127", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb5ad.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_134", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb5be.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_135", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb5bf.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_136", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb5c0.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_146", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\sofb65d.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_165", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cab7de7.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_166", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cab7de8.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_167", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cab7de9.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_168", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cab7dea.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_169", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cab7deb.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_216", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\upd9948.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4d591882d8ab227e1a26755190d09b6b902e5101", "file_type": "created_file", "id": "file_6", "md5_hash": "8af8618d93663f6360c20339ef5a5364", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\upd7d80021e.bat", "sha1_hash": "4d591882d8ab227e1a26755190d09b6b902e5101", "sha256_hash": "3378fe0a23cbc25838f64841aee8cc0f589bb2bc6d5b901b3bf015aea3a04dc9", "size": 206, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/86337fe9402384748c740602d8f5b196da4f42fc", "file_type": "created_file", "id": "file_11", "md5_hash": "c8d692d45464cec7ac72a410014618a1", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.tmp", "sha1_hash": "86337fe9402384748c740602d8f5b196da4f42fc", "sha256_hash": "c38850622b4e8f39f63f32a390f9c6ae6dbd995f97f915010feb352d9ac315f5", "size": 1587, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ce487e80749edeccbadefa9c6fb967ca743e70bd", "file_type": "created_file", "id": "file_52", "md5_hash": "2bbf4515f3f42a943b2732e24fc9f19e", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\updee12df24.exe", "sha1_hash": "ce487e80749edeccbadefa9c6fb967ca743e70bd", "sha256_hash": "af1c61d4a742b3cb4a11b2bbbdc4b6a4ae77b215ad6aa57f1d51a309f2b77f9f", "size": 303104, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ce487e80749edeccbadefa9c6fb967ca743e70bd", "file_type": "created_file", "id": "file_76", "md5_hash": "2bbf4515f3f42a943b2732e24fc9f19e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\containers.exe", "sha1_hash": "ce487e80749edeccbadefa9c6fb967ca743e70bd", "sha256_hash": "af1c61d4a742b3cb4a11b2bbbdc4b6a4ae77b215ad6aa57f1d51a309f2b77f9f", "size": 303104, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6bce6136b2e7583a73a6729ea55e8a357c5109b9", "file_type": "created_file", "id": "file_68", "md5_hash": "6ad3a7538b8a7b4760beb75c29cc549e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.tmp", "sha1_hash": "6bce6136b2e7583a73a6729ea55e8a357c5109b9", "sha256_hash": "dcc29c6c645904bf50cc3269e20dd52d2c7264c02fd4abaf3bf45ff90d735282", "size": 14217, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cd66857e9c9884b4628aabb61efc1395720ca834", "file_type": "created_file", "id": "file_83", "md5_hash": "a0db5e235a3bd5ca182e4a13ebaaae54", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\upd3171fe7c.bat", "sha1_hash": "cd66857e9c9884b4628aabb61efc1395720ca834", "sha256_hash": "bbab54e96dda0a86cd9ca1197fdb44a691b653ea5a3f6752180889b28a3d1828", "size": 216, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/555b8e0d22e10e617564bf02fd3b7c3e82a8748f", "file_type": "created_file", "id": "file_88", "md5_hash": "77f0193e8f6be3517577f1e1eda545be", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.tmp", "sha1_hash": "555b8e0d22e10e617564bf02fd3b7c3e82a8748f", "sha256_hash": "2a8ae96bde02e0862c3bae8bb8489d3f480e3eba6c9b24ca64ed106ce09c96b5", "size": 4197, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/44e3c85cf97e9bdace6612865940024f28bebf75", "file_type": "created_file", "id": "file_128", "md5_hash": "88fc36caeab09fb0080837c992f83183", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb597.tmp", "sha1_hash": "44e3c85cf97e9bdace6612865940024f28bebf75", "sha256_hash": "8d6b0fbf64768994f5555ce3676ba7c89d5bacdbf963f724b797e271981204fd", "size": 324, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/54ac5716b662c5f00d034708be935983bc0d3763", "file_type": "created_file", "id": "file_129", "md5_hash": "645ae58ef1c1e4da7c05e45c57912c9b", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb598.tmp", "sha1_hash": "54ac5716b662c5f00d034708be935983bc0d3763", "sha256_hash": "12f4c98eda0ff3e8fb5d0e9a31fd94225f64728a5f10cbad6fbd523d5fa7f775", "size": 68, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/54ac5716b662c5f00d034708be935983bc0d3763", "file_type": "created_file", "id": "file_132", "md5_hash": "645ae58ef1c1e4da7c05e45c57912c9b", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb59a.tmp", "sha1_hash": "54ac5716b662c5f00d034708be935983bc0d3763", "sha256_hash": "12f4c98eda0ff3e8fb5d0e9a31fd94225f64728a5f10cbad6fbd523d5fa7f775", "size": 68, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0dea29cb67e5b6f628a3e440f10421d8df0ef574", "file_type": "created_file", "id": "file_130", "md5_hash": "d7859b496da03c0e61243641c65b6510", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\flab587.tmp", "sha1_hash": "0dea29cb67e5b6f628a3e440f10421d8df0ef574", "sha256_hash": "da9736e8fac8dba275bd2ae8fe5385b06de8bbf0267ddd628ea603f187e0fc93", "size": 436, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c58ac82242d6f178ceeb9324254c6db8f8a88f00", "file_type": "created_file", "id": "file_131", "md5_hash": "6f2eb04f33941fc3a5c436f5fffc8c50", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb599.tmp", "sha1_hash": "c58ac82242d6f178ceeb9324254c6db8f8a88f00", "sha256_hash": "3bd89fc970eb49f1b132264519ba129e0024550bafc6bf76f74ea99be344c9b7", "size": 324, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5c05d3a68f69258d236f6d9677cc0a42e399e7cc", "file_type": "created_file", "id": "file_133", "md5_hash": "7b5b6c7bf41e6055abd4e74476e08575", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\cabb59b.tmp", "sha1_hash": "5c05d3a68f69258d236f6d9677cc0a42e399e7cc", "sha256_hash": "2392619f397925a165cf31634781d68b006c396611c425f6c67f338356e47f8f", "size": 8, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f9a9ac562a4c289a4d3e815bb708c146a4a22fcc", "file_type": "created_file", "id": "file_147", "md5_hash": "b8721ab85c8da93e999be95a72cb0842", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\sofb65d.tmp", "sha1_hash": "f9a9ac562a4c289a4d3e815bb708c146a4a22fcc", "sha256_hash": "c8baea7bbcd82d9bceb0396e16650d95dfa381bbd5bec6c3169b56af4d9e4e6e", "size": 1038, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9a844e74f70fa704f220dc17d1cd106edd178af5", "file_type": "created_file", "id": "file_182", "md5_hash": "74cfc4d8677f142d44a5bc2e62fbbb76", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.tmp", "sha1_hash": "9a844e74f70fa704f220dc17d1cd106edd178af5", "sha256_hash": "6256c08a18c462914fdd78b08afc4507b6cb5317c2a9c309d332594bd28fb6c8", "size": 68433, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/472724fd66d7a23bfdcba8dd651256da68dc042f", "file_type": "created_file", "id": "file_213", "md5_hash": "29670c5d286f19a05daaa33a87b3d3df", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.tmp", "sha1_hash": "472724fd66d7a23bfdcba8dd651256da68dc042f", "sha256_hash": "c4ea6c33939d89e1a00f96ba432c2c50822faa11d55ff19fb75d305aa1730d61", "size": 7323, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/042c3d3f4b86f9f96e68920c0b901283bd970e74", "file_type": "modified_file", "id": "file_3", "md5_hash": "51b6060100f780fce4687b38c704d5ce", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "042c3d3f4b86f9f96e68920c0b901283bd970e74", "sha256_hash": "03740e5e8bdabe598aa134e8ddbc357e579862958521e3d29e6b132c2c1c141d", "size": 261, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c9b3c104370936d1e60d676a90c7e84a35a82b24", "file_type": "modified_file", "id": "file_4", "md5_hash": "1a275f9e63c860ef608a51a5a3527307", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "c9b3c104370936d1e60d676a90c7e84a35a82b24", "sha256_hash": "93076500f8ab254623272097c4c606fa1e6de92c2ba8cc8740864850ca5864ce", "size": 521, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5e4c7f692158a2b85f2cf38a24989012b040c102", "file_type": "modified_file", "id": "file_7", "md5_hash": "948fe2a5c930b6d9504679078f445a66", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "5e4c7f692158a2b85f2cf38a24989012b040c102", "sha256_hash": "f7a66a9161b11249f4020df4ebfdd02ee989395e92577e8903425e0a87c16f06", "size": 1088, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/dc9545e9632244d1e73aa2e66c9127e41107fe16", "file_type": "modified_file", "id": "file_8", "md5_hash": "b67ead1d72ba6a82978412b41ae0b19c", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "dc9545e9632244d1e73aa2e66c9127e41107fe16", "sha256_hash": "bd7484200703ebc39ac41862d1dfc800c2747ba2f2c56556c18e073a38e8866e", "size": 1370, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/86337fe9402384748c740602d8f5b196da4f42fc", "file_type": "modified_file", "id": "file_9", "md5_hash": "c8d692d45464cec7ac72a410014618a1", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "86337fe9402384748c740602d8f5b196da4f42fc", "sha256_hash": "c38850622b4e8f39f63f32a390f9c6ae6dbd995f97f915010feb352d9ac315f5", "size": 1587, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/36dc5b141b172b2713a9066a7cda901d52e602be", "file_type": "modified_file", "id": "file_12", "md5_hash": "49747746e04d96ab1c4af1a3226a55ee", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "36dc5b141b172b2713a9066a7cda901d52e602be", "sha256_hash": "62e8fef6ef9b4ab3643edc4c98d44ed12f977498c3a775780e020314ada02054", "size": 254, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e4789ae1ef0db80c39de1cd932169610d7a1bca0", "file_type": "modified_file", "id": "file_13", "md5_hash": "ecddd67cc1bb94b684d4bb7116c7c4d4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "e4789ae1ef0db80c39de1cd932169610d7a1bca0", "sha256_hash": "dc2860ef55a5c6ebe873ae1dbe5170c0980caa038c428fbc8852ecc03c991104", "size": 503, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3c7f01ede74be6544ec703d59b14c172d1bbdc6c", "file_type": "modified_file", "id": "file_14", "md5_hash": "11f304d86594e21db142e4d5477062c9", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "3c7f01ede74be6544ec703d59b14c172d1bbdc6c", "sha256_hash": "14657a3e73f8e5e77ad0e5cf7627765fbbd1ea30b82cf2cd51bb681d05065a95", "size": 734, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2553416e93dcb6d1cca9762ac757c72c2ff0ead4", "file_type": "modified_file", "id": "file_15", "md5_hash": "5be86a9a54bb683c5dd22e6ccd6e8129", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "2553416e93dcb6d1cca9762ac757c72c2ff0ead4", "sha256_hash": "fd4a1be1fa728d58a611eccfa621d1861511dd308147af1d7852050a9822225d", "size": 983, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9cd12936f4234d55fc8d47e3e5c2e7fb8a4ef9f0", "file_type": "modified_file", "id": "file_16", "md5_hash": "5d3538851bd0ecca9846381671ae62c7", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "9cd12936f4234d55fc8d47e3e5c2e7fb8a4ef9f0", "sha256_hash": "95edcf90f9002af85a5a820903fb56248b5ce95709a66df6b443823b1a933b12", "size": 1214, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0ad1882034ced37f2e9b1dd5b9ec891b33a406b7", "file_type": "modified_file", "id": "file_17", "md5_hash": "2ce03089882c124fc7e93e69e967a465", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "0ad1882034ced37f2e9b1dd5b9ec891b33a406b7", "sha256_hash": "8ceb88a73a20dd2a8fc1d98e55e4e18fbb627f347b000ebe2940f886eb2c88e7", "size": 1461, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/87da3c9bcd2b15c9e9be7f50af6b0d803328175e", "file_type": "modified_file", "id": "file_18", "md5_hash": "b701d42ccbf8f6bfa08728e994325c11", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "87da3c9bcd2b15c9e9be7f50af6b0d803328175e", "sha256_hash": "fb6015ef2fe52d690b51ac76e5b78900a7946c02479e2f7c8cb692192a2fd56e", "size": 1734, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9c5b9455744dcdc3d950afeab16eedb5d20baf25", "file_type": "modified_file", "id": "file_19", "md5_hash": "6be161c2953cae565b22a07e201f8726", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "9c5b9455744dcdc3d950afeab16eedb5d20baf25", "sha256_hash": "a4d02adcbe9f8b2bafe87f7c1c96cf5156b3449eff825079c92a187e1a9978e8", "size": 1965, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9265f255415543b449a4d4b8cc57574067a0e121", "file_type": "modified_file", "id": "file_20", "md5_hash": "bfbc0cdfb9d6f21a9fa39a14d8e96bc0", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "9265f255415543b449a4d4b8cc57574067a0e121", "sha256_hash": "ce2e61a5890c0d208981dec87ad662f7c40bde22ceac84c445cc509716c350dc", "size": 2213, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/92cb1de3bc8d9a70180f2bfa965373e7fc3302f8", "file_type": "modified_file", "id": "file_21", "md5_hash": "999ad5e81467737e11970863123091ca", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "92cb1de3bc8d9a70180f2bfa965373e7fc3302f8", "sha256_hash": "ed61788db9b00ea79918b068bef79c0af244a5dd6ddab7c692eb0361becd8622", "size": 2780, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3ab9fbee5b9e8bdd1d45238c4d6415ce68a82c90", "file_type": "modified_file", "id": "file_22", "md5_hash": "54b20d7537b460847a75649fb0142a27", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "3ab9fbee5b9e8bdd1d45238c4d6415ce68a82c90", "sha256_hash": "c1f1310bf8192b9760b04ac129ada80c4d8febfe9062f8a1bebb60ec65bf7045", "size": 3011, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6bbdbf576600499933171f533b527ef589cfa3e2", "file_type": "modified_file", "id": "file_23", "md5_hash": "3a2e7422dc29c5bfcba2bf3e33906bfc", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "6bbdbf576600499933171f533b527ef589cfa3e2", "sha256_hash": "6c6b1751aea374e804aecdd3543826ce73aaf785124f74fdbf26b90d2546af46", "size": 3259, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7517c6396f46a4f0f6239954c5e5fbc305bcd9ca", "file_type": "modified_file", "id": "file_24", "md5_hash": "a1592dfa53f9c764309db9727edea7ca", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "7517c6396f46a4f0f6239954c5e5fbc305bcd9ca", "sha256_hash": "ddeceb8cddc56e5d5207a53d3be2c7756d3418be353fd959fc0f4b48c2ff1eab", "size": 3490, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5305e9b775a99d2021bb21fab6f88453feff1699", "file_type": "modified_file", "id": "file_25", "md5_hash": "53b08ad589b28aac3a88f3c35ce38c39", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "5305e9b775a99d2021bb21fab6f88453feff1699", "sha256_hash": "9b0ea3d5aebbec0c1c59cfdb881d3dfd126a42f435b013bfd4de9de3a9d864d3", "size": 3738, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/dfef1e8145ebda70f9cc7a95684ac141dc5c9b1b", "file_type": "modified_file", "id": "file_26", "md5_hash": "2c1a3d36b842dbc532141e89b7c626d5", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "dfef1e8145ebda70f9cc7a95684ac141dc5c9b1b", "sha256_hash": "ececa735534ec922d178ed1bde6272662138867456807e72a6fb6bbebcb82c37", "size": 3969, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/06735b9799bd44b1b36211569751cb20ff98e88a", "file_type": "modified_file", "id": "file_27", "md5_hash": "864e411b102ddac6e0df717316a0eaf1", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "06735b9799bd44b1b36211569751cb20ff98e88a", "sha256_hash": "d5f8c0393c9b2516121ff25157de89d76d0a6ee0e66df30bdd4068f53ef03bb9", "size": 4218, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/00729b2a545320e3c3a6aa2b307931bc9f2e9372", "file_type": "modified_file", "id": "file_28", "md5_hash": "e43cbda4b6350cb4e7f415e3d3ea5506", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "00729b2a545320e3c3a6aa2b307931bc9f2e9372", "sha256_hash": "db5a979a33461d2323fc0f63154071fdf3d12599ea01bb9f48e337b40ad530a1", "size": 4449, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6d982ea6d2f07cb2241e397d556491196500013a", "file_type": "modified_file", "id": "file_29", "md5_hash": "19e41a9bbee8b943fbffb11b43e91c6a", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\nieo_glbfe5pi.qef", "sha1_hash": "6d982ea6d2f07cb2241e397d556491196500013a", "sha256_hash": "6e00e3dcb22d69648583f51e3192a927412f4d7ab2be7f0c36210e47a71f81c4", "size": 1680, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e8004c53ed2e92805439f503dc1c53356bdc2e14", "file_type": "modified_file", "id": "file_30", "md5_hash": "c04415bfd79968e902df855136a9d018", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "e8004c53ed2e92805439f503dc1c53356bdc2e14", "sha256_hash": "c2ad3b5608da3de3a47e6fcb12ba56ec1842afbdc82c63c7d202d94f3a775f81", "size": 4663, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cd85ad97c06d7c65c800cf8f47f567dd6d4574c9", "file_type": "modified_file", "id": "file_31", "md5_hash": "fe927ca9fbc42f662033aa5c643d2bf3", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "cd85ad97c06d7c65c800cf8f47f567dd6d4574c9", "sha256_hash": "1f5f4564ebbb8e12991bb510fa3f97a433ea78cb1ee1ce515971aa1f3190cfb8", "size": 4943, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/95ebdccb609b0d33306da88224d346ee5be88b7f", "file_type": "modified_file", "id": "file_32", "md5_hash": "ac35a77e5f471e14598cca890297ba16", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "95ebdccb609b0d33306da88224d346ee5be88b7f", "sha256_hash": "aa0cd4e444571a2d10591893338fc5cab75c4ddc762b00c024f6c5dcce4fc66d", "size": 5210, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cddebb3cd338765b636e0a08630d7c016a6ac307", "file_type": "modified_file", "id": "file_33", "md5_hash": "e9a283db6371a73a5c62a14e2c170aa8", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\kinto.pyi", "sha1_hash": "cddebb3cd338765b636e0a08630d7c016a6ac307", "sha256_hash": "3bab6a563dcf574fec0f6098c360456b5f87ecc938e3719d130bb956ec9c6f2e", "size": 30528, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/73955aa3ae5a94ee80d09d0f4613683689b726a6", "file_type": "modified_file", "id": "file_34", "md5_hash": "1385bb15ef5cca5c422d7d61c347ad5e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "73955aa3ae5a94ee80d09d0f4613683689b726a6", "sha256_hash": "95e2d27d5e772befcc7b611d7b808cbe46589134040e988a6a7347c1d089e567", "size": 5435, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/691b0ec29bd493152b5b1639d8f60d89634eb10f", "file_type": "modified_file", "id": "file_35", "md5_hash": "8b3bfce1c16eb6566c2bbc0ed737e116", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "691b0ec29bd493152b5b1639d8f60d89634eb10f", "sha256_hash": "69974b9832c0ea7404157c42f1e574bf38195e2dae84054675da2e48ce42a5a1", "size": 5688, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b0309b2e99c4cacb66067c3aea3030a5db4b410f", "file_type": "modified_file", "id": "file_36", "md5_hash": "dfb2bf20712433200a0f34e89bfd1f8f", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "b0309b2e99c4cacb66067c3aea3030a5db4b410f", "sha256_hash": "f9854d06c855c0952576fbb6ec99e620c83aff8d29c4f6f0d8a951629df831d5", "size": 5921, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/119044373b3116f33c0aad617457ad3468dfc9b5", "file_type": "modified_file", "id": "file_37", "md5_hash": "1982212cfa01f20061a76a24946aed06", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "119044373b3116f33c0aad617457ad3468dfc9b5", "sha256_hash": "c90ae99ea1f2aff36442e10f37fd34659f44c5af1812619a234b42e8469f062e", "size": 6181, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4a42bab79bfcc7893695048c3466d3283ed13d5f", "file_type": "modified_file", "id": "file_38", "md5_hash": "2fa430402ff82bbcd87c761c904aa8c1", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "4a42bab79bfcc7893695048c3466d3283ed13d5f", "sha256_hash": "10a5bda3b3bf4ae81795228c425c0f943688254021757a2aed75917d107425b7", "size": 6441, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b1f15b0caca81aad6a9a6d923bc7854c45d2510e", "file_type": "modified_file", "id": "file_39", "md5_hash": "3e9f4dd5161fccfa15a1f3f04ac252b1", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "b1f15b0caca81aad6a9a6d923bc7854c45d2510e", "sha256_hash": "911c87d7b39d72b455bc96d145e8b59860473c95f119cf374527678489a1c31b", "size": 7008, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1cd8ec22ca372961ba9c136d97b9860a592284da", "file_type": "modified_file", "id": "file_40", "md5_hash": "37662643f607ec29fa5ce2ec030368b7", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "1cd8ec22ca372961ba9c136d97b9860a592284da", "sha256_hash": "4b31703b7fb7e1210ff47e78f4a9aaedb1fa0691aa79b8f027904c609aad48fa", "size": 7290, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/79b7d2f2009e3d262c819aa53a3cc7d4bd49d438", "file_type": "modified_file", "id": "file_41", "md5_hash": "b3d656149a3a368dda644aef62d7d833", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "79b7d2f2009e3d262c819aa53a3cc7d4bd49d438", "sha256_hash": "86898ed575082485010666ba1381f8063f941e8261f04801a84b3ab7d82d40b4", "size": 7530, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/11dce1c5f2eadd282343f6e8d9f277299fedac65", "file_type": "modified_file", "id": "file_42", "md5_hash": "29f217ef55494025752782daf9fc6632", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "11dce1c5f2eadd282343f6e8d9f277299fedac65", "sha256_hash": "6d918e52d15cc2e55603b6518a0de58b884fcf025c07a08ca541e2bfa46e9d9d", "size": 8097, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/03b504c68552d8c9388a93ec23c52179c9840df6", "file_type": "modified_file", "id": "file_43", "md5_hash": "b615d164742b6ad031d2dc42da2c5f7b", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "03b504c68552d8c9388a93ec23c52179c9840df6", "sha256_hash": "0d4c1176349e0a361d620d921daa66b5eb64162800c58da2f1fbb9a66d664b19", "size": 8350, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f76db3f323b9dc2e163e822a814bb03859e14aa9", "file_type": "modified_file", "id": "file_44", "md5_hash": "752c8cbfd672ce82e360c94525a7347e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "f76db3f323b9dc2e163e822a814bb03859e14aa9", "sha256_hash": "136083471ad4c48610a5c1e83153fb49ed79600f821d3209178fbccdbb8dfeef", "size": 8623, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1de98b46afe330a05084d4538f65297781905da1", "file_type": "modified_file", "id": "file_45", "md5_hash": "2e2bf76537833d84beef91ecd1d48e17", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "1de98b46afe330a05084d4538f65297781905da1", "sha256_hash": "4cc507d91ce1d63f640a4f1100e894cd57750c92b92d5d6788f6809917cdd84d", "size": 8896, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5b28e1d264659bf9f92ce9a90ab12684e2422ad1", "file_type": "modified_file", "id": "file_46", "md5_hash": "473efc736b09a566092bf99653f05d2a", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "5b28e1d264659bf9f92ce9a90ab12684e2422ad1", "sha256_hash": "e9c9ac9772830aa1966cd4d298b9fb4fac604f95c9a3802bfba272fe68f62e35", "size": 9169, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9e2cb742a7b744a12da894b56d894bf71ce6b26a", "file_type": "modified_file", "id": "file_47", "md5_hash": "abf99640d36285ef7e8049c771408e93", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "9e2cb742a7b744a12da894b56d894bf71ce6b26a", "sha256_hash": "a855eccfc5f55dd134cb2b5edae3d0bdf48a45ae3a9049b460c2fdc665ba19ba", "size": 9383, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/018cd17aff1667a6d22587c4506269fdc03ef503", "file_type": "modified_file", "id": "file_48", "md5_hash": "41dac4e0c067e6ca3d648e9acc387627", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "018cd17aff1667a6d22587c4506269fdc03ef503", "sha256_hash": "cd1e4a09f4862bf13827da7f93c6c00228c468a647fa4a89ff9c55007fcda138", "size": 9663, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/27613a6bf3727cb03a4f1dbbb2e6a775acca90ef", "file_type": "modified_file", "id": "file_49", "md5_hash": "ec98f141b54c6ff63de52791893d9c27", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "27613a6bf3727cb03a4f1dbbb2e6a775acca90ef", "sha256_hash": "2be661be6833a8f59f4e5b264bcf1de755ef54250515dc03083f85887acbc17a", "size": 9930, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fe85e045b59f07f85669bd46d63f660620761b2e", "file_type": "modified_file", "id": "file_51", "md5_hash": "0f9f674a0fa9515a5a4f67bcde4d0a0a", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "fe85e045b59f07f85669bd46d63f660620761b2e", "sha256_hash": "df3d3a0ed7fc2ace8bfbca69645108d9d517cf701bb56c371120497b69a9bf5b", "size": 10255, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/79044e5abd1885e2dfc5851f03254f67af12a8c3", "file_type": "modified_file", "id": "file_53", "md5_hash": "4cfbf93467a5a7a77b097bedfc117235", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "79044e5abd1885e2dfc5851f03254f67af12a8c3", "sha256_hash": "4d01e326b22bc3a40735af6f23be57d5919cc5d1c2fc94894087c8fddea1300b", "size": 10530, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a9a0fedc4bee162254d518756886702b0e5f697c", "file_type": "modified_file", "id": "file_54", "md5_hash": "d52e836e928be5e360d4b78dc6207d87", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "a9a0fedc4bee162254d518756886702b0e5f697c", "sha256_hash": "6fce4fd55701c36c02318fb9e378eb067703ee05ab8cf130efc8cfdded59644f", "size": 10779, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b43b66bfc978fb212cf13e7ec5992eb43178c0c3", "file_type": "modified_file", "id": "file_55", "md5_hash": "27556dfc48e76285833d8a04efa15ec6", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "b43b66bfc978fb212cf13e7ec5992eb43178c0c3", "sha256_hash": "132ea79a4f8e7211d115b4fc0a75a810c078b6c3a7ffaea734ff17b826e160d5", "size": 11042, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/869985d5f2213414cbab7c8bce75dba757e5a354", "file_type": "modified_file", "id": "file_56", "md5_hash": "3939683e91dafdbc8e732437daf6f42e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "869985d5f2213414cbab7c8bce75dba757e5a354", "sha256_hash": "0b2fdc46d17fcb3c9743ddc50ac08977715d2df0f8d550d1f2c33c6256535c47", "size": 11267, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9f424e2b0159a7fbcb0aee21326744706ff59991", "file_type": "modified_file", "id": "file_57", "md5_hash": "31bee244631bc1a3227d34885c6f8616", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "9f424e2b0159a7fbcb0aee21326744706ff59991", "sha256_hash": "60e2bb749b7447bc7113f8d25b4a966eeaf4599b0c17914b889c4d2b58331f00", "size": 11887, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/abf5e40323ce1404a0859386a168c70f2dffbc04", "file_type": "modified_file", "id": "file_58", "md5_hash": "7fcd6ef51678c5ae53e9d347e0f8f85c", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "abf5e40323ce1404a0859386a168c70f2dffbc04", "sha256_hash": "8d071f88de460c436516464cc897546b285fdc7992c5802a64f35c6e7b3e0035", "size": 12168, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d0bb19405c668ed997d5577332150a34ff3f295c", "file_type": "modified_file", "id": "file_59", "md5_hash": "4a51932fcb2e4813035dec9f2eb79901", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "d0bb19405c668ed997d5577332150a34ff3f295c", "sha256_hash": "1ddfd0d8f2f06baf655d9fc8ce2aa9c4e9e88b05e9e9190a84784760c139c7a2", "size": 12417, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/824026bd93be680e3363be0affafcdbde3a01870", "file_type": "modified_file", "id": "file_60", "md5_hash": "eebc5d7055bbf07f9f7d36d387c0a3eb", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "824026bd93be680e3363be0affafcdbde3a01870", "sha256_hash": "b1742de8db4a613bf95d18253c60c73de8482068e981ce6553454a180e2b16e8", "size": 12680, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8241f61be50bb183ce90452f02d5982ea584f23c", "file_type": "modified_file", "id": "file_61", "md5_hash": "0281ff2858afd8d48312017c7d7d314e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "8241f61be50bb183ce90452f02d5982ea584f23c", "sha256_hash": "8267d834dbc661a80a34424ec1701e49ad7b6851b8585fa5ea19f419cb59874d", "size": 12961, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e7ee043118ba80e8eb8dcaf2a55e38d397468a44", "file_type": "modified_file", "id": "file_62", "md5_hash": "2e6e202eb574878402d5cf5af694c084", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "e7ee043118ba80e8eb8dcaf2a55e38d397468a44", "sha256_hash": "4683f1ecee37a999efcb39307e1dbae4d0aa389ba2d6d6f1496098fc47c3bdd7", "size": 13208, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/002afe77b885b5e853f1df3b401f973cebc46f45", "file_type": "modified_file", "id": "file_63", "md5_hash": "325a9f04d866111efa0c4c055d2520a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "002afe77b885b5e853f1df3b401f973cebc46f45", "sha256_hash": "ce32dcbb01c72579378d45d3969447faf69340cc4bf71840072a5d655ebeca43", "size": 13467, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0bd87ef5b998cdc9d49ae2b520dbdfe2f0377b03", "file_type": "modified_file", "id": "file_64", "md5_hash": "79137110fa26ef93519c5f5fc06d6878", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "0bd87ef5b998cdc9d49ae2b520dbdfe2f0377b03", "sha256_hash": "579ef5d991f11c40ee8f3a53b490264e68534b8ebb7730492d13463da74c96c3", "size": 13746, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4df43ea7c52bdb2d8d353f863fb8182f5cc7502c", "file_type": "modified_file", "id": "file_65", "md5_hash": "50e4e3bd81a5a4c76edc7a06872f8910", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "4df43ea7c52bdb2d8d353f863fb8182f5cc7502c", "sha256_hash": "0a530677589bc902a22292befb4fc81d5cf4c1cd1d470a0ea29c6e28212e0b1a", "size": 13987, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6bce6136b2e7583a73a6729ea55e8a357c5109b9", "file_type": "modified_file", "id": "file_66", "md5_hash": "6ad3a7538b8a7b4760beb75c29cc549e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "6bce6136b2e7583a73a6729ea55e8a357c5109b9", "sha256_hash": "dcc29c6c645904bf50cc3269e20dd52d2c7264c02fd4abaf3bf45ff90d735282", "size": 14217, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8b5504f473005bfeeb6a4621931f45a594e39f99", "file_type": "modified_file", "id": "file_69", "md5_hash": "82149ea6f13efb05a7a857c9524206c0", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "8b5504f473005bfeeb6a4621931f45a594e39f99", "sha256_hash": "1b5b293b8bb69969b5edd1fae5cc1e9e253de799b943eb0d996c7b0d80855561", "size": 274, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/db21f887c9eeb6a231eea8c01e24980e272ee401", "file_type": "modified_file", "id": "file_70", "md5_hash": "890881188a68d4d79d2b84eb9562faa0", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "db21f887c9eeb6a231eea8c01e24980e272ee401", "sha256_hash": "3eee1f1cee768e487aa015ba44aa4819a35d57b824818640737c310ba706ac8b", "size": 522, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c09f6e6e75acea7e909f23558c261c870516feb9", "file_type": "modified_file", "id": "file_71", "md5_hash": "c296662b42e3b5ee7be6dd9af55885f2", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "c09f6e6e75acea7e909f23558c261c870516feb9", "sha256_hash": "2eb22f9abd8970fd5979d3c838791d3b0407103fee2fdb0fb175e169e98e3a92", "size": 779, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/eb594bca29702261f94ef2c47e448e6c8a08dc1d", "file_type": "modified_file", "id": "file_72", "md5_hash": "a899a735ca54806f0e2e5370d06f0c98", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "eb594bca29702261f94ef2c47e448e6c8a08dc1d", "sha256_hash": "63e9c849264425991071fbf13afc2181e22771a2e29f756df6538971519c51f0", "size": 1032, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e5fa0cd8ca4a010db979ae851a11d0edd4bd7b35", "file_type": "modified_file", "id": "file_73", "md5_hash": "ed450d8bb34ac18f53f98d9659e2257b", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "e5fa0cd8ca4a010db979ae851a11d0edd4bd7b35", "sha256_hash": "a2ec6f8c3c15d6f2bcc9372bb88d84f28f86a8dac873c7c40bd8dc8866d4d5a8", "size": 1280, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/76c65a07447bc7d8cc4b25edb2f02f4abd738e61", "file_type": "modified_file", "id": "file_74", "md5_hash": "51c39c010e918623bd866a52ec6da38d", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "76c65a07447bc7d8cc4b25edb2f02f4abd738e61", "sha256_hash": "21b071de60d5e782dfd9081187bc6848e35cdf05f4999e11bad6e1b71f9c9351", "size": 1537, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9620b6c79f3ad5b68b1a3c2671c961fddee74e8a", "file_type": "modified_file", "id": "file_75", "md5_hash": "43e3953ffdba1797aa3877c1517025b1", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "9620b6c79f3ad5b68b1a3c2671c961fddee74e8a", "sha256_hash": "660fff60517b529b21b47b646664ab4746a4fdfeb1fc89cf87d00ee2a35700b9", "size": 1785, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2000f96970f9446a9206380384b9f5bb52c55d28", "file_type": "modified_file", "id": "file_77", "md5_hash": "f4350400ebc42cb6e8813c050ae7d516", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "2000f96970f9446a9206380384b9f5bb52c55d28", "sha256_hash": "4259bf9b98280f07443819d7f30955ecf77c1bf2a8a1f67377340eef43d25e8e", "size": 2046, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c9971de09999df184fc368a619d73b1f3d58885c", "file_type": "modified_file", "id": "file_78", "md5_hash": "ee07d6bf78d0be81801a915adcc02ca1", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "c9971de09999df184fc368a619d73b1f3d58885c", "sha256_hash": "22a8c2ecadebbe79e961a81bdf68957ff97d072d2b1f1e6c627f0d3b77c2d4f9", "size": 2295, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4e2eafcba532d8dada6a7c38773fce2ab3c81d82", "file_type": "modified_file", "id": "file_79", "md5_hash": "63e81763e02bc00b58e52da6fc887a92", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "4e2eafcba532d8dada6a7c38773fce2ab3c81d82", "sha256_hash": "4673b9dfe20e4c590f94207874ad592cdace907d55c612e766a96fb1e84a3042", "size": 2556, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/53737ac895fd42e4987108c721c87e207f357b25", "file_type": "modified_file", "id": "file_80", "md5_hash": "e83c51b820041ef443e51d98e3f612be", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "53737ac895fd42e4987108c721c87e207f357b25", "sha256_hash": "bcf3c5be012c9aacfa9a37b3d06338fdaf32d2de3a4ace62cf9320e90caa172e", "size": 2816, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0da0f43065298e392749160f2ff40fdbe445124d", "file_type": "modified_file", "id": "file_81", "md5_hash": "3b12a168701971a21c9b571035c6a0f8", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "0da0f43065298e392749160f2ff40fdbe445124d", "sha256_hash": "34ac8810b8abf4f8805071b5ecbfbde681e37a7962057d411c11cc596cb5dca6", "size": 3076, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/656c296562760815019ee973b7dd5378d8d6abc1", "file_type": "modified_file", "id": "file_84", "md5_hash": "2739399741830726c012701bd52b7ccc", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "656c296562760815019ee973b7dd5378d8d6abc1", "sha256_hash": "f9c77921a460cc9b94a7491362527d1427b26823ed48158b631bc57ed33f652f", "size": 3643, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0c861dc9db067c65e05f7f48fc677bc07966db22", "file_type": "modified_file", "id": "file_85", "md5_hash": "27f6f2152d9eb2234694e0877422ccb6", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "0c861dc9db067c65e05f7f48fc677bc07966db22", "sha256_hash": "5adb193561f442021455ec68521dafe9af71d2fd93fb1ee228eb4e97a30ab54c", "size": 3925, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/555b8e0d22e10e617564bf02fd3b7c3e82a8748f", "file_type": "modified_file", "id": "file_86", "md5_hash": "77f0193e8f6be3517577f1e1eda545be", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "555b8e0d22e10e617564bf02fd3b7c3e82a8748f", "sha256_hash": "2a8ae96bde02e0862c3bae8bb8489d3f480e3eba6c9b24ca64ed106ce09c96b5", "size": 4197, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3794137cdbe99f62b0097d737b5295e69a4193b9", "file_type": "modified_file", "id": "file_89", "md5_hash": "b63bc739a27f74eb3fe9e276a366f896", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "3794137cdbe99f62b0097d737b5295e69a4193b9", "sha256_hash": "c653223195eeb21f55d4f1f004257fd43feb289a54ca10fbcaae382a87f89bb2", "size": 274, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d8b8f52e1cc755458d71d67e6d6460a78ae5a6cd", "file_type": "modified_file", "id": "file_90", "md5_hash": "65c927cde4ddcff695818c5915114a3b", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "d8b8f52e1cc755458d71d67e6d6460a78ae5a6cd", "sha256_hash": "9c5193f63248af045b9014b75ea5379eed0159b919c639c7aa3dd5f4d01ec0f4", "size": 547, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/90fe10c790a5b55fdc7ea16301cb19f662441d52", "file_type": "modified_file", "id": "file_91", "md5_hash": "aaeb7e4309d99bb808405b4e2cb7dc6d", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "90fe10c790a5b55fdc7ea16301cb19f662441d52", "sha256_hash": "b06b37d2eabbd600a8c21a8fa8a05e61dc53b392048d2a4e67faefad02f65a13", "size": 800, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/712666f6c412c29fea791c60a57ed9f3aaf667ec", "file_type": "modified_file", "id": "file_92", "md5_hash": "6142480f697426d754adf0c6e7fb5497", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "712666f6c412c29fea791c60a57ed9f3aaf667ec", "sha256_hash": "1457321593712996a5f299347a9277f397cbfe419bf3e4988dff3501dd2a2be5", "size": 1367, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/524c615ba75de8513477acfec8af51a28a7dbfde", "file_type": "modified_file", "id": "file_93", "md5_hash": "8eb3797f52a0bbc1e9826d70636bc3fa", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcache\\ie\\gy9r3u9a\\g[1].htm", "sha1_hash": "524c615ba75de8513477acfec8af51a28a7dbfde", "sha256_hash": "1727cfb8c3f8af8d01089854993db8dc6528718202e3c855dbb2bca32d781768", "size": 192, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/88e79bcd4894cb5e925478224fd699fa9e7058cf", "file_type": "modified_file", "id": "file_94", "md5_hash": "f0b762838a58148af445925733cd9f86", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "88e79bcd4894cb5e925478224fd699fa9e7058cf", "sha256_hash": "d719b2c869f90bf179a7dfe8b172d46fcac7d349bf20851c22973eba48675907", "size": 1648, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1def27555742adec44d8ab74c884a27afdfcb9a3", "file_type": "modified_file", "id": "file_95", "md5_hash": "1e6e690e73680731887d430e0869762b", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "1def27555742adec44d8ab74c884a27afdfcb9a3", "sha256_hash": "b886fa128a611ba1b079207e01b374ca8068ab4fddae8feaf2b858c1e3f36cc5", "size": 1911, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6ca287f3f0ed0201c7be6f5299419813fdb2a314", "file_type": "modified_file", "id": "file_96", "md5_hash": "67fe90eff4a2f2650148f6f11e7a693d", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "6ca287f3f0ed0201c7be6f5299419813fdb2a314", "sha256_hash": "33af58cf34284d20cfad224c064e48d4c9ff080b38f35d214da2b0b18824c2c9", "size": 2125, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/99899656a32c2c593b848dd375f53ce580276a69", "file_type": "modified_file", "id": "file_97", "md5_hash": "56a1ece9daeb8537a56f19911a83b199", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "99899656a32c2c593b848dd375f53ce580276a69", "sha256_hash": "15d63269a8dbfcce2099b9913ca67877cf662165de479943c83d1b72af4b5c11", "size": 2405, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c42acfe22aea70c470c0bbafbbc8f80230bd2a75", "file_type": "modified_file", "id": "file_98", "md5_hash": "03d9a4a10c71791249e80820860a4772", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "c42acfe22aea70c470c0bbafbbc8f80230bd2a75", "sha256_hash": "fd395968c56a16d75076f1cd6a419a7e8b323a1123241efccf3328875a2b5e85", "size": 2672, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fabff235cdff47ba51462a567b074f926c2f7f94", "file_type": "modified_file", "id": "file_99", "md5_hash": "2b07a02e4b1ff8e22172598ba3a6fba2", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcache\\ie\\gy9r3u9a\\g[1].htm", "sha1_hash": "fabff235cdff47ba51462a567b074f926c2f7f94", "sha256_hash": "fd3f3df862ff7941a9097c255b070dbdcdfdd558aacdcb504ecf7a0668476dc4", "size": 192, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/52ae7aed5e40f16d392afa7eb59408dca6113aa6", "file_type": "modified_file", "id": "file_100", "md5_hash": "12b2fb63c9d060744945e33af1c1d6ef", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "52ae7aed5e40f16d392afa7eb59408dca6113aa6", "sha256_hash": "47e873983d945ffb5758832dd38cb8ce4bbaa825daf9fb5916021734d521aa55", "size": 2953, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/42a2d996649d6169dd012fd6ec4c8521c6d1d7dc", "file_type": "modified_file", "id": "file_101", "md5_hash": "562718cc0f9dde290ed96144b8748924", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "42a2d996649d6169dd012fd6ec4c8521c6d1d7dc", "sha256_hash": "b563f6a196269196c279309972f9a89acd9e2e4617189ab1f66aaa88bf75e2a6", "size": 3216, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/60f93d5902a52b9907367c4fc8c35e28bdc0aeec", "file_type": "modified_file", "id": "file_102", "md5_hash": "0208276064edd371df9848924d2ce52d", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "60f93d5902a52b9907367c4fc8c35e28bdc0aeec", "sha256_hash": "d0a1ec62d000edaa129c3222687eb7d88abe1a8bb85861a716d00d80d84708cb", "size": 3441, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6a838d862582ad885d06c270bd7e53735319ce12", "file_type": "modified_file", "id": "file_103", "md5_hash": "b3e4bc7bce0449140c64a20417806736", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "6a838d862582ad885d06c270bd7e53735319ce12", "sha256_hash": "cf71b8662a2d46c3719bfe02b97e9aab66be023de85dd6a49126f79cb6b134b7", "size": 3720, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/aa71c4be3d1c4bc3aa1a3f114fc6749dcb8a4040", "file_type": "modified_file", "id": "file_104", "md5_hash": "ab7ddef34dd4e99db84d975b083de0d6", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "aa71c4be3d1c4bc3aa1a3f114fc6749dcb8a4040", "sha256_hash": "315d798eadba544f89087288724ad849cf7cc25efaf9583804e3eb3e079ae930", "size": 3979, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a8a7679c5b026ee35aee89fd82977cd03184bd1d", "file_type": "modified_file", "id": "file_105", "md5_hash": "658f9d71ddc6ec54bf9b6aec30d3cc5c", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "a8a7679c5b026ee35aee89fd82977cd03184bd1d", "sha256_hash": "ef25c2ead97bd3d50fb29f2b839bd22de88aabcaf9be950257f5da707d309ba2", "size": 4252, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d55c49127a48a15e742c8301f1adfc5150644c24", "file_type": "modified_file", "id": "file_106", "md5_hash": "0b543aac930cd2d9562a2ae37a232394", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "d55c49127a48a15e742c8301f1adfc5150644c24", "sha256_hash": "8f4de247957a1dcadc2e773f496449e7c8dd4a4f9e5757e070d3b9b86471df0e", "size": 4488, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/70b777c0c27c1671963967f24b848ec324e0b1b6", "file_type": "modified_file", "id": "file_107", "md5_hash": "777fb81ebcdc022b739ee4b76c9d5df8", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "70b777c0c27c1671963967f24b848ec324e0b1b6", "sha256_hash": "65bc0257ba4496f4b6787110f355626018dd87874a6e63d56ffcb732f04fca9a", "size": 4634, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/25e49f913f5429deef37440b2d365cd02e0c2ba0", "file_type": "modified_file", "id": "file_108", "md5_hash": "b792ee8d6e31c5581599e6a89954153a", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "25e49f913f5429deef37440b2d365cd02e0c2ba0", "sha256_hash": "6a185d6e5d87ecf0d254fe8e47d9af25d1422fbdabfeb1013130719bbf4c536f", "size": 4773, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b4b72399aba5fa5ef3300eb2f9b4897dcff4b7c3", "file_type": "modified_file", "id": "file_109", "md5_hash": "bf8342780823e7fa44222be101e34cfe", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "b4b72399aba5fa5ef3300eb2f9b4897dcff4b7c3", "sha256_hash": "3e8699ac936f447bee469056d62db8c7301de1c7dc15e1ae24bd8fe4f438e220", "size": 4908, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/11f350a58a993bd65365e1d38861300df4edf846", "file_type": "modified_file", "id": "file_110", "md5_hash": "0eec26117a364bab41c65b8be51bf2a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "11f350a58a993bd65365e1d38861300df4edf846", "sha256_hash": "1b67bd51942f805a1c384bc2c52a2d6277663a023268dbd7c6da31bc2f9f935d", "size": 5052, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4be74bc99b72d84fede317d5d732e4a271897723", "file_type": "modified_file", "id": "file_111", "md5_hash": "60dcaf9c56f8d66145f69c96a47d76fb", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "4be74bc99b72d84fede317d5d732e4a271897723", "sha256_hash": "15fe4ca92da1c77194de1581042d01da407d6c8ce64d5fe0e883d49a3feabda2", "size": 5192, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/48b272c35290690ff2a7719b0e30d1dfd081c09c", "file_type": "modified_file", "id": "file_112", "md5_hash": "60afd01276a7217536508e7d8dcf7722", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "48b272c35290690ff2a7719b0e30d1dfd081c09c", "sha256_hash": "630d9367a0c625eb56828ee87ffde3e7d4c1a8fb1f7bc0d0882e404ac786c31c", "size": 5335, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8eb453ea778bd905062afea5f2311d33ed679551", "file_type": "modified_file", "id": "file_113", "md5_hash": "c4e9d5d89ef582566b872e3df3baadac", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "8eb453ea778bd905062afea5f2311d33ed679551", "sha256_hash": "6b2b6639e4d53535197d9bbc35f8b66924ab8de931c7e736a16620309f77304d", "size": 6038, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8d83f521c3a1deb650ad57bec34d034b337e5fe8", "file_type": "modified_file", "id": "file_114", "md5_hash": "742a63b65e9f6e45ac49368d223529ad", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "8d83f521c3a1deb650ad57bec34d034b337e5fe8", "sha256_hash": "271d6db98241bec76c1e506395c0b55b6f2362de0e30a3be2ceea129dab15768", "size": 6190, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8146f3ce0707a8eba00321dc01c3933090ece463", "file_type": "modified_file", "id": "file_115", "md5_hash": "01b7f7e06d6ab697fd90fd2bfb7a436f", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "8146f3ce0707a8eba00321dc01c3933090ece463", "sha256_hash": "9bfefe3527f1ba567e6ecb8967f435b5039c04ac25113281e82fe824635c6105", "size": 6338, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1452bd2ed0e3a6d34f660e7c500779f77a3a3ab4", "file_type": "modified_file", "id": "file_116", "md5_hash": "3f9d60b99925d17d305c8de36efba69e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "1452bd2ed0e3a6d34f660e7c500779f77a3a3ab4", "sha256_hash": "12819b07bcfdc3ee0fb7c58332db4f18bd9fbee87ea5ec2c7d1dd8747476812f", "size": 6486, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/36801dd88a32a839c211f1e88f813418397de0fc", "file_type": "modified_file", "id": "file_117", "md5_hash": "ec89e8caae91162a4c14e37c3ee0f430", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "36801dd88a32a839c211f1e88f813418397de0fc", "sha256_hash": "3dc0176abe4597044a51d5015e29f83e9d103cee9e8d555a7110fd309dc9a7fe", "size": 6630, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/70e650ac0e1f5ca5ae24ae87779ad54818075f76", "file_type": "modified_file", "id": "file_118", "md5_hash": "b65734e1f4fdd0ad4184482f1e3181bd", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "70e650ac0e1f5ca5ae24ae87779ad54818075f76", "sha256_hash": "0bab7331b42fde8dad5c7c905bb5457b77807025122b182fcafe96e6946a6535", "size": 6774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c0f447fe92b4e8e015b77b002e4f69a23d6bcc52", "file_type": "modified_file", "id": "file_119", "md5_hash": "4e77889fc8fc893ddd18911ef58a2d80", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "c0f447fe92b4e8e015b77b002e4f69a23d6bcc52", "sha256_hash": "f3eba3caf493ae6f20f1f471d2ee2a89f20a67b9049f14488d016fc7432370f2", "size": 9212, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bd91aa1ff29a4dce613641ed503a8c5e7767bcf4", "file_type": "modified_file", "id": "file_120", "md5_hash": "06fe29029ef50296c78ca70fc8161ce2", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "bd91aa1ff29a4dce613641ed503a8c5e7767bcf4", "sha256_hash": "8de91be2daf94ae434445478a545bc64ab66e3e46c6502d3ab5d6b5f3cdee346", "size": 9359, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1414a403573ca8ed711432b4411b2c40900b0874", "file_type": "modified_file", "id": "file_142", "md5_hash": "b8959860eeb641326a8c1fea8b88c747", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "1414a403573ca8ed711432b4411b2c40900b0874", "sha256_hash": "f7449b824eee3a46d9694a152b77865eda9efaa51670eeb3764b4296fde5ecbf", "size": 59258, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2d308753953c59878409e7aa63c945ec315d7801", "file_type": "modified_file", "id": "file_143", "md5_hash": "5f905eb958e44c3504454719df7830ee", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "2d308753953c59878409e7aa63c945ec315d7801", "sha256_hash": "7a2f8c532146fa93821473e907e05e27b2df0633e79accc0d837be2a5a8998d4", "size": 59575, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/180472a99a10d21371fee89b7af6dbc5bfd9f1f5", "file_type": "modified_file", "id": "file_144", "md5_hash": "f5de183a5d8b7fb45581d38d3a9d8996", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "180472a99a10d21371fee89b7af6dbc5bfd9f1f5", "sha256_hash": "4b7b34da9e1cc63ee083c18b891cdd60b1d0c37be3a11bce981b4200ba4083f4", "size": 60368, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/85f405b7efb91ff6695a46a086ccd23db0abbeaa", "file_type": "modified_file", "id": "file_145", "md5_hash": "cf8e0558f3ebe23d18591c885e5cc90d", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "85f405b7efb91ff6695a46a086ccd23db0abbeaa", "sha256_hash": "18276ea5d5978cdbc1c6958afd99d1310be7308a70e2d20272b57f04337a7461", "size": 60513, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/76ae8b91ce20ce8a192eb89a685ce525f8600356", "file_type": "modified_file", "id": "file_148", "md5_hash": "4c79fd219ccba9da9aa4d940cab0643e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "76ae8b91ce20ce8a192eb89a685ce525f8600356", "sha256_hash": "4e82cc39c4ee7af1ca6902129d6dae03019e4631bc3c2843fda6948c62f5410c", "size": 60654, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7e74ead716a09bbcdf763eedc9c07e3f7b0d4d9b", "file_type": "modified_file", "id": "file_149", "md5_hash": "977667f81f4c9395fac951940fe21608", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "7e74ead716a09bbcdf763eedc9c07e3f7b0d4d9b", "sha256_hash": "74ad3170284612c1b4acfa5c03b20b0464f3838f8684f221c4a806413df2b56d", "size": 60968, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c4991e51668ce2b1368012e94fdd175f44bb0059", "file_type": "modified_file", "id": "file_150", "md5_hash": "719eefaf8ed61dd59151a03ae5d7489c", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "c4991e51668ce2b1368012e94fdd175f44bb0059", "sha256_hash": "64a059a6c66557c5d016e5eb4be0c16a473cdf8af26a38ad2751c37f998ffedd", "size": 62558, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7ec7656e4926b37bc18831931ee9672458f89200", "file_type": "modified_file", "id": "file_151", "md5_hash": "e83d0a37f12fa9e077aebd6dc7196962", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "7ec7656e4926b37bc18831931ee9672458f89200", "sha256_hash": "4e304ab43ac39dd7c0ad374a1e78f358a0961d18e9b3dbe2a05a715bf95e8557", "size": 62809, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1a52236fc03ca560abcf875d746323e9eaeeb2af", "file_type": "modified_file", "id": "file_152", "md5_hash": "35fd8847359a0d204fa890921bcfbd70", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "1a52236fc03ca560abcf875d746323e9eaeeb2af", "sha256_hash": "5cd77d2d534397fceab04193c57cdeddb35183e98e9dcd325f9d973d5b83468f", "size": 63066, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1191cff510788667804fca47b8dbaa2b49f9531a", "file_type": "modified_file", "id": "file_153", "md5_hash": "5101d7a955e3ab8c8c99b2d3ecd64fb5", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "1191cff510788667804fca47b8dbaa2b49f9531a", "sha256_hash": "869d6dfd5153cebd0d705bc1d1a9b5d5ef2380ce504a190ec48c1e707bdb4966", "size": 63346, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3daac12bdc5e4b36c3d056b0f98e65f85fa50ce3", "file_type": "modified_file", "id": "file_154", "md5_hash": "89d13e2e1ee97cd12ab6399ab713dba7", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "3daac12bdc5e4b36c3d056b0f98e65f85fa50ce3", "sha256_hash": "d830abc9df6880dcf4e4f269d0b97f3b07cce833b6a85d5d78f77ae00dca1cc0", "size": 63594, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a1d710c54ae660f80379858bb3242e46a9227fea", "file_type": "modified_file", "id": "file_155", "md5_hash": "6aca05d501f8ee1356089497c803e7e8", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "a1d710c54ae660f80379858bb3242e46a9227fea", "sha256_hash": "acbc12a2880b8dc30bc8b593f9401316052e0379879e56091bb3bab2ddc83dbe", "size": 63851, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fc81b7afafdc6211a5799c67975b53a1a08ac427", "file_type": "modified_file", "id": "file_156", "md5_hash": "74d7bba8446d3dd10539749ee3828bf0", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "fc81b7afafdc6211a5799c67975b53a1a08ac427", "sha256_hash": "7c987505acc3664a81e0790b10f13e66166e40d34549816cd8478b99d24a3f4a", "size": 64131, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cdfe46b447c18ecfcc8544518e01397fb384a58f", "file_type": "modified_file", "id": "file_157", "md5_hash": "7b22368e6fa7be6a9367814f1140b7d0", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "cdfe46b447c18ecfcc8544518e01397fb384a58f", "sha256_hash": "983dff21ea81b8e17e032bbba44bf1ea80b73a67b2710bce905bc998562f02ad", "size": 64379, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/677b21967390ad5ab423d533d5656b2e857bfe7f", "file_type": "modified_file", "id": "file_158", "md5_hash": "a12970b34917a4567691fe0cc637098b", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "677b21967390ad5ab423d533d5656b2e857bfe7f", "sha256_hash": "b4e5db19ff959d6fd4b8a7165af593ea5995b0b2bb2fcbe06f825a9f32ce6100", "size": 64640, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5982ac554ff115d5159671ba88f2ebe7bd45b357", "file_type": "modified_file", "id": "file_159", "md5_hash": "e1423f9fd3d28137e487941bf42d59d2", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "5982ac554ff115d5159671ba88f2ebe7bd45b357", "sha256_hash": "4518bcc0e6f8f524c42395ce3beec9e04c52e34caf83716d45328c9e6e350a61", "size": 64920, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/846845be56de8307b9d065253d0855c783c206d9", "file_type": "modified_file", "id": "file_160", "md5_hash": "e32fbd49fe8892e926ee9099f74a9406", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "846845be56de8307b9d065253d0855c783c206d9", "sha256_hash": "fdd9ab6a7e272a8a0523c7f1ee23307057dd76c93eef0c6731f9d65e58a64782", "size": 65169, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fa9d558bc5dd89e66e309e7c121c9f71bd913ac1", "file_type": "modified_file", "id": "file_161", "md5_hash": "41dee095438331c85337715471144b2b", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "fa9d558bc5dd89e66e309e7c121c9f71bd913ac1", "sha256_hash": "ec47911cdfbcf12a5459876ede2946ec799e9272b67323a295eef03821da611c", "size": 65430, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cff27aba9e63e9f7566ccda457568cbb5d9076b4", "file_type": "modified_file", "id": "file_162", "md5_hash": "38d28878b89fff302cf61231e0c56f47", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcache\\ie\\gy9r3u9a\\q[1].htm", "sha1_hash": "cff27aba9e63e9f7566ccda457568cbb5d9076b4", "sha256_hash": "3c8117aee6d62bbd70e0674d4d98625d5898351ad8735a1372fbcfe404b3d834", "size": 36032, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/778a8394ba15345051af228735da0ba0b7ab9009", "file_type": "modified_file", "id": "file_163", "md5_hash": "d673e9072973fd465b31987dbc0611ee", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "778a8394ba15345051af228735da0ba0b7ab9009", "sha256_hash": "559cffc7b745e6ba7b83b03950f3286eaa220ee2c922d03f3022a935e63c787a", "size": 65711, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/01d315deb0f808282ced752c8d693ea8c2e05d2f", "file_type": "modified_file", "id": "file_164", "md5_hash": "dab78359a22d68a1e3936c59eb0fedc0", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "01d315deb0f808282ced752c8d693ea8c2e05d2f", "sha256_hash": "52345e8c8ccf23e003b18121a74687b2fd466d6f5eac4760603b6582eeb4193f", "size": 65948, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/241af6d21cff774017f0eb9cff72f22bab8eab30", "file_type": "modified_file", "id": "file_170", "md5_hash": "fa0de1182a9bde039f0ec5d2cbc211af", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "241af6d21cff774017f0eb9cff72f22bab8eab30", "sha256_hash": "4918121ec42b8b044919aa1d531be1f82a6789d06c213714ca1a996932a3be38", "size": 66184, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6cb98960b6f0bbf7797d7244ca2d1b6d853ce097", "file_type": "modified_file", "id": "file_171", "md5_hash": "3371590e60e649b4de8a73afa9dcb93f", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "6cb98960b6f0bbf7797d7244ca2d1b6d853ce097", "sha256_hash": "d73fcf1f6d1a6a7e907eef527aebc91c79a0ddb89b1242d184b3aba80e7c7159", "size": 66420, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/78372b93d84a597e8cb225708b3665c5c8832322", "file_type": "modified_file", "id": "file_172", "md5_hash": "3a3f49e988741e8e852de274921cafa8", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "78372b93d84a597e8cb225708b3665c5c8832322", "sha256_hash": "2655969808e511b23ed29c1546e83a4c82d39889cc075bfc86bff8747325e066", "size": 66656, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/91f83060394aa7674c9a135bc4c9d6508a534e13", "file_type": "modified_file", "id": "file_173", "md5_hash": "ee8abd6ad7a0dda0a53cf8a22688c580", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "91f83060394aa7674c9a135bc4c9d6508a534e13", "sha256_hash": "a15093931269db8f9281f5c4777546856f3c8f8adef3569a8052c1b16bc95b22", "size": 66892, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6d0bcf3936bfc4202f828e2921370a2aacfd280b", "file_type": "modified_file", "id": "file_174", "md5_hash": "c73560dc36b9fa1406fee74e909a1928", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "6d0bcf3936bfc4202f828e2921370a2aacfd280b", "sha256_hash": "41a68f203a733f0f4f2b56e001dba5a773eeee8b83b4fc0938a6c5436809650a", "size": 67174, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2c61e80cfd89b18cf6595b9c2d1d5740a2b642ef", "file_type": "modified_file", "id": "file_175", "md5_hash": "53054daedfef2d4df376fd30e8d05bec", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "2c61e80cfd89b18cf6595b9c2d1d5740a2b642ef", "sha256_hash": "29e66449359c00285da96c5c30c97d4bb41e3618532059988531bf9176b99b56", "size": 67447, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f8b193a8c47e0402a41df81217608ad8c76a4fa8", "file_type": "modified_file", "id": "file_176", "md5_hash": "d7777a87cd48a2d3e8fd357148599a53", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcache\\ie\\gy9r3u9a\\q[1].htm", "sha1_hash": "f8b193a8c47e0402a41df81217608ad8c76a4fa8", "sha256_hash": "46e1e998d8a31877f770db765fc7c7b615c32c6ee59a155cc95cc77f1435057d", "size": 192, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/368ea75d9e40ca03b81e0f5c1d993dc9e8e4e975", "file_type": "modified_file", "id": "file_177", "md5_hash": "f923413fcb241a839ff9dac023e67239", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "368ea75d9e40ca03b81e0f5c1d993dc9e8e4e975", "sha256_hash": "43df8f131145a72bfc9e4ddfc662e3d104c0dc0f78f38fa56ab65993c552683c", "size": 67661, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/eff3450b4333718b638a52f856795b9f7341ce34", "file_type": "modified_file", "id": "file_178", "md5_hash": "cb604971b422caf88e36a7b9df2f34f5", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "eff3450b4333718b638a52f856795b9f7341ce34", "sha256_hash": "333329b911c3bfb71cab7e282a5af8b98b5bf06094fceaf3333b5b382468de4f", "size": 67941, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a18863dba063432401ee1aabccb8e823bab8c760", "file_type": "modified_file", "id": "file_179", "md5_hash": "98f2a758cc7a4f91784500c4611aba65", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "a18863dba063432401ee1aabccb8e823bab8c760", "sha256_hash": "9dba5e3efea4789595a3377f7f05c6143f73a32b4d77a2f6eb6503798e92ee90", "size": 68208, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9a844e74f70fa704f220dc17d1cd106edd178af5", "file_type": "modified_file", "id": "file_180", "md5_hash": "74cfc4d8677f142d44a5bc2e62fbbb76", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "9a844e74f70fa704f220dc17d1cd106edd178af5", "sha256_hash": "6256c08a18c462914fdd78b08afc4507b6cb5317c2a9c309d332594bd28fb6c8", "size": 68433, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/dbd8ce6cedf20a300995e1a6202b7ac2527304e5", "file_type": "modified_file", "id": "file_183", "md5_hash": "64f1830c9286c825ddb25313c564dcce", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "dbd8ce6cedf20a300995e1a6202b7ac2527304e5", "sha256_hash": "d41480b84194701753760c6b52aa9bc577a96ae12d15e145f28bcfb883bf84b7", "size": 274, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f48aca2b4ab2252c676a22b2e172ef2b1df5c614", "file_type": "modified_file", "id": "file_184", "md5_hash": "5f8a25cc1f314787827999f4673b1f83", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "f48aca2b4ab2252c676a22b2e172ef2b1df5c614", "sha256_hash": "965259d90b623fc3e3c9c01acca7fed77aa84be1a7ef06a36a4e4877b26cd829", "size": 510, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ae747597a7d8b1e3773d6ede29b22e89adb4cd6c", "file_type": "modified_file", "id": "file_185", "md5_hash": "ad91b81d26949997ed07a5316154c8e2", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "ae747597a7d8b1e3773d6ede29b22e89adb4cd6c", "sha256_hash": "4e4886c649821454eb4003911915b81d398dc3af9b7dbef733a7b5c91040d253", "size": 782, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9cfd490da9ab6c96c3e2120a7fbc81cdd7017b0c", "file_type": "modified_file", "id": "file_186", "md5_hash": "f99423713a627a420a6cb5fbf51e955a", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "9cfd490da9ab6c96c3e2120a7fbc81cdd7017b0c", "sha256_hash": "58b2c86bede34764b794d5517e171c8e6547b0529db29c3c837b5f377f8e6214", "size": 1055, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/58e41afbadf13a58589d1559a9b831f12b111221", "file_type": "modified_file", "id": "file_187", "md5_hash": "69e2528c964f38a71bc8af808d3bcde0", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "58e41afbadf13a58589d1559a9b831f12b111221", "sha256_hash": "96e34349cbb6b18028231e3ecf762a1b9c7c44e43851762a51122ad32744056a", "size": 1336, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8ca8d273dcb495c8acac03c89e62bcaf9ca9266d", "file_type": "modified_file", "id": "file_188", "md5_hash": "c288f198ffffa440be84a8037277572b", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "8ca8d273dcb495c8acac03c89e62bcaf9ca9266d", "sha256_hash": "ca11067f5a63b9b7b7417b49586580125bf15eaa63ef19b01d0900cf7a593703", "size": 1599, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d8ef50a0cd4c3dbdbd786e76199257dd489b0a6e", "file_type": "modified_file", "id": "file_189", "md5_hash": "9f589c1eb5d7c684b28468cb8797fea7", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "d8ef50a0cd4c3dbdbd786e76199257dd489b0a6e", "sha256_hash": "f1b48fb832e3497a07985836c4dbf335168339574b844bf9e87234e117fd58ad", "size": 1880, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/efcba073526fafc162456ff153485274eb6b3625", "file_type": "modified_file", "id": "file_190", "md5_hash": "80f77b2c7ae13b70dc73079dd0f90458", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "efcba073526fafc162456ff153485274eb6b3625", "sha256_hash": "2095255108dbe238b465278bdce6105b35dd7ebaecfd17e2cfd3a6ff04fc5405", "size": 2143, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/59b095861e759288fdcdccd696e71df60255e083", "file_type": "modified_file", "id": "file_191", "md5_hash": "c668bca5b35c9d76fba586282b49534f", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "59b095861e759288fdcdccd696e71df60255e083", "sha256_hash": "a605ba00937e533eb3fac2fa4da6be900a86a80697f805a8aba896b6a2652f81", "size": 2422, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8bcbd9d2c82f2fad61fea4abcb5da1fa68ee02cd", "file_type": "modified_file", "id": "file_192", "md5_hash": "4beb05cf897cc4b3ca8204366a1c4db3", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "8bcbd9d2c82f2fad61fea4abcb5da1fa68ee02cd", "sha256_hash": "486035ae475be0e61fecdfea8daaa99f50d470060f74737a4acca78df6489657", "size": 2681, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3cde48237a7876e1c761c0fc3c09863f332282de", "file_type": "modified_file", "id": "file_193", "md5_hash": "7c3af3e6e4dae95a9e2f9e0000d8da9f", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "3cde48237a7876e1c761c0fc3c09863f332282de", "sha256_hash": "fd91cb3e5de4d8f8db8daa17a0d949e5199f42d885f6c48790527e8d2b6cf05c", "size": 2961, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fbbaf67886925695eae5f403ef5be956a8e6bbb5", "file_type": "modified_file", "id": "file_194", "md5_hash": "3b51544a4da8ec239a2d018439ca3678", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "fbbaf67886925695eae5f403ef5be956a8e6bbb5", "sha256_hash": "8d6b0c1c9e5fe6063d169f9dd41417976eac2ea4e2afbfba36decbde6ec7f32f", "size": 3218, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/192518e17d9ad1461bba00b7e207190c220a568f", "file_type": "modified_file", "id": "file_195", "md5_hash": "d7fb3e78190127430968c50d9461fd82", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcache\\ie\\gy9r3u9a\\w[1].htm", "sha1_hash": "192518e17d9ad1461bba00b7e207190c220a568f", "sha256_hash": "0510c0e116492d789f1cd43daf3eb5be7d50158f018ce3a3a48786f46dfd945f", "size": 172, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8e8c7afdfc7883ad6cd34618adbf56cd96f06cb8", "file_type": "modified_file", "id": "file_196", "md5_hash": "698254390007dd7faece68a269abd736", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "8e8c7afdfc7883ad6cd34618adbf56cd96f06cb8", "sha256_hash": "f1aac149e8b8597ebd9d20154451c9788c73fee8a3542769663ca4c519e58159", "size": 3498, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cdad4f8149b67943dcf1db300223794829908c82", "file_type": "modified_file", "id": "file_197", "md5_hash": "a37c2debc8f32c5e7255c0c158f0a941", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "cdad4f8149b67943dcf1db300223794829908c82", "sha256_hash": "4282dada6036552c9f7f23863ef69329d1dee1da7646358e79f12810b93ee79d", "size": 3755, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fcb69f4f889481691da2ab56771f4e744648d0a8", "file_type": "modified_file", "id": "file_198", "md5_hash": "dc0a9e47cf7dcccf687fdde2b3513185", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "fcb69f4f889481691da2ab56771f4e744648d0a8", "sha256_hash": "fad0a7fc37eb112ab190268b9a0fda2188b9ed62c20788036ecbdd1a3b727cb4", "size": 4035, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e76e2025503dda2fd621518ba90ae6104b7535f7", "file_type": "modified_file", "id": "file_199", "md5_hash": "f841972a36ea5b6654c8b0a32790b821", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "e76e2025503dda2fd621518ba90ae6104b7535f7", "sha256_hash": "1bc63479cec8c3780ef61bdf37ef4ab25e05469979dc1b7a170025c785a05ee3", "size": 4296, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/db5b49ca1a20e46d8b244547f98774ff69c38a64", "file_type": "modified_file", "id": "file_200", "md5_hash": "7480c8cdc7b9b961a4783326fb826aae", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "db5b49ca1a20e46d8b244547f98774ff69c38a64", "sha256_hash": "abc4087c1fa593f0d99eee65150e2dce17d2ba5d0b595d3a940c97ec35fc7b2f", "size": 4577, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/21569d3d1cc72323bc5ca8f6caaea917be8305eb", "file_type": "modified_file", "id": "file_201", "md5_hash": "a4e392de6f566e05819621bb73bcbdf6", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "21569d3d1cc72323bc5ca8f6caaea917be8305eb", "sha256_hash": "b673d26910bd425fea48eb4d5958c321158932a50acabcf5cfd4000490ac7a61", "size": 4838, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/61f759daebc70360f8171da11456d6404914d092", "file_type": "modified_file", "id": "file_202", "md5_hash": "621a855ede4bd70aef48943907b297f8", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "61f759daebc70360f8171da11456d6404914d092", "sha256_hash": "a2c088557b827c66bc9bd108ca33be06d8f15d6cc68491587a20b41dfc6ddd98", "size": 5074, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e25092f15bd872ad26fa53d0edea620c67e81a5f", "file_type": "modified_file", "id": "file_203", "md5_hash": "63fa073673f9ab09af518521cd1b00fa", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "e25092f15bd872ad26fa53d0edea620c67e81a5f", "sha256_hash": "a93198adebd0e49cddee3990139b7f01155c79d2251b0e5ba414535ae5b04328", "size": 5310, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/40eab30e8c6d95c336853123e1f1f70b737e4547", "file_type": "modified_file", "id": "file_204", "md5_hash": "067a9daf365c1efd630ac8a8af920a32", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "40eab30e8c6d95c336853123e1f1f70b737e4547", "sha256_hash": "17b5b2b78a2364f0af1099e7cf1c3ed04e50533fdf9fec0e0a84c72fdf84d4d9", "size": 5546, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/07147f70e260aa29a568104719fd22aa8e084686", "file_type": "modified_file", "id": "file_205", "md5_hash": "ad81fe88f09549cf2bcd0417668fe4da", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "07147f70e260aa29a568104719fd22aa8e084686", "sha256_hash": "a020b455290e9b2e31a59350304698c91b4fa7fe8846bb310e41e3d85f7f1b37", "size": 5782, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e1df465c975ff322e1d6165f1a8113df85a33553", "file_type": "modified_file", "id": "file_206", "md5_hash": "06dda7053cfd4165953f7a353b2134a6", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "e1df465c975ff322e1d6165f1a8113df85a33553", "sha256_hash": "c5fea23e6384bc807cedd16c27959a640971ad7b701bc306791d234bdd5d4eb4", "size": 6064, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/553e54cce0e59c8e974f58807dd143bc712f322c", "file_type": "modified_file", "id": "file_207", "md5_hash": "6bc3c3afda7ff5a7dc2b559f5c41f65c", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "553e54cce0e59c8e974f58807dd143bc712f322c", "sha256_hash": "c034b7a67650ce7b70cf533d069b0bf469e90805dbe107e7bcd59512e3ae5acd", "size": 6337, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/43b464483c9e17967668bc91409d376be4f6cf16", "file_type": "modified_file", "id": "file_208", "md5_hash": "27f3b86195fce58a40e9b32f14bff099", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "43b464483c9e17967668bc91409d376be4f6cf16", "sha256_hash": "2c069299e49aa2c287dbf32e8bf0c427215a3ddbfe63793c11f6f315299dd3c7", "size": 6551, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6667ced5877e6bf00907080a3cd1aa65257ae5ed", "file_type": "modified_file", "id": "file_209", "md5_hash": "45515a677d63c95eeedfaee2781dcb0f", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "6667ced5877e6bf00907080a3cd1aa65257ae5ed", "sha256_hash": "ccaeebc91710297bfbb6f5b25fa5bb84d899b398d81e25b9d57e2bc5aa7fb68c", "size": 6831, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a5a201ff6481f749ff7184629103426c86b6e12d", "file_type": "modified_file", "id": "file_210", "md5_hash": "94f6be19ff82523b8e30082a617dc324", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "a5a201ff6481f749ff7184629103426c86b6e12d", "sha256_hash": "71d40b8ac38a0b256115e8c1d656a4ea29387c28fde56634dcb8c09fb0994aac", "size": 7098, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/472724fd66d7a23bfdcba8dd651256da68dc042f", "file_type": "modified_file", "id": "file_211", "md5_hash": "29670c5d286f19a05daaa33a87b3d3df", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "472724fd66d7a23bfdcba8dd651256da68dc042f", "sha256_hash": "c4ea6c33939d89e1a00f96ba432c2c50822faa11d55ff19fb75d305aa1730d61", "size": 7323, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9813d1589720682ffae4cf8386d74a4c8fdde38f", "file_type": "modified_file", "id": "file_214", "md5_hash": "719e9318cdaae5ad210f110815179c49", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\pgyfoaei3.wix", "sha1_hash": "9813d1589720682ffae4cf8386d74a4c8fdde38f", "sha256_hash": "82756da1587b57c96bfb939814c52d621d92dd3a85517e7b17bac8d8fbc3c8a4", "size": 274, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/668b7f045d05589bab466d34bcb38ee4adc9b078", "file_type": "modified_file", "id": "file_215", "md5_hash": "d32d9269e9f78068b6c017d4f998d520", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat", "sha1_hash": "668b7f045d05589bab466d34bcb38ee4adc9b078", "sha256_hash": "db1e009e0ee178d96b318856cfcff37737e185bef0c7990a464ba0cd8df1a8b6", "size": 128, "type": "extracted_file", "version": 1 } ], "process_dumps": [ { "archive_path": "process_dumps/process_00000001-region_00000001-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000001-region_00000001-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_217", "md5_hash": "22984ff1cd04d2be53ef8f73cf5d1270", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6e028c6119158a01e7091db76a091e84c85b7e84", "sha256_hash": "73da2f44b4e9a42f92f47792d23f83b491bd7055e38f5faf19bb13959b7a5530", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000002-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000002-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_218", "md5_hash": "ba6906be1ca6b3d9be9ed9ae663bb397", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d389d59318d6556adb6beedce4513e9d23968a79", "sha256_hash": "917089f04d07a3478eb614f03e3937c0204e9b615ead17b0d47f89d308b268af", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000004-addr_0x0000000000060000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000004-addr_0x0000000000060000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_219", "md5_hash": "ce838fe3b0a5a54a824dcded6e2be3c0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "82bbfb6a80f3844cbec2c22f9db9e923e168e30c", "sha256_hash": "d72345f1a41aa39a2ffed0800ba98e2eaa50490622012a546deee78d3c0e3402", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000005-addr_0x00000000000a0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000005-addr_0x00000000000a0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_220", "md5_hash": "7c252405198be80a8b7eb3943067a772", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d116bc1ac03b64846d8bf0816e98775df2b91246", "sha256_hash": "d157b328693af6b67a80d63fe72c6aab9ea5af812d32fdf5eb019d725bf3ae41", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000008-addr_0x00000000001c0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000008-addr_0x00000000001c0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_221", "md5_hash": "30551c14ef817038fea41b881b9360e3", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0ac1d652112cd110da348d55147ea8619ac08318", "sha256_hash": "05f0f95cba8f642afc73002099f67d6b2a6d269f317ee516a0eef5294c7f7feb", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000009-addr_0x0000000020c80000-size_0x0000000000069000-perm_rwx.bin", "filename": "process_00000001-region_00000009-addr_0x0000000020c80000-size_0x0000000000069000-perm_rwx.bin", "id": "proc_dump_222", "md5_hash": "0e436748e24dcb2fb256ddc1ac18be11", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "032b288bd3052ce4085eeaf8d6603f35bfe2d429", "sha256_hash": "4d4ffdd2ca5503b9a55d0e7e004914b0dcbbc81a5d16dfe97b2cffaa77644dec", "size": 107520, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000012-addr_0x000000007ffdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000012-addr_0x000000007ffdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_223", "md5_hash": "43cf66321eca8bcf46c7b6207c91f97a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6ba8af8c25d0a89570a79006f1285dbc1136ca15", "sha256_hash": "ccf7b6fb20874c92635bedace13467b862ad679989f82cf08fcbfbaf8233ecde", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000013-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000013-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_224", "md5_hash": "0f59b353b01621f3a43475effc4b8e0d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "82894b0e7e998a32de03b8e49e9ee1c35dd18d49", "sha256_hash": "45ff3c5210da1192695f080620be6c0889122f560fe67b83eff0d9009d96a1b4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000014-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000014-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_225", "md5_hash": "26dab3951b0de4a4ace6022dca5729a1", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9052d0e8705305312bffbaf230da0176d1f0d6f2", "sha256_hash": "7540f2aeb104a152b4089bbdab918a0e2bb2aad69996dae6fdee657ecbebdb9d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000015-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000001-region_00000015-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_226", "md5_hash": "a89ea8d19cddcd7aad1cf40cb3fdabeb", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "82e3b64e4088aefef33b83946952955d0bfd0855", "sha256_hash": "103f80265361646e0b3451c63791a5c6a1ccbc4fdae761141227d96a2d735a13", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000158-addr_0x0000000000280000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000158-addr_0x0000000000280000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_227", "md5_hash": "7de616639f10594226da724b592402b2", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "715985d52c9663862eea2f0e51e7e52f28dec9cb", "sha256_hash": "8452e621ab7f422c49bf7c02c5f5d2d0096ebcb2c6f7c5ab7d5013534b671974", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000162-addr_0x00000000003f0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000162-addr_0x00000000003f0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_228", "md5_hash": "c20737e3977052397d6379566b41c568", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "31e488e08b7316baff0a8c37b076b028bf1420de", "sha256_hash": "b4241aa9c4fe33e8793877d7f1981b704790f802aaa8bff05071d4e02e833f8d", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000169-addr_0x0000000000020000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000001-region_00000169-addr_0x0000000000020000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_229", "md5_hash": "fa669383be1819b49b9a6d247b62c1e5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f0a0b76b9ca968ed298ccc1f7fea94e7d97abad8", "sha256_hash": "5a1c08cbe3fe0912312f2396658e36f92f4203512853eafcbe9d5bfd9beaa502", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000170-addr_0x00000000001d0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000170-addr_0x00000000001d0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_230", "md5_hash": "3076ae45481efc5906dfe9116fb3de72", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9a615b9e513e30975e7a625d6226ff82581d8f00", "sha256_hash": "6fac1e30ee242b2fb07eea8d8180e743c83ddc34e18f73d0e5e0828aab9fb545", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000171-addr_0x0000000000210000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000171-addr_0x0000000000210000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_231", "md5_hash": "c00e654e3352483385c0a5a24c8ff77b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e60976e5ed93ebdeacd88593740a4e87756d56da", "sha256_hash": "179822916cf7f7d814d94267b4a3ca41ab79e9d8a46df4ff24ed6c2ea2c394c1", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000172-addr_0x00000000004f0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000172-addr_0x00000000004f0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_232", "md5_hash": "3e5bfebe20daa09db5a46b805b48e1e8", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e12e9904f1f2cf988fb1625148ae25e63332fa52", "sha256_hash": "6fc3fd63b7623b4ce080654fbd5a70ee213dc0eb44cc21301422c75319a02b57", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000173-addr_0x00000000005f0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000173-addr_0x00000000005f0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_233", "md5_hash": "f200cbd2eb6ad405fc2eb50c5bf25c22", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "739c0ea9300c1f95639c8f560e597dbc4d78f081", "sha256_hash": "6d4ffc9b400d1dcbb4bdd400f223c4ed03c18445dcd01f850c980297deda0bba", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000205-addr_0x000000007ffd5000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000205-addr_0x000000007ffd5000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_234", "md5_hash": "2fad3f29fc0d526854cc7e67a6a14f66", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9be8db7b51aba4e2c778838efe04fc91195abd0b", "sha256_hash": "b47734bb86b019e7eb3bfabb0fe598acdcb182bbc4485962d6795e50b8f0cc03", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000206-addr_0x000000007ffd8000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000206-addr_0x000000007ffd8000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_235", "md5_hash": "8b771d7d699c585b0909a15139fff5d7", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9baa143859fd6824578edadd31bb6cd0558023c1", "sha256_hash": "05523a371a6efc7763ca741625080a4d8f41daa78e5eb462ab2f9376851811e8", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000208-addr_0x0000000000990000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000208-addr_0x0000000000990000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_236", "md5_hash": "f23664ee8233bfaaa49a8440ca7ba591", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6dbe89be8f51864f16a7611732c9ce365d81fdf2", "sha256_hash": "aadcde87bb08d3a03e23f4a9f29a4a3961dc97a32a2e64ac06a1d41757855f0d", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000211-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000211-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_237", "md5_hash": "63587753b0751e5ab01ecbea1c30d633", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b6f1f6a183bce05bc98eb8887c3f8a79564c4a63", "sha256_hash": "65ead89ee2c14ef68ef05ee9ea4315327a2dafa88d102bf6871a720873962202", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000212-addr_0x0000000000250000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000212-addr_0x0000000000250000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_238", "md5_hash": "fbff4f2d20fb78ea3d1262c92b65e556", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "50d06b637f5d3e004b14fc8c617b5c5720244723", "sha256_hash": "ecf358924d852e0d5ab0987bd7c55ad17a0eb06684c15e9aa9bc66c2c16b287e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000213-addr_0x0000000000920000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000213-addr_0x0000000000920000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_239", "md5_hash": "ba128bb1a755bc7536d45bcbb2dbe7bf", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0f8f9e560b7ad6204e9d5c79775b0b139742da52", "sha256_hash": "95caf83487a1269cbbdf5922a7da096017184577b674cd69d8285a442a1c1b10", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000216-addr_0x0000000002050000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000216-addr_0x0000000002050000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_240", "md5_hash": "579c32c603a889edee6700ac8e15c48f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a0cbab3d4c0e499dca89b76156bb14a5a317d13a", "sha256_hash": "ad9de2bd2a27f361f10dbb7a731d234b73f8b339d9e20ac608a3e48db05b7b8d", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000218-addr_0x0000000000350000-size_0x00000000000a0000-perm_rw.bin", "filename": "process_00000001-region_00000218-addr_0x0000000000350000-size_0x00000000000a0000-perm_rw.bin", "id": "proc_dump_241", "md5_hash": "5559d68d9b357e407ebd7619aceb6126", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "120a1c025ba50be2ef3ae857133ce41ac66400e7", "sha256_hash": "9e98638dcbf5b635133495338d646fdfe441c5d27b3f6d4c9bf723e7e4ed7cc3", "size": 655360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000223-addr_0x0000000001f30000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000223-addr_0x0000000001f30000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_242", "md5_hash": "3cfd58a4acb99d8b39311b499faadf4a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "212e77c68ef714343012585064c528894a821f62", "sha256_hash": "c265fcc5cfd0d30fa558eab31680986aabb1821af8534057353aa56c6b4b0217", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000224-addr_0x00000000028a0000-size_0x0000000000200000-perm_rw.bin", "filename": "process_00000001-region_00000224-addr_0x00000000028a0000-size_0x0000000000200000-perm_rw.bin", "id": "proc_dump_243", "md5_hash": "9b4999c005edee1f151db21a9d3d83e0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "15f53a5b0556e0ad2b212183bcaa77aa64beb399", "sha256_hash": "4457130e439036540ce952454c8cd72591d8540057a58af61527ecbc71935965", "size": 2097152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000225-addr_0x0000000000270000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000001-region_00000225-addr_0x0000000000270000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_244", "md5_hash": "ea98199c6360a9e33f1bbba3b70f44ef", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e0e61b80cc213b4f9cd53e6f760e4faad65dc3a5", "sha256_hash": "1de025beae6ed19a48d14459a89c168982fb3c0a7413cee55fb2ad0436e6f1ab", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000226-addr_0x0000000000350000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000226-addr_0x0000000000350000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_245", "md5_hash": "c1c6a5a399afbef180253f1cecea6876", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "24b367fd880aeccea7e8414a2cf2f1c6bfe32901", "sha256_hash": "ac5fefd9b5e0631856ac2127acc42e484afb5814f0993dc29d8126b93c6b02ad", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000227-addr_0x00000000003e0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000227-addr_0x00000000003e0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_246", "md5_hash": "1d56bc5d9df8da8f5220453097e9ec33", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "971d23375741f699c80b9a153cb62766a0baca06", "sha256_hash": "3c3a2003e7e85531e30bad6ba2df60a0e962aaa2e4ebea1f9ebdcc26ff272866", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000228-addr_0x0000000002aa0000-size_0x0000000000400000-perm_rw.bin", "filename": "process_00000001-region_00000228-addr_0x0000000002aa0000-size_0x0000000000400000-perm_rw.bin", "id": "proc_dump_247", "md5_hash": "c5737ba177b024dbe92564e645255525", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "98f48b2832e04023d7b0aff0816b00c8b87870b6", "sha256_hash": "612fa82347b42c8338310988c2adafdee2182e959fa9103495e952701314e9e1", "size": 4194304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000229-addr_0x0000000002ea0000-size_0x0000000000800000-perm_rw.bin", "filename": "process_00000001-region_00000229-addr_0x0000000002ea0000-size_0x0000000000800000-perm_rw.bin", "id": "proc_dump_248", "md5_hash": "3c12eb00a8cfe8cae9f7f7e772f5c8dc", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0e3dc950c6de57160645dc4c37c46fb36ee056d3", "sha256_hash": "e6ceb3ffcaaf830f0d826ac57d7988142b00293f8eb126c780b49f431614fa3f", "size": 8388608, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000230-addr_0x00000000036a0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000230-addr_0x00000000036a0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_249", "md5_hash": "f99960c11b18e9eeb9c07fb7eb801d72", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "60b84c464610d439299dcb6b6d2e06f3b74072d2", "sha256_hash": "d2287630028e5146325b57c4d5bbfded34bea67b7e614c6172a17041548a0b4a", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000232-addr_0x0000000004800000-size_0x0000000000088000-perm_rwx.bin", "filename": "process_00000001-region_00000232-addr_0x0000000004800000-size_0x0000000000088000-perm_rwx.bin", "id": "proc_dump_250", "md5_hash": "abbe0e0a8dcb46b03333cf1bb31b8d84", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9e290d7cea2aab2b685efacc4f699cb8f0dac698", "sha256_hash": "8cfeeffc2776cb1b78335b14c692e8fb437b41c57f17c044a8327bef24e2c564", "size": 557056, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000233-addr_0x0000000004890000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000233-addr_0x0000000004890000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_251", "md5_hash": "c2a96ceeb2206632d5f9464fe22ac43a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "246b4a6e9323b8130494f38dda307b2f22abea67", "sha256_hash": "81f51efae9ca93e3e7fbbad9351a9ee16c278b646eaf78636d3463e5ecc5aa02", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000234-addr_0x000000007fead000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000234-addr_0x000000007fead000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_252", "md5_hash": "2f65c4676324ded3127c1953544d5038", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "42f95ab3dfc469a30145c51dd7f37edaf2fc25af", "sha256_hash": "ab6d0d90b017cd6d6b584b026a37a63cc6a1a00a7b37adbc4bf1d2f70e120476", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000251-addr_0x00000000003d0000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000001-region_00000251-addr_0x00000000003d0000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_253", "md5_hash": "d7923f085819154e30a958b03e8141e1", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4cb6948390cb1c401b13197d0953f522f2c8554e", "sha256_hash": "3c216ea12d383b04b6324870e6b52936aa7b0deac00e534a198b75f3e9f108c7", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000253-addr_0x0000000000910000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000253-addr_0x0000000000910000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_254", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000254-addr_0x0000000004890000-size_0x0000000000016000-perm_rw.bin", "filename": "process_00000001-region_00000254-addr_0x0000000004890000-size_0x0000000000016000-perm_rw.bin", "id": "proc_dump_255", "md5_hash": "704df7854e457bcda792d8aaa03a76f0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "126ae8d370c16caee346a07d43d970f2ab713f5c", "sha256_hash": "076a648dcca1569c2f0617cf0b1afd15c50812d0fa4a06b09fd85452b149de53", "size": 90112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000315-addr_0x0000000004890000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000001-region_00000315-addr_0x0000000004890000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_256", "md5_hash": "61e376937155a6ac421bf98c16a6a61d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "18bf4c9821770c282adf3c6100d64b2cd37c177a", "sha256_hash": "d8a585d96e7c2cf46a3122ad79b08cbdf23385d031dab293cdc06756f74f5343", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000319-addr_0x0000000004910000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000319-addr_0x0000000004910000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_257", "md5_hash": "607466faeb5cd6daffa821d13525638b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c24c72e6ebb1cbafa88093c18c9f2179051dcad8", "sha256_hash": "0e2aa213e1bbff3242ab4e6a47a26b118fa9189e32c178c2a4332c5b051afc25", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000377-addr_0x0000000004c10000-size_0x0000000000090000-perm_rw.bin", "filename": "process_00000001-region_00000377-addr_0x0000000004c10000-size_0x0000000000090000-perm_rw.bin", "id": "proc_dump_315", "md5_hash": "f7e62045b001ed7b6eae311f23884410", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a2316c1451586b29730977e64a1048c0cb4a66a5", "sha256_hash": "c3e838d548ba4dd95509baff597d90fb276f8b787b22c23c8e83ae0d422f357f", "size": 589824, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000381-addr_0x0000000004910000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000381-addr_0x0000000004910000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_316", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000382-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "filename": "process_00000001-region_00000382-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "id": "proc_dump_317", "md5_hash": "bacdf934a15c1e4a2495e5f5ea9d7c25", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "98b56684bf00eb25b672defee68da9bf74a6182f", "sha256_hash": "a53de204498a8dd17b8aad5cddd1135834c2494397bc9bbc38cf2d9622ad98a8", "size": 90112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000444-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "filename": "process_00000001-region_00000444-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "id": "proc_dump_319", "md5_hash": "1b892808d71e961dfa96d2f390014f77", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8eafd96f2b750973d0912e03b90399b9b7195c26", "sha256_hash": "4499b0a2961deb38a4f59fd802b892e127be7aa9abe53879c2f4bf2a23f5e314", "size": 90112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000506-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "filename": "process_00000001-region_00000506-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "id": "proc_dump_321", "md5_hash": "e76ea3ba1922ab68b9979e56308b1a5f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3ff7b0ad63b6efdf85256334b668f439c5e19a49", "sha256_hash": "386efdf0a94fd44e053fbe4eb5049f83abd4924ee5a75a99180e2c79033b5f7c", "size": 90112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000568-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "filename": "process_00000001-region_00000568-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "id": "proc_dump_323", "md5_hash": "911b4a874fb17bbefe629dd120c773cd", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d12620702c9b028803ee379ac649a3d050852274", "sha256_hash": "740fa761a52e895c22a62ebb7379ac67551176adb4ed2ec2d32bff2cbd3e06bc", "size": 90112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000630-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "filename": "process_00000001-region_00000630-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "id": "proc_dump_325", "md5_hash": "6c6b28b2ab20af3e57de61162ba5652a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "75ddb8dc07471d796b432b3793d88210e1ac86dc", "sha256_hash": "ce668f26d8b3866cca8fe908ed8922a5e390a9fdfcd51b4037ae2c181c9ac5ce", "size": 90112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000651-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "filename": "process_00000001-region_00000651-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "id": "proc_dump_327", "md5_hash": "9a5019a2211f016c967fc5e04f9c44eb", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5cc5b68f4aa0b49c819c2ff9ac4f1c4e78f061a9", "sha256_hash": "c65fe180887f36492c090e6c0cb4aff43934c18a77a346b98ee48bd71773ccd2", "size": 90112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000655-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "filename": "process_00000001-region_00000655-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "id": "proc_dump_329", "md5_hash": "cdb825400059693fdf3d6cd678f4d657", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0e50ad45820d4a088bbf5cf6b685f1a08876acfc", "sha256_hash": "23aba047c2b0db4c7662df0303788715431d6ab9881218b28df9db77283e6bf9", "size": 90112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000659-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "filename": "process_00000001-region_00000659-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "id": "proc_dump_331", "md5_hash": "09358a4feac11b30e3a2c9fa3f7d268f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0e3f893682f9891d82e0af605d9003dc92196f68", "sha256_hash": "8d4dcab025ebc9d5af0a6919878179ed6d64ab537b881b0e95dec04bdd7ef1bf", "size": 90112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000663-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "filename": "process_00000001-region_00000663-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "id": "proc_dump_333", "md5_hash": "1f3f8e670f8f2becf02a0b13e9f86e1d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4773f1cc5876838e34fd84faf6fe0858b9821783", "sha256_hash": "8002cb93db7d393c4756c9c08749f17100c7464384719b90c009b68069e1e81d", "size": 90112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000667-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "filename": "process_00000001-region_00000667-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "id": "proc_dump_335", "md5_hash": "db13b391810f20054b96f512d5562927", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "63f4307e608e134eeb9bb50973a17bc07386bba2", "sha256_hash": "c683c8e0fee259e997124b6d315e15a83a0d5781d86eb3e5bb53a919486b3f49", "size": 90112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000671-addr_0x0000000004910000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000001-region_00000671-addr_0x0000000004910000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_336", "md5_hash": "3575d1cbed2a746ae7baea402808ddeb", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "01dd43f9bd8ab867555297e97d3c090653791582", "sha256_hash": "f9af7107bdececa5728ab727f6b9425049ff8910e77b8ae02119d26764d10fce", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000672-addr_0x0000000004920000-size_0x0000000000063000-perm_rw.bin", "filename": "process_00000001-region_00000672-addr_0x0000000004920000-size_0x0000000000063000-perm_rw.bin", "id": "proc_dump_337", "md5_hash": "c455a492ca73ec4dd76f89fc36278c73", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "48c6d0d14dcf78c9a155cbb46c02ab1431b5b1a7", "sha256_hash": "b726ed811ef1e25132fac80af807b3baabbad6204f0d12cab3d3852a1cb2599c", "size": 405504, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000674-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000002-region_00000674-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_338", "md5_hash": "e626759ad7760b5bd6d1fa3b836e64c1", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4922e3cba3e199c1a4a78c2111ba4478b16891ea", "sha256_hash": "6f2a0d0d52258b2b9fb10b83148e4aa5efa689cab5cdef3464112c8e1b8c925b", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000675-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000675-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_339", "md5_hash": "dd6191d9b5b80660f8ccb404fc5e03ca", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f40fdd096eac83784bea1487ce018b7bc12e786a", "sha256_hash": "0653750af34af17b454fb9c42862ba0bfbdf532b5d63b52cf3f339db1354ce96", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000677-addr_0x0000000000060000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000677-addr_0x0000000000060000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_340", "md5_hash": "147f2e000488518c45173a36e28e79e7", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f1811e9a3c67bdb0d41c8c081c20080aad3ba13c", "sha256_hash": "f12765e08e7bd766ace74afef2b33baa5d95bbfbd4a40e64508a71b87a7f009a", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000678-addr_0x00000000000a0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000678-addr_0x00000000000a0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_341", "md5_hash": "429c16d1b2eb655973efc41e8882f36f", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "04f6048a7880f332ca65dcea0e82bfcf73b34fa5", "sha256_hash": "e82870daa64944b457f2d6ecdab30d840789b06a4e58443596da53a4d74bd5be", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000681-addr_0x00000000001c0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000681-addr_0x00000000001c0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_342", "md5_hash": "0c26602c5113588a854add627fae638d", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6083eda0e51c34e417e700c07debb1fe102e8460", "sha256_hash": "f560689b6095cf9600d19bffb9e76200c1120059abd2e7eaee290a407a39f17f", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000682-addr_0x0000000020c80000-size_0x0000000000069000-perm_rwx.bin", "filename": "process_00000002-region_00000682-addr_0x0000000020c80000-size_0x0000000000069000-perm_rwx.bin", "id": "proc_dump_343", "md5_hash": "b8d739413b0a2b9163cb24452d3ad314", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "be35d3d873bc66dfc2738628cbeb8a857bef6980", "sha256_hash": "1704c06012159e9f1190e2675d040ae3bb71b56c6082d640fd13c7049a95ab70", "size": 107520, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000685-addr_0x000000007ffdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000002-region_00000685-addr_0x000000007ffdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_344", "md5_hash": "ff7ca220f80d3bd5762ba136c6fa0cfb", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "00bae8c118cb0cc90a3169a61dd1f664c029a38f", "sha256_hash": "86eae33f6a03fd9fc05a624d448cb0f34159bedef76f5fdd69bcf24ddb5457df", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000686-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000686-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_345", "md5_hash": "e82da82be7d5c121ceb922631da691a6", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a96e14647690eb3dc18b2fc10aadafbccabc7cbb", "sha256_hash": "4f789dcedf52df03e7550192d8b78fcc4d83ed8816c74da623a7cb7345184e55", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000687-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000687-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_346", "md5_hash": "d9a699908e6414430b5a884395435843", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d8f9f372b9e21c87b9540f64f96a88501303f4bd", "sha256_hash": "b979bc0d7788205e6e1cbea587b4f70c7810fd1c6bb2d60c662541711fd8cee3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000688-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000002-region_00000688-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_347", "md5_hash": "e411a2926762b4586b3959fdc2a55518", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1c6602337978451e9766fab5eb4bad33275fd05b", "sha256_hash": "2c332f1ac94db4c9b9e029b2b1f3d33c805121b683290450c186dbf259f05080", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000692-addr_0x0000000000250000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000692-addr_0x0000000000250000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_348", "md5_hash": "0fae0f8113b47ee3594b12ab56fff314", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0635fc9611fbf8b63c1bdc62a2fffd0c1e328ae0", "sha256_hash": "bba7ac2561bc0c4f0f9a3e1f58dbde053ec74e384a2cb23df29620b38318fc18", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000695-addr_0x0000000000260000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000695-addr_0x0000000000260000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_349", "md5_hash": "a2b499763c2d586a241196b5cf4b835c", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "446fa74cd47c1d976430924be2685ccfefc3b1fa", "sha256_hash": "b1376cac68ff971c13212613e622ee99d7e53260bf089dd68a2ff5ed2e8a457f", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000698-addr_0x0000000000020000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000002-region_00000698-addr_0x0000000000020000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_350", "md5_hash": "4a704287ad071df1847e21cc47f9acf9", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "00fa49f77c51208f2d2f7fc71dd775f07dc0ab3a", "sha256_hash": "c2450f8fac19229709d1caffc53b0cfe832c0b77eec98049245b4ed287ee405c", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000699-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000699-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_351", "md5_hash": "63587753b0751e5ab01ecbea1c30d633", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b6f1f6a183bce05bc98eb8887c3f8a79564c4a63", "sha256_hash": "65ead89ee2c14ef68ef05ee9ea4315327a2dafa88d102bf6871a720873962202", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000700-addr_0x00000000001d0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000700-addr_0x00000000001d0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_352", "md5_hash": "37623f9811e8f9b84547c8b69cfc7f07", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0516c6869bcc840c5010200cfcde273211355ac6", "sha256_hash": "580fffcc17403fc1b19f43cc39371615a8136ddf3ec577a4a592dd63aa1608ac", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000701-addr_0x0000000000210000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000701-addr_0x0000000000210000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_353", "md5_hash": "fbff4f2d20fb78ea3d1262c92b65e556", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "50d06b637f5d3e004b14fc8c617b5c5720244723", "sha256_hash": "ecf358924d852e0d5ab0987bd7c55ad17a0eb06684c15e9aa9bc66c2c16b287e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000703-addr_0x0000000000420000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000703-addr_0x0000000000420000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_354", "md5_hash": "7b9345cc769a701c861f134d456a2639", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7ecc9e2259a6fe4c2cc6078006b695bb61d9f170", "sha256_hash": "ffeaf6270cd5575adb953c282dad1f7bb2b05ba50997eb77b5de3773be694d8e", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000706-addr_0x0000000000880000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000706-addr_0x0000000000880000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_355", "md5_hash": "bed29fe423c3748b908e2c6d97c091e4", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "591ee5252d243ac472148e8375c21e8027ab3c30", "sha256_hash": "bf99964fcc63260b9cdf84bc5a10fbcf2170acc86992aa9fe3dfd3187cd4816a", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000708-addr_0x0000000001de0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000708-addr_0x0000000001de0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_356", "md5_hash": "2c92c3fe76e9e34102f038a448488231", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f81cf0f998be466a2ab0e3bd2bee25ef588284b5", "sha256_hash": "4be93624ccc88e1c878137a4bd8bff8501e2794dfbba28849829e6be5ffbcb6e", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000746-addr_0x000000007ffd8000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000002-region_00000746-addr_0x000000007ffd8000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_357", "md5_hash": "1d82634e0c81de817ec8d6a71b3f655a", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "21f82b5905949c1d77b45db32149847814cbaaf5", "sha256_hash": "fedbadd29ec58d70514641d30cfab42ab10f0852856e9cd8361a26cb9defa6e7", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000747-addr_0x0000000001d40000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000747-addr_0x0000000001d40000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_358", "md5_hash": "dcf8f985e7ae1a410d80f9c4dbe1f715", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "40205305279e8d390365fa1894c64a4c5ed080d4", "sha256_hash": "6d696f68322cfd0705c790b7b478be6292c369e57ef6bf7476e1603057585971", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000749-addr_0x0000000000220000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000749-addr_0x0000000000220000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_359", "md5_hash": "2127a6f60728baa68a6165ff3b7063a8", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a29bfc266b7ee4c4edb30a238e7065b842c25288", "sha256_hash": "f4bb79ae98613d01008d247d653ed66e1a5530c58ec534c7f0fa5c474e9144dc", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000754-addr_0x0000000002630000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000754-addr_0x0000000002630000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_360", "md5_hash": "fb8f2a53807910da2323d2fd5ed84d8f", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "30320c6fbe41679c33676c8617fa233fed52b88e", "sha256_hash": "9220216c8fbac5523030f541a2f5eca35b1b4c88fa93ae0d13c5ffecce6c3f9a", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000755-addr_0x0000000002730000-size_0x0000000000200000-perm_rw.bin", "filename": "process_00000002-region_00000755-addr_0x0000000002730000-size_0x0000000000200000-perm_rw.bin", "id": "proc_dump_361", "md5_hash": "2b358402f7d474095ecf26d2d989c6b2", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "552d0c14607c63af81878620497ec4fbd6dd011e", "sha256_hash": "0c1359a77999090a2a5d7311a89c0208253ef2706f5ad591f37bb0bab1592f46", "size": 2097152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000756-addr_0x0000000000240000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000002-region_00000756-addr_0x0000000000240000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_362", "md5_hash": "32a7d8a8ba4168d2fdf55a7c5930a645", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9e9bdf73fa13a3dac25e14e26f66fb1753d0ce9a", "sha256_hash": "e0d54f97b54af79be204f776d6d1f300d951d4588e16dede88660b8582929f38", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000757-addr_0x0000000001c90000-size_0x0000000000088000-perm_rwx.bin", "filename": "process_00000002-region_00000757-addr_0x0000000001c90000-size_0x0000000000088000-perm_rwx.bin", "id": "proc_dump_363", "md5_hash": "27d7448cf5ac1531cccafce46cdc35be", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a0fd6fd5438fa8d316bac1ed99ad93132c86b6e4", "sha256_hash": "ef6c1c4690bbe84fa1b1b359d3280b9c6eb9a2d8d9c21bd14a47ab8554fba0fa", "size": 557056, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000758-addr_0x0000000002930000-size_0x0000000000400000-perm_rw.bin", "filename": "process_00000002-region_00000758-addr_0x0000000002930000-size_0x0000000000400000-perm_rw.bin", "id": "proc_dump_364", "md5_hash": "c8c4906f5fdc364ca8d1360e9cb7e5c1", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b4e1bb0219e09fc8cd0c1376c3e54725c8574b39", "sha256_hash": "71514352f87a3a315018f5359dcebca76136a9f86b5d8b43498c817fe332d81f", "size": 4194304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000759-addr_0x0000000002d30000-size_0x0000000000800000-perm_rw.bin", "filename": "process_00000002-region_00000759-addr_0x0000000002d30000-size_0x0000000000800000-perm_rw.bin", "id": "proc_dump_365", "md5_hash": "b98ecf4a9d22af8c11dacd4400dad3e4", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cbeae9d0aa35679c3c067675e5d48ddaa3dfe102", "sha256_hash": "67d630a90c8da4f212bbe2bcc570b4b1c32fd0ec2fc4caf353ec44ae100e4c75", "size": 8388608, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000760-addr_0x0000000003530000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000760-addr_0x0000000003530000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_366", "md5_hash": "9d7384518e250e5132689774bf954126", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4c7607fb4c77718bc9307c5c131ec6b1caf6821c", "sha256_hash": "9e40da12cb2427ccfda896be2576928bf82418d660a4e37bad52eff4b412d53a", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000778-addr_0x0000000001dd0000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000002-region_00000778-addr_0x0000000001dd0000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_367", "md5_hash": "cdd741d49304cbf6453455594f33612f", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a624583a029aa5790abc140c5b5085e808203f27", "sha256_hash": "f390ebb43798f5d482d8e38a1969b3498500f223999e756c87e393eb84a889a1", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000780-addr_0x0000000004810000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000780-addr_0x0000000004810000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_368", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000781-addr_0x0000000004810000-size_0x0000000000016000-perm_rw.bin", "filename": "process_00000002-region_00000781-addr_0x0000000004810000-size_0x0000000000016000-perm_rw.bin", "id": "proc_dump_369", "md5_hash": "92a2e53b0f029b22db77ef3989b5cbee", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ac2a859afd69efe14966af4e12e1bbdb73fed2c5", "sha256_hash": "d3aec5abea3bd6517af64936d1fd5f9c04c07d388d7777b314f971e3d344ad96", "size": 90112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000843-addr_0x0000000004810000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000843-addr_0x0000000004810000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_370", "md5_hash": "f1c087ee0b9278db0f122be88c21bce7", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5c1b0283775f325155fef547cc2a78cdab52c917", "sha256_hash": "b5fd9d196e5a373445524ff4dda46d5f3c2435bb64a76d7a9909b21973f923ec", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000847-addr_0x00000000048b0000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000002-region_00000847-addr_0x00000000048b0000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_371", "md5_hash": "607466faeb5cd6daffa821d13525638b", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c24c72e6ebb1cbafa88093c18c9f2179051dcad8", "sha256_hash": "0e2aa213e1bbff3242ab4e6a47a26b118fa9189e32c178c2a4332c5b051afc25", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000905-addr_0x0000000004a60000-size_0x0000000000090000-perm_rw.bin", "filename": "process_00000002-region_00000905-addr_0x0000000004a60000-size_0x0000000000090000-perm_rw.bin", "id": "proc_dump_429", "md5_hash": "2649d295d7755c1c2a5e97f844e158da", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b06573c73545663a05d3fb46e8d2f10916c112e3", "sha256_hash": "8ece3d8d173914ade512c000a97495b9c76d0cf13b15140e0ad4291068984775", "size": 589824, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000909-addr_0x00000000048b0000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000002-region_00000909-addr_0x00000000048b0000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_430", "md5_hash": "332f7a1e1299dc1641d4c7e19fdd286c", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "60c1bf0fdfa22931f8006c0144c4eabd72518ab9", "sha256_hash": "08123dfe318f9555b96413b14049f9fa77f0e5df6df436fc68ba0f2fc3f4dc73", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000911-addr_0x00000000048c0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000911-addr_0x00000000048c0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_431", "md5_hash": "da9ab190a84dd98e8bcb5e710de0ff01", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5baaf3fb87c2b225ead5808df91d61d413040ee0", "sha256_hash": "778c30f354b42e4c00920a54a9a30a7ecd33a748a157935c0c63f2f908ccb8ff", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000912-addr_0x0000000000470000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000003-region_00000912-addr_0x0000000000470000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_432", "md5_hash": "46a9d58c2342ca72100fe543a4e5a504", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2abf192da26eb4ede1cafa92c1202ddfe01b16f9", "sha256_hash": "75f39a887cf9fed4aaff369097390ca8a247d252a03578512d9dc031be9fc87c", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000913-addr_0x0000000000490000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00000913-addr_0x0000000000490000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_433", "md5_hash": "22007505260ea63481b41976a26800c0", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8ed26b497eb80ed364546dc73e72a4c0ae7d8966", "sha256_hash": "f31db8b6ac4edf729eca3afd3a9f99f546d003187138f2ff68324d24f077ac34", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000915-addr_0x00000000004c0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000915-addr_0x00000000004c0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_434", "md5_hash": "72a18d662382dcc4b427e524a6370511", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "403c8ae6fc95d9df3a062b9cc167b64c3b089dac", "sha256_hash": "44408f4c0647a26024692a035e058b2aadb7dcd3160291743bab543c68ad6b01", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000916-addr_0x0000000000500000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000916-addr_0x0000000000500000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_435", "md5_hash": "2f76abd746d3105655db68bc4f648564", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8e46188169527b3f764af3ff71ea8ca135129b06", "sha256_hash": "3ba352e503d89c1bf83d065be744948a96a9882012e8b3afcfc04b1951a20cdc", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000923-addr_0x000000007e696000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000923-addr_0x000000007e696000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_436", "md5_hash": "1539ded29d20f0ba9e516b8d20ee3669", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f870fffdb85624671b9f46baf77c595323f84b16", "sha256_hash": "220c00181f7af75da7050a210de2e5625de7e98371efd56b9399c2e2149f4f11", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000924-addr_0x000000007e69c000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000924-addr_0x000000007e69c000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_437", "md5_hash": "b69b51e6b5d8395a66374133202c8880", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5cbdf51937a4e2f936570e697ef01b914a003aaf", "sha256_hash": "6619a4252ef220e93b1bea410569eb8fbee2b0ffb78326761977684b8c89b28a", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000925-addr_0x000000007e69f000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000925-addr_0x000000007e69f000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_438", "md5_hash": "0b057c13353d016ac71d5e9f219cde5d", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b9197cab573e2a969c5371d6b8b7dea77c920c73", "sha256_hash": "f4b9bd84497efc89e1a97529cc9bd5ced2d153965f9758d3a2d9ace54b5ed903", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000926-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000003-region_00000926-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_439", "md5_hash": "4636d4fa764d30e2bc1cb8195f729e42", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c4e4eddfeb0f5befc8e7685e6036deda03cd8b9f", "sha256_hash": "80eda485ff8d7fceb81beec30082ac5be1c3aeb8783d6e6e0f6afbef04114660", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000931-addr_0x0000000000620000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00000931-addr_0x0000000000620000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_440", "md5_hash": "109ec9c81fba59da42b4d039e4c79261", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b925eb1db31cf5dbaf929cbd059618752eb1b87c", "sha256_hash": "c7851a0de5b75efc2f48c9e374c364cce2cadd80fd991d72c560e326b294733e", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000932-addr_0x00000000006c0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000932-addr_0x00000000006c0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_441", "md5_hash": "7257804cdbd0e929ef3ae4b7b8f2ffa2", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b383e0df528a0bef0ef03ce429cf9b86efcc373c", "sha256_hash": "12548cc451e22affb23ed747516a7de146ce8e032fcdb6c9da31d71d09201678", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000935-addr_0x0000000000870000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000935-addr_0x0000000000870000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_442", "md5_hash": "e3c849c68ce8ed9c1df26f3985b51291", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d3f53200eed9a471ff58552ba7af1de8625d289b", "sha256_hash": "9a8aadb3bec4326f092cb264ef3ca18638fe86896c16474fc82d27d8ebc0e87e", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001009-addr_0x0000000000630000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00001009-addr_0x0000000000630000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_469", "md5_hash": "0dbb177d43434adf622875805fa03729", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "34c44192a27c7e427bd4df41ef777720bd836327", "sha256_hash": "eecd9d3a0c0cdac3a6d4c3e54e133f24777ebbe69117724f52c23843ac5559ea", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001011-addr_0x0000000000970000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00001011-addr_0x0000000000970000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_470", "md5_hash": "4c95d3eb150ffdf0f4f4cc1f69d49f73", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "77a6e2b1dd8745a380dc3e46bcdb7bf4c9593cff", "sha256_hash": "b4cf2e949eca5e909ad6f22207f4f66a20815e536822f091dce36a048d215b6d", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001012-addr_0x0000000000bc0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00001012-addr_0x0000000000bc0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_471", "md5_hash": "a36ad987c96b94cd849e207175e18fa6", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7c851e6ce2e19ebca2816abb67cf1a1481f002b8", "sha256_hash": "02a197199bcf15b8f5f4a83ee7fe7adcd8e6fdf5fd686b17d8b9711499235f49", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001017-addr_0x000000007e699000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00001017-addr_0x000000007e699000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_472", "md5_hash": "b784911a09915ebf3fc7bcb59931aa1d", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b319fe9f9a61c7f067f1e9914f124a51e3809ca8", "sha256_hash": "d2e73fc7bb40c76547d2e4769664d63506186448b15e7758112263bdf9243238", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001018-addr_0x0000000000480000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000003-region_00001018-addr_0x0000000000480000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_473", "md5_hash": "82d5c2aab790797c28c08bfbeb3f8116", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3e666fc5efbe08b0ecf58d3a99a0531e2d9aa6b6", "sha256_hash": "ea004d2e08ea370369c6169271ff6f6a7e3f2f15b82c538ced750987a7282e2d", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001019-addr_0x0000000000490000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000003-region_00001019-addr_0x0000000000490000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_474", "md5_hash": "c49229339de4e50c637266f0155600ce", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "10f95e2c654abf8c24dfba933cf3509af93441fd", "sha256_hash": "8234f0a20a09a371904b3ee90eb95c88a4583e36b0574e27333d3130e122b3cf", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00001027-addr_0x0000000000670000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00001027-addr_0x0000000000670000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_475", "md5_hash": "adec8948e0c796ca12aa817e8f4f17af", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0f314d599d387e826d358a5d9ed5a00e1451ddc4", "sha256_hash": "d5e07ac10e6286135e3faf73b316dbad80f721cb1347e6eb99d3d8174ff01c30", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001031-addr_0x0000000004e00000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000005-region_00001031-addr_0x0000000004e00000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_476", "md5_hash": "390821099a421acc690ccae7051e43f6", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "24db0db8893687765366b771abafd848bdb0c608", "sha256_hash": "5f60d6b7871a66b67b63b7b681ec62e6331f098db9cb95c0aecb2bb5bdf94cab", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001032-addr_0x0000000004e20000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00001032-addr_0x0000000004e20000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_477", "md5_hash": "d441f7a0f6003d94f8b7c93aae6075a0", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "be8c98bb8c0969f5be2c3271b660b69255f48a0c", "sha256_hash": "fd1ace11d5797e138684030b2cd9614dc2d0f2183d54731ad3c5ec2f9a6854b5", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001034-addr_0x0000000004e50000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001034-addr_0x0000000004e50000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_478", "md5_hash": "85252dd8fb69d767d6ccad5c66d44c5f", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eb8d69dcaeef279bd09c3827ca14e7b562b98066", "sha256_hash": "5956b5b6b2c3991300821d74da96548270127fde285a166e8610c32a81ee7962", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001035-addr_0x0000000004e90000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001035-addr_0x0000000004e90000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_479", "md5_hash": "3896491bfca9d460aeede1bf38a51b18", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "515b6089703a3d3e9210ef0054bd28b96ba6aeb1", "sha256_hash": "d5d5672ce2d1321ff0ba8c083300dbe8bd98e3bf042aa6d659423b8625aa8194", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001038-addr_0x0000000004ef0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00001038-addr_0x0000000004ef0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_480", "md5_hash": "63c1ba7e4d97c1a77730c668bf978ecf", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e2a5028be72a1a82da0d866d9d57ba5dbbf6caa7", "sha256_hash": "2a2e0daea53f3afffaeebd850a40b27fd55f406a041965644ff366f1b5732979", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001041-addr_0x000000007ea77000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001041-addr_0x000000007ea77000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_481", "md5_hash": "08a3ea0dd398a5c3c06f4ac6397e3b2e", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fb8c100fe9ae90abeff4a314eb665fe1b2eda836", "sha256_hash": "c35830067730ec6b84a5e9786bd96c5af100456b3edb5af0891fc155fd1cc812", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001042-addr_0x000000007ea79000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001042-addr_0x000000007ea79000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_482", "md5_hash": "6d7541153bc720365c11d0d10134c89b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a59e5c2bb16ed146be41ddaf56efee22b58f9f72", "sha256_hash": "f2bd1ffdb0aa80c8e51d10530254eae63de81b7e581512f0f04ef3d5d0fb98c3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001043-addr_0x000000007ea7d000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00001043-addr_0x000000007ea7d000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_483", "md5_hash": "9e8da2b197f8fc26e59ca1b5b42b5740", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "abfa54db5f1c35fcc570988b2296588bb13e4801", "sha256_hash": "da4bfd611f0d9810d21b6e872f7db14e87fce4c6960096de62b9486bef981bde", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001044-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000005-region_00001044-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_484", "md5_hash": "d62684b20124356ca7ab2df248ba4436", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a8a9dbcf496a643faa7303ea1e4572a5e1c50aac", "sha256_hash": "861029fd81ec02ecc61d593ee0d55367b0e025c8bcea112e0565d34c6c233b5e", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001049-addr_0x0000000004f00000-size_0x0000000000020000-perm_rwx.bin", "filename": "process_00000005-region_00001049-addr_0x0000000004f00000-size_0x0000000000020000-perm_rwx.bin", "id": "proc_dump_485", "md5_hash": "5141b01bd8671c3c093a31c4de336c3c", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1a73143691a5234f07fd64ab07ff803c3ecd5e5d", "sha256_hash": "d5caeac0a9921f9f1fd5ce654cb81015d9790a42a53dbbc2191f7682ec8954a2", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001050-addr_0x0000000004f20000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001050-addr_0x0000000004f20000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_486", "md5_hash": "cf1290576c49ede529f342d8d3abb813", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "750b5b598b097d4ad516effb8fd7451e4835dd32", "sha256_hash": "bc89482a85962cff3ce8c3481c2afdee244c14aac23d662404c82ab2ea59994b", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001051-addr_0x0000000004f60000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001051-addr_0x0000000004f60000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_487", "md5_hash": "8d1582b4952f55492bfefd7fc9746942", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ad5b6a9d0732b5b5701fbef3891108fa5260086f", "sha256_hash": "e0bc3a5579cf5da012c331e3ec8287df58c684d775b40bafb4d5ddbe4f14a61d", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001052-addr_0x0000000004fa0000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000005-region_00001052-addr_0x0000000004fa0000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_488", "md5_hash": "ae40cb076b89d36e71aa7c43ffb4fb7e", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ed36e75dbb43b12ea682facecdfddfe0afec805e", "sha256_hash": "af2f5fb7c38dd228dc8fe5030215329cbe5dc8c3364a06c6684430597c1a7d34", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001053-addr_0x0000000005000000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001053-addr_0x0000000005000000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_489", "md5_hash": "d707009460dbbac57898707cb5b44319", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7fc22691c0b7a532fc2be6b7335c55c646abe135", "sha256_hash": "4fb725df871bdb8c52727377877850becf46d85507d2eaaaf5cb6e2c768ddf88", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001056-addr_0x000000007ea7a000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00001056-addr_0x000000007ea7a000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_490", "md5_hash": "8d9ca5dbb3858ba55a9e97e52f208cea", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "25a8c46287f338cf024ae55d1f9920e59c14d030", "sha256_hash": "fb96814744e29584da56887c0235c164b03785552190c2d04e20ca3547f8a49c", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001057-addr_0x0000000004fd0000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000005-region_00001057-addr_0x0000000004fd0000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_491", "md5_hash": "3f59d91ff00db9c9cb83421fc98103dc", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6638948ecf6f4246ffd90c74d835bdfe589b76f0", "sha256_hash": "fb36f10033a5bdc31e255058965ebc6eed870d885fa756a6daf48868e06dd22b", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001060-addr_0x0000000005100000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001060-addr_0x0000000005100000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_492", "md5_hash": "436e04055895ec3f1f35acb0767478a1", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fab4e7ab134e50a900fb3b15f9b9af728a6be988", "sha256_hash": "e8d08201de0af426638d1e0218d0302dd47363224605f821d3f78415b5323bf9", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001062-addr_0x00000000052c0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001062-addr_0x00000000052c0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_493", "md5_hash": "0e1d292f34468e33c816e4bf8904c6da", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0eba94c54642312c52e6bf0c1e9a4f771ce8b540", "sha256_hash": "dbc6215a7725ae94bafa4d783f92eee6570e7225a0afb5a5669976446940ee09", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001063-addr_0x0000000005300000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001063-addr_0x0000000005300000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_494", "md5_hash": "51d8298ddbb558f372bc49cd3061c014", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "396ff6bc97729f27ba6f81bde29ce7e337f2ed41", "sha256_hash": "6b61009eebeb659484deeae0aaa67cf6c6e453881a033f0fbe1a8528b90542c1", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001072-addr_0x000000007ea74000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00001072-addr_0x000000007ea74000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_495", "md5_hash": "65aaf969dfdaf0d3dc9f81dff71367d4", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "20c8a88550211be03338ea8c6b26780abab1d740", "sha256_hash": "e68cb60adc167981131efdb96dabc6d73963862c0344e768eaa600c9a461d380", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001080-addr_0x00000000054d0000-size_0x0000000000175000-perm_rw.bin", "filename": "process_00000005-region_00001080-addr_0x00000000054d0000-size_0x0000000000175000-perm_rw.bin", "id": "proc_dump_496", "md5_hash": "abf7d7250a721de670fae4baa053a2b2", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8fad0600402d891ccd2975ee6ae39288bb1079c8", "sha256_hash": "67c4365096312595ceb0f75a44e1ce8131892847c75ae46062b2450ee5afa86a", "size": 1527808, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001081-addr_0x0000000005650000-size_0x0000000000200000-perm_rw.bin", "filename": "process_00000005-region_00001081-addr_0x0000000005650000-size_0x0000000000200000-perm_rw.bin", "id": "proc_dump_497", "md5_hash": "b47240228bfa0c3d22eedbbc02cf1845", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4fa2483f01105934a9a8f1d12fbf4a48bafb81ae", "sha256_hash": "4236ce1b958987dfda060d3d48517fc7616b883a40c09422b2ec7a75d2c32173", "size": 2097152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001082-addr_0x0000000005700000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001082-addr_0x0000000005700000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_498", "md5_hash": "30b27f1e5887e7e8ed39c0f7ec18fb5c", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "831a6a134bb78f9feffdcc4513deaf5df3998a25", "sha256_hash": "3a151afd9720e2b8f8f14feb3018f0357916bb52804092fc74f097a1f7c8a224", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001086-addr_0x0000000004e20000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001086-addr_0x0000000004e20000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_499", "md5_hash": "da9adb0edff6b1288bb306a461ced314", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7998f849a970a20fa4f1f914856f34aee7b77ad0", "sha256_hash": "b0497522164234977a6922b917cf9bc4d3b87a6ec589bd936c1b63b108f7479d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001087-addr_0x0000000004fb0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001087-addr_0x0000000004fb0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_500", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001088-addr_0x00000000055f0000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000005-region_00001088-addr_0x00000000055f0000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_501", "md5_hash": "28d00cb38e78c3e0e7e526fb6fa4f52a", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ad77b4eee9f3d811e64b586b07941be4e0063732", "sha256_hash": "a75c3dfa6318f7808cfffab313724de396c7dd34b80396009bf32829d8f91afa", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001089-addr_0x0000000005640000-size_0x0000000000005000-perm_rw.bin", "filename": "process_00000005-region_00001089-addr_0x0000000005640000-size_0x0000000000005000-perm_rw.bin", "id": "proc_dump_502", "md5_hash": "23788b1cdd09fdd405d2c5d6b5a8eb7b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "687e5f6447267142ed840454c33e14074e313b74", "sha256_hash": "bbbde4c38ed9887624fe75287ce9f2d6bc762c7f05c3384012d216a8e72b0b8c", "size": 20480, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001090-addr_0x0000000006e00000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001090-addr_0x0000000006e00000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_503", "md5_hash": "aa87689a0efe89b28dc3771abff0aa42", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e39ae11b5cdb885e9e414edb5982d688632f77d6", "sha256_hash": "b000a4d3dc7d55cf4ab0748be5f48b4d55f0c3e0a5013449061596cd806f381e", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001099-addr_0x0000000004fc0000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000005-region_00001099-addr_0x0000000004fc0000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_504", "md5_hash": "2448dfa31e4bc81933c6e616c385bb58", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "170e439db18b347e44837341fa8b667f94ed7fe6", "sha256_hash": "731467fe58e279a18a54629066cb6c8df401af192fed70090e9503f52b45c2cd", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001102-addr_0x0000000004fe0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001102-addr_0x0000000004fe0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_505", "md5_hash": "b01ffcabeab4a263a563300d1e7b0471", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1936cd73bc2380069c99cb67026fcbc525c12596", "sha256_hash": "8b72682e18c188d762b9a0f545fced605b32595da60c737f08c4b4cfa5fbac77", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001103-addr_0x0000000004fe0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001103-addr_0x0000000004fe0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_506", "md5_hash": "72484d1e7387c93daf1cfbc170e8c74e", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "649c658d6d1baa5953adf1850ec6fdf2e8c6ef34", "sha256_hash": "62e4c22969babc1004ab82b4495be9ddab626dd649dbbfbb22c0185cae7ee9e0", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001104-addr_0x00000000054d0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001104-addr_0x00000000054d0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_507", "md5_hash": "3454c0b2b4030f493329138ff522d4b7", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "359261d833774f07b1f69b7b64514d14553f38f5", "sha256_hash": "b2b97ff00c685ca5e69b964f7b270f1f9e03ad00ba3bc2cb63adcb9f61cd0db9", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001105-addr_0x0000000005510000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001105-addr_0x0000000005510000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_508", "md5_hash": "e80fd34f0d3988ac8192a14bc9f79adf", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bcb689d33b0f6b4b140d744225767871ad991cf9", "sha256_hash": "dbd02551608f1faad50a35b9b87ef30be4e97dffd19ede00183f673eec9ad9c0", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001106-addr_0x0000000005550000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001106-addr_0x0000000005550000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_509", "md5_hash": "885d9aa935b07c24c3b01cc2ee0b2c05", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fa3e9027ae25f50159420ef476143dd2efe4a571", "sha256_hash": "5ceeb8ce6412193ab4de77d1ed7cbc081772c360af24f32b761e3745ccbe3f55", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001107-addr_0x0000000005590000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001107-addr_0x0000000005590000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_510", "md5_hash": "acb793195d6fa57cd2a9b31a7b0b3198", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b9389091e13fe89affe10db10f50ef5e54b51aad", "sha256_hash": "bfb58b9f86b67db2bd16cae63a75671c10c57eed18cecfaa6fb206f2ffaaf003", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001108-addr_0x0000000005600000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001108-addr_0x0000000005600000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_511", "md5_hash": "05d2ebb673f08eb59e23b9a28b481c02", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "faab172f2f91760ad06cc442cb3dd4792d99d010", "sha256_hash": "6fd33c1550ae7cb166b7d20bae1f9425ed5388babdba9e7047ab14e54938e683", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001109-addr_0x0000000005650000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001109-addr_0x0000000005650000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_512", "md5_hash": "d18ca93bc26b2f21e8e70df07a199c8b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13312b1a5fd7b6d40988f926c08418ff34932728", "sha256_hash": "340443876720b6ec51f5405e777cd180ccd047c2e890f9b963b1a0155ba17ec8", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001110-addr_0x0000000005690000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001110-addr_0x0000000005690000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_513", "md5_hash": "4cb80ba15e3c839bc617b33cba43e673", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b0146e5f3438e059b7a0d06e96dba899b8aa492d", "sha256_hash": "acfa000b0ef074269747996832171d74ec3290c01e44b35e0f757fe8445b2cf1", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001111-addr_0x0000000007240000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001111-addr_0x0000000007240000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_514", "md5_hash": "1f525e4f227b126188c780574f23783c", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6e1f658879b0fdb10fd09cb13bf1ccb0254aee0a", "sha256_hash": "8652ff70c4aaa40828b8a00c4f4acf172615cc4e2b4578cc5f58947988158701", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001112-addr_0x0000000007340000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001112-addr_0x0000000007340000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_515", "md5_hash": "ae0efa0b2c5592299c2aa64f348c0943", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "472f263760d104250367dcbebdb7e64d81d3dbb2", "sha256_hash": "a78bea365632a07f56ccd4b5bca1552e839a449b8b21e9ff24b92651910f74a9", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001113-addr_0x0000000007440000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001113-addr_0x0000000007440000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_516", "md5_hash": "2222a4db5d3421f60b793de76dbbe0fe", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f3bbd5181fee330c8c3a088fcc38c78426c87fed", "sha256_hash": "2005418eddd4bfa7d8f7f65913e9a317cc2c29ced69a1acb24fd4d7651c9ea17", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001114-addr_0x0000000007540000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001114-addr_0x0000000007540000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_517", "md5_hash": "0f818f9a762c2fed3768f29466f7cc84", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8508259a2097f4bf8579573f548f87c1dbfcf1d2", "sha256_hash": "477e23c6f31e4191731b0a3a9607b49123635b67f894ea078476443c0e0a305d", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001115-addr_0x0000000007640000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001115-addr_0x0000000007640000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_518", "md5_hash": "9cbdcb9d95152beca4a2aec874cf2517", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a625242b1ebcfd65c08d222733adb2481b0cc376", "sha256_hash": "c6c9430ca1fa91d45cc80a9f442044b5dc3cb626eb9ad10144f2a24af32613f0", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001116-addr_0x0000000007740000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001116-addr_0x0000000007740000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_519", "md5_hash": "1892f07d7d7a57c31e42bcaf7214ff50", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1074c0530f0bdb82fe8a72e892b293b9f0f61b18", "sha256_hash": "8be884f9c4e280c7413cd68220df6ddd28a0ee20f30223f273a2c9ebb0c81b4d", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001117-addr_0x0000000007840000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001117-addr_0x0000000007840000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_520", "md5_hash": "3d9f6224433d62d098242b81b6253e74", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d82868a44bbdefc0b065600920869ec6499cb5dd", "sha256_hash": "5bbd04311b91277ee53bc90d59140beb12403291fa9ded7f82bafc2a25f91668", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001118-addr_0x000000007e93b000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00001118-addr_0x000000007e93b000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_521", "md5_hash": "b762070326550821e492feaaa352215d", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "10fa1ba525a3a1efd4d9077de2821db1f0f37a57", "sha256_hash": "2df259933ed0ead42d9e451af680412976e50588f714aca2d6a5b41cc22daddc", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001119-addr_0x000000007e93e000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00001119-addr_0x000000007e93e000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_522", "md5_hash": "f8db0fdd94ed317b5b944a680f86a1c3", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8aa954f89ff2af000b0f455182be169bddea75ad", "sha256_hash": "14c27d607536e407bf67e0517983b621c03c3d0de6122de726418af6664076c1", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001120-addr_0x000000007e941000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00001120-addr_0x000000007e941000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_523", "md5_hash": "86f70f373ae32b998ae9bb0163a4248e", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8017e58437d3a787aa3993b26ca34cc30c7281ed", "sha256_hash": "ada18b3f4a370ad01ea93c772801faa8193c3d5097eff1f48c39fbc076c2143e", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001121-addr_0x000000007e944000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00001121-addr_0x000000007e944000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_524", "md5_hash": "96f69d5fe7feee369cd303c32af6d155", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "be28d504decb3fe3841ceaf03caa509b058dc436", "sha256_hash": "5c5413e589771b536406da9d857047595d569f7a6de0e99cea380b43ac793b6b", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001122-addr_0x000000007e947000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00001122-addr_0x000000007e947000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_525", "md5_hash": "76421a30f42a03968fda8e7181f68b67", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c3d45c9573b9eeb4386c0b93bdc8368c581ce5b0", "sha256_hash": "7a8eff61439b2a04a2f99180373518c14e6a0879ecbe460162ca76a573d88af5", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001123-addr_0x000000007e94a000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00001123-addr_0x000000007e94a000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_526", "md5_hash": "bb66769ad71c746a0106283263dcf6c9", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3b83b1b53755e19071fe1dfe6556168347f57a8a", "sha256_hash": "e9d27cdd136a060945c60e3e2633058b2b8b423d21069e9b650559ceceb4ef8c", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001124-addr_0x000000007e94d000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00001124-addr_0x000000007e94d000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_527", "md5_hash": "6e1f4634826b37892257502538a14612", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cbc392c3945c182aeca3fc49d5998db9f02168c3", "sha256_hash": "f0805ce75a25500f7b29508af4dd862d778990a8f753327bf1262fb3ce8e8050", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001146-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001146-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_538", "md5_hash": "9235243a8973f34eeafcc44ad55a600a", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12cffede04955de2e8d57f353a1d1e6fb02d38da", "sha256_hash": "5fc2a46b026a0878e4fd9283786a38f02085a735e5fea4d297f930f9ba4c6ae8", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001172-addr_0x0000000004f20000-size_0x0000000000063000-perm_rw.bin", "filename": "process_00000005-region_00001172-addr_0x0000000004f20000-size_0x0000000000063000-perm_rw.bin", "id": "proc_dump_548", "md5_hash": "c455a492ca73ec4dd76f89fc36278c73", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "48c6d0d14dcf78c9a155cbb46c02ab1431b5b1a7", "sha256_hash": "b726ed811ef1e25132fac80af807b3baabbad6204f0d12cab3d3852a1cb2599c", "size": 405504, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001173-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001173-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_549", "md5_hash": "20078f7702080d841f7c0261c565c8dd", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d8efe7b5befebca5818edd706f4bf3d124297566", "sha256_hash": "2b4944a7cb3714d6b0caa7eda27da997fdff5b661f8951d85f3a1ebaa2808dda", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001174-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001174-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_550", "md5_hash": "1bd651a765c89e67d4a2039ac2e6cdc8", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a3b9cb4e2a789f21a1394b97d465d76bf8f4fda0", "sha256_hash": "5ad47960d4439983bff92aa8fce976ddb8cced5a17bcedc2be3f61d1fb592f39", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001175-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001175-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_551", "md5_hash": "14b9014faae876422d9f2398bf26055c", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0d45f4e258d9cdcc6962ee915a29ef67bb2ff64f", "sha256_hash": "667b33f9ee1c788e6acbf761fe8bb707a4731493e77d4eb0b4812825f7e10352", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001176-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001176-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_552", "md5_hash": "c30a3419841ee1c976bb36964442030e", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "00981b9e6cefa45d0f2361be2b82ac2f19a5ec53", "sha256_hash": "89ae0301ad813dbfe575d96be3b2c2641632c861929e95f5402f4658dd5e71dc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001203-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001203-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_561", "md5_hash": "1ff81c5b07e87e8a3574e842c2528714", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "19ca676d5c18d9b4dcf0d6ba949b979297841b10", "sha256_hash": "4326f2a2a9d86dd3914dfe6356e5475472edc6ec603c36bc9b3af2d1011f55ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001204-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001204-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_562", "md5_hash": "339f995c471312c91c370cdd0311bc2a", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cf607ff8f00cf461673e3544dcc8a2dd03601e0d", "sha256_hash": "9112fa5a4e79e5a3a1b762dec1b63e37360136e5156680d01a178572eaa477e8", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001207-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001207-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_563", "md5_hash": "e2ba2712e7abbaf0bb8ebe9fb9c641e9", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "43b3d9e5c24953bbb8ef4803e4b1712df0bb8a69", "sha256_hash": "f99c853241ecf4beb87bb17a0a73757741d40f2da361d5f820d170bc3d6cbf60", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001208-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001208-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_564", "md5_hash": "01d1218a33732c73236385629e6b09a6", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4368f736fcd9fee01dfe19fbe8b4d50d00cf25b0", "sha256_hash": "40ad5955e33d4caab6dc72492688467213fa862669a0d67525a65580064f5d35", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001214-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001214-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_567", "md5_hash": "ad30b2998686a2dba30871bb52af83f1", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c48fa3a3325c99045f50e93c571fc5cbba50987e", "sha256_hash": "3d2e1026ccc6c5f9f211f73652ba768c8dc40a2803fe5483a8734ab2d35c6eec", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001215-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001215-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_568", "md5_hash": "894405d3b499000035df329e9eab18dd", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bbe7e92d7a4fb7022c718154bd3de0fd41da0095", "sha256_hash": "2ea6351fe5ac200e1bac2ad8f1c2eebac10525f5a376518c19ac23fc80ebc088", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001216-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001216-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_569", "md5_hash": "6d21ea826ffdfa9166161af2b0f7fc8c", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f3d006c07663097a878496b4e1cd63a49cb3b765", "sha256_hash": "47603040c73d223ace164da147b9fb903e653caf8719f57d0d046153ee9e7a6e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001217-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001217-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_570", "md5_hash": "a1334387325ed82ba1097a51289f68e8", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5c300a16e9e24efcd3e6c0d456893a0165a92eb6", "sha256_hash": "8c8ba6b36f5e65083deaa96d2035879d0d5f0fff35f48ae8dd1356d92f92bcf0", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001219-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001219-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_571", "md5_hash": "de0e46346e4c6f3fb8000e93cb9a000d", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bfd27fa629d5be7eb033323f09b93b976587c180", "sha256_hash": "2e5ea6f82f68f880a1cc09394eeb20d517c3804b963e60631f0bc3ececd3eace", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001220-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001220-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_572", "md5_hash": "8faba9258e04440fe534250f35aae7fb", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "175a6b898905d98a848305775d0e4bedb5bc05ca", "sha256_hash": "3b7fafd814e462c8f37e2ed965c0028bb45895fa7d0662405530b5666d4c5144", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001222-addr_0x0000000004f20000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00001222-addr_0x0000000004f20000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_573", "md5_hash": "87d593f817c2e86c5df27de21bd8cdf2", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e06991a159301b44908201ee40c7232c9e4ddb5b", "sha256_hash": "d93563d55f012e72e124c4eccd0e772871cc58747592866533305bb6877ba983", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001224-addr_0x0000000007940000-size_0x00000000000d5000-perm_rw.bin", "filename": "process_00000005-region_00001224-addr_0x0000000007940000-size_0x00000000000d5000-perm_rw.bin", "id": "proc_dump_574", "md5_hash": "181789b5c5d38f8b0e4d40daa3320a2e", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f7968ba5de79ef502bd1deaaa316733f349f46f1", "sha256_hash": "4d1e340f7784c783a4ac7ca79398619255b939829df5c2702b252c5b1e276479", "size": 872448, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001225-addr_0x0000000007a20000-size_0x0000000000200000-perm_rw.bin", "filename": "process_00000005-region_00001225-addr_0x0000000007a20000-size_0x0000000000200000-perm_rw.bin", "id": "proc_dump_575", "md5_hash": "b47240228bfa0c3d22eedbbc02cf1845", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4fa2483f01105934a9a8f1d12fbf4a48bafb81ae", "sha256_hash": "4236ce1b958987dfda060d3d48517fc7616b883a40c09422b2ec7a75d2c32173", "size": 2097152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001226-addr_0x0000000007b00000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001226-addr_0x0000000007b00000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_576", "md5_hash": "106b97955461b8e9f8451b819afdf85b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "65a3a0f1c8b8e4b097e45c948ca509db794eb3ec", "sha256_hash": "08531fa0fff96e969486c3bf6700d8c4e107c0074f2ad114a899dfbbfdfab0c6", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001235-addr_0x0000000004f30000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001235-addr_0x0000000004f30000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_577", "md5_hash": "19039e05bf3b22409e47bf9d71319a59", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "487dde8ae1f7eeab001897df244ccdd4fd385d67", "sha256_hash": "541a4cc5d36669c5951bdde2f0d6512d2e8b641702f6f41243901f800716991f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001242-addr_0x0000000004f40000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001242-addr_0x0000000004f40000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_578", "md5_hash": "37d80f25290a8402ef854ff3f27c84b5", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b554b3326605c3cdf42f0e5f3ec02386880ea6d9", "sha256_hash": "39d84e8803e838477908fc58038e83b1ca9652114d31d6215af242750f29d10e", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001243-addr_0x0000000006d90000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001243-addr_0x0000000006d90000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_579", "md5_hash": "4ae4e27026892126421689e0673faa62", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ca1202a20dab3381294cd91642cf63d67e0efe31", "sha256_hash": "d3d95f8fd43499bd42486e15010babdbacb95e8ff7b1fdb1a63102ad8429cea1", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001244-addr_0x000000007ea7a000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00001244-addr_0x000000007ea7a000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_580", "md5_hash": "1fff863c47e36f1d62924ff65fdc44be", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "85530af5f5ff099c6ee41ee714b08b72f9ae7243", "sha256_hash": "8c6389254416c10ea650fbdef5d430fc1c7299a0335705d3c4238facc05db80e", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001246-addr_0x0000000007940000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001246-addr_0x0000000007940000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_581", "md5_hash": "615fd6435ff02381ac94f0a944e8ba08", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "999a895281b2ae5cc754af9ae49edd2d291d4045", "sha256_hash": "6c2cbd577de438ed31f3651668ebcf71e4af5934afd1053978d5fed5c6e5f6a6", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001247-addr_0x0000000007980000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001247-addr_0x0000000007980000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_582", "md5_hash": "71ee7be638b2ba6d88087beee5a9b366", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "693b0ff409c70043649d21e3f36404092f269956", "sha256_hash": "3dead5920591ad96c3be35a323aee105c47a4ecef230eabb0198e5e705ae680a", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001248-addr_0x0000000007a10000-size_0x0000000000005000-perm_rw.bin", "filename": "process_00000005-region_00001248-addr_0x0000000007a10000-size_0x0000000000005000-perm_rw.bin", "id": "proc_dump_583", "md5_hash": "e37ed796be548a31c3aa2bb368da14c9", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "972212f2800e78d18b4185f158d4057a7a149018", "sha256_hash": "23365c6829fe97167f52694cd418e13d552bdf8560de98a28167cd3a0fd7011a", "size": 20480, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001249-addr_0x000000007e938000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00001249-addr_0x000000007e938000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_584", "md5_hash": "5547b9b12df3fe2984398f8825355387", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "df88ede4dae2646a533eaf6764d86cd883a5a4ca", "sha256_hash": "a040ac599dccec2e7d6d2924083a6e6ac0e00b2dcff40698f2a36499a63e8513", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001261-addr_0x00000000055e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00001261-addr_0x00000000055e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_585", "md5_hash": "02baf32b5aa1482706ee36a2b72c5177", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ffa83452400a53de5e7aa09a5c187912d4ce18f", "sha256_hash": "a09a6c6b99892e04e1d9f17a4653cf2cab14a270ff6567795cfec1e9929a3908", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001267-addr_0x00000000079c0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001267-addr_0x00000000079c0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_586", "md5_hash": "8b74b7acc61d237ff06ad0c9a651737d", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "568c3e4cb2a647ba609d9df4b56b2b670e9fe206", "sha256_hash": "5de11978df26d99a961e2d874522f86b3c11a0b3967b3fc99be86d3eaac26f24", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001268-addr_0x0000000007a20000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001268-addr_0x0000000007a20000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_587", "md5_hash": "ee4da1d6db756aa4ee2eb370d2a9e2ef", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "85b6fc5ff10852b73d333a659000467f1ad55291", "sha256_hash": "78262e4601d70bbe1faf93dee95c0508b07a37e6ca3c150453ee3088a9293236", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001270-addr_0x000000007e935000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00001270-addr_0x000000007e935000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_588", "md5_hash": "c8888af8f811c70e5c2a7d0fad05d9fb", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "54074caf37e76807bd4c3f1c81845e98f893a195", "sha256_hash": "c15b9725effdbff5d1052f1250566f37a3ca92cbb2312802966388a262f45dd4", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001273-addr_0x0000000007c00000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00001273-addr_0x0000000007c00000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_589", "md5_hash": "f495be22d656a158a6a931ad179f3ce4", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7d1639f73f6cc6895c7b4d7814e5664737f6c998", "sha256_hash": "5ef9422d4333abf488869cccd8c30b52322e5d8e29120462ed76e94443c4eb98", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001276-addr_0x0000000007a60000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001276-addr_0x0000000007a60000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_590", "md5_hash": "199f5e96b31c89c2ad29f3b6a8f879c3", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "34595807ea7c888a0f0b1c1120d275f1c558ea5a", "sha256_hash": "81e5330126315655883c3ce3ec2a80e4f1af9661f5855f9c13fdaaee2a278d2a", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001277-addr_0x0000000007aa0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001277-addr_0x0000000007aa0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_591", "md5_hash": "c5b979077ec6605354960a2e7ae3e511", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f9cd8910cd38a390e6bd1c308392a2ccf78115c0", "sha256_hash": "dd5da906bedd9e31762e2aaee766c07601f9f447f4883d29ef4ee9a4016d616f", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001279-addr_0x000000007e932000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00001279-addr_0x000000007e932000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_592", "md5_hash": "cb7f1fbc2fa530a1a7f186f685b84afe", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "681828706f4c36a5b25dd8511c2d36e0cbb1c291", "sha256_hash": "349ca17b2d2006a044472e995d1295d5064313fbe6a6e6d4fe5623ab0c54201d", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001284-addr_0x0000000007d00000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001284-addr_0x0000000007d00000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_593", "md5_hash": "b63a1786bccb6b7935a4fd976240b230", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e9a3852826c53d0673e529f54a473d2e5b2e18f7", "sha256_hash": "457ac5a4f21342d4afec22143fb288884bcc7445db4a52ae2298cf2ab67731d9", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001285-addr_0x0000000007d40000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001285-addr_0x0000000007d40000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_594", "md5_hash": "a26d56c1159c88022fa7946445a4f790", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f30c685f37d162a2e99411583e62809aa251178c", "sha256_hash": "7fdcf5ca72228a1a135dd3e20c94f33c92ee9fd5f8d082a83494e51cea258481", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001287-addr_0x000000007e92f000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00001287-addr_0x000000007e92f000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_595", "md5_hash": "1b3692a365d1fe9574d05b7b8a8d73d8", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a6c988cb2460926e3421a1e614b73397b7dd1644", "sha256_hash": "9cc4f02d5f498d315d0ee587e40490acfe6b9e48de14e4aee5225a90d2950fce", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001289-addr_0x0000000006de0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00001289-addr_0x0000000006de0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_596", "md5_hash": "2129ec65864f01cddf2fd34e2451103a", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5885cdbaeefee383dbb92fc2d7c893f09c638406", "sha256_hash": "c1dd8d94e191f95dc330787de27e89ed1047a49826b626eef82a154dd659ea50", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001290-addr_0x0000000006de0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00001290-addr_0x0000000006de0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_597", "md5_hash": "c379839449aed6fc8b370ec0a2600e63", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f93497695308162255f6f1c5994309d95a5f2b01", "sha256_hash": "ad6e81d069b571be6e0a2d3291b6016a28c29e559b98367df064c1f656c991bb", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001291-addr_0x0000000006de0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00001291-addr_0x0000000006de0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_598", "md5_hash": "b638693d1bf1dfa64ca4d3fe6cf08c83", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a05437f10fd3c487d26f29db84933fb39980940a", "sha256_hash": "d0f645f449fbe177cce00a44ade58bbd995e82415bc636e8eb599d6a38e14803", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001292-addr_0x0000000007a60000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001292-addr_0x0000000007a60000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_599", "md5_hash": "22b29495a784fccfc05086180da373b5", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0d6d7cc8365f72e11ec611add9d7d05913532d61", "sha256_hash": "37a23f37ae397588eb2c862c8bf086040957cfbc15068114c6e3aafa80939f6d", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001293-addr_0x0000000007aa0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00001293-addr_0x0000000007aa0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_600", "md5_hash": "1893cffdf31d88268e78fada2961c951", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "143d8510c5b959ce6f3125a5762f25a765922272", "sha256_hash": "0f6384ca8e91e927c5df3f8da8c6368d0a7f4313e6a6d1fc661b4984357e72ca", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001294-addr_0x000000007e932000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00001294-addr_0x000000007e932000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_601", "md5_hash": "fe9c1cb67ce4c4af8435cbaaee044334", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "383ce192759afea916aa75953e11a107e0b36d6b", "sha256_hash": "84aebf271be57e9d9c0ab16d1124debcb2adb2957abb9e3df581c4b44d3e4959", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001295-addr_0x0000000006de0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00001295-addr_0x0000000006de0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_602", "md5_hash": "4801d215b25f7c68bdb6cb91b625cd8d", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "48f881151bfab877eb32cf9c4a8cca3a5b678060", "sha256_hash": "fd4316fcd32d5df5a26030d2689432a5fb2668ac698b0ac52f3992ee59d51c69", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001296-addr_0x0000000006de0000-size_0x0000000000017000-perm_rw.bin", "filename": "process_00000005-region_00001296-addr_0x0000000006de0000-size_0x0000000000017000-perm_rw.bin", "id": "proc_dump_603", "md5_hash": "d57e7b7a8d43e31ce2717a591bd9029b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e1c0cd9ff6b309df0c89457b21f59fe671f4593a", "sha256_hash": "1f678ef130644f82f8ed729e10a7e8c694cc965c69fb4ef971c499ac93fd5c24", "size": 94208, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001297-addr_0x0000000006de0000-size_0x0000000000016000-perm_rw.bin", "filename": "process_00000005-region_00001297-addr_0x0000000006de0000-size_0x0000000000016000-perm_rw.bin", "id": "proc_dump_604", "md5_hash": "b9667ad03bb8bcd13a8ae1b800866672", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "25e5b17c1d2470ff7fe3974e52d07f6fd5af646c", "sha256_hash": "919f326b27103e66ace129e3bf1e576ee05f5299bde92b2a3a65c576e5443f10", "size": 90112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001298-addr_0x0000000006de0000-size_0x0000000000016000-perm_rw.bin", "filename": "process_00000005-region_00001298-addr_0x0000000006de0000-size_0x0000000000016000-perm_rw.bin", "id": "proc_dump_605", "md5_hash": "1ff3d7848bc3c7605fde7e2c00baa09e", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dde65eb5d6949cf88d77c840e1ef173b0a6068f0", "sha256_hash": "e39ee4e3b8496a132f26db65eda2877a8dd7b7c6a8cca5a5af8aa575ce26bd61", "size": 90112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001299-addr_0x0000000006de0000-size_0x0000000000016000-perm_rw.bin", "filename": "process_00000005-region_00001299-addr_0x0000000006de0000-size_0x0000000000016000-perm_rw.bin", "id": "proc_dump_606", "md5_hash": "3f41431d4d3ad7dd1dcd2be1920f7f37", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7b1961e52258270ef74773b26fd3abe57f3a00de", "sha256_hash": "c8d72abbf282a7cbee99e19ec6bc7e8d6401e1000278b387258216d068cffea5", "size": 90112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001300-addr_0x0000000006de0000-size_0x0000000000016000-perm_rw.bin", "filename": "process_00000005-region_00001300-addr_0x0000000006de0000-size_0x0000000000016000-perm_rw.bin", "id": "proc_dump_607", "md5_hash": "eb494d1259b5a79be89e4f6f08d9c23d", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "271cc80762b431dee47129060055b08120a47e23", "sha256_hash": "c83f9b720cfea67c8d164903cfa19bf4c7f2f46e39d914078ed5f4b3e724d174", "size": 90112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001301-addr_0x0000000006de0000-size_0x0000000000016000-perm_rw.bin", "filename": "process_00000005-region_00001301-addr_0x0000000006de0000-size_0x0000000000016000-perm_rw.bin", "id": "proc_dump_608", "md5_hash": "b21ba64e95064d473e061beb2389a046", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73e33bb71b615c7f6183a3d382a05659849249b", "sha256_hash": "59bd36d654cc857059cec7d83e7d036fe9268191fd3b22c17468a293f402b2ca", "size": 90112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001302-addr_0x0000000006de0000-size_0x0000000000016000-perm_rw.bin", "filename": "process_00000005-region_00001302-addr_0x0000000006de0000-size_0x0000000000016000-perm_rw.bin", "id": "proc_dump_609", "md5_hash": "d4eeca2a121bc0b7ed5992b729ee838a", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "22771e8a357b4527ac170452d8075e7811a07cad", "sha256_hash": "c85155fd3a66fb744f2624d4c70d9939954a33630c0d36be56715266c98963e2", "size": 90112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001303-addr_0x0000000006de0000-size_0x0000000000016000-perm_rw.bin", "filename": "process_00000005-region_00001303-addr_0x0000000006de0000-size_0x0000000000016000-perm_rw.bin", "id": "proc_dump_610", "md5_hash": "23128f3fdc9ad3f4c645487f90a95d9a", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "42f95070dd72b0490df04f5baaadbc9730f1e125", "sha256_hash": "ecc08709442ad8df11d1a4560a8da2d4dec3620c4b007ff745985f349495b19b", "size": 90112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001304-addr_0x0000000006de0000-size_0x0000000000016000-perm_rw.bin", "filename": "process_00000005-region_00001304-addr_0x0000000006de0000-size_0x0000000000016000-perm_rw.bin", "id": "proc_dump_611", "md5_hash": "9ca1acfac9dd149b4ec6d79e9f44ea5c", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8175082bd6bbd1432dff6d0159dc2eefec2dd60d", "sha256_hash": "fe3d1aa380f1bf7fbcefc4d324cad38e055ff8869264cc84e11351f8a041edba", "size": 90112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001305-addr_0x0000000006de0000-size_0x0000000000016000-perm_rw.bin", "filename": "process_00000005-region_00001305-addr_0x0000000006de0000-size_0x0000000000016000-perm_rw.bin", "id": "proc_dump_612", "md5_hash": "32dc6849d457a5a43cb10766f3718fc2", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8336e208c6b25012a431bfd5a7a453ecaa4125ae", "sha256_hash": "57fe691deea9b7a43aeeb3d4e272552f33cdde984d64013f6048d17ae51c2840", "size": 90112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001127-addr_0x0000000004750000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000006-region_00001127-addr_0x0000000004750000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_528", "md5_hash": "c9b19f41a665876cd3dbf324b8752d4b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6360eb0c010915c8b6d8b0b51e78bd76d80a48c2", "sha256_hash": "f993b3df44d29e150659400833312e3f2bc048b494d6785dfbf09049d1d7a214", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001128-addr_0x0000000004770000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000006-region_00001128-addr_0x0000000004770000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_529", "md5_hash": "a2d4b925abf10d25dede86a52fa73a64", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d06cd986daf11804356716e5d39151ca78b222db", "sha256_hash": "61609d9c026a1fa3a0597fd2e6b5b7055db3af1ae457b406f2a2fd29391cebfa", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001130-addr_0x00000000047a0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001130-addr_0x00000000047a0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_530", "md5_hash": "22d3c7cf4a40ad6d7f0f100a8230859d", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e6f0d1e0d0531c1a64b60286e0b57e754548bd79", "sha256_hash": "5f1e4b8ed3c9f7897f73c1b49c107d663822487941158312290357b0fb4df0ee", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001131-addr_0x00000000047e0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001131-addr_0x00000000047e0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_531", "md5_hash": "3896491bfca9d460aeede1bf38a51b18", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "515b6089703a3d3e9210ef0054bd28b96ba6aeb1", "sha256_hash": "d5d5672ce2d1321ff0ba8c083300dbe8bd98e3bf042aa6d659423b8625aa8194", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001134-addr_0x0000000004840000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000006-region_00001134-addr_0x0000000004840000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_532", "md5_hash": "ca5cf12dbd1746a4290d5e6c60c80346", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "42d0591004223fff110c94f6b2a5a3ae7babef90", "sha256_hash": "251b84626ba4552acb73d6346357d16d828cfdb69a16e5bb9824454f189a1c55", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001137-addr_0x000000007eaa5000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001137-addr_0x000000007eaa5000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_533", "md5_hash": "30961821a004c22a92e215258b12e91c", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d94df3aa1afaf62bd1a89ec01d5bc1c71eca601a", "sha256_hash": "99c274b2c391a12b266f39824fce94984fa18bb6b4ad02da5c79184624f96640", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001138-addr_0x000000007eaa6000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001138-addr_0x000000007eaa6000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_534", "md5_hash": "e335b07ee347226d1a30a55d21ab25e6", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2eba8e57de68b946ff05cc75d8705b09a2714dda", "sha256_hash": "58d4311b752a51d2e090465ec642e1c0478f7f68e44f780fc9ab301a29cc1bbd", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001139-addr_0x000000007eaad000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00001139-addr_0x000000007eaad000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_535", "md5_hash": "71a32ff6f615d95075be0a5b1a34bfc2", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "964dac19e8e16a24d3b929ee3bae17c82c429022", "sha256_hash": "be0566a420029870390d87a564f615fc97c61d24bf21d83a83111e2c9f6949e1", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001140-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000006-region_00001140-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_536", "md5_hash": "f2ff078762befff554159706b6ab4560", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "403505f4befa1b46086c7f8efa1ddb6c90e48f32", "sha256_hash": "5549534718afee373d19d1e0e976bd956ce4edc10a274235f48257a7d6d7f31d", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001145-addr_0x0000000004850000-size_0x0000000000020000-perm_rwx.bin", "filename": "process_00000006-region_00001145-addr_0x0000000004850000-size_0x0000000000020000-perm_rwx.bin", "id": "proc_dump_537", "md5_hash": "c48399039772eb18599eb146763806dc", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "59047893a9d9eacc0fb25f52fab0099a9d410bf7", "sha256_hash": "e1099c016da7225ddb349f249e197fd23927b03db7a986558378bb4fbd7c3e28", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001149-addr_0x0000000004870000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001149-addr_0x0000000004870000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_539", "md5_hash": "e9ea7572ff1eca9ee4a460c0b4a5cef0", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0c4a4d9bafb0cb21c0fd3decc0d33cf150f235aa", "sha256_hash": "558523197f0a306fedb3ac96e0f7c549d63dc17ade37bc2f49367badf10cc34b", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001150-addr_0x00000000048b0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001150-addr_0x00000000048b0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_540", "md5_hash": "d1b8d97c9a8c819da2afcec48c9f6bac", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0dbb5f8f9f47e06bcc847811b15212f8318d2181", "sha256_hash": "36763f80106e9da6496ded7c6e98936f5cad03488c9c6315d393fee35e671ddf", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001151-addr_0x0000000004990000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000006-region_00001151-addr_0x0000000004990000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_541", "md5_hash": "03e72012c8573f26b729706e48dce0e8", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "64c1b66278382ee2cc67fbc99d35509ed894cfc7", "sha256_hash": "ffaa6c4ef33b292296c044e553b426ea570dc5bde0e6b8da676b12253577aec8", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001152-addr_0x0000000004a00000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001152-addr_0x0000000004a00000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_542", "md5_hash": "507db71bd091f5d9851b8c01070d7041", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7e88d2aa25d24561bd22ba7893b4e03f20f63c42", "sha256_hash": "966bdfaf05aff3112ab55d7be0c5c767d83dd78ecb4935422e112882867ce555", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001155-addr_0x000000007eaaa000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00001155-addr_0x000000007eaaa000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_543", "md5_hash": "a1a3e659b4b06849f19f63d4158d23f4", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cddbcb41c5e06a4e69232347a7689554887dce2f", "sha256_hash": "5063e3a28946d0b0a48f2666e2048e0a1165e6257a5a7814032d088cc3ace6f8", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001156-addr_0x0000000004960000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000006-region_00001156-addr_0x0000000004960000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_544", "md5_hash": "cd37665043f1f1feec1019482be20d34", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "44813b511b1b3d2e863ddfeb04db78be5c774572", "sha256_hash": "efabfc8eb10caa4c6fa3e84e342c001fe0eb5e9ab94ced8f795f851621c34099", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001159-addr_0x00000000048f0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001159-addr_0x00000000048f0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_545", "md5_hash": "d789a06ff9466597c4925403e49d582d", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "637895967daf5e63a6aa45bd442792e125b8bc61", "sha256_hash": "ad89a1be2c77e21806bbde0d65ed1e9b6cf310ef1ed0df580ffbe21e86c7aa75", "size": 151552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001161-addr_0x0000000004b00000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001161-addr_0x0000000004b00000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_546", "md5_hash": "d2b94b95fd6c8980532ae70a54c750fc", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8b93fe994b5cc1c8d20c532204a023a6e7bb380c", "sha256_hash": "626e04c42f2fb089c1ca8c7214c297c7ac08e56f143ae4d74df3196aeb3038d5", "size": 49152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001171-addr_0x000000007eaa7000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00001171-addr_0x000000007eaa7000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_547", "md5_hash": "3905ad1548a6c8e1b6b04219d7c18d12", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "acfdd0cba83c8bae36f4d64efa359dba6073b98c", "sha256_hash": "d21033591b627f906205eb7d80f5914d8d21cbb43887da339406beb5a7f57492", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001185-addr_0x0000000004e50000-size_0x00000000001b5000-perm_rw.bin", "filename": "process_00000006-region_00001185-addr_0x0000000004e50000-size_0x00000000001b5000-perm_rw.bin", "id": "proc_dump_553", "md5_hash": "a0893841be6626605c0939355645304f", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9376efebd0e0af9bc76ece01c94201d0981fddcf", "sha256_hash": "78e98e3ef2a39566b27991e6f39e728598bd11ccbc7ac7ea9a19a0eb2b625e7c", "size": 1789952, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001186-addr_0x0000000005010000-size_0x0000000000200000-perm_rw.bin", "filename": "process_00000006-region_00001186-addr_0x0000000005010000-size_0x0000000000200000-perm_rw.bin", "id": "proc_dump_554", "md5_hash": "b47240228bfa0c3d22eedbbc02cf1845", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4fa2483f01105934a9a8f1d12fbf4a48bafb81ae", "sha256_hash": "4236ce1b958987dfda060d3d48517fc7616b883a40c09422b2ec7a75d2c32173", "size": 2097152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001187-addr_0x0000000005100000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001187-addr_0x0000000005100000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_555", "md5_hash": "fc059972654b83b370fea05854a1586a", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "149f49c7b2f31bbbe9703f7949891a053325a939", "sha256_hash": "065f3ab8efef1320e08dc9703c8891dd3f80adbb309e800d268068428bfb6fe5", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001190-addr_0x0000000005000000-size_0x0000000000005000-perm_rw.bin", "filename": "process_00000006-region_00001190-addr_0x0000000005000000-size_0x0000000000005000-perm_rw.bin", "id": "proc_dump_556", "md5_hash": "3c9764162fe6548755dc6b2f15e417a5", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d1ae746165e4291d56e50b6a3adb7ef00931fdec", "sha256_hash": "46dbe1e0acf68111f0e5f167d8a41e33ce41309a5dc3a6d6a03b0a4e41b2e35a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001192-addr_0x0000000004770000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001192-addr_0x0000000004770000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_557", "md5_hash": "da9adb0edff6b1288bb306a461ced314", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7998f849a970a20fa4f1f914856f34aee7b77ad0", "sha256_hash": "b0497522164234977a6922b917cf9bc4d3b87a6ec589bd936c1b63b108f7479d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001193-addr_0x0000000004930000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001193-addr_0x0000000004930000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_558", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001194-addr_0x0000000005030000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000006-region_00001194-addr_0x0000000005030000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_559", "md5_hash": "5e11d25d638ad7a5c9d7a5a5fe878a9c", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ce3ee6fd5a5d6488a302941c56448a7fe668a391", "sha256_hash": "1609a42e8ed0ade140a1839f101a91696f3b875e6a42b741326c6dbfcc4f2c91", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001195-addr_0x0000000006600000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001195-addr_0x0000000006600000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_560", "md5_hash": "325d6adba52add0cb40847e526a3f19b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "38a725acfc459ba83c34830bf18927c8c5e56e63", "sha256_hash": "9152b3baa7f9cf3e8b1a7c131068595437512adbbbbe6fb6c5c3638399db058b", "size": 528384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001210-addr_0x0000000004940000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000006-region_00001210-addr_0x0000000004940000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_565", "md5_hash": "fcc886a2aa5abc928c98d985f22e1dba", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7974762303379fa476f2d0eaad17e53740d9d0c3", "sha256_hash": "08b93175f0756c1a9aa4c84be790707bc499d41d5251ce8ea0c99c6758bdd229", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001213-addr_0x0000000004950000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001213-addr_0x0000000004950000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_566", "md5_hash": "fc7cfe5783bb45ab7a24258623f4b6db", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "020825a8c18c9a4015a530abbe46bda9e903343c", "sha256_hash": "8747f8ea2172448881c8ffffaa0f7b1d6f19828c7e51a4a37bb9612949f165fc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001318-addr_0x000000007e96e000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00001318-addr_0x000000007e96e000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_613", "md5_hash": "2bc8436ae2fb9df4cdc82957e7c711c2", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9b9ef6353c1a9e8e018ec3b0eeceeead63317e6b", "sha256_hash": "376215d14d7b951632f708acc7445c614ff9dd4d8d2a7c63dd157d3460913b2f", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001319-addr_0x000000007e971000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00001319-addr_0x000000007e971000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_614", "md5_hash": "6077321139966b479a5008b8d6f1df44", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cd40f8cdeed3f48c7585b9eeed9455bce3dd6450", "sha256_hash": "c3d4b2307442c26f5e7e1434b713014dc7c4b3661c658e706cc5ab0c3ba8ecce", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001320-addr_0x000000007e974000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00001320-addr_0x000000007e974000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_615", "md5_hash": "a7bf4a9e6b79e3055c7de22d2b474b9a", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "11bcb398ce7bbdaac9523a0d621babc5ec979a95", "sha256_hash": "6211282cb3eb932151ae8cea8b25498e239c2165fb61a42857d608d252eec255", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001321-addr_0x000000007e977000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00001321-addr_0x000000007e977000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_616", "md5_hash": "f055e21747276ca53f62da258a2fedcc", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "488f2b49f9b30907304efb498620f5d3056226dc", "sha256_hash": "53b09c318925f2fba454c6c1af114f3ecf3b1181f37ecb53fb5a7b55c086e111", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001322-addr_0x000000007e97a000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00001322-addr_0x000000007e97a000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_617", "md5_hash": "63cd2b45c679fddf9f7b9ca07f31ddd8", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "069f6837a2ab95e014d4a429f2d46fcde2f2378c", "sha256_hash": "f0c3ba3364526d2ce70b598e3b8e89578ba939fdcfe005910aa0c0d1ddcf9d0d", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001323-addr_0x000000007e97d000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00001323-addr_0x000000007e97d000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_618", "md5_hash": "9e3eeee339e8b5318b3d019a071f56e9", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1cb0b019a67a0de5438fd18d09d4df3a99ac3cd3", "sha256_hash": "2406f476d6a62c2bf31b136d3066dec91a734ff88fe130b547cc0adb23bf0762", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001324-addr_0x0000000004870000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000006-region_00001324-addr_0x0000000004870000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_619", "md5_hash": "84d7843b2f8d3507c0f6f83bf57bdf9f", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9cec7c09af60ce30b42df25b1b76ab35ac13a029", "sha256_hash": "0d47af715740f022124866abf20b8b7c9507401ecc2e70357c8aa8a3629b84f6", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001325-addr_0x0000000004870000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000006-region_00001325-addr_0x0000000004870000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_620", "md5_hash": "0f4508218d414f9d65c9ad4243d0787c", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f9204441382ebf7aac42ab3e328af05d78cda101", "sha256_hash": "68b0e0d9f5fcf23b6255f3e785f28da93d553fecc530da1acaa2973503a89693", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001326-addr_0x0000000004870000-size_0x0000000000063000-perm_rw.bin", "filename": "process_00000006-region_00001326-addr_0x0000000004870000-size_0x0000000000063000-perm_rw.bin", "id": "proc_dump_621", "md5_hash": "c455a492ca73ec4dd76f89fc36278c73", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "48c6d0d14dcf78c9a155cbb46c02ab1431b5b1a7", "sha256_hash": "b726ed811ef1e25132fac80af807b3baabbad6204f0d12cab3d3852a1cb2599c", "size": 405504, "type": "process_dump", "version": 1 } ], "processes": [ { "cmd_line": "\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\zeuspanda.vir.exe\" ", "filename": "c:\\users\\ciihmnxmn6ps\\desktop\\zeuspanda.vir.exe", "id": "proc_1", "image_name": "zeuspanda.vir.exe", "monitor_reason": "analysis_target", "monitored_id": 1, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "process_00000001-region_00000001-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_217", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:27.915", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000002-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_218", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:27.915", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_3", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:27.915", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000004-addr_0x0000000000060000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_219", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 655359, "entry_point": 0, "filename": null, "id": "region_4", "name": "private_0x0000000000060000", "norm_filename": null, "region_type": "private_memory", "start_va": 393216, "timestamp": "00:00:27.916", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000005-addr_0x00000000000a0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_220", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 1703935, "entry_point": 0, "filename": null, "id": "region_5", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:00:27.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1720319, "entry_point": 0, "filename": null, "id": "region_6", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:00:27.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_7", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:00:27.916", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000008-addr_0x00000000001c0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_221", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1843199, "entry_point": 0, "filename": null, "id": "region_8", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:00:27.916", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000009-addr_0x0000000020c80000-size_0x0000000000069000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_222", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 430080, "start_va": 549978112, "type": "region", "version": 1 }, "end_va": 550408191, "entry_point": 549978112, "filename": "\\Users\\CIiHmnxMn6Ps\\Desktop\\zeuspanda.vir.exe", "id": "region_9", "name": "zeuspanda.vir.exe", "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\zeuspanda.vir.exe", "region_type": "memory_mapped_file", "start_va": 549978112, "timestamp": "00:00:27.916", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1544192, "start_va": 1998127104, "type": "region", "version": 1 }, "end_va": 1999671295, "entry_point": 1998127104, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_10", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1998127104, "timestamp": "00:00:27.917", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_11", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:28.005", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000012-addr_0x000000007ffdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_223", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_12", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:00:28.005", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000013-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_224", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_13", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:28.005", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000014-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_225", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_14", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:28.006", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000015-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_226", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_15", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:28.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 140714892722176, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 140717040140287, "entry_point": 0, "filename": null, "id": "region_16", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:28.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1843200, "start_va": 140717040140288, "type": "region", "version": 1 }, "end_va": 140717041983487, "entry_point": 140717040140288, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_17", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140717040140288, "timestamp": "00:00:28.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20446306304, "start_va": 140717041983488, "type": "region", "version": 1 }, "end_va": 140737488289791, "entry_point": 0, "filename": null, "id": "region_18", "name": "private_0x00007ffb3d4d2000", "norm_filename": null, "region_type": "private_memory", "start_va": 140717041983488, "timestamp": "00:00:28.092", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000158-addr_0x0000000000280000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_227", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_158", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:00:29.873", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 471040, "start_va": 1553989632, "type": "region", "version": 1 }, "end_va": 1554460671, "entry_point": 1553989632, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_159", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1553989632, "timestamp": "00:00:29.873", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1554513920, "type": "region", "version": 1 }, "end_va": 1554837503, "entry_point": 1554513920, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_160", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1554513920, "timestamp": "00:00:29.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1553924096, "type": "region", "version": 1 }, "end_va": 1553956863, "entry_point": 1553924096, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_161", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1553924096, "timestamp": "00:00:29.894", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000162-addr_0x00000000003f0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_228", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 5177343, "entry_point": 0, "filename": null, "id": "region_162", "name": "private_0x00000000003f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4128768, "timestamp": "00:00:29.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 1978793984, "type": "region", "version": 1 }, "end_va": 1980325887, "entry_point": 1978793984, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_163", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1978793984, "timestamp": "00:00:29.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1992032256, "type": "region", "version": 1 }, "end_va": 1993015295, "entry_point": 1992032256, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_164", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1992032256, "timestamp": "00:00:30.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_165", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:30.577", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 778240, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 3465215, "entry_point": 2686976, "filename": "\\Windows\\System32\\locale.nls", "id": "region_166", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2686976, "timestamp": "00:00:30.577", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 593920, "start_va": 1934295040, "type": "region", "version": 1 }, "end_va": 1934888959, "entry_point": 1934295040, "filename": "\\Windows\\SysWOW64\\apphelp.dll", "id": "region_167", "name": "apphelp.dll", "norm_filename": "c:\\windows\\syswow64\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 1934295040, "timestamp": "00:00:30.578", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2146107392, "type": "region", "version": 1 }, "end_va": 2147155967, "entry_point": 0, "filename": null, "id": "region_168", "name": "pagefile_0x000000007feb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2146107392, "timestamp": "00:00:30.587", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000169-addr_0x0000000000020000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_229", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 147455, "entry_point": 0, "filename": null, "id": "region_169", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:30.699", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000170-addr_0x00000000001d0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_230", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_170", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:00:30.700", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000171-addr_0x0000000000210000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_231", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_171", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:00:30.700", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000172-addr_0x00000000004f0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_232", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 6225919, "entry_point": 0, "filename": null, "id": "region_172", "name": "private_0x00000000004f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5177344, "timestamp": "00:00:30.700", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000173-addr_0x00000000005f0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_233", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 6225920, "type": "region", "version": 1 }, "end_va": 7274495, "entry_point": 0, "filename": null, "id": "region_173", "name": "private_0x00000000005f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6225920, "timestamp": "00:00:30.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1931739136, "type": "region", "version": 1 }, "end_va": 1931821055, "entry_point": 1931739136, "filename": "\\Windows\\SysWOW64\\samcli.dll", "id": "region_174", "name": "samcli.dll", "norm_filename": "c:\\windows\\syswow64\\samcli.dll", "region_type": "memory_mapped_file", "start_va": 1931739136, "timestamp": "00:00:30.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1931870208, "type": "region", "version": 1 }, "end_va": 1931911167, "entry_point": 1931870208, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_175", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1931870208, "timestamp": "00:00:30.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1931935744, "type": "region", "version": 1 }, "end_va": 1931968511, "entry_point": 1931935744, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_176", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1931935744, "timestamp": "00:00:30.714", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1932001280, "type": "region", "version": 1 }, "end_va": 1932115967, "entry_point": 1932001280, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_177", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1932001280, "timestamp": "00:00:30.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1932132352, "type": "region", "version": 1 }, "end_va": 1932197887, "entry_point": 1932132352, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_178", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1932132352, "timestamp": "00:00:30.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 598016, "start_va": 1932197888, "type": "region", "version": 1 }, "end_va": 1932795903, "entry_point": 1932197888, "filename": "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll", "id": "region_179", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1932197888, "timestamp": "00:00:30.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 1932853248, "type": "region", "version": 1 }, "end_va": 1933049855, "entry_point": 1932853248, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_180", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1932853248, "timestamp": "00:00:30.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1933049856, "type": "region", "version": 1 }, "end_va": 1933127679, "entry_point": 1933049856, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_181", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1933049856, "timestamp": "00:00:30.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1934950400, "type": "region", "version": 1 }, "end_va": 1935060991, "entry_point": 1934950400, "filename": "\\Windows\\SysWOW64\\bcrypt.dll", "id": "region_182", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\syswow64\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 1934950400, "timestamp": "00:00:30.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 1938030592, "type": "region", "version": 1 }, "end_va": 1938452479, "entry_point": 1938030592, "filename": "\\Windows\\SysWOW64\\winspool.drv", "id": "region_183", "name": "winspool.drv", "norm_filename": "c:\\windows\\syswow64\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 1938030592, "timestamp": "00:00:30.812", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1942224896, "type": "region", "version": 1 }, "end_va": 1942265855, "entry_point": 1942224896, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_184", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1942224896, "timestamp": "00:00:30.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1948450816, "type": "region", "version": 1 }, "end_va": 1948815359, "entry_point": 1948450816, "filename": "\\Windows\\SysWOW64\\bcryptprimitives.dll", "id": "region_185", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\syswow64\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 1948450816, "timestamp": "00:00:30.830", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1948844032, "type": "region", "version": 1 }, "end_va": 1948884991, "entry_point": 1948844032, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_186", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1948844032, "timestamp": "00:00:30.837", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 1948909568, "type": "region", "version": 1 }, "end_va": 1949032447, "entry_point": 1948909568, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_187", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1948909568, "timestamp": "00:00:30.843", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1310720, "start_va": 1951399936, "type": "region", "version": 1 }, "end_va": 1952710655, "entry_point": 1951399936, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_188", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1951399936, "timestamp": "00:00:30.850", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 958464, "start_va": 1952710656, "type": "region", "version": 1 }, "end_va": 1953669119, "entry_point": 1952710656, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_189", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1952710656, "timestamp": "00:00:30.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20705280, "start_va": 1953890304, "type": "region", "version": 1 }, "end_va": 1974595583, "entry_point": 1953890304, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_190", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1953890304, "timestamp": "00:00:31.117", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1974992896, "type": "region", "version": 1 }, "end_va": 1975771135, "entry_point": 1974992896, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_191", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1974992896, "timestamp": "00:00:32.103", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1975779328, "type": "region", "version": 1 }, "end_va": 1976057855, "entry_point": 1975779328, "filename": "\\Windows\\SysWOW64\\powrprof.dll", "id": "region_192", "name": "powrprof.dll", "norm_filename": "c:\\windows\\syswow64\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 1975779328, "timestamp": "00:00:32.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1976827904, "type": "region", "version": 1 }, "end_va": 1977331711, "entry_point": 1976827904, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_193", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1976827904, "timestamp": "00:00:32.126", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1977352192, "type": "region", "version": 1 }, "end_va": 1977630719, "entry_point": 1977352192, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_194", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1977352192, "timestamp": "00:00:32.187", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1978073088, "type": "region", "version": 1 }, "end_va": 1978777599, "entry_point": 1978073088, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_195", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978073088, "timestamp": "00:00:32.245", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1980366848, "type": "region", "version": 1 }, "end_va": 1980641279, "entry_point": 1980366848, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_196", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1980366848, "timestamp": "00:00:32.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 577536, "start_va": 1982332928, "type": "region", "version": 1 }, "end_va": 1982910463, "entry_point": 1982332928, "filename": "\\Windows\\SysWOW64\\SHCore.dll", "id": "region_197", "name": "shcore.dll", "norm_filename": "c:\\windows\\syswow64\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 1982332928, "timestamp": "00:00:32.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5099520, "start_va": 1984757760, "type": "region", "version": 1 }, "end_va": 1989857279, "entry_point": 1984757760, "filename": "\\Windows\\SysWOW64\\windows.storage.dll", "id": "region_198", "name": "windows.storage.dll", "norm_filename": "c:\\windows\\syswow64\\windows.storage.dll", "region_type": "memory_mapped_file", "start_va": 1984757760, "timestamp": "00:00:32.517", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1363968, "start_va": 1989869568, "type": "region", "version": 1 }, "end_va": 1991233535, "entry_point": 1989869568, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_199", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1989869568, "timestamp": "00:00:32.530", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1991245824, "type": "region", "version": 1 }, "end_va": 1992024063, "entry_point": 1991245824, "filename": "\\Windows\\SysWOW64\\comdlg32.dll", "id": "region_200", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\syswow64\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 1991245824, "timestamp": "00:00:32.593", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1810432, "start_va": 1993277440, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1993277440, "filename": "\\Windows\\SysWOW64\\combase.dll", "id": "region_201", "name": "combase.dll", "norm_filename": "c:\\windows\\syswow64\\combase.dll", "region_type": "memory_mapped_file", "start_va": 1993277440, "timestamp": "00:00:32.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1995112448, "type": "region", "version": 1 }, "end_va": 1995161599, "entry_point": 1995112448, "filename": "\\Windows\\SysWOW64\\kernel.appcore.dll", "id": "region_202", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\syswow64\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 1995112448, "timestamp": "00:00:32.901", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1996750848, "type": "region", "version": 1 }, "end_va": 1996779519, "entry_point": 1996750848, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_203", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1996750848, "timestamp": "00:00:32.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1996816384, "type": "region", "version": 1 }, "end_va": 1996877823, "entry_point": 1996816384, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_204", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1996816384, "timestamp": "00:00:32.916", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000205-addr_0x000000007ffd5000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_234", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2147307520, "type": "region", "version": 1 }, "end_va": 2147319807, "entry_point": 0, "filename": null, "id": "region_205", "name": "private_0x000000007ffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147307520, "timestamp": "00:00:32.918", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000206-addr_0x000000007ffd8000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_235", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2147319808, "type": "region", "version": 1 }, "end_va": 2147332095, "entry_point": 0, "filename": null, "id": "region_206", "name": "private_0x000000007ffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147319808, "timestamp": "00:00:32.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7274496, "type": "region", "version": 1 }, "end_va": 8880127, "entry_point": 0, "filename": null, "id": "region_207", "name": "pagefile_0x00000000006f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7274496, "timestamp": "00:00:32.963", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000208-addr_0x0000000000990000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_236", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 10027008, "type": "region", "version": 1 }, "end_va": 10092543, "entry_point": 0, "filename": null, "id": "region_208", "name": "private_0x0000000000990000", "norm_filename": null, "region_type": "private_memory", "start_va": 10027008, "timestamp": "00:00:32.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 1953693696, "type": "region", "version": 1 }, "end_va": 1953869823, "entry_point": 1953693696, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_209", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1953693696, "timestamp": "00:00:32.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1179648, "start_va": 1996947456, "type": "region", "version": 1 }, "end_va": 1998127103, "entry_point": 1996947456, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_210", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1996947456, "timestamp": "00:00:32.972", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000211-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_237", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_211", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:33.606", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000212-addr_0x0000000000250000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_238", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_212", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:00:33.606", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000213-addr_0x0000000000920000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_239", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 9568256, "type": "region", "version": 1 }, "end_va": 9633791, "entry_point": 0, "filename": null, "id": "region_213", "name": "private_0x0000000000920000", "norm_filename": null, "region_type": "private_memory", "start_va": 9568256, "timestamp": "00:00:33.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 10092544, "type": "region", "version": 1 }, "end_va": 11669503, "entry_point": 0, "filename": null, "id": "region_214", "name": "pagefile_0x00000000009a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10092544, "timestamp": "00:00:33.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 11730944, "type": "region", "version": 1 }, "end_va": 32702463, "entry_point": 0, "filename": null, "id": "region_215", "name": "pagefile_0x0000000000b30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11730944, "timestamp": "00:00:33.607", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000216-addr_0x0000000002050000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_240", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 33882112, "type": "region", "version": 1 }, "end_va": 33947647, "entry_point": 0, "filename": null, "id": "region_216", "name": "private_0x0000000002050000", "norm_filename": null, "region_type": "private_memory", "start_va": 33882112, "timestamp": "00:00:33.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 479232, "start_va": 1933770752, "type": "region", "version": 1 }, "end_va": 1934249983, "entry_point": 1933770752, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_217", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1933770752, "timestamp": "00:00:33.625", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000218-addr_0x0000000000350000-size_0x00000000000a0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_241", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 4128767, "entry_point": 0, "filename": null, "id": "region_218", "name": "private_0x0000000000350000", "norm_filename": null, "region_type": "private_memory", "start_va": 3473408, "timestamp": "00:00:33.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2494463, "entry_point": 0, "filename": null, "id": "region_219", "name": "pagefile_0x0000000000260000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2490368, "timestamp": "00:00:33.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 33947648, "type": "region", "version": 1 }, "end_va": 39133183, "entry_point": 0, "filename": null, "id": "region_220", "name": "pagefile_0x0000000002060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33947648, "timestamp": "00:00:33.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3371008, "start_va": 39190528, "type": "region", "version": 1 }, "end_va": 42561535, "entry_point": 39190528, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_221", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 39190528, "timestamp": "00:00:33.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 598016, "start_va": 1983578112, "type": "region", "version": 1 }, "end_va": 1984176127, "entry_point": 1983578112, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_222", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1983578112, "timestamp": "00:00:33.690", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000223-addr_0x0000000001f30000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_242", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 32702464, "type": "region", "version": 1 }, "end_va": 33751039, "entry_point": 0, "filename": null, "id": "region_223", "name": "private_0x0000000001f30000", "norm_filename": null, "region_type": "private_memory", "start_va": 32702464, "timestamp": "00:00:33.845", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000224-addr_0x00000000028a0000-size_0x0000000000200000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_243", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2097152, "start_va": 42598400, "type": "region", "version": 1 }, "end_va": 44695551, "entry_point": 0, "filename": null, "id": "region_224", "name": "private_0x00000000028a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42598400, "timestamp": "00:00:33.965", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000225-addr_0x0000000000270000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_244", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2584575, "entry_point": 0, "filename": null, "id": "region_225", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:00:34.559", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000226-addr_0x0000000000350000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_245", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_226", "name": "private_0x0000000000350000", "norm_filename": null, "region_type": "private_memory", "start_va": 3473408, "timestamp": "00:00:34.560", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000227-addr_0x00000000003e0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_246", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4128767, "entry_point": 0, "filename": null, "id": "region_227", "name": "private_0x00000000003e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4063232, "timestamp": "00:00:34.560", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000228-addr_0x0000000002aa0000-size_0x0000000000400000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_247", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4194304, "start_va": 44695552, "type": "region", "version": 1 }, "end_va": 48889855, "entry_point": 0, "filename": null, "id": "region_228", "name": "private_0x0000000002aa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 44695552, "timestamp": "00:00:34.560", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000229-addr_0x0000000002ea0000-size_0x0000000000800000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_248", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8388608, "start_va": 48889856, "type": "region", "version": 1 }, "end_va": 57278463, "entry_point": 0, "filename": null, "id": "region_229", "name": "private_0x0000000002ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 48889856, "timestamp": "00:00:34.561", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000230-addr_0x00000000036a0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_249", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 57278464, "type": "region", "version": 1 }, "end_va": 58327039, "entry_point": 0, "filename": null, "id": "region_230", "name": "private_0x00000000036a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 57278464, "timestamp": "00:00:34.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16580608, "start_va": 58327040, "type": "region", "version": 1 }, "end_va": 74907647, "entry_point": 0, "filename": null, "id": "region_231", "name": "private_0x00000000037a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 58327040, "timestamp": "00:00:34.561", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000232-addr_0x0000000004800000-size_0x0000000000088000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_250", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 557056, "start_va": 75497472, "type": "region", "version": 1 }, "end_va": 76054527, "entry_point": 0, "filename": null, "id": "region_232", "name": "private_0x0000000004800000", "norm_filename": null, "region_type": "private_memory", "start_va": 75497472, "timestamp": "00:00:34.562", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000233-addr_0x0000000004890000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_251", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 76087296, "type": "region", "version": 1 }, "end_va": 77135871, "entry_point": 0, "filename": null, "id": "region_233", "name": "private_0x0000000004890000", "norm_filename": null, "region_type": "private_memory", "start_va": 76087296, "timestamp": "00:00:34.562", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000234-addr_0x000000007fead000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_252", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2146095104, "type": "region", "version": 1 }, "end_va": 2146107391, "entry_point": 0, "filename": null, "id": "region_234", "name": "private_0x000000007fead000", "norm_filename": null, "region_type": "private_memory", "start_va": 2146095104, "timestamp": "00:00:34.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 77135872, "type": "region", "version": 1 }, "end_va": 78049279, "entry_point": 77135872, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_235", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 77135872, "timestamp": "00:00:34.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1931608064, "type": "region", "version": 1 }, "end_va": 1931685887, "entry_point": 1931608064, "filename": "\\Windows\\SysWOW64\\samlib.dll", "id": "region_236", "name": "samlib.dll", "norm_filename": "c:\\windows\\syswow64\\samlib.dll", "region_type": "memory_mapped_file", "start_va": 1931608064, "timestamp": "00:00:34.586", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 3543039, "entry_point": 3473408, "filename": "\\Windows\\System32\\C_1256.NLS", "id": "region_237", "name": "c_1256.nls", "norm_filename": "c:\\windows\\system32\\c_1256.nls", "region_type": "memory_mapped_file", "start_va": 3473408, "timestamp": "00:00:37.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3674111, "entry_point": 3604480, "filename": "\\Windows\\System32\\C_1251.NLS", "id": "region_238", "name": "c_1251.nls", "norm_filename": "c:\\windows\\system32\\c_1251.nls", "region_type": "memory_mapped_file", "start_va": 3604480, "timestamp": "00:00:37.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 3805183, "entry_point": 3735552, "filename": "\\Windows\\System32\\C_1254.NLS", "id": "region_239", "name": "c_1254.nls", "norm_filename": "c:\\windows\\system32\\c_1254.nls", "region_type": "memory_mapped_file", "start_va": 3735552, "timestamp": "00:00:37.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 3936255, "entry_point": 3866624, "filename": "\\Windows\\System32\\C_1250.NLS", "id": "region_240", "name": "c_1250.nls", "norm_filename": "c:\\windows\\system32\\c_1250.nls", "region_type": "memory_mapped_file", "start_va": 3866624, "timestamp": "00:00:37.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 8912896, "type": "region", "version": 1 }, "end_va": 8982527, "entry_point": 8912896, "filename": "\\Windows\\System32\\C_1253.NLS", "id": "region_241", "name": "c_1253.nls", "norm_filename": "c:\\windows\\system32\\c_1253.nls", "region_type": "memory_mapped_file", "start_va": 8912896, "timestamp": "00:00:37.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 9043968, "type": "region", "version": 1 }, "end_va": 9113599, "entry_point": 9043968, "filename": "\\Windows\\System32\\C_1257.NLS", "id": "region_242", "name": "c_1257.nls", "norm_filename": "c:\\windows\\system32\\c_1257.nls", "region_type": "memory_mapped_file", "start_va": 9043968, "timestamp": "00:00:37.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 9175040, "type": "region", "version": 1 }, "end_va": 9244671, "entry_point": 9175040, "filename": "\\Windows\\System32\\C_1255.NLS", "id": "region_243", "name": "c_1255.nls", "norm_filename": "c:\\windows\\system32\\c_1255.nls", "region_type": "memory_mapped_file", "start_va": 9175040, "timestamp": "00:00:37.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 163840, "start_va": 9306112, "type": "region", "version": 1 }, "end_va": 9469951, "entry_point": 9306112, "filename": "\\Windows\\System32\\C_932.NLS", "id": "region_244", "name": "c_932.nls", "norm_filename": "c:\\windows\\system32\\c_932.nls", "region_type": "memory_mapped_file", "start_va": 9306112, "timestamp": "00:00:37.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 200704, "start_va": 9633792, "type": "region", "version": 1 }, "end_va": 9834495, "entry_point": 9633792, "filename": "\\Windows\\System32\\C_949.NLS", "id": "region_245", "name": "c_949.nls", "norm_filename": "c:\\windows\\system32\\c_949.nls", "region_type": "memory_mapped_file", "start_va": 9633792, "timestamp": "00:00:37.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 9895936, "type": "region", "version": 1 }, "end_va": 9965567, "entry_point": 9895936, "filename": "\\Windows\\System32\\C_874.NLS", "id": "region_246", "name": "c_874.nls", "norm_filename": "c:\\windows\\system32\\c_874.nls", "region_type": "memory_mapped_file", "start_va": 9895936, "timestamp": "00:00:37.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 33751040, "type": "region", "version": 1 }, "end_va": 33820671, "entry_point": 33751040, "filename": "\\Windows\\System32\\C_1258.NLS", "id": "region_247", "name": "c_1258.nls", "norm_filename": "c:\\windows\\system32\\c_1258.nls", "region_type": "memory_mapped_file", "start_va": 33751040, "timestamp": "00:00:37.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 200704, "start_va": 74907648, "type": "region", "version": 1 }, "end_va": 75108351, "entry_point": 74907648, "filename": "\\Windows\\System32\\C_936.NLS", "id": "region_248", "name": "c_936.nls", "norm_filename": "c:\\windows\\system32\\c_936.nls", "region_type": "memory_mapped_file", "start_va": 74907648, "timestamp": "00:00:37.005", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 200704, "start_va": 75169792, "type": "region", "version": 1 }, "end_va": 75370495, "entry_point": 75169792, "filename": "\\Windows\\System32\\C_950.NLS", "id": "region_249", "name": "c_950.nls", "norm_filename": "c:\\windows\\system32\\c_950.nls", "region_type": "memory_mapped_file", "start_va": 75169792, "timestamp": "00:00:37.005", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 1977679872, "type": "region", "version": 1 }, "end_va": 1978040319, "entry_point": 1977679872, "filename": "\\Windows\\SysWOW64\\coml2.dll", "id": "region_250", "name": "coml2.dll", "norm_filename": "c:\\windows\\syswow64\\coml2.dll", "region_type": "memory_mapped_file", "start_va": 1977679872, "timestamp": "00:00:37.013", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000251-addr_0x00000000003d0000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_253", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4014079, "entry_point": 0, "filename": null, "id": "region_251", "name": "private_0x00000000003d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3997696, "timestamp": "00:00:37.027", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 78053376, "type": "region", "version": 1 }, "end_va": 82247679, "entry_point": 0, "filename": null, "id": "region_252", "name": "pagefile_0x0000000004a70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 78053376, "timestamp": "00:00:37.028", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000253-addr_0x0000000000910000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_254", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 9502720, "type": "region", "version": 1 }, "end_va": 9568255, "entry_point": 0, "filename": null, "id": "region_253", "name": "private_0x0000000000910000", "norm_filename": null, "region_type": "private_memory", "start_va": 9502720, "timestamp": "00:00:37.048", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000254-addr_0x0000000004890000-size_0x0000000000016000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_255", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 90112, "start_va": 76087296, "type": "region", "version": 1 }, "end_va": 76177407, "entry_point": 0, "filename": null, "id": "region_254", "name": "private_0x0000000004890000", "norm_filename": null, "region_type": "private_memory", "start_va": 76087296, "timestamp": "00:00:37.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 9502720, "type": "region", "version": 1 }, "end_va": 9535487, "entry_point": 0, "filename": null, "id": "region_255", "name": "pagefile_0x0000000000910000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9502720, "timestamp": "00:00:37.052", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000315-addr_0x0000000004890000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_256", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 76087296, "type": "region", "version": 1 }, "end_va": 76611583, "entry_point": 0, "filename": null, "id": "region_315", "name": "private_0x0000000004890000", "norm_filename": null, "region_type": "private_memory", "start_va": 76087296, "timestamp": "00:00:37.098", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 9502720, "type": "region", "version": 1 }, "end_va": 9506815, "entry_point": 0, "filename": null, "id": "region_316", "name": "pagefile_0x0000000000910000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9502720, "timestamp": "00:00:37.099", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 532480, "start_va": 1949040640, "type": "region", "version": 1 }, "end_va": 1949573119, "entry_point": 1949040640, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_317", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1949040640, "timestamp": "00:00:37.100", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 75431936, "type": "region", "version": 1 }, "end_va": 75436031, "entry_point": 0, "filename": null, "id": "region_318", "name": "pagefile_0x00000000047f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 75431936, "timestamp": "00:00:37.116", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000319-addr_0x0000000004910000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_257", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 76611584, "type": "region", "version": 1 }, "end_va": 76615679, "entry_point": 0, "filename": null, "id": "region_319", "name": "private_0x0000000004910000", "norm_filename": null, "region_type": "private_memory", "start_va": 76611584, "timestamp": "00:00:37.128", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000377-addr_0x0000000004c10000-size_0x0000000000090000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_315", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 589824, "start_va": 79757312, "type": "region", "version": 1 }, "end_va": 80347135, "entry_point": 0, "filename": null, "id": "region_377", "name": "private_0x0000000004c10000", "norm_filename": null, "region_type": "private_memory", "start_va": 79757312, "timestamp": "00:00:38.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1933443072, "type": "region", "version": 1 }, "end_va": 1933520895, "entry_point": 1933443072, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_378", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1933443072, "timestamp": "00:00:38.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 1933246464, "type": "region", "version": 1 }, "end_va": 1933438975, "entry_point": 1933246464, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_379", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1933246464, "timestamp": "00:00:38.148", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1984233472, "type": "region", "version": 1 }, "end_va": 1984258047, "entry_point": 1984233472, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_380", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1984233472, "timestamp": "00:00:38.200", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000381-addr_0x0000000004910000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_316", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 76611584, "type": "region", "version": 1 }, "end_va": 76677119, "entry_point": 0, "filename": null, "id": "region_381", "name": "private_0x0000000004910000", "norm_filename": null, "region_type": "private_memory", "start_va": 76611584, "timestamp": "00:00:38.243", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000382-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_317", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 90112, "start_va": 76611584, "type": "region", "version": 1 }, "end_va": 76701695, "entry_point": 0, "filename": null, "id": "region_382", "name": "private_0x0000000004910000", "norm_filename": null, "region_type": "private_memory", "start_va": 76611584, "timestamp": "00:00:38.244", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 76742656, "type": "region", "version": 1 }, "end_va": 76775423, "entry_point": 0, "filename": null, "id": "region_383", "name": "pagefile_0x0000000004930000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 76742656, "timestamp": "00:00:38.245", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 76611584, "type": "region", "version": 1 }, "end_va": 76644351, "entry_point": 0, "filename": null, "id": "region_384", "name": "pagefile_0x0000000004910000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 76611584, "timestamp": "00:00:38.246", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000444-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_319", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 90112, "start_va": 76611584, "type": "region", "version": 1 }, "end_va": 76701695, "entry_point": 0, "filename": null, "id": "region_444", "name": "private_0x0000000004910000", "norm_filename": null, "region_type": "private_memory", "start_va": 76611584, "timestamp": "00:00:38.287", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000506-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_321", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 90112, "start_va": 76611584, "type": "region", "version": 1 }, "end_va": 76701695, "entry_point": 0, "filename": null, "id": "region_506", "name": "private_0x0000000004910000", "norm_filename": null, "region_type": "private_memory", "start_va": 76611584, "timestamp": "00:00:38.323", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000568-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_323", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 90112, "start_va": 76611584, "type": "region", "version": 1 }, "end_va": 76701695, "entry_point": 0, "filename": null, "id": "region_568", "name": "private_0x0000000004910000", "norm_filename": null, "region_type": "private_memory", "start_va": 76611584, "timestamp": "00:00:38.367", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000630-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_325", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 90112, "start_va": 76611584, "type": "region", "version": 1 }, "end_va": 76701695, "entry_point": 0, "filename": null, "id": "region_630", "name": "private_0x0000000004910000", "norm_filename": null, "region_type": "private_memory", "start_va": 76611584, "timestamp": "00:00:38.402", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000651-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_327", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 90112, "start_va": 76611584, "type": "region", "version": 1 }, "end_va": 76701695, "entry_point": 0, "filename": null, "id": "region_651", "name": "private_0x0000000004910000", "norm_filename": null, "region_type": "private_memory", "start_va": 76611584, "timestamp": "00:00:38.427", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000655-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_329", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 90112, "start_va": 76611584, "type": "region", "version": 1 }, "end_va": 76701695, "entry_point": 0, "filename": null, "id": "region_655", "name": "private_0x0000000004910000", "norm_filename": null, "region_type": "private_memory", "start_va": 76611584, "timestamp": "00:00:38.446", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000659-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_331", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 90112, "start_va": 76611584, "type": "region", "version": 1 }, "end_va": 76701695, "entry_point": 0, "filename": null, "id": "region_659", "name": "private_0x0000000004910000", "norm_filename": null, "region_type": "private_memory", "start_va": 76611584, "timestamp": "00:00:38.465", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000663-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_333", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 90112, "start_va": 76611584, "type": "region", "version": 1 }, "end_va": 76701695, "entry_point": 0, "filename": null, "id": "region_663", "name": "private_0x0000000004910000", "norm_filename": null, "region_type": "private_memory", "start_va": 76611584, "timestamp": "00:00:38.485", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000667-addr_0x0000000004910000-size_0x0000000000016000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_335", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 90112, "start_va": 76611584, "type": "region", "version": 1 }, "end_va": 76701695, "entry_point": 0, "filename": null, "id": "region_667", "name": "private_0x0000000004910000", "norm_filename": null, "region_type": "private_memory", "start_va": 76611584, "timestamp": "00:00:38.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 163840, "start_va": 1931411456, "type": "region", "version": 1 }, "end_va": 1931575295, "entry_point": 1931411456, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_670", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1931411456, "timestamp": "00:00:38.825", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000671-addr_0x0000000004910000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_336", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 76611584, "type": "region", "version": 1 }, "end_va": 76627967, "entry_point": 0, "filename": null, "id": "region_671", "name": "private_0x0000000004910000", "norm_filename": null, "region_type": "private_memory", "start_va": 76611584, "timestamp": "00:00:39.152", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000672-addr_0x0000000004920000-size_0x0000000000063000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_337", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 405504, "start_va": 76677120, "type": "region", "version": 1 }, "end_va": 77082623, "entry_point": 0, "filename": null, "id": "region_672", "name": "private_0x0000000004920000", "norm_filename": null, "region_type": "private_memory", "start_va": 76677120, "timestamp": "00:00:39.156", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3735552, "start_va": 2142371840, "type": "region", "version": 1 }, "end_va": 2146107391, "entry_point": 2142371840, "filename": "\\Windows\\AppPatch\\sysmain.sdb", "id": "region_673", "name": "sysmain.sdb", "norm_filename": "c:\\windows\\apppatch\\sysmain.sdb", "region_type": "memory_mapped_file", "start_va": 2142371840, "timestamp": "00:00:39.190", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\containers.exe\"", "filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\containers.exe", "id": "proc_2", "image_name": "containers.exe", "monitor_reason": "child_process", "monitored_id": 2, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000002-region_00000674-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_338", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_674", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:39.193", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000675-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_339", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_675", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:39.193", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_676", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:39.193", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000677-addr_0x0000000000060000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_340", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 655359, "entry_point": 0, "filename": null, "id": "region_677", "name": "private_0x0000000000060000", "norm_filename": null, "region_type": "private_memory", "start_va": 393216, "timestamp": "00:00:39.194", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000678-addr_0x00000000000a0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_341", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 1703935, "entry_point": 0, "filename": null, "id": "region_678", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:00:39.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1720319, "entry_point": 0, "filename": null, "id": "region_679", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:00:39.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_680", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:00:39.194", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000681-addr_0x00000000001c0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_342", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1843199, "entry_point": 0, "filename": null, "id": "region_681", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:00:39.194", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000682-addr_0x0000000020c80000-size_0x0000000000069000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_343", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 430080, "start_va": 549978112, "type": "region", "version": 1 }, "end_va": 550408191, "entry_point": 549978112, "filename": "\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\containers.exe", "id": "region_682", "name": "containers.exe", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\containers.exe", "region_type": "memory_mapped_file", "start_va": 549978112, "timestamp": "00:00:39.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1544192, "start_va": 1998127104, "type": "region", "version": 1 }, "end_va": 1999671295, "entry_point": 1998127104, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_683", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1998127104, "timestamp": "00:00:39.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_684", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:39.196", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000685-addr_0x000000007ffdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_344", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_685", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:00:39.196", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000686-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_345", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_686", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:39.196", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000687-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_346", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_687", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:39.196", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000688-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_347", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_688", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:39.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 140714892722176, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 140717040140287, "entry_point": 0, "filename": null, "id": "region_689", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:39.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1843200, "start_va": 140717040140288, "type": "region", "version": 1 }, "end_va": 140717041983487, "entry_point": 140717040140288, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_690", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140717040140288, "timestamp": "00:00:39.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20446306304, "start_va": 140717041983488, "type": "region", "version": 1 }, "end_va": 140737488289791, "entry_point": 0, "filename": null, "id": "region_691", "name": "private_0x00007ffb3d4d2000", "norm_filename": null, "region_type": "private_memory", "start_va": 140717041983488, "timestamp": "00:00:39.197", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000692-addr_0x0000000000250000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_348", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_692", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:00:39.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 471040, "start_va": 1553989632, "type": "region", "version": 1 }, "end_va": 1554460671, "entry_point": 1554067280, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_693", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1553989632, "timestamp": "00:00:39.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1554513920, "type": "region", "version": 1 }, "end_va": 1554837503, "entry_point": 1554606816, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_694", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1554513920, "timestamp": "00:00:39.208", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000695-addr_0x0000000000260000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_349", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 3538943, "entry_point": 0, "filename": null, "id": "region_695", "name": "private_0x0000000000260000", "norm_filename": null, "region_type": "private_memory", "start_va": 2490368, "timestamp": "00:00:39.216", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1553924096, "type": "region", "version": 1 }, "end_va": 1553956863, "entry_point": 1553929312, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_696", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1553924096, "timestamp": "00:00:39.216", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_697", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:39.285", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000698-addr_0x0000000000020000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_350", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 147455, "entry_point": 0, "filename": null, "id": "region_698", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:39.285", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000699-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_351", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_699", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:39.285", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000700-addr_0x00000000001d0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_352", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_700", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:00:39.286", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000701-addr_0x0000000000210000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_353", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2166783, "entry_point": 0, "filename": null, "id": "region_701", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:00:39.286", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 778240, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 4317183, "entry_point": 3538944, "filename": "\\Windows\\System32\\locale.nls", "id": "region_702", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 3538944, "timestamp": "00:00:39.286", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000703-addr_0x0000000000420000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_354", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5373951, "entry_point": 0, "filename": null, "id": "region_703", "name": "private_0x0000000000420000", "norm_filename": null, "region_type": "private_memory", "start_va": 4325376, "timestamp": "00:00:39.286", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5373952, "type": "region", "version": 1 }, "end_va": 6979583, "entry_point": 0, "filename": null, "id": "region_704", "name": "pagefile_0x0000000000520000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5373952, "timestamp": "00:00:39.286", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7012352, "type": "region", "version": 1 }, "end_va": 8589311, "entry_point": 0, "filename": null, "id": "region_705", "name": "pagefile_0x00000000006b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7012352, "timestamp": "00:00:39.286", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000706-addr_0x0000000000880000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_355", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 8912896, "type": "region", "version": 1 }, "end_va": 8978431, "entry_point": 0, "filename": null, "id": "region_706", "name": "private_0x0000000000880000", "norm_filename": null, "region_type": "private_memory", "start_va": 8912896, "timestamp": "00:00:39.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8978432, "type": "region", "version": 1 }, "end_va": 29949951, "entry_point": 0, "filename": null, "id": "region_707", "name": "pagefile_0x0000000000890000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8978432, "timestamp": "00:00:39.287", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000708-addr_0x0000000001de0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_356", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 31326208, "type": "region", "version": 1 }, "end_va": 31391743, "entry_point": 0, "filename": null, "id": "region_708", "name": "private_0x0000000001de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31326208, "timestamp": "00:00:39.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1931739136, "type": "region", "version": 1 }, "end_va": 1931821055, "entry_point": 1931758832, "filename": "\\Windows\\SysWOW64\\samcli.dll", "id": "region_709", "name": "samcli.dll", "norm_filename": "c:\\windows\\syswow64\\samcli.dll", "region_type": "memory_mapped_file", "start_va": 1931739136, "timestamp": "00:00:39.287", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1931870208, "type": "region", "version": 1 }, "end_va": 1931911167, "entry_point": 1931881216, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_710", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1931870208, "timestamp": "00:00:39.288", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1931935744, "type": "region", "version": 1 }, "end_va": 1931968511, "entry_point": 1931944000, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_711", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1931935744, "timestamp": "00:00:39.288", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1932001280, "type": "region", "version": 1 }, "end_va": 1932115967, "entry_point": 1932019296, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_712", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1932001280, "timestamp": "00:00:39.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1932132352, "type": "region", "version": 1 }, "end_va": 1932197887, "entry_point": 1932145744, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_713", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1932132352, "timestamp": "00:00:39.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 598016, "start_va": 1932197888, "type": "region", "version": 1 }, "end_va": 1932795903, "entry_point": 1932254560, "filename": "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll", "id": "region_714", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1932197888, "timestamp": "00:00:39.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 1932853248, "type": "region", "version": 1 }, "end_va": 1933049855, "entry_point": 1932872768, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_715", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1932853248, "timestamp": "00:00:39.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1933049856, "type": "region", "version": 1 }, "end_va": 1933127679, "entry_point": 1933057232, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_716", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1933049856, "timestamp": "00:00:39.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 593920, "start_va": 1934295040, "type": "region", "version": 1 }, "end_va": 1934888959, "entry_point": 1934559920, "filename": "\\Windows\\SysWOW64\\apphelp.dll", "id": "region_717", "name": "apphelp.dll", "norm_filename": "c:\\windows\\syswow64\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 1934295040, "timestamp": "00:00:39.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1934950400, "type": "region", "version": 1 }, "end_va": 1935060991, "entry_point": 1934987280, "filename": "\\Windows\\SysWOW64\\bcrypt.dll", "id": "region_718", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\syswow64\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 1934950400, "timestamp": "00:00:39.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 1938030592, "type": "region", "version": 1 }, "end_va": 1938452479, "entry_point": 1938117200, "filename": "\\Windows\\SysWOW64\\winspool.drv", "id": "region_719", "name": "winspool.drv", "norm_filename": "c:\\windows\\syswow64\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 1938030592, "timestamp": "00:00:39.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1942224896, "type": "region", "version": 1 }, "end_va": 1942265855, "entry_point": 1942237696, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_720", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1942224896, "timestamp": "00:00:39.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1948450816, "type": "region", "version": 1 }, "end_va": 1948815359, "entry_point": 1948683456, "filename": "\\Windows\\SysWOW64\\bcryptprimitives.dll", "id": "region_721", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\syswow64\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 1948450816, "timestamp": "00:00:39.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1948844032, "type": "region", "version": 1 }, "end_va": 1948884991, "entry_point": 1948854944, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_722", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1948844032, "timestamp": "00:00:39.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 1948909568, "type": "region", "version": 1 }, "end_va": 1949032447, "entry_point": 1948956224, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_723", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1948909568, "timestamp": "00:00:39.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1310720, "start_va": 1951399936, "type": "region", "version": 1 }, "end_va": 1952710655, "entry_point": 1951466112, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_724", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1951399936, "timestamp": "00:00:39.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 958464, "start_va": 1952710656, "type": "region", "version": 1 }, "end_va": 1953669119, "entry_point": 1952954768, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_725", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1952710656, "timestamp": "00:00:39.295", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 1953693696, "type": "region", "version": 1 }, "end_va": 1953869823, "entry_point": 1953714864, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_726", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1953693696, "timestamp": "00:00:39.295", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20705280, "start_va": 1953890304, "type": "region", "version": 1 }, "end_va": 1974595583, "entry_point": 1955700384, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_727", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1953890304, "timestamp": "00:00:39.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1974992896, "type": "region", "version": 1 }, "end_va": 1975771135, "entry_point": 1975211568, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_728", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1974992896, "timestamp": "00:00:39.297", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1975779328, "type": "region", "version": 1 }, "end_va": 1976057855, "entry_point": 1975808640, "filename": "\\Windows\\SysWOW64\\powrprof.dll", "id": "region_729", "name": "powrprof.dll", "norm_filename": "c:\\windows\\syswow64\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 1975779328, "timestamp": "00:00:39.297", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1976827904, "type": "region", "version": 1 }, "end_va": 1977331711, "entry_point": 1976951728, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_730", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1976827904, "timestamp": "00:00:39.297", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1977352192, "type": "region", "version": 1 }, "end_va": 1977630719, "entry_point": 1977473040, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_731", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1977352192, "timestamp": "00:00:39.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1978073088, "type": "region", "version": 1 }, "end_va": 1978777599, "entry_point": 1978283696, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_732", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978073088, "timestamp": "00:00:39.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 1978793984, "type": "region", "version": 1 }, "end_va": 1980325887, "entry_point": 1979435424, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_733", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1978793984, "timestamp": "00:00:39.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1980366848, "type": "region", "version": 1 }, "end_va": 1980641279, "entry_point": 1980429680, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_734", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1980366848, "timestamp": "00:00:39.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 577536, "start_va": 1982332928, "type": "region", "version": 1 }, "end_va": 1982910463, "entry_point": 1982632352, "filename": "\\Windows\\SysWOW64\\SHCore.dll", "id": "region_735", "name": "shcore.dll", "norm_filename": "c:\\windows\\syswow64\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 1982332928, "timestamp": "00:00:39.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5099520, "start_va": 1984757760, "type": "region", "version": 1 }, "end_va": 1989857279, "entry_point": 1986819168, "filename": "\\Windows\\SysWOW64\\windows.storage.dll", "id": "region_736", "name": "windows.storage.dll", "norm_filename": "c:\\windows\\syswow64\\windows.storage.dll", "region_type": "memory_mapped_file", "start_va": 1984757760, "timestamp": "00:00:39.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1363968, "start_va": 1989869568, "type": "region", "version": 1 }, "end_va": 1991233535, "entry_point": 1990600144, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_737", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1989869568, "timestamp": "00:00:39.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1991245824, "type": "region", "version": 1 }, "end_va": 1992024063, "entry_point": 1991477968, "filename": "\\Windows\\SysWOW64\\comdlg32.dll", "id": "region_738", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\syswow64\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 1991245824, "timestamp": "00:00:39.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1992032256, "type": "region", "version": 1 }, "end_va": 1993015295, "entry_point": 1992112080, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_739", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1992032256, "timestamp": "00:00:39.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1810432, "start_va": 1993277440, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1994181552, "filename": "\\Windows\\SysWOW64\\combase.dll", "id": "region_740", "name": "combase.dll", "norm_filename": "c:\\windows\\syswow64\\combase.dll", "region_type": "memory_mapped_file", "start_va": 1993277440, "timestamp": "00:00:39.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1995112448, "type": "region", "version": 1 }, "end_va": 1995161599, "entry_point": 1995127072, "filename": "\\Windows\\SysWOW64\\kernel.appcore.dll", "id": "region_741", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\syswow64\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 1995112448, "timestamp": "00:00:39.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1996750848, "type": "region", "version": 1 }, "end_va": 1996779519, "entry_point": 1996758336, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_742", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1996750848, "timestamp": "00:00:39.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1996816384, "type": "region", "version": 1 }, "end_va": 1996877823, "entry_point": 1996828224, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_743", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1996816384, "timestamp": "00:00:39.304", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1179648, "start_va": 1996947456, "type": "region", "version": 1 }, "end_va": 1998127103, "entry_point": 1997227744, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_744", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1996947456, "timestamp": "00:00:39.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2146107392, "type": "region", "version": 1 }, "end_va": 2147155967, "entry_point": 0, "filename": null, "id": "region_745", "name": "pagefile_0x000000007feb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2146107392, "timestamp": "00:00:39.306", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000746-addr_0x000000007ffd8000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_357", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2147319808, "type": "region", "version": 1 }, "end_va": 2147332095, "entry_point": 0, "filename": null, "id": "region_746", "name": "private_0x000000007ffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147319808, "timestamp": "00:00:39.307", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000747-addr_0x0000000001d40000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_358", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 30670848, "type": "region", "version": 1 }, "end_va": 30736383, "entry_point": 0, "filename": null, "id": "region_747", "name": "private_0x0000000001d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 30670848, "timestamp": "00:00:39.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 479232, "start_va": 1933770752, "type": "region", "version": 1 }, "end_va": 1934249983, "entry_point": 1934006480, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_748", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1933770752, "timestamp": "00:00:39.333", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000749-addr_0x0000000000220000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_359", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_749", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:00:39.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2297855, "entry_point": 0, "filename": null, "id": "region_750", "name": "pagefile_0x0000000000230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2293760, "timestamp": "00:00:39.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 31391744, "type": "region", "version": 1 }, "end_va": 36577279, "entry_point": 0, "filename": null, "id": "region_751", "name": "pagefile_0x0000000001df0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31391744, "timestamp": "00:00:39.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3371008, "start_va": 36634624, "type": "region", "version": 1 }, "end_va": 40005631, "entry_point": 36634624, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_752", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 36634624, "timestamp": "00:00:39.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 598016, "start_va": 1983578112, "type": "region", "version": 1 }, "end_va": 1984176127, "entry_point": 1983792336, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_753", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1983578112, "timestamp": "00:00:39.350", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000754-addr_0x0000000002630000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_360", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 40042496, "type": "region", "version": 1 }, "end_va": 41091071, "entry_point": 0, "filename": null, "id": "region_754", "name": "private_0x0000000002630000", "norm_filename": null, "region_type": "private_memory", "start_va": 40042496, "timestamp": "00:00:39.486", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000755-addr_0x0000000002730000-size_0x0000000000200000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_361", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2097152, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 43188223, "entry_point": 0, "filename": null, "id": "region_755", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:39.605", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000756-addr_0x0000000000240000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_362", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2387967, "entry_point": 0, "filename": null, "id": "region_756", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:00:39.834", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000757-addr_0x0000000001c90000-size_0x0000000000088000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_363", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 557056, "start_va": 29949952, "type": "region", "version": 1 }, "end_va": 30507007, "entry_point": 0, "filename": null, "id": "region_757", "name": "private_0x0000000001c90000", "norm_filename": null, "region_type": "private_memory", "start_va": 29949952, "timestamp": "00:00:39.835", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000758-addr_0x0000000002930000-size_0x0000000000400000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_364", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4194304, "start_va": 43188224, "type": "region", "version": 1 }, "end_va": 47382527, "entry_point": 0, "filename": null, "id": "region_758", "name": "private_0x0000000002930000", "norm_filename": null, "region_type": "private_memory", "start_va": 43188224, "timestamp": "00:00:39.835", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000759-addr_0x0000000002d30000-size_0x0000000000800000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_365", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8388608, "start_va": 47382528, "type": "region", "version": 1 }, "end_va": 55771135, "entry_point": 0, "filename": null, "id": "region_759", "name": "private_0x0000000002d30000", "norm_filename": null, "region_type": "private_memory", "start_va": 47382528, "timestamp": "00:00:39.836", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000760-addr_0x0000000003530000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_366", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 55771136, "type": "region", "version": 1 }, "end_va": 56819711, "entry_point": 0, "filename": null, "id": "region_760", "name": "private_0x0000000003530000", "norm_filename": null, "region_type": "private_memory", "start_va": 55771136, "timestamp": "00:00:39.836", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16580608, "start_va": 56819712, "type": "region", "version": 1 }, "end_va": 73400319, "entry_point": 0, "filename": null, "id": "region_761", "name": "private_0x0000000003630000", "norm_filename": null, "region_type": "private_memory", "start_va": 56819712, "timestamp": "00:00:39.836", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 73400320, "type": "region", "version": 1 }, "end_va": 74313727, "entry_point": 73400320, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_762", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 73400320, "timestamp": "00:00:39.836", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1931608064, "type": "region", "version": 1 }, "end_va": 1931685887, "entry_point": 1931631152, "filename": "\\Windows\\SysWOW64\\samlib.dll", "id": "region_763", "name": "samlib.dll", "norm_filename": "c:\\windows\\syswow64\\samlib.dll", "region_type": "memory_mapped_file", "start_va": 1931608064, "timestamp": "00:00:39.841", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 8650752, "type": "region", "version": 1 }, "end_va": 8720383, "entry_point": 8650752, "filename": "\\Windows\\System32\\C_1256.NLS", "id": "region_764", "name": "c_1256.nls", "norm_filename": "c:\\windows\\system32\\c_1256.nls", "region_type": "memory_mapped_file", "start_va": 8650752, "timestamp": "00:00:39.909", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 8781824, "type": "region", "version": 1 }, "end_va": 8851455, "entry_point": 8781824, "filename": "\\Windows\\System32\\C_1251.NLS", "id": "region_765", "name": "c_1251.nls", "norm_filename": "c:\\windows\\system32\\c_1251.nls", "region_type": "memory_mapped_file", "start_va": 8781824, "timestamp": "00:00:39.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 30539776, "type": "region", "version": 1 }, "end_va": 30609407, "entry_point": 30539776, "filename": "\\Windows\\System32\\C_1254.NLS", "id": "region_766", "name": "c_1254.nls", "norm_filename": "c:\\windows\\system32\\c_1254.nls", "region_type": "memory_mapped_file", "start_va": 30539776, "timestamp": "00:00:39.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 30736384, "type": "region", "version": 1 }, "end_va": 30806015, "entry_point": 30736384, "filename": "\\Windows\\System32\\C_1250.NLS", "id": "region_767", "name": "c_1250.nls", "norm_filename": "c:\\windows\\system32\\c_1250.nls", "region_type": "memory_mapped_file", "start_va": 30736384, "timestamp": "00:00:39.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 30867456, "type": "region", "version": 1 }, "end_va": 30937087, "entry_point": 30867456, "filename": "\\Windows\\System32\\C_1253.NLS", "id": "region_768", "name": "c_1253.nls", "norm_filename": "c:\\windows\\system32\\c_1253.nls", "region_type": "memory_mapped_file", "start_va": 30867456, "timestamp": "00:00:39.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 30998528, "type": "region", "version": 1 }, "end_va": 31068159, "entry_point": 30998528, "filename": "\\Windows\\System32\\C_1257.NLS", "id": "region_769", "name": "c_1257.nls", "norm_filename": "c:\\windows\\system32\\c_1257.nls", "region_type": "memory_mapped_file", "start_va": 30998528, "timestamp": "00:00:39.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 31129600, "type": "region", "version": 1 }, "end_va": 31199231, "entry_point": 31129600, "filename": "\\Windows\\System32\\C_1255.NLS", "id": "region_770", "name": "c_1255.nls", "norm_filename": "c:\\windows\\system32\\c_1255.nls", "region_type": "memory_mapped_file", "start_va": 31129600, "timestamp": "00:00:39.946", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 163840, "start_va": 74317824, "type": "region", "version": 1 }, "end_va": 74481663, "entry_point": 74317824, "filename": "\\Windows\\System32\\C_932.NLS", "id": "region_771", "name": "c_932.nls", "norm_filename": "c:\\windows\\system32\\c_932.nls", "region_type": "memory_mapped_file", "start_va": 74317824, "timestamp": "00:00:39.946", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 200704, "start_va": 74514432, "type": "region", "version": 1 }, "end_va": 74715135, "entry_point": 74514432, "filename": "\\Windows\\System32\\C_949.NLS", "id": "region_772", "name": "c_949.nls", "norm_filename": "c:\\windows\\system32\\c_949.nls", "region_type": "memory_mapped_file", "start_va": 74514432, "timestamp": "00:00:39.946", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 74776576, "type": "region", "version": 1 }, "end_va": 74846207, "entry_point": 74776576, "filename": "\\Windows\\System32\\C_874.NLS", "id": "region_773", "name": "c_874.nls", "norm_filename": "c:\\windows\\system32\\c_874.nls", "region_type": "memory_mapped_file", "start_va": 74776576, "timestamp": "00:00:39.947", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 74907648, "type": "region", "version": 1 }, "end_va": 74977279, "entry_point": 74907648, "filename": "\\Windows\\System32\\C_1258.NLS", "id": "region_774", "name": "c_1258.nls", "norm_filename": "c:\\windows\\system32\\c_1258.nls", "region_type": "memory_mapped_file", "start_va": 74907648, "timestamp": "00:00:39.947", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 200704, "start_va": 75038720, "type": "region", "version": 1 }, "end_va": 75239423, "entry_point": 75038720, "filename": "\\Windows\\System32\\C_936.NLS", "id": "region_775", "name": "c_936.nls", "norm_filename": "c:\\windows\\system32\\c_936.nls", "region_type": "memory_mapped_file", "start_va": 75038720, "timestamp": "00:00:39.947", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 200704, "start_va": 75300864, "type": "region", "version": 1 }, "end_va": 75501567, "entry_point": 75300864, "filename": "\\Windows\\System32\\C_950.NLS", "id": "region_776", "name": "c_950.nls", "norm_filename": "c:\\windows\\system32\\c_950.nls", "region_type": "memory_mapped_file", "start_va": 75300864, "timestamp": "00:00:39.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 1977679872, "type": "region", "version": 1 }, "end_va": 1978040319, "entry_point": 1977838432, "filename": "\\Windows\\SysWOW64\\coml2.dll", "id": "region_777", "name": "coml2.dll", "norm_filename": "c:\\windows\\syswow64\\coml2.dll", "region_type": "memory_mapped_file", "start_va": 1977679872, "timestamp": "00:00:39.952", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000778-addr_0x0000000001dd0000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_367", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 31260672, "type": "region", "version": 1 }, "end_va": 31277055, "entry_point": 0, "filename": null, "id": "region_778", "name": "private_0x0000000001dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31260672, "timestamp": "00:00:39.954", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 75563008, "type": "region", "version": 1 }, "end_va": 79757311, "entry_point": 0, "filename": null, "id": "region_779", "name": "pagefile_0x0000000004810000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 75563008, "timestamp": "00:00:39.956", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000780-addr_0x0000000004810000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_368", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 75563008, "type": "region", "version": 1 }, "end_va": 75628543, "entry_point": 0, "filename": null, "id": "region_780", "name": "private_0x0000000004810000", "norm_filename": null, "region_type": "private_memory", "start_va": 75563008, "timestamp": "00:00:39.976", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000781-addr_0x0000000004810000-size_0x0000000000016000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_369", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 90112, "start_va": 75563008, "type": "region", "version": 1 }, "end_va": 75653119, "entry_point": 0, "filename": null, "id": "region_781", "name": "private_0x0000000004810000", "norm_filename": null, "region_type": "private_memory", "start_va": 75563008, "timestamp": "00:00:39.980", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 36864, "start_va": 75694080, "type": "region", "version": 1 }, "end_va": 75730943, "entry_point": 0, "filename": null, "id": "region_782", "name": "pagefile_0x0000000004830000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 75694080, "timestamp": "00:00:39.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 36864, "start_va": 75563008, "type": "region", "version": 1 }, "end_va": 75599871, "entry_point": 0, "filename": null, "id": "region_783", "name": "pagefile_0x0000000004810000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 75563008, "timestamp": "00:00:39.983", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000843-addr_0x0000000004810000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_370", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 75563008, "type": "region", "version": 1 }, "end_va": 76087295, "entry_point": 0, "filename": null, "id": "region_843", "name": "private_0x0000000004810000", "norm_filename": null, "region_type": "private_memory", "start_va": 75563008, "timestamp": "00:00:40.041", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 76087296, "type": "region", "version": 1 }, "end_va": 76091391, "entry_point": 0, "filename": null, "id": "region_844", "name": "pagefile_0x0000000004890000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 76087296, "timestamp": "00:00:40.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 532480, "start_va": 1949040640, "type": "region", "version": 1 }, "end_va": 1949573119, "entry_point": 1949165472, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_845", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1949040640, "timestamp": "00:00:40.043", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 76152832, "type": "region", "version": 1 }, "end_va": 76156927, "entry_point": 0, "filename": null, "id": "region_846", "name": "pagefile_0x00000000048a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 76152832, "timestamp": "00:00:40.048", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000847-addr_0x00000000048b0000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_371", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 76218368, "type": "region", "version": 1 }, "end_va": 76222463, "entry_point": 0, "filename": null, "id": "region_847", "name": "private_0x00000000048b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 76218368, "timestamp": "00:00:40.069", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000905-addr_0x0000000004a60000-size_0x0000000000090000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_429", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 589824, "start_va": 77987840, "type": "region", "version": 1 }, "end_va": 78577663, "entry_point": 0, "filename": null, "id": "region_905", "name": "private_0x0000000004a60000", "norm_filename": null, "region_type": "private_memory", "start_va": 77987840, "timestamp": "00:00:41.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1933443072, "type": "region", "version": 1 }, "end_va": 1933520895, "entry_point": 1933481216, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_906", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1933443072, "timestamp": "00:00:41.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 1933246464, "type": "region", "version": 1 }, "end_va": 1933438975, "entry_point": 1933350192, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_907", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1933246464, "timestamp": "00:00:41.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1984233472, "type": "region", "version": 1 }, "end_va": 1984258047, "entry_point": 1984238720, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_908", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1984233472, "timestamp": "00:00:41.018", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000909-addr_0x00000000048b0000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_430", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 76218368, "type": "region", "version": 1 }, "end_va": 76234751, "entry_point": 0, "filename": null, "id": "region_909", "name": "private_0x00000000048b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 76218368, "timestamp": "00:00:41.034", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 163840, "start_va": 1931411456, "type": "region", "version": 1 }, "end_va": 1931575295, "entry_point": 1931442304, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_910", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1931411456, "timestamp": "00:00:41.037", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000911-addr_0x00000000048c0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_431", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 76283904, "type": "region", "version": 1 }, "end_va": 76287999, "entry_point": 0, "filename": null, "id": "region_911", "name": "private_0x00000000048c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 76283904, "timestamp": "00:00:41.048", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\system32\\cmd.exe\" /c \"C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\upd7d80021e.bat\"", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_3", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 3, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000003-region_00000912-addr_0x0000000000470000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_432", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 4784127, "entry_point": 0, "filename": null, "id": "region_912", "name": "private_0x0000000000470000", "norm_filename": null, "region_type": "private_memory", "start_va": 4653056, "timestamp": "00:00:41.079", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000913-addr_0x0000000000490000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_433", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 4792319, "entry_point": 0, "filename": null, "id": "region_913", "name": "private_0x0000000000490000", "norm_filename": null, "region_type": "private_memory", "start_va": 4784128, "timestamp": "00:00:41.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 4849664, "type": "region", "version": 1 }, "end_va": 4931583, "entry_point": 0, "filename": null, "id": "region_914", "name": "pagefile_0x00000000004a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4849664, "timestamp": "00:00:41.079", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000915-addr_0x00000000004c0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_434", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 4980736, "type": "region", "version": 1 }, "end_va": 5242879, "entry_point": 0, "filename": null, "id": "region_915", "name": "private_0x00000000004c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4980736, "timestamp": "00:00:41.080", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000916-addr_0x0000000000500000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_435", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 6291455, "entry_point": 0, "filename": null, "id": "region_916", "name": "private_0x0000000000500000", "norm_filename": null, "region_type": "private_memory", "start_va": 5242880, "timestamp": "00:00:41.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 6291456, "type": "region", "version": 1 }, "end_va": 6307839, "entry_point": 0, "filename": null, "id": "region_917", "name": "pagefile_0x0000000000600000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6291456, "timestamp": "00:00:41.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 6356992, "type": "region", "version": 1 }, "end_va": 6361087, "entry_point": 0, "filename": null, "id": "region_918", "name": "pagefile_0x0000000000610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6356992, "timestamp": "00:00:41.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 327680, "start_va": 14221312, "type": "region", "version": 1 }, "end_va": 14548991, "entry_point": 14221312, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_919", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 14221312, "timestamp": "00:00:41.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "" ], "ref_process_dump": null, "size": 67108864, "start_va": 14548992, "type": "region", "version": 1 }, "end_va": 81657855, "entry_point": 0, "filename": null, "id": "region_920", "name": "pagefile_0x0000000000de0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14548992, "timestamp": "00:00:41.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1544192, "start_va": 1998127104, "type": "region", "version": 1 }, "end_va": 1999671295, "entry_point": 1998127104, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_921", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1998127104, "timestamp": "00:00:41.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2120679424, "type": "region", "version": 1 }, "end_va": 2120822783, "entry_point": 0, "filename": null, "id": "region_922", "name": "pagefile_0x000000007e670000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2120679424, "timestamp": "00:00:41.092", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000923-addr_0x000000007e696000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_436", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2120835072, "type": "region", "version": 1 }, "end_va": 2120839167, "entry_point": 0, "filename": null, "id": "region_923", "name": "private_0x000000007e696000", "norm_filename": null, "region_type": "private_memory", "start_va": 2120835072, "timestamp": "00:00:41.092", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000924-addr_0x000000007e69c000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_437", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2120859648, "type": "region", "version": 1 }, "end_va": 2120871935, "entry_point": 0, "filename": null, "id": "region_924", "name": "private_0x000000007e69c000", "norm_filename": null, "region_type": "private_memory", "start_va": 2120859648, "timestamp": "00:00:41.092", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000925-addr_0x000000007e69f000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_438", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2120871936, "type": "region", "version": 1 }, "end_va": 2120876031, "entry_point": 0, "filename": null, "id": "region_925", "name": "private_0x000000007e69f000", "norm_filename": null, "region_type": "private_memory", "start_va": 2120871936, "timestamp": "00:00:41.093", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000926-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_439", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_926", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:41.093", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 138515869466624, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 138518016884735, "entry_point": 0, "filename": null, "id": "region_927", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:41.093", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "" ], "ref_process_dump": null, "size": 2199023255552, "start_va": 138518016884736, "type": "region", "version": 1 }, "end_va": 140717040140287, "entry_point": 0, "filename": null, "id": "region_928", "name": "pagefile_0x00007dfb3d310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 138518016884736, "timestamp": "00:00:41.093", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1843200, "start_va": 140717040140288, "type": "region", "version": 1 }, "end_va": 140717041983487, "entry_point": 140717040140288, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_929", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140717040140288, "timestamp": "00:00:41.093", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20446306304, "start_va": 140717041983488, "type": "region", "version": 1 }, "end_va": 140737488289791, "entry_point": 0, "filename": null, "id": "region_930", "name": "private_0x00007ffb3d4d2000", "norm_filename": null, "region_type": "private_memory", "start_va": 140717041983488, "timestamp": "00:00:41.094", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000931-addr_0x0000000000620000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_440", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 6422528, "type": "region", "version": 1 }, "end_va": 6430719, "entry_point": 0, "filename": null, "id": "region_931", "name": "private_0x0000000000620000", "norm_filename": null, "region_type": "private_memory", "start_va": 6422528, "timestamp": "00:00:41.095", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000932-addr_0x00000000006c0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_441", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 7077888, "type": "region", "version": 1 }, "end_va": 7143423, "entry_point": 0, "filename": null, "id": "region_932", "name": "private_0x00000000006c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7077888, "timestamp": "00:00:41.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 471040, "start_va": 1553989632, "type": "region", "version": 1 }, "end_va": 1554460671, "entry_point": 1554067280, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_933", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1553989632, "timestamp": "00:00:41.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1554513920, "type": "region", "version": 1 }, "end_va": 1554837503, "entry_point": 1554606816, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_934", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1554513920, "timestamp": "00:00:41.120", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000935-addr_0x0000000000870000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_442", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 8847360, "type": "region", "version": 1 }, "end_va": 9895935, "entry_point": 0, "filename": null, "id": "region_935", "name": "private_0x0000000000870000", "norm_filename": null, "region_type": "private_memory", "start_va": 8847360, "timestamp": "00:00:41.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1553924096, "type": "region", "version": 1 }, "end_va": 1553956863, "entry_point": 1553929312, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_936", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1553924096, "timestamp": "00:00:41.138", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 4718591, "entry_point": 0, "filename": null, "id": "region_1008", "name": "pagefile_0x0000000000470000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4653056, "timestamp": "00:00:43.860", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001009-addr_0x0000000000630000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_469", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 6488064, "type": "region", "version": 1 }, "end_va": 6750207, "entry_point": 0, "filename": null, "id": "region_1009", "name": "private_0x0000000000630000", "norm_filename": null, "region_type": "private_memory", "start_va": 6488064, "timestamp": "00:00:43.860", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 778240, "start_va": 7143424, "type": "region", "version": 1 }, "end_va": 7921663, "entry_point": 7143424, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1010", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 7143424, "timestamp": "00:00:43.860", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001011-addr_0x0000000000970000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_470", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 9895936, "type": "region", "version": 1 }, "end_va": 10944511, "entry_point": 0, "filename": null, "id": "region_1011", "name": "private_0x0000000000970000", "norm_filename": null, "region_type": "private_memory", "start_va": 9895936, "timestamp": "00:00:43.861", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001012-addr_0x0000000000bc0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_471", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 12320768, "type": "region", "version": 1 }, "end_va": 12386303, "entry_point": 0, "filename": null, "id": "region_1012", "name": "private_0x0000000000bc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12320768, "timestamp": "00:00:43.861", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1974992896, "type": "region", "version": 1 }, "end_va": 1975771135, "entry_point": 1975211568, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1013", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1974992896, "timestamp": "00:00:43.861", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 1978793984, "type": "region", "version": 1 }, "end_va": 1980325887, "entry_point": 1979435424, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1014", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1978793984, "timestamp": "00:00:43.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1992032256, "type": "region", "version": 1 }, "end_va": 1993015295, "entry_point": 1992112080, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1015", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1992032256, "timestamp": "00:00:43.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2119630848, "type": "region", "version": 1 }, "end_va": 2120679423, "entry_point": 0, "filename": null, "id": "region_1016", "name": "pagefile_0x000000007e570000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2119630848, "timestamp": "00:00:43.863", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001017-addr_0x000000007e699000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_472", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2120847360, "type": "region", "version": 1 }, "end_va": 2120859647, "entry_point": 0, "filename": null, "id": "region_1017", "name": "private_0x000000007e699000", "norm_filename": null, "region_type": "private_memory", "start_va": 2120847360, "timestamp": "00:00:43.863", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001018-addr_0x0000000000480000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_473", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 4734975, "entry_point": 0, "filename": null, "id": "region_1018", "name": "private_0x0000000000480000", "norm_filename": null, "region_type": "private_memory", "start_va": 4718592, "timestamp": "00:00:43.865", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001019-addr_0x0000000000490000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_474", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 4800511, "entry_point": 0, "filename": null, "id": "region_1019", "name": "private_0x0000000000490000", "norm_filename": null, "region_type": "private_memory", "start_va": 4784128, "timestamp": "00:00:43.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1931345920, "type": "region", "version": 1 }, "end_va": 1931378687, "entry_point": 1931345920, "filename": "\\Windows\\SysWOW64\\cmdext.dll", "id": "region_1020", "name": "cmdext.dll", "norm_filename": "c:\\windows\\syswow64\\cmdext.dll", "region_type": "memory_mapped_file", "start_va": 1931345920, "timestamp": "00:00:43.960", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1976827904, "type": "region", "version": 1 }, "end_va": 1977331711, "entry_point": 1976951728, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1021", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1976827904, "timestamp": "00:00:43.976", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1980366848, "type": "region", "version": 1 }, "end_va": 1980641279, "entry_point": 1980429680, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1022", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1980366848, "timestamp": "00:00:43.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1978073088, "type": "region", "version": 1 }, "end_va": 1978777599, "entry_point": 1978283696, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1023", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978073088, "timestamp": "00:00:43.980", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 1948909568, "type": "region", "version": 1 }, "end_va": 1949032447, "entry_point": 1948956224, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1024", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1948909568, "timestamp": "00:00:43.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1948844032, "type": "region", "version": 1 }, "end_va": 1948884991, "entry_point": 1948854944, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1025", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1948844032, "timestamp": "00:00:43.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1948450816, "type": "region", "version": 1 }, "end_va": 1948815359, "entry_point": 1948683456, "filename": "\\Windows\\SysWOW64\\bcryptprimitives.dll", "id": "region_1026", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\syswow64\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 1948450816, "timestamp": "00:00:43.985", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00001027-addr_0x0000000000670000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_475", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 6750208, "type": "region", "version": 1 }, "end_va": 6815743, "entry_point": 0, "filename": null, "id": "region_1027", "name": "private_0x0000000000670000", "norm_filename": null, "region_type": "private_memory", "start_va": 6750208, "timestamp": "00:00:44.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 135168, "start_va": 6815744, "type": "region", "version": 1 }, "end_va": 6950911, "entry_point": 6815744, "filename": "\\Windows\\SysWOW64\\en-US\\cmd.exe.mui", "id": "region_1028", "name": "cmd.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\cmd.exe.mui", "region_type": "memory_mapped_file", "start_va": 6815744, "timestamp": "00:00:44.041", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\SysWOW64\\svchost.exe -k netsvcs", "filename": "c:\\windows\\syswow64\\svchost.exe", "id": "proc_5", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 5, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3649535, "entry_point": 3604480, "filename": "\\Windows\\SysWOW64\\svchost.exe", "id": "region_1029", "name": "svchost.exe", "norm_filename": "c:\\windows\\syswow64\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 3604480, "timestamp": "00:01:41.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "" ], "ref_process_dump": null, "size": 67108864, "start_va": 14680064, "type": "region", "version": 1 }, "end_va": 81788927, "entry_point": 0, "filename": null, "id": "region_1030", "name": "pagefile_0x0000000000e00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14680064, "timestamp": "00:01:41.170", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001031-addr_0x0000000004e00000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_476", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 81788928, "type": "region", "version": 1 }, "end_va": 81919999, "entry_point": 0, "filename": null, "id": "region_1031", "name": "private_0x0000000004e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 81788928, "timestamp": "00:01:41.170", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001032-addr_0x0000000004e20000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_477", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 81920000, "type": "region", "version": 1 }, "end_va": 81928191, "entry_point": 0, "filename": null, "id": "region_1032", "name": "private_0x0000000004e20000", "norm_filename": null, "region_type": "private_memory", "start_va": 81920000, "timestamp": "00:01:41.170", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 81985536, "type": "region", "version": 1 }, "end_va": 82067455, "entry_point": 0, "filename": null, "id": "region_1033", "name": "pagefile_0x0000000004e30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 81985536, "timestamp": "00:01:41.170", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001034-addr_0x0000000004e50000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_478", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 82116608, "type": "region", "version": 1 }, "end_va": 82378751, "entry_point": 0, "filename": null, "id": "region_1034", "name": "private_0x0000000004e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 82116608, "timestamp": "00:01:41.170", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001035-addr_0x0000000004e90000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_479", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 82378752, "type": "region", "version": 1 }, "end_va": 82640895, "entry_point": 0, "filename": null, "id": "region_1035", "name": "private_0x0000000004e90000", "norm_filename": null, "region_type": "private_memory", "start_va": 82378752, "timestamp": "00:01:41.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 82640896, "type": "region", "version": 1 }, "end_va": 82657279, "entry_point": 0, "filename": null, "id": "region_1036", "name": "pagefile_0x0000000004ed0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 82640896, "timestamp": "00:01:41.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 82706432, "type": "region", "version": 1 }, "end_va": 82710527, "entry_point": 0, "filename": null, "id": "region_1037", "name": "pagefile_0x0000000004ee0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 82706432, "timestamp": "00:01:41.171", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001038-addr_0x0000000004ef0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_480", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 82771968, "type": "region", "version": 1 }, "end_va": 82780159, "entry_point": 0, "filename": null, "id": "region_1038", "name": "private_0x0000000004ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 82771968, "timestamp": "00:01:41.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1544192, "start_va": 1998127104, "type": "region", "version": 1 }, "end_va": 1999671295, "entry_point": 1998127104, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1039", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1998127104, "timestamp": "00:01:41.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2124742656, "type": "region", "version": 1 }, "end_va": 2124886015, "entry_point": 0, "filename": null, "id": "region_1040", "name": "pagefile_0x000000007ea50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2124742656, "timestamp": "00:01:41.171", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001041-addr_0x000000007ea77000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_481", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2124902400, "type": "region", "version": 1 }, "end_va": 2124906495, "entry_point": 0, "filename": null, "id": "region_1041", "name": "private_0x000000007ea77000", "norm_filename": null, "region_type": "private_memory", "start_va": 2124902400, "timestamp": "00:01:41.172", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001042-addr_0x000000007ea79000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_482", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2124910592, "type": "region", "version": 1 }, "end_va": 2124914687, "entry_point": 0, "filename": null, "id": "region_1042", "name": "private_0x000000007ea79000", "norm_filename": null, "region_type": "private_memory", "start_va": 2124910592, "timestamp": "00:01:41.172", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001043-addr_0x000000007ea7d000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_483", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2124926976, "type": "region", "version": 1 }, "end_va": 2124939263, "entry_point": 0, "filename": null, "id": "region_1043", "name": "private_0x000000007ea7d000", "norm_filename": null, "region_type": "private_memory", "start_va": 2124926976, "timestamp": "00:01:41.172", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001044-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_484", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1044", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:41.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 138515869466624, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 138518016884735, "entry_point": 0, "filename": null, "id": "region_1045", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:41.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "" ], "ref_process_dump": null, "size": 2199023255552, "start_va": 138518016884736, "type": "region", "version": 1 }, "end_va": 140717040140287, "entry_point": 0, "filename": null, "id": "region_1046", "name": "pagefile_0x00007dfb3d310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 138518016884736, "timestamp": "00:01:41.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1843200, "start_va": 140717040140288, "type": "region", "version": 1 }, "end_va": 140717041983487, "entry_point": 140717040140288, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1047", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140717040140288, "timestamp": "00:01:41.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20446306304, "start_va": 140717041983488, "type": "region", "version": 1 }, "end_va": 140737488289791, "entry_point": 0, "filename": null, "id": "region_1048", "name": "private_0x00007ffb3d4d2000", "norm_filename": null, "region_type": "private_memory", "start_va": 140717041983488, "timestamp": "00:01:41.173", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001049-addr_0x0000000004f00000-size_0x0000000000020000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_485", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 82837504, "type": "region", "version": 1 }, "end_va": 82968575, "entry_point": 0, "filename": null, "id": "region_1049", "name": "private_0x0000000004f00000", "norm_filename": null, "region_type": "private_memory", "start_va": 82837504, "timestamp": "00:01:41.175", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001050-addr_0x0000000004f20000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_486", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 82968576, "type": "region", "version": 1 }, "end_va": 83230719, "entry_point": 0, "filename": null, "id": "region_1050", "name": "private_0x0000000004f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 82968576, "timestamp": "00:01:41.228", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001051-addr_0x0000000004f60000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_487", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 83230720, "type": "region", "version": 1 }, "end_va": 83492863, "entry_point": 0, "filename": null, "id": "region_1051", "name": "private_0x0000000004f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 83230720, "timestamp": "00:01:41.228", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001052-addr_0x0000000004fa0000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_488", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 83492864, "type": "region", "version": 1 }, "end_va": 83521535, "entry_point": 0, "filename": null, "id": "region_1052", "name": "private_0x0000000004fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 83492864, "timestamp": "00:01:41.229", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001053-addr_0x0000000005000000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_489", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 83886080, "type": "region", "version": 1 }, "end_va": 84934655, "entry_point": 0, "filename": null, "id": "region_1053", "name": "private_0x0000000005000000", "norm_filename": null, "region_type": "private_memory", "start_va": 83886080, "timestamp": "00:01:41.229", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 471040, "start_va": 1553989632, "type": "region", "version": 1 }, "end_va": 1554460671, "entry_point": 1554067280, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1054", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1553989632, "timestamp": "00:01:41.229", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1554513920, "type": "region", "version": 1 }, "end_va": 1554837503, "entry_point": 1554606816, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1055", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1554513920, "timestamp": "00:01:41.230", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001056-addr_0x000000007ea7a000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_490", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2124914688, "type": "region", "version": 1 }, "end_va": 2124926975, "entry_point": 0, "filename": null, "id": "region_1056", "name": "private_0x000000007ea7a000", "norm_filename": null, "region_type": "private_memory", "start_va": 2124914688, "timestamp": "00:01:41.231", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001057-addr_0x0000000004fd0000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_491", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 83689472, "type": "region", "version": 1 }, "end_va": 83705855, "entry_point": 0, "filename": null, "id": "region_1057", "name": "private_0x0000000004fd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 83689472, "timestamp": "00:01:41.281", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1553924096, "type": "region", "version": 1 }, "end_va": 1553956863, "entry_point": 1553929312, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1058", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1553924096, "timestamp": "00:01:41.282", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 81788928, "type": "region", "version": 1 }, "end_va": 81854463, "entry_point": 0, "filename": null, "id": "region_1059", "name": "pagefile_0x0000000004e00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 81788928, "timestamp": "00:01:41.307", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001060-addr_0x0000000005100000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_492", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 84934656, "type": "region", "version": 1 }, "end_va": 85983231, "entry_point": 0, "filename": null, "id": "region_1060", "name": "private_0x0000000005100000", "norm_filename": null, "region_type": "private_memory", "start_va": 84934656, "timestamp": "00:01:41.307", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 778240, "start_va": 85983232, "type": "region", "version": 1 }, "end_va": 86761471, "entry_point": 85983232, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1061", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 85983232, "timestamp": "00:01:41.307", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001062-addr_0x00000000052c0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_493", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 86769664, "type": "region", "version": 1 }, "end_va": 87031807, "entry_point": 0, "filename": null, "id": "region_1062", "name": "private_0x00000000052c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 86769664, "timestamp": "00:01:41.308", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001063-addr_0x0000000005300000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_494", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 87031808, "type": "region", "version": 1 }, "end_va": 87293951, "entry_point": 0, "filename": null, "id": "region_1063", "name": "private_0x0000000005300000", "norm_filename": null, "region_type": "private_memory", "start_va": 87031808, "timestamp": "00:01:41.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1948450816, "type": "region", "version": 1 }, "end_va": 1948815359, "entry_point": 1948683456, "filename": "\\Windows\\SysWOW64\\bcryptprimitives.dll", "id": "region_1064", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\syswow64\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 1948450816, "timestamp": "00:01:41.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1948844032, "type": "region", "version": 1 }, "end_va": 1948884991, "entry_point": 1948854944, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1065", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1948844032, "timestamp": "00:01:41.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 1948909568, "type": "region", "version": 1 }, "end_va": 1949032447, "entry_point": 1948956224, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1066", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1948909568, "timestamp": "00:01:41.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1978073088, "type": "region", "version": 1 }, "end_va": 1978777599, "entry_point": 1978283696, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1067", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978073088, "timestamp": "00:01:41.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 1978793984, "type": "region", "version": 1 }, "end_va": 1980325887, "entry_point": 1979435424, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1068", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1978793984, "timestamp": "00:01:41.312", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1980366848, "type": "region", "version": 1 }, "end_va": 1980641279, "entry_point": 1980429680, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1069", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1980366848, "timestamp": "00:01:41.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1992032256, "type": "region", "version": 1 }, "end_va": 1993015295, "entry_point": 1992112080, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1070", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1992032256, "timestamp": "00:01:41.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2123694080, "type": "region", "version": 1 }, "end_va": 2124742655, "entry_point": 0, "filename": null, "id": "region_1071", "name": "pagefile_0x000000007e950000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2123694080, "timestamp": "00:01:41.314", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001072-addr_0x000000007ea74000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_495", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2124890112, "type": "region", "version": 1 }, "end_va": 2124902399, "entry_point": 0, "filename": null, "id": "region_1072", "name": "private_0x000000007ea74000", "norm_filename": null, "region_type": "private_memory", "start_va": 2124890112, "timestamp": "00:01:41.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1310720, "start_va": 1951399936, "type": "region", "version": 1 }, "end_va": 1952710655, "entry_point": 1951466112, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1073", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1951399936, "timestamp": "00:01:41.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1363968, "start_va": 1989869568, "type": "region", "version": 1 }, "end_va": 1991233535, "entry_point": 1990600144, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1074", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1989869568, "timestamp": "00:01:41.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 87293952, "type": "region", "version": 1 }, "end_va": 88899583, "entry_point": 0, "filename": null, "id": "region_1075", "name": "pagefile_0x0000000005340000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 87293952, "timestamp": "00:01:41.320", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 172032, "start_va": 88932352, "type": "region", "version": 1 }, "end_va": 89104383, "entry_point": 88953520, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1076", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 88932352, "timestamp": "00:01:41.320", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 1953693696, "type": "region", "version": 1 }, "end_va": 1953869823, "entry_point": 1953714864, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1077", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1953693696, "timestamp": "00:01:41.321", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1179648, "start_va": 1996947456, "type": "region", "version": 1 }, "end_va": 1998127103, "entry_point": 1997227744, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1078", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1996947456, "timestamp": "00:01:41.323", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1974992896, "type": "region", "version": 1 }, "end_va": 1975771135, "entry_point": 1975211568, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1079", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1974992896, "timestamp": "00:01:41.324", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001080-addr_0x00000000054d0000-size_0x0000000000175000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_496", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1527808, "start_va": 88932352, "type": "region", "version": 1 }, "end_va": 90460159, "entry_point": 0, "filename": null, "id": "region_1080", "name": "private_0x00000000054d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 88932352, "timestamp": "00:01:41.326", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001081-addr_0x0000000005650000-size_0x0000000000200000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_497", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2097152, "start_va": 90505216, "type": "region", "version": 1 }, "end_va": 92602367, "entry_point": 0, "filename": null, "id": "region_1081", "name": "private_0x0000000005650000", "norm_filename": null, "region_type": "private_memory", "start_va": 90505216, "timestamp": "00:01:41.327", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001082-addr_0x0000000005700000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_498", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 91226112, "type": "region", "version": 1 }, "end_va": 92274687, "entry_point": 0, "filename": null, "id": "region_1082", "name": "private_0x0000000005700000", "norm_filename": null, "region_type": "private_memory", "start_va": 91226112, "timestamp": "00:01:41.328", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 92274688, "type": "region", "version": 1 }, "end_va": 93851647, "entry_point": 0, "filename": null, "id": "region_1083", "name": "pagefile_0x0000000005800000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 92274688, "timestamp": "00:01:41.331", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 93913088, "type": "region", "version": 1 }, "end_va": 114884607, "entry_point": 0, "filename": null, "id": "region_1084", "name": "pagefile_0x0000000005990000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 93913088, "timestamp": "00:01:41.331", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 81854464, "type": "region", "version": 1 }, "end_va": 81858559, "entry_point": 81854464, "filename": "\\Windows\\SysWOW64\\en-US\\svchost.exe.mui", "id": "region_1085", "name": "svchost.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\svchost.exe.mui", "region_type": "memory_mapped_file", "start_va": 81854464, "timestamp": "00:01:41.334", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001086-addr_0x0000000004e20000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_499", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 81920000, "type": "region", "version": 1 }, "end_va": 81924095, "entry_point": 0, "filename": null, "id": "region_1086", "name": "private_0x0000000004e20000", "norm_filename": null, "region_type": "private_memory", "start_va": 81920000, "timestamp": "00:01:41.346", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001087-addr_0x0000000004fb0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_500", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 83558400, "type": "region", "version": 1 }, "end_va": 83562495, "entry_point": 0, "filename": null, "id": "region_1087", "name": "private_0x0000000004fb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 83558400, "timestamp": "00:01:41.346", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001088-addr_0x00000000055f0000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_501", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 90112000, "type": "region", "version": 1 }, "end_va": 90128383, "entry_point": 0, "filename": null, "id": "region_1088", "name": "private_0x00000000055f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 90112000, "timestamp": "00:01:41.349", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001089-addr_0x0000000005640000-size_0x0000000000005000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_502", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 20480, "start_va": 90439680, "type": "region", "version": 1 }, "end_va": 90460159, "entry_point": 0, "filename": null, "id": "region_1089", "name": "private_0x0000000005640000", "norm_filename": null, "region_type": "private_memory", "start_va": 90439680, "timestamp": "00:01:41.349", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001090-addr_0x0000000006e00000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_503", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 115343360, "type": "region", "version": 1 }, "end_va": 116391935, "entry_point": 0, "filename": null, "id": "region_1090", "name": "private_0x0000000006e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 115343360, "timestamp": "00:01:41.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1976827904, "type": "region", "version": 1 }, "end_va": 1977331711, "entry_point": 1976951728, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1091", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1976827904, "timestamp": "00:01:41.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1933443072, "type": "region", "version": 1 }, "end_va": 1933520895, "entry_point": 1933481216, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_1092", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1933443072, "timestamp": "00:01:41.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1934950400, "type": "region", "version": 1 }, "end_va": 1935060991, "entry_point": 1934987280, "filename": "\\Windows\\SysWOW64\\bcrypt.dll", "id": "region_1093", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\syswow64\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 1934950400, "timestamp": "00:01:41.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 1933246464, "type": "region", "version": 1 }, "end_va": 1933438975, "entry_point": 1933350192, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_1094", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1933246464, "timestamp": "00:01:41.356", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3371008, "start_va": 116391936, "type": "region", "version": 1 }, "end_va": 119762943, "entry_point": 116391936, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1095", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 116391936, "timestamp": "00:01:41.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1977352192, "type": "region", "version": 1 }, "end_va": 1977630719, "entry_point": 1977473040, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1096", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1977352192, "timestamp": "00:01:41.361", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1810432, "start_va": 1993277440, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1994181552, "filename": "\\Windows\\SysWOW64\\combase.dll", "id": "region_1097", "name": "combase.dll", "norm_filename": "c:\\windows\\syswow64\\combase.dll", "region_type": "memory_mapped_file", "start_va": 1993277440, "timestamp": "00:01:41.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1984233472, "type": "region", "version": 1 }, "end_va": 1984258047, "entry_point": 1984238720, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_1098", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1984233472, "timestamp": "00:01:41.371", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001099-addr_0x0000000004fc0000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_504", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 83623936, "type": "region", "version": 1 }, "end_va": 83628031, "entry_point": 0, "filename": null, "id": "region_1099", "name": "private_0x0000000004fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 83623936, "timestamp": "00:01:41.373", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1942224896, "type": "region", "version": 1 }, "end_va": 1942265855, "entry_point": 1942237696, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_1100", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1942224896, "timestamp": "00:01:41.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 163840, "start_va": 1931411456, "type": "region", "version": 1 }, "end_va": 1931575295, "entry_point": 1931442304, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_1101", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1931411456, "timestamp": "00:01:41.381", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001102-addr_0x0000000004fe0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_505", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 83755008, "type": "region", "version": 1 }, "end_va": 83759103, "entry_point": 0, "filename": null, "id": "region_1102", "name": "private_0x0000000004fe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 83755008, "timestamp": "00:01:41.385", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001103-addr_0x0000000004fe0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_506", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 83755008, "type": "region", "version": 1 }, "end_va": 83759103, "entry_point": 0, "filename": null, "id": "region_1103", "name": "private_0x0000000004fe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 83755008, "timestamp": "00:01:41.403", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001104-addr_0x00000000054d0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_507", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 88932352, "type": "region", "version": 1 }, "end_va": 89194495, "entry_point": 0, "filename": null, "id": "region_1104", "name": "private_0x00000000054d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 88932352, "timestamp": "00:01:41.404", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001105-addr_0x0000000005510000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_508", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 89194496, "type": "region", "version": 1 }, "end_va": 89456639, "entry_point": 0, "filename": null, "id": "region_1105", "name": "private_0x0000000005510000", "norm_filename": null, "region_type": "private_memory", "start_va": 89194496, "timestamp": "00:01:41.404", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001106-addr_0x0000000005550000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_509", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 89456640, "type": "region", "version": 1 }, "end_va": 89718783, "entry_point": 0, "filename": null, "id": "region_1106", "name": "private_0x0000000005550000", "norm_filename": null, "region_type": "private_memory", "start_va": 89456640, "timestamp": "00:01:41.404", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001107-addr_0x0000000005590000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_510", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 89718784, "type": "region", "version": 1 }, "end_va": 89980927, "entry_point": 0, "filename": null, "id": "region_1107", "name": "private_0x0000000005590000", "norm_filename": null, "region_type": "private_memory", "start_va": 89718784, "timestamp": "00:01:41.405", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001108-addr_0x0000000005600000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_511", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 90177536, "type": "region", "version": 1 }, "end_va": 90439679, "entry_point": 0, "filename": null, "id": "region_1108", "name": "private_0x0000000005600000", "norm_filename": null, "region_type": "private_memory", "start_va": 90177536, "timestamp": "00:01:41.405", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001109-addr_0x0000000005650000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_512", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 90505216, "type": "region", "version": 1 }, "end_va": 90767359, "entry_point": 0, "filename": null, "id": "region_1109", "name": "private_0x0000000005650000", "norm_filename": null, "region_type": "private_memory", "start_va": 90505216, "timestamp": "00:01:41.405", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001110-addr_0x0000000005690000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_513", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 90767360, "type": "region", "version": 1 }, "end_va": 91029503, "entry_point": 0, "filename": null, "id": "region_1110", "name": "private_0x0000000005690000", "norm_filename": null, "region_type": "private_memory", "start_va": 90767360, "timestamp": "00:01:41.406", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001111-addr_0x0000000007240000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_514", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 119799808, "type": "region", "version": 1 }, "end_va": 120848383, "entry_point": 0, "filename": null, "id": "region_1111", "name": "private_0x0000000007240000", "norm_filename": null, "region_type": "private_memory", "start_va": 119799808, "timestamp": "00:01:41.406", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001112-addr_0x0000000007340000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_515", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 120848384, "type": "region", "version": 1 }, "end_va": 121896959, "entry_point": 0, "filename": null, "id": "region_1112", "name": "private_0x0000000007340000", "norm_filename": null, "region_type": "private_memory", "start_va": 120848384, "timestamp": "00:01:41.406", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001113-addr_0x0000000007440000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_516", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 121896960, "type": "region", "version": 1 }, "end_va": 122945535, "entry_point": 0, "filename": null, "id": "region_1113", "name": "private_0x0000000007440000", "norm_filename": null, "region_type": "private_memory", "start_va": 121896960, "timestamp": "00:01:41.407", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001114-addr_0x0000000007540000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_517", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 122945536, "type": "region", "version": 1 }, "end_va": 123994111, "entry_point": 0, "filename": null, "id": "region_1114", "name": "private_0x0000000007540000", "norm_filename": null, "region_type": "private_memory", "start_va": 122945536, "timestamp": "00:01:41.407", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001115-addr_0x0000000007640000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_518", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 123994112, "type": "region", "version": 1 }, "end_va": 125042687, "entry_point": 0, "filename": null, "id": "region_1115", "name": "private_0x0000000007640000", "norm_filename": null, "region_type": "private_memory", "start_va": 123994112, "timestamp": "00:01:41.407", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001116-addr_0x0000000007740000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_519", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 125042688, "type": "region", "version": 1 }, "end_va": 126091263, "entry_point": 0, "filename": null, "id": "region_1116", "name": "private_0x0000000007740000", "norm_filename": null, "region_type": "private_memory", "start_va": 125042688, "timestamp": "00:01:41.408", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001117-addr_0x0000000007840000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_520", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 126091264, "type": "region", "version": 1 }, "end_va": 127139839, "entry_point": 0, "filename": null, "id": "region_1117", "name": "private_0x0000000007840000", "norm_filename": null, "region_type": "private_memory", "start_va": 126091264, "timestamp": "00:01:41.408", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001118-addr_0x000000007e93b000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_521", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2123608064, "type": "region", "version": 1 }, "end_va": 2123620351, "entry_point": 0, "filename": null, "id": "region_1118", "name": "private_0x000000007e93b000", "norm_filename": null, "region_type": "private_memory", "start_va": 2123608064, "timestamp": "00:01:41.408", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001119-addr_0x000000007e93e000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_522", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2123620352, "type": "region", "version": 1 }, "end_va": 2123632639, "entry_point": 0, "filename": null, "id": "region_1119", "name": "private_0x000000007e93e000", "norm_filename": null, "region_type": "private_memory", "start_va": 2123620352, "timestamp": "00:01:41.409", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001120-addr_0x000000007e941000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_523", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2123632640, "type": "region", "version": 1 }, "end_va": 2123644927, "entry_point": 0, "filename": null, "id": "region_1120", "name": "private_0x000000007e941000", "norm_filename": null, "region_type": "private_memory", "start_va": 2123632640, "timestamp": "00:01:41.409", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001121-addr_0x000000007e944000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_524", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2123644928, "type": "region", "version": 1 }, "end_va": 2123657215, "entry_point": 0, "filename": null, "id": "region_1121", "name": "private_0x000000007e944000", "norm_filename": null, "region_type": "private_memory", "start_va": 2123644928, "timestamp": "00:01:41.409", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001122-addr_0x000000007e947000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_525", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2123657216, "type": "region", "version": 1 }, "end_va": 2123669503, "entry_point": 0, "filename": null, "id": "region_1122", "name": "private_0x000000007e947000", "norm_filename": null, "region_type": "private_memory", "start_va": 2123657216, "timestamp": "00:01:41.410", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001123-addr_0x000000007e94a000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_526", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2123669504, "type": "region", "version": 1 }, "end_va": 2123681791, "entry_point": 0, "filename": null, "id": "region_1123", "name": "private_0x000000007e94a000", "norm_filename": null, "region_type": "private_memory", "start_va": 2123669504, "timestamp": "00:01:41.410", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001124-addr_0x000000007e94d000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_527", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2123681792, "type": "region", "version": 1 }, "end_va": 2123694079, "entry_point": 0, "filename": null, "id": "region_1124", "name": "private_0x000000007e94d000", "norm_filename": null, "region_type": "private_memory", "start_va": 2123681792, "timestamp": "00:01:41.410", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001146-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_538", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 82968576, "type": "region", "version": 1 }, "end_va": 82972671, "entry_point": 0, "filename": null, "id": "region_1146", "name": "private_0x0000000004f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 82968576, "timestamp": "00:01:41.442", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2244608, "start_va": 1918631936, "type": "region", "version": 1 }, "end_va": 1920876543, "entry_point": 1918631936, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_1147", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1918631936, "timestamp": "00:01:41.451", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2887680, "start_va": 1935081472, "type": "region", "version": 1 }, "end_va": 1937969151, "entry_point": 1935081472, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_1148", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1935081472, "timestamp": "00:01:41.467", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001172-addr_0x0000000004f20000-size_0x0000000000063000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_548", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 405504, "start_va": 82968576, "type": "region", "version": 1 }, "end_va": 83374079, "entry_point": 0, "filename": null, "id": "region_1172", "name": "private_0x0000000004f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 82968576, "timestamp": "00:01:41.537", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001173-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_549", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 82968576, "type": "region", "version": 1 }, "end_va": 82972671, "entry_point": 0, "filename": null, "id": "region_1173", "name": "private_0x0000000004f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 82968576, "timestamp": "00:01:41.549", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001174-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_550", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 82968576, "type": "region", "version": 1 }, "end_va": 82972671, "entry_point": 0, "filename": null, "id": "region_1174", "name": "private_0x0000000004f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 82968576, "timestamp": "00:01:41.558", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001175-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_551", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 82968576, "type": "region", "version": 1 }, "end_va": 82972671, "entry_point": 0, "filename": null, "id": "region_1175", "name": "private_0x0000000004f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 82968576, "timestamp": "00:01:41.566", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001176-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_552", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 82968576, "type": "region", "version": 1 }, "end_va": 82972671, "entry_point": 0, "filename": null, "id": "region_1176", "name": "private_0x0000000004f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 82968576, "timestamp": "00:01:41.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 577536, "start_va": 1982332928, "type": "region", "version": 1 }, "end_va": 1982910463, "entry_point": 1982632352, "filename": "\\Windows\\SysWOW64\\SHCore.dll", "id": "region_1177", "name": "shcore.dll", "norm_filename": "c:\\windows\\syswow64\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 1982332928, "timestamp": "00:01:41.583", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001203-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_561", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 82968576, "type": "region", "version": 1 }, "end_va": 82972671, "entry_point": 0, "filename": null, "id": "region_1203", "name": "private_0x0000000004f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 82968576, "timestamp": "00:01:41.637", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001204-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_562", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 82968576, "type": "region", "version": 1 }, "end_va": 82972671, "entry_point": 0, "filename": null, "id": "region_1204", "name": "private_0x0000000004f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 82968576, "timestamp": "00:01:41.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1527808, "start_va": 1995177984, "type": "region", "version": 1 }, "end_va": 1996705791, "entry_point": 1995177984, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_1205", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1995177984, "timestamp": "00:01:41.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1996881920, "type": "region", "version": 1 }, "end_va": 1996939263, "entry_point": 1996881920, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_1206", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1996881920, "timestamp": "00:01:41.666", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001207-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_563", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 82968576, "type": "region", "version": 1 }, "end_va": 82972671, "entry_point": 0, "filename": null, "id": "region_1207", "name": "private_0x0000000004f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 82968576, "timestamp": "00:01:41.678", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001208-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_564", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 82968576, "type": "region", "version": 1 }, "end_va": 82972671, "entry_point": 0, "filename": null, "id": "region_1208", "name": "private_0x0000000004f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 82968576, "timestamp": "00:01:41.686", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001214-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_567", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 82968576, "type": "region", "version": 1 }, "end_va": 82972671, "entry_point": 0, "filename": null, "id": "region_1214", "name": "private_0x0000000004f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 82968576, "timestamp": "00:01:41.728", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001215-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_568", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 82968576, "type": "region", "version": 1 }, "end_va": 82972671, "entry_point": 0, "filename": null, "id": "region_1215", "name": "private_0x0000000004f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 82968576, "timestamp": "00:01:41.736", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001216-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_569", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 82968576, "type": "region", "version": 1 }, "end_va": 82972671, "entry_point": 0, "filename": null, "id": "region_1216", "name": "private_0x0000000004f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 82968576, "timestamp": "00:01:41.751", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001217-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_570", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 82968576, "type": "region", "version": 1 }, "end_va": 82972671, "entry_point": 0, "filename": null, "id": "region_1217", "name": "private_0x0000000004f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 82968576, "timestamp": "00:01:41.759", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1441792, "start_va": 1938620416, "type": "region", "version": 1 }, "end_va": 1940062207, "entry_point": 1938620416, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_1218", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1938620416, "timestamp": "00:01:41.779", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001219-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_571", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 82968576, "type": "region", "version": 1 }, "end_va": 82972671, "entry_point": 0, "filename": null, "id": "region_1219", "name": "private_0x0000000004f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 82968576, "timestamp": "00:01:41.801", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001220-addr_0x0000000004f20000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_572", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 82968576, "type": "region", "version": 1 }, "end_va": 82972671, "entry_point": 0, "filename": null, "id": "region_1220", "name": "private_0x0000000004f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 82968576, "timestamp": "00:01:41.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1995112448, "type": "region", "version": 1 }, "end_va": 1995161599, "entry_point": 1995127072, "filename": "\\Windows\\SysWOW64\\kernel.appcore.dll", "id": "region_1221", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\syswow64\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 1995112448, "timestamp": "00:01:41.821", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001222-addr_0x0000000004f20000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_573", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 82968576, "type": "region", "version": 1 }, "end_va": 82976767, "entry_point": 0, "filename": null, "id": "region_1222", "name": "private_0x0000000004f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 82968576, "timestamp": "00:01:41.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 479232, "start_va": 1933770752, "type": "region", "version": 1 }, "end_va": 1934249983, "entry_point": 1934006480, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_1223", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1933770752, "timestamp": "00:01:41.847", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001224-addr_0x0000000007940000-size_0x00000000000d5000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_574", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 872448, "start_va": 127139840, "type": "region", "version": 1 }, "end_va": 128012287, "entry_point": 0, "filename": null, "id": "region_1224", "name": "private_0x0000000007940000", "norm_filename": null, "region_type": "private_memory", "start_va": 127139840, "timestamp": "00:01:41.850", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001225-addr_0x0000000007a20000-size_0x0000000000200000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_575", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2097152, "start_va": 128057344, "type": "region", "version": 1 }, "end_va": 130154495, "entry_point": 0, "filename": null, "id": "region_1225", "name": "private_0x0000000007a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 128057344, "timestamp": "00:01:41.850", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001226-addr_0x0000000007b00000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_576", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 128974848, "type": "region", "version": 1 }, "end_va": 130023423, "entry_point": 0, "filename": null, "id": "region_1226", "name": "private_0x0000000007b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 128974848, "timestamp": "00:01:41.851", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20705280, "start_va": 1953890304, "type": "region", "version": 1 }, "end_va": 1974595583, "entry_point": 1955700384, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_1227", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1953890304, "timestamp": "00:01:41.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5099520, "start_va": 1984757760, "type": "region", "version": 1 }, "end_va": 1989857279, "entry_point": 1986819168, "filename": "\\Windows\\SysWOW64\\windows.storage.dll", "id": "region_1228", "name": "windows.storage.dll", "norm_filename": "c:\\windows\\syswow64\\windows.storage.dll", "region_type": "memory_mapped_file", "start_va": 1984757760, "timestamp": "00:01:41.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1975779328, "type": "region", "version": 1 }, "end_va": 1976057855, "entry_point": 1975808640, "filename": "\\Windows\\SysWOW64\\powrprof.dll", "id": "region_1230", "name": "powrprof.dll", "norm_filename": "c:\\windows\\syswow64\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 1975779328, "timestamp": "00:01:41.940", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1996816384, "type": "region", "version": 1 }, "end_va": 1996877823, "entry_point": 1996828224, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_1231", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1996816384, "timestamp": "00:01:41.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 82968576, "type": "region", "version": 1 }, "end_va": 82972671, "entry_point": 0, "filename": null, "id": "region_1232", "name": "pagefile_0x0000000004f20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 82968576, "timestamp": "00:01:41.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 598016, "start_va": 1983578112, "type": "region", "version": 1 }, "end_va": 1984176127, "entry_point": 1983792336, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_1233", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1983578112, "timestamp": "00:01:41.953", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 954368, "start_va": 130023424, "type": "region", "version": 1 }, "end_va": 130977791, "entry_point": 130267536, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1234", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 130023424, "timestamp": "00:01:41.954", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001235-addr_0x0000000004f30000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_577", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 83034112, "type": "region", "version": 1 }, "end_va": 83038207, "entry_point": 83034112, "filename": "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat", "id": "region_1235", "name": "counters.dat", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat", "region_type": "memory_mapped_file", "start_va": 83034112, "timestamp": "00:01:41.957", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1984364544, "type": "region", "version": 1 }, "end_va": 1984741375, "entry_point": 1984364544, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_1236", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1984364544, "timestamp": "00:01:41.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1996750848, "type": "region", "version": 1 }, "end_va": 1996779519, "entry_point": 1996758336, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_1237", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1996750848, "timestamp": "00:01:41.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1928134656, "type": "region", "version": 1 }, "end_va": 1928204287, "entry_point": 1928134656, "filename": "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll", "id": "region_1238", "name": "ondemandconnroutehelper.dll", "norm_filename": "c:\\windows\\syswow64\\ondemandconnroutehelper.dll", "region_type": "memory_mapped_file", "start_va": 1928134656, "timestamp": "00:01:41.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 1932853248, "type": "region", "version": 1 }, "end_va": 1933049855, "entry_point": 1932872768, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_1239", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1932853248, "timestamp": "00:01:41.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1931935744, "type": "region", "version": 1 }, "end_va": 1931968511, "entry_point": 1931944000, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_1240", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1931935744, "timestamp": "00:01:41.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 1928265728, "type": "region", "version": 1 }, "end_va": 1928949759, "entry_point": 1928265728, "filename": "\\Windows\\SysWOW64\\winhttp.dll", "id": "region_1241", "name": "winhttp.dll", "norm_filename": "c:\\windows\\syswow64\\winhttp.dll", "region_type": "memory_mapped_file", "start_va": 1928265728, "timestamp": "00:01:42.001", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001242-addr_0x0000000004f40000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_578", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 83099648, "type": "region", "version": 1 }, "end_va": 83361791, "entry_point": 0, "filename": null, "id": "region_1242", "name": "private_0x0000000004f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 83099648, "timestamp": "00:01:42.016", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001243-addr_0x0000000006d90000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_579", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 114884608, "type": "region", "version": 1 }, "end_va": 115146751, "entry_point": 0, "filename": null, "id": "region_1243", "name": "private_0x0000000006d90000", "norm_filename": null, "region_type": "private_memory", "start_va": 114884608, "timestamp": "00:01:42.016", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001244-addr_0x000000007ea7a000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_580", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2124914688, "type": "region", "version": 1 }, "end_va": 2124926975, "entry_point": 0, "filename": null, "id": "region_1244", "name": "private_0x000000007ea7a000", "norm_filename": null, "region_type": "private_memory", "start_va": 2124914688, "timestamp": "00:01:42.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1927806976, "type": "region", "version": 1 }, "end_va": 1928126463, "entry_point": 1927806976, "filename": "\\Windows\\SysWOW64\\mswsock.dll", "id": "region_1245", "name": "mswsock.dll", "norm_filename": "c:\\windows\\syswow64\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1927806976, "timestamp": "00:01:42.020", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001246-addr_0x0000000007940000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_581", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 127139840, "type": "region", "version": 1 }, "end_va": 127401983, "entry_point": 0, "filename": null, "id": "region_1246", "name": "private_0x0000000007940000", "norm_filename": null, "region_type": "private_memory", "start_va": 127139840, "timestamp": "00:01:42.038", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001247-addr_0x0000000007980000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_582", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 127401984, "type": "region", "version": 1 }, "end_va": 127664127, "entry_point": 0, "filename": null, "id": "region_1247", "name": "private_0x0000000007980000", "norm_filename": null, "region_type": "private_memory", "start_va": 127401984, "timestamp": "00:01:42.038", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001248-addr_0x0000000007a10000-size_0x0000000000005000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_583", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 20480, "start_va": 127991808, "type": "region", "version": 1 }, "end_va": 128012287, "entry_point": 0, "filename": null, "id": "region_1248", "name": "private_0x0000000007a10000", "norm_filename": null, "region_type": "private_memory", "start_va": 127991808, "timestamp": "00:01:42.039", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001249-addr_0x000000007e938000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_584", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2123595776, "type": "region", "version": 1 }, "end_va": 2123608063, "entry_point": 0, "filename": null, "id": "region_1249", "name": "private_0x000000007e938000", "norm_filename": null, "region_type": "private_memory", "start_va": 2123595776, "timestamp": "00:01:42.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 83361792, "type": "region", "version": 1 }, "end_va": 83369983, "entry_point": 0, "filename": null, "id": "region_1250", "name": "pagefile_0x0000000004f80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 83361792, "timestamp": "00:01:42.048", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 83361792, "type": "region", "version": 1 }, "end_va": 83427327, "entry_point": 0, "filename": null, "id": "region_1251", "name": "pagefile_0x0000000004f80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 83361792, "timestamp": "00:01:42.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1926496256, "type": "region", "version": 1 }, "end_va": 1927036927, "entry_point": 1926496256, "filename": "\\Windows\\SysWOW64\\dnsapi.dll", "id": "region_1252", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1926496256, "timestamp": "00:01:42.062", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 83427328, "type": "region", "version": 1 }, "end_va": 83431423, "entry_point": 0, "filename": null, "id": "region_1253", "name": "pagefile_0x0000000004f90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 83427328, "timestamp": "00:01:42.106", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001261-addr_0x00000000055e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_585", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 90046464, "type": "region", "version": 1 }, "end_va": 90050559, "entry_point": 0, "filename": null, "id": "region_1261", "name": "private_0x00000000055e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 90046464, "timestamp": "00:01:42.270", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001267-addr_0x00000000079c0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_586", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 127664128, "type": "region", "version": 1 }, "end_va": 127926271, "entry_point": 0, "filename": null, "id": "region_1267", "name": "private_0x00000000079c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 127664128, "timestamp": "00:01:42.339", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001268-addr_0x0000000007a20000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_587", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 128057344, "type": "region", "version": 1 }, "end_va": 128319487, "entry_point": 0, "filename": null, "id": "region_1268", "name": "private_0x0000000007a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 128057344, "timestamp": "00:01:42.340", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001270-addr_0x000000007e935000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_588", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2123583488, "type": "region", "version": 1 }, "end_va": 2123595775, "entry_point": 0, "filename": null, "id": "region_1270", "name": "private_0x000000007e935000", "norm_filename": null, "region_type": "private_memory", "start_va": 2123583488, "timestamp": "00:01:42.349", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001273-addr_0x0000000007c00000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_589", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 130023424, "type": "region", "version": 1 }, "end_va": 131071999, "entry_point": 0, "filename": null, "id": "region_1273", "name": "private_0x0000000007c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 130023424, "timestamp": "00:01:42.386", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001276-addr_0x0000000007a60000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_590", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 128319488, "type": "region", "version": 1 }, "end_va": 128581631, "entry_point": 0, "filename": null, "id": "region_1276", "name": "private_0x0000000007a60000", "norm_filename": null, "region_type": "private_memory", "start_va": 128319488, "timestamp": "00:01:42.411", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001277-addr_0x0000000007aa0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_591", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 128581632, "type": "region", "version": 1 }, "end_va": 128843775, "entry_point": 0, "filename": null, "id": "region_1277", "name": "private_0x0000000007aa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 128581632, "timestamp": "00:01:42.412", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001279-addr_0x000000007e932000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_592", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2123571200, "type": "region", "version": 1 }, "end_va": 2123583487, "entry_point": 0, "filename": null, "id": "region_1279", "name": "private_0x000000007e932000", "norm_filename": null, "region_type": "private_memory", "start_va": 2123571200, "timestamp": "00:01:42.421", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001284-addr_0x0000000007d00000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_593", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 131072000, "type": "region", "version": 1 }, "end_va": 131334143, "entry_point": 0, "filename": null, "id": "region_1284", "name": "private_0x0000000007d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072000, "timestamp": "00:01:42.534", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001285-addr_0x0000000007d40000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_594", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 131334144, "type": "region", "version": 1 }, "end_va": 131596287, "entry_point": 0, "filename": null, "id": "region_1285", "name": "private_0x0000000007d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 131334144, "timestamp": "00:01:42.534", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001287-addr_0x000000007e92f000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_595", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2123558912, "type": "region", "version": 1 }, "end_va": 2123571199, "entry_point": 0, "filename": null, "id": "region_1287", "name": "private_0x000000007e92f000", "norm_filename": null, "region_type": "private_memory", "start_va": 2123558912, "timestamp": "00:01:42.542", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001289-addr_0x0000000006de0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_596", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 115212288, "type": "region", "version": 1 }, "end_va": 115220479, "entry_point": 0, "filename": null, "id": "region_1289", "name": "private_0x0000000006de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 115212288, "timestamp": "00:01:42.934", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001290-addr_0x0000000006de0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_597", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 115212288, "type": "region", "version": 1 }, "end_va": 115220479, "entry_point": 0, "filename": null, "id": "region_1290", "name": "private_0x0000000006de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 115212288, "timestamp": "00:01:42.947", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001291-addr_0x0000000006de0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_598", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 115212288, "type": "region", "version": 1 }, "end_va": 115220479, "entry_point": 0, "filename": null, "id": "region_1291", "name": "private_0x0000000006de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 115212288, "timestamp": "00:01:42.957", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001292-addr_0x0000000007a60000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_599", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 128319488, "type": "region", "version": 1 }, "end_va": 128581631, "entry_point": 0, "filename": null, "id": "region_1292", "name": "private_0x0000000007a60000", "norm_filename": null, "region_type": "private_memory", "start_va": 128319488, "timestamp": "00:01:43.406", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001293-addr_0x0000000007aa0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_600", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 128581632, "type": "region", "version": 1 }, "end_va": 128843775, "entry_point": 0, "filename": null, "id": "region_1293", "name": "private_0x0000000007aa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 128581632, "timestamp": "00:01:43.406", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001294-addr_0x000000007e932000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_601", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2123571200, "type": "region", "version": 1 }, "end_va": 2123583487, "entry_point": 0, "filename": null, "id": "region_1294", "name": "private_0x000000007e932000", "norm_filename": null, "region_type": "private_memory", "start_va": 2123571200, "timestamp": "00:01:43.407", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001295-addr_0x0000000006de0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_602", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 115212288, "type": "region", "version": 1 }, "end_va": 115220479, "entry_point": 0, "filename": null, "id": "region_1295", "name": "private_0x0000000006de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 115212288, "timestamp": "00:01:43.470", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001296-addr_0x0000000006de0000-size_0x0000000000017000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_603", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 94208, "start_va": 115212288, "type": "region", "version": 1 }, "end_va": 115306495, "entry_point": 0, "filename": null, "id": "region_1296", "name": "private_0x0000000006de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 115212288, "timestamp": "00:01:43.475", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001297-addr_0x0000000006de0000-size_0x0000000000016000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_604", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 90112, "start_va": 115212288, "type": "region", "version": 1 }, "end_va": 115302399, "entry_point": 0, "filename": null, "id": "region_1297", "name": "private_0x0000000006de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 115212288, "timestamp": "00:01:45.498", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001298-addr_0x0000000006de0000-size_0x0000000000016000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_605", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 90112, "start_va": 115212288, "type": "region", "version": 1 }, "end_va": 115302399, "entry_point": 0, "filename": null, "id": "region_1298", "name": "private_0x0000000006de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 115212288, "timestamp": "00:01:47.534", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001299-addr_0x0000000006de0000-size_0x0000000000016000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_606", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 90112, "start_va": 115212288, "type": "region", "version": 1 }, "end_va": 115302399, "entry_point": 0, "filename": null, "id": "region_1299", "name": "private_0x0000000006de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 115212288, "timestamp": "00:01:49.551", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001300-addr_0x0000000006de0000-size_0x0000000000016000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_607", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 90112, "start_va": 115212288, "type": "region", "version": 1 }, "end_va": 115302399, "entry_point": 0, "filename": null, "id": "region_1300", "name": "private_0x0000000006de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 115212288, "timestamp": "00:01:51.567", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001301-addr_0x0000000006de0000-size_0x0000000000016000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_608", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 90112, "start_va": 115212288, "type": "region", "version": 1 }, "end_va": 115302399, "entry_point": 0, "filename": null, "id": "region_1301", "name": "private_0x0000000006de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 115212288, "timestamp": "00:01:53.584", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001302-addr_0x0000000006de0000-size_0x0000000000016000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_609", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 90112, "start_va": 115212288, "type": "region", "version": 1 }, "end_va": 115302399, "entry_point": 0, "filename": null, "id": "region_1302", "name": "private_0x0000000006de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 115212288, "timestamp": "00:01:55.604", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001303-addr_0x0000000006de0000-size_0x0000000000016000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_610", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 90112, "start_va": 115212288, "type": "region", "version": 1 }, "end_va": 115302399, "entry_point": 0, "filename": null, "id": "region_1303", "name": "private_0x0000000006de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 115212288, "timestamp": "00:01:57.620", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001304-addr_0x0000000006de0000-size_0x0000000000016000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_611", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 90112, "start_va": 115212288, "type": "region", "version": 1 }, "end_va": 115302399, "entry_point": 0, "filename": null, "id": "region_1304", "name": "private_0x0000000006de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 115212288, "timestamp": "00:01:59.636", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001305-addr_0x0000000006de0000-size_0x0000000000016000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_612", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 90112, "start_va": 115212288, "type": "region", "version": 1 }, "end_va": 115302399, "entry_point": 0, "filename": null, "id": "region_1305", "name": "private_0x0000000006de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 115212288, "timestamp": "00:02:01.653", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\SysWOW64\\svchost.exe -k netsvcs", "filename": "c:\\windows\\syswow64\\svchost.exe", "id": "proc_6", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 6, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3649535, "entry_point": 3614496, "filename": "\\Windows\\SysWOW64\\svchost.exe", "id": "region_1125", "name": "svchost.exe", "norm_filename": "c:\\windows\\syswow64\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 3604480, "timestamp": "00:01:41.423", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "" ], "ref_process_dump": null, "size": 67108864, "start_va": 7667712, "type": "region", "version": 1 }, "end_va": 74776575, "entry_point": 0, "filename": null, "id": "region_1126", "name": "pagefile_0x0000000000750000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7667712, "timestamp": "00:01:41.425", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001127-addr_0x0000000004750000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_528", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 74776576, "type": "region", "version": 1 }, "end_va": 74907647, "entry_point": 0, "filename": null, "id": "region_1127", "name": "private_0x0000000004750000", "norm_filename": null, "region_type": "private_memory", "start_va": 74776576, "timestamp": "00:01:41.426", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001128-addr_0x0000000004770000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_529", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 74907648, "type": "region", "version": 1 }, "end_va": 74915839, "entry_point": 0, "filename": null, "id": "region_1128", "name": "private_0x0000000004770000", "norm_filename": null, "region_type": "private_memory", "start_va": 74907648, "timestamp": "00:01:41.426", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 74973184, "type": "region", "version": 1 }, "end_va": 75055103, "entry_point": 0, "filename": null, "id": "region_1129", "name": "pagefile_0x0000000004780000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 74973184, "timestamp": "00:01:41.426", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001130-addr_0x00000000047a0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_530", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 75104256, "type": "region", "version": 1 }, "end_va": 75366399, "entry_point": 0, "filename": null, "id": "region_1130", "name": "private_0x00000000047a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 75104256, "timestamp": "00:01:41.426", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001131-addr_0x00000000047e0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_531", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 75366400, "type": "region", "version": 1 }, "end_va": 75628543, "entry_point": 0, "filename": null, "id": "region_1131", "name": "private_0x00000000047e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 75366400, "timestamp": "00:01:41.426", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 75628544, "type": "region", "version": 1 }, "end_va": 75644927, "entry_point": 0, "filename": null, "id": "region_1132", "name": "pagefile_0x0000000004820000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 75628544, "timestamp": "00:01:41.426", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 75694080, "type": "region", "version": 1 }, "end_va": 75698175, "entry_point": 0, "filename": null, "id": "region_1133", "name": "pagefile_0x0000000004830000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 75694080, "timestamp": "00:01:41.426", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001134-addr_0x0000000004840000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_532", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 75759616, "type": "region", "version": 1 }, "end_va": 75767807, "entry_point": 0, "filename": null, "id": "region_1134", "name": "private_0x0000000004840000", "norm_filename": null, "region_type": "private_memory", "start_va": 75759616, "timestamp": "00:01:41.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1544192, "start_va": 1998127104, "type": "region", "version": 1 }, "end_va": 1999671295, "entry_point": 1998127104, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1135", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1998127104, "timestamp": "00:01:41.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2124939264, "type": "region", "version": 1 }, "end_va": 2125082623, "entry_point": 0, "filename": null, "id": "region_1136", "name": "pagefile_0x000000007ea80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2124939264, "timestamp": "00:01:41.427", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001137-addr_0x000000007eaa5000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_533", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2125090816, "type": "region", "version": 1 }, "end_va": 2125094911, "entry_point": 0, "filename": null, "id": "region_1137", "name": "private_0x000000007eaa5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2125090816, "timestamp": "00:01:41.428", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001138-addr_0x000000007eaa6000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_534", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2125094912, "type": "region", "version": 1 }, "end_va": 2125099007, "entry_point": 0, "filename": null, "id": "region_1138", "name": "private_0x000000007eaa6000", "norm_filename": null, "region_type": "private_memory", "start_va": 2125094912, "timestamp": "00:01:41.428", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001139-addr_0x000000007eaad000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_535", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2125123584, "type": "region", "version": 1 }, "end_va": 2125135871, "entry_point": 0, "filename": null, "id": "region_1139", "name": "private_0x000000007eaad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2125123584, "timestamp": "00:01:41.428", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001140-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_536", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1140", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:41.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 138515869466624, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 138518016884735, "entry_point": 0, "filename": null, "id": "region_1141", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:41.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "" ], "ref_process_dump": null, "size": 2199023255552, "start_va": 138518016884736, "type": "region", "version": 1 }, "end_va": 140717040140287, "entry_point": 0, "filename": null, "id": "region_1142", "name": "pagefile_0x00007dfb3d310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 138518016884736, "timestamp": "00:01:41.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1843200, "start_va": 140717040140288, "type": "region", "version": 1 }, "end_va": 140717041983487, "entry_point": 140717040140288, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1143", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140717040140288, "timestamp": "00:01:41.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20446306304, "start_va": 140717041983488, "type": "region", "version": 1 }, "end_va": 140737488289791, "entry_point": 0, "filename": null, "id": "region_1144", "name": "private_0x00007ffb3d4d2000", "norm_filename": null, "region_type": "private_memory", "start_va": 140717041983488, "timestamp": "00:01:41.429", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001145-addr_0x0000000004850000-size_0x0000000000020000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_537", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 75825152, "type": "region", "version": 1 }, "end_va": 75956223, "entry_point": 0, "filename": null, "id": "region_1145", "name": "private_0x0000000004850000", "norm_filename": null, "region_type": "private_memory", "start_va": 75825152, "timestamp": "00:01:41.430", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001149-addr_0x0000000004870000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_539", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 75956224, "type": "region", "version": 1 }, "end_va": 76218367, "entry_point": 0, "filename": null, "id": "region_1149", "name": "private_0x0000000004870000", "norm_filename": null, "region_type": "private_memory", "start_va": 75956224, "timestamp": "00:01:41.484", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001150-addr_0x00000000048b0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_540", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 76218368, "type": "region", "version": 1 }, "end_va": 76480511, "entry_point": 0, "filename": null, "id": "region_1150", "name": "private_0x00000000048b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 76218368, "timestamp": "00:01:41.484", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001151-addr_0x0000000004990000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_541", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 77135872, "type": "region", "version": 1 }, "end_va": 77164543, "entry_point": 0, "filename": null, "id": "region_1151", "name": "private_0x0000000004990000", "norm_filename": null, "region_type": "private_memory", "start_va": 77135872, "timestamp": "00:01:41.484", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001152-addr_0x0000000004a00000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_542", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 77594624, "type": "region", "version": 1 }, "end_va": 78643199, "entry_point": 0, "filename": null, "id": "region_1152", "name": "private_0x0000000004a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 77594624, "timestamp": "00:01:41.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 471040, "start_va": 1553989632, "type": "region", "version": 1 }, "end_va": 1554460671, "entry_point": 1554067280, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1153", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1553989632, "timestamp": "00:01:41.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1554513920, "type": "region", "version": 1 }, "end_va": 1554837503, "entry_point": 1554606816, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1154", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1554513920, "timestamp": "00:01:41.486", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001155-addr_0x000000007eaaa000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_543", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2125111296, "type": "region", "version": 1 }, "end_va": 2125123583, "entry_point": 0, "filename": null, "id": "region_1155", "name": "private_0x000000007eaaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2125111296, "timestamp": "00:01:41.486", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001156-addr_0x0000000004960000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_544", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 76939264, "type": "region", "version": 1 }, "end_va": 76955647, "entry_point": 0, "filename": null, "id": "region_1156", "name": "private_0x0000000004960000", "norm_filename": null, "region_type": "private_memory", "start_va": 76939264, "timestamp": "00:01:41.494", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1553924096, "type": "region", "version": 1 }, "end_va": 1553956863, "entry_point": 1553929312, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1157", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1553924096, "timestamp": "00:01:41.494", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 74776576, "type": "region", "version": 1 }, "end_va": 74842111, "entry_point": 0, "filename": null, "id": "region_1158", "name": "pagefile_0x0000000004750000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 74776576, "timestamp": "00:01:41.509", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001159-addr_0x00000000048f0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_545", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 76480512, "type": "region", "version": 1 }, "end_va": 76742655, "entry_point": 0, "filename": null, "id": "region_1159", "name": "private_0x00000000048f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 76480512, "timestamp": "00:01:41.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 77201408, "type": "region", "version": 1 }, "end_va": 77463551, "entry_point": 0, "filename": null, "id": "region_1160", "name": "private_0x00000000049a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 77201408, "timestamp": "00:01:41.510", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001161-addr_0x0000000004b00000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_546", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 78643200, "type": "region", "version": 1 }, "end_va": 79691775, "entry_point": 0, "filename": null, "id": "region_1161", "name": "private_0x0000000004b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 78643200, "timestamp": "00:01:41.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 778240, "start_va": 79691776, "type": "region", "version": 1 }, "end_va": 80470015, "entry_point": 79691776, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1162", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 79691776, "timestamp": "00:01:41.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1948450816, "type": "region", "version": 1 }, "end_va": 1948815359, "entry_point": 1948683456, "filename": "\\Windows\\SysWOW64\\bcryptprimitives.dll", "id": "region_1163", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\syswow64\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 1948450816, "timestamp": "00:01:41.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1948844032, "type": "region", "version": 1 }, "end_va": 1948884991, "entry_point": 1948854944, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1164", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1948844032, "timestamp": "00:01:41.511", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 1948909568, "type": "region", "version": 1 }, "end_va": 1949032447, "entry_point": 1948956224, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1165", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1948909568, "timestamp": "00:01:41.512", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1978073088, "type": "region", "version": 1 }, "end_va": 1978777599, "entry_point": 1978283696, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1166", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978073088, "timestamp": "00:01:41.512", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 1978793984, "type": "region", "version": 1 }, "end_va": 1980325887, "entry_point": 1979435424, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1167", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1978793984, "timestamp": "00:01:41.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1980366848, "type": "region", "version": 1 }, "end_va": 1980641279, "entry_point": 1980429680, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1168", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1980366848, "timestamp": "00:01:41.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1992032256, "type": "region", "version": 1 }, "end_va": 1993015295, "entry_point": 1992112080, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1169", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1992032256, "timestamp": "00:01:41.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2123890688, "type": "region", "version": 1 }, "end_va": 2124939263, "entry_point": 0, "filename": null, "id": "region_1170", "name": "pagefile_0x000000007e980000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2123890688, "timestamp": "00:01:41.514", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001171-addr_0x000000007eaa7000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_547", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2125099008, "type": "region", "version": 1 }, "end_va": 2125111295, "entry_point": 0, "filename": null, "id": "region_1171", "name": "private_0x000000007eaa7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2125099008, "timestamp": "00:01:41.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1310720, "start_va": 1951399936, "type": "region", "version": 1 }, "end_va": 1952710655, "entry_point": 1951466112, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1178", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1951399936, "timestamp": "00:01:41.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1363968, "start_va": 1989869568, "type": "region", "version": 1 }, "end_va": 1991233535, "entry_point": 1990600144, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1179", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1989869568, "timestamp": "00:01:41.592", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 172032, "start_va": 76742656, "type": "region", "version": 1 }, "end_va": 76914687, "entry_point": 76763824, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1180", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 76742656, "timestamp": "00:01:41.595", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 80478208, "type": "region", "version": 1 }, "end_va": 82083839, "entry_point": 0, "filename": null, "id": "region_1181", "name": "pagefile_0x0000000004cc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 80478208, "timestamp": "00:01:41.595", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 1953693696, "type": "region", "version": 1 }, "end_va": 1953869823, "entry_point": 1953714864, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1182", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1953693696, "timestamp": "00:01:41.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1179648, "start_va": 1996947456, "type": "region", "version": 1 }, "end_va": 1998127103, "entry_point": 1997227744, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1183", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1996947456, "timestamp": "00:01:41.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1974992896, "type": "region", "version": 1 }, "end_va": 1975771135, "entry_point": 1975211568, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1184", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1974992896, "timestamp": "00:01:41.599", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001185-addr_0x0000000004e50000-size_0x00000000001b5000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_553", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1789952, "start_va": 82116608, "type": "region", "version": 1 }, "end_va": 83906559, "entry_point": 0, "filename": null, "id": "region_1185", "name": "private_0x0000000004e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 82116608, "timestamp": "00:01:41.601", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001186-addr_0x0000000005010000-size_0x0000000000200000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_554", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2097152, "start_va": 83951616, "type": "region", "version": 1 }, "end_va": 86048767, "entry_point": 0, "filename": null, "id": "region_1186", "name": "private_0x0000000005010000", "norm_filename": null, "region_type": "private_memory", "start_va": 83951616, "timestamp": "00:01:41.602", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001187-addr_0x0000000005100000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_555", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 84934656, "type": "region", "version": 1 }, "end_va": 85983231, "entry_point": 0, "filename": null, "id": "region_1187", "name": "private_0x0000000005100000", "norm_filename": null, "region_type": "private_memory", "start_va": 84934656, "timestamp": "00:01:41.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 74842112, "type": "region", "version": 1 }, "end_va": 74846207, "entry_point": 74842112, "filename": "\\Windows\\SysWOW64\\en-US\\svchost.exe.mui", "id": "region_1188", "name": "svchost.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\svchost.exe.mui", "region_type": "memory_mapped_file", "start_va": 74842112, "timestamp": "00:01:41.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 82116608, "type": "region", "version": 1 }, "end_va": 83693567, "entry_point": 0, "filename": null, "id": "region_1189", "name": "pagefile_0x0000000004e50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 82116608, "timestamp": "00:01:41.608", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001190-addr_0x0000000005000000-size_0x0000000000005000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_556", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 20480, "start_va": 83886080, "type": "region", "version": 1 }, "end_va": 83906559, "entry_point": 0, "filename": null, "id": "region_1190", "name": "private_0x0000000005000000", "norm_filename": null, "region_type": "private_memory", "start_va": 83886080, "timestamp": "00:01:41.609", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 85983232, "type": "region", "version": 1 }, "end_va": 106954751, "entry_point": 0, "filename": null, "id": "region_1191", "name": "pagefile_0x0000000005200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 85983232, "timestamp": "00:01:41.609", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001192-addr_0x0000000004770000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_557", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 74907648, "type": "region", "version": 1 }, "end_va": 74911743, "entry_point": 0, "filename": null, "id": "region_1192", "name": "private_0x0000000004770000", "norm_filename": null, "region_type": "private_memory", "start_va": 74907648, "timestamp": "00:01:41.611", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001193-addr_0x0000000004930000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_558", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 76742656, "type": "region", "version": 1 }, "end_va": 76746751, "entry_point": 0, "filename": null, "id": "region_1193", "name": "private_0x0000000004930000", "norm_filename": null, "region_type": "private_memory", "start_va": 76742656, "timestamp": "00:01:41.612", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001194-addr_0x0000000005030000-size_0x0000000000004000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_559", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 84082688, "type": "region", "version": 1 }, "end_va": 84099071, "entry_point": 0, "filename": null, "id": "region_1194", "name": "private_0x0000000005030000", "norm_filename": null, "region_type": "private_memory", "start_va": 84082688, "timestamp": "00:01:41.613", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001195-addr_0x0000000006600000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_560", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 106954752, "type": "region", "version": 1 }, "end_va": 108003327, "entry_point": 0, "filename": null, "id": "region_1195", "name": "private_0x0000000006600000", "norm_filename": null, "region_type": "private_memory", "start_va": 106954752, "timestamp": "00:01:41.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1976827904, "type": "region", "version": 1 }, "end_va": 1977331711, "entry_point": 1976951728, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1196", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1976827904, "timestamp": "00:01:41.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1933443072, "type": "region", "version": 1 }, "end_va": 1933520895, "entry_point": 1933481216, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_1197", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1933443072, "timestamp": "00:01:41.618", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1934950400, "type": "region", "version": 1 }, "end_va": 1935060991, "entry_point": 1934987280, "filename": "\\Windows\\SysWOW64\\bcrypt.dll", "id": "region_1198", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\syswow64\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 1934950400, "timestamp": "00:01:41.620", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 1933246464, "type": "region", "version": 1 }, "end_va": 1933438975, "entry_point": 1933350192, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_1199", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1933246464, "timestamp": "00:01:41.622", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3371008, "start_va": 108003328, "type": "region", "version": 1 }, "end_va": 111374335, "entry_point": 108003328, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1200", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 108003328, "timestamp": "00:01:41.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1977352192, "type": "region", "version": 1 }, "end_va": 1977630719, "entry_point": 1977473040, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1201", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1977352192, "timestamp": "00:01:41.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1810432, "start_va": 1993277440, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1994181552, "filename": "\\Windows\\SysWOW64\\combase.dll", "id": "region_1202", "name": "combase.dll", "norm_filename": "c:\\windows\\syswow64\\combase.dll", "region_type": "memory_mapped_file", "start_va": 1993277440, "timestamp": "00:01:41.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1984233472, "type": "region", "version": 1 }, "end_va": 1984258047, "entry_point": 1984238720, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_1209", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1984233472, "timestamp": "00:01:41.693", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001210-addr_0x0000000004940000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_565", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 76808192, "type": "region", "version": 1 }, "end_va": 76812287, "entry_point": 0, "filename": null, "id": "region_1210", "name": "private_0x0000000004940000", "norm_filename": null, "region_type": "private_memory", "start_va": 76808192, "timestamp": "00:01:41.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1942224896, "type": "region", "version": 1 }, "end_va": 1942265855, "entry_point": 1942237696, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_1211", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1942224896, "timestamp": "00:01:41.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 163840, "start_va": 1931411456, "type": "region", "version": 1 }, "end_va": 1931575295, "entry_point": 1931442304, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_1212", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1931411456, "timestamp": "00:01:41.703", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001213-addr_0x0000000004950000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_566", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 76873728, "type": "region", "version": 1 }, "end_va": 76877823, "entry_point": 0, "filename": null, "id": "region_1213", "name": "private_0x0000000004950000", "norm_filename": null, "region_type": "private_memory", "start_va": 76873728, "timestamp": "00:01:41.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 84148224, "type": "region", "version": 1 }, "end_va": 84410367, "entry_point": 0, "filename": null, "id": "region_1306", "name": "private_0x0000000005040000", "norm_filename": null, "region_type": "private_memory", "start_va": 84148224, "timestamp": "00:02:02.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 84410368, "type": "region", "version": 1 }, "end_va": 84672511, "entry_point": 0, "filename": null, "id": "region_1307", "name": "private_0x0000000005080000", "norm_filename": null, "region_type": "private_memory", "start_va": 84410368, "timestamp": "00:02:02.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 84672512, "type": "region", "version": 1 }, "end_va": 84934655, "entry_point": 0, "filename": null, "id": "region_1308", "name": "private_0x00000000050c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 84672512, "timestamp": "00:02:02.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 111411200, "type": "region", "version": 1 }, "end_va": 112459775, "entry_point": 0, "filename": null, "id": "region_1309", "name": "private_0x0000000006a40000", "norm_filename": null, "region_type": "private_memory", "start_va": 111411200, "timestamp": "00:02:02.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 112459776, "type": "region", "version": 1 }, "end_va": 113508351, "entry_point": 0, "filename": null, "id": "region_1310", "name": "private_0x0000000006b40000", "norm_filename": null, "region_type": "private_memory", "start_va": 112459776, "timestamp": "00:02:02.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 113508352, "type": "region", "version": 1 }, "end_va": 114556927, "entry_point": 0, "filename": null, "id": "region_1311", "name": "private_0x0000000006c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 113508352, "timestamp": "00:02:02.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 114556928, "type": "region", "version": 1 }, "end_va": 114819071, "entry_point": 0, "filename": null, "id": "region_1312", "name": "private_0x0000000006d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 114556928, "timestamp": "00:02:02.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 114819072, "type": "region", "version": 1 }, "end_va": 115867647, "entry_point": 0, "filename": null, "id": "region_1313", "name": "private_0x0000000006d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 114819072, "timestamp": "00:02:02.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 115867648, "type": "region", "version": 1 }, "end_va": 116129791, "entry_point": 0, "filename": null, "id": "region_1314", "name": "private_0x0000000006e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 115867648, "timestamp": "00:02:02.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 116129792, "type": "region", "version": 1 }, "end_va": 117178367, "entry_point": 0, "filename": null, "id": "region_1315", "name": "private_0x0000000006ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 116129792, "timestamp": "00:02:02.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 117178368, "type": "region", "version": 1 }, "end_va": 117440511, "entry_point": 0, "filename": null, "id": "region_1316", "name": "private_0x0000000006fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 117178368, "timestamp": "00:02:02.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 117440512, "type": "region", "version": 1 }, "end_va": 118489087, "entry_point": 0, "filename": null, "id": "region_1317", "name": "private_0x0000000007000000", "norm_filename": null, "region_type": "private_memory", "start_va": 117440512, "timestamp": "00:02:02.507", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001318-addr_0x000000007e96e000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_613", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2123816960, "type": "region", "version": 1 }, "end_va": 2123829247, "entry_point": 0, "filename": null, "id": "region_1318", "name": "private_0x000000007e96e000", "norm_filename": null, "region_type": "private_memory", "start_va": 2123816960, "timestamp": "00:02:02.507", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001319-addr_0x000000007e971000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_614", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2123829248, "type": "region", "version": 1 }, "end_va": 2123841535, "entry_point": 0, "filename": null, "id": "region_1319", "name": "private_0x000000007e971000", "norm_filename": null, "region_type": "private_memory", "start_va": 2123829248, "timestamp": "00:02:02.507", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001320-addr_0x000000007e974000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_615", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2123841536, "type": "region", "version": 1 }, "end_va": 2123853823, "entry_point": 0, "filename": null, "id": "region_1320", "name": "private_0x000000007e974000", "norm_filename": null, "region_type": "private_memory", "start_va": 2123841536, "timestamp": "00:02:02.507", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001321-addr_0x000000007e977000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_616", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2123853824, "type": "region", "version": 1 }, "end_va": 2123866111, "entry_point": 0, "filename": null, "id": "region_1321", "name": "private_0x000000007e977000", "norm_filename": null, "region_type": "private_memory", "start_va": 2123853824, "timestamp": "00:02:02.508", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001322-addr_0x000000007e97a000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_617", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2123866112, "type": "region", "version": 1 }, "end_va": 2123878399, "entry_point": 0, "filename": null, "id": "region_1322", "name": "private_0x000000007e97a000", "norm_filename": null, "region_type": "private_memory", "start_va": 2123866112, "timestamp": "00:02:02.508", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001323-addr_0x000000007e97d000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_618", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2123878400, "type": "region", "version": 1 }, "end_va": 2123890687, "entry_point": 0, "filename": null, "id": "region_1323", "name": "private_0x000000007e97d000", "norm_filename": null, "region_type": "private_memory", "start_va": 2123878400, "timestamp": "00:02:02.508", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001324-addr_0x0000000004870000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_619", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 75956224, "type": "region", "version": 1 }, "end_va": 75964415, "entry_point": 0, "filename": null, "id": "region_1324", "name": "private_0x0000000004870000", "norm_filename": null, "region_type": "private_memory", "start_va": 75956224, "timestamp": "00:02:02.509", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001325-addr_0x0000000004870000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_620", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 75956224, "type": "region", "version": 1 }, "end_va": 75964415, "entry_point": 0, "filename": null, "id": "region_1325", "name": "private_0x0000000004870000", "norm_filename": null, "region_type": "private_memory", "start_va": 75956224, "timestamp": "00:02:02.525", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001326-addr_0x0000000004870000-size_0x0000000000063000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_621", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 405504, "start_va": 75956224, "type": "region", "version": 1 }, "end_va": 76361727, "entry_point": 0, "filename": null, "id": "region_1326", "name": "private_0x0000000004870000", "norm_filename": null, "region_type": "private_memory", "start_va": 75956224, "timestamp": "00:02:02.530", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\containers.exe\" ", "filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\containers.exe", "id": "proc_7", "image_name": "containers.exe", "monitor_reason": "autostart", "monitored_id": 7, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1327", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:02:46.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1328", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:02:46.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1329", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:02:46.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 655359, "entry_point": 0, "filename": null, "id": "region_1330", "name": "private_0x0000000000060000", "norm_filename": null, "region_type": "private_memory", "start_va": 393216, "timestamp": "00:02:46.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 1703935, "entry_point": 0, "filename": null, "id": "region_1331", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:02:46.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1720319, "entry_point": 0, "filename": null, "id": "region_1332", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:02:46.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_1333", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:02:46.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1843199, "entry_point": 0, "filename": null, "id": "region_1334", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:02:46.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 430080, "start_va": 549978112, "type": "region", "version": 1 }, "end_va": 550408191, "entry_point": 549978112, "filename": "\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\containers.exe", "id": "region_1335", "name": "containers.exe", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\containers.exe", "region_type": "memory_mapped_file", "start_va": 549978112, "timestamp": "00:02:46.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1544192, "start_va": 2004484096, "type": "region", "version": 1 }, "end_va": 2006028287, "entry_point": 2004484096, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1336", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2004484096, "timestamp": "00:02:46.200", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1337", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:02:46.288", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_1338", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:02:46.288", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_1339", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:02:46.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1340", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:02:46.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1341", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:46.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 140727164338176, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 140729311756287, "entry_point": 0, "filename": null, "id": "region_1342", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:02:46.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1843200, "start_va": 140729311756288, "type": "region", "version": 1 }, "end_va": 140729313599487, "entry_point": 140729311756288, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1343", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729311756288, "timestamp": "00:02:46.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8174690304, "start_va": 140729313599488, "type": "region", "version": 1 }, "end_va": 140737488289791, "entry_point": 0, "filename": null, "id": "region_1344", "name": "private_0x00007ffe18bf2000", "norm_filename": null, "region_type": "private_memory", "start_va": 140729313599488, "timestamp": "00:02:46.374", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3276799, "entry_point": 0, "filename": null, "id": "region_1483", "name": "private_0x0000000000310000", "norm_filename": null, "region_type": "private_memory", "start_va": 3211264, "timestamp": "00:02:48.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1478230016, "type": "region", "version": 1 }, "end_va": 1478553599, "entry_point": 1478230016, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1484", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1478230016, "timestamp": "00:02:48.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 471040, "start_va": 1478557696, "type": "region", "version": 1 }, "end_va": 1479028735, "entry_point": 1478557696, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1485", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1478557696, "timestamp": "00:02:48.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1478164480, "type": "region", "version": 1 }, "end_va": 1478197247, "entry_point": 1478164480, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1486", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1478164480, "timestamp": "00:02:48.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5046272, "type": "region", "version": 1 }, "end_va": 6094847, "entry_point": 0, "filename": null, "id": "region_1487", "name": "private_0x00000000004d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5046272, "timestamp": "00:02:48.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1956184064, "type": "region", "version": 1 }, "end_va": 1957167103, "entry_point": 1956184064, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1488", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1956184064, "timestamp": "00:02:48.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 1978073088, "type": "region", "version": 1 }, "end_va": 1979604991, "entry_point": 1978073088, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1489", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1978073088, "timestamp": "00:02:48.753", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1490", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:02:49.445", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 147455, "entry_point": 0, "filename": null, "id": "region_1491", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:02:49.445", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 778240, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2678783, "entry_point": 1900544, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1492", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1900544, "timestamp": "00:02:49.445", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_1493", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:02:49.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 3211263, "entry_point": 0, "filename": null, "id": "region_1494", "name": "private_0x00000000002d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2949120, "timestamp": "00:02:49.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 4325375, "entry_point": 0, "filename": null, "id": "region_1495", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:02:49.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 7143423, "entry_point": 0, "filename": null, "id": "region_1496", "name": "private_0x00000000005d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6094848, "timestamp": "00:02:49.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1951989760, "type": "region", "version": 1 }, "end_va": 1952071679, "entry_point": 1951989760, "filename": "\\Windows\\SysWOW64\\samcli.dll", "id": "region_1497", "name": "samcli.dll", "norm_filename": "c:\\windows\\syswow64\\samcli.dll", "region_type": "memory_mapped_file", "start_va": 1951989760, "timestamp": "00:02:49.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1952120832, "type": "region", "version": 1 }, "end_va": 1952161791, "entry_point": 1952120832, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_1498", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1952120832, "timestamp": "00:02:49.451", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1952186368, "type": "region", "version": 1 }, "end_va": 1952219135, "entry_point": 1952186368, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_1499", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1952186368, "timestamp": "00:02:49.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1952251904, "type": "region", "version": 1 }, "end_va": 1952292863, "entry_point": 1952251904, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_1500", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1952251904, "timestamp": "00:02:49.460", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1952317440, "type": "region", "version": 1 }, "end_va": 1952432127, "entry_point": 1952317440, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_1501", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1952317440, "timestamp": "00:02:49.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1952448512, "type": "region", "version": 1 }, "end_va": 1952514047, "entry_point": 1952448512, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_1502", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1952448512, "timestamp": "00:02:49.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1952514048, "type": "region", "version": 1 }, "end_va": 1952624639, "entry_point": 1952514048, "filename": "\\Windows\\SysWOW64\\bcrypt.dll", "id": "region_1503", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\syswow64\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 1952514048, "timestamp": "00:02:49.471", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 1952645120, "type": "region", "version": 1 }, "end_va": 1952841727, "entry_point": 1952645120, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_1504", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1952645120, "timestamp": "00:02:49.475", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1952841728, "type": "region", "version": 1 }, "end_va": 1952919551, "entry_point": 1952841728, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_1505", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1952841728, "timestamp": "00:02:49.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 598016, "start_va": 1952972800, "type": "region", "version": 1 }, "end_va": 1953570815, "entry_point": 1952972800, "filename": "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll", "id": "region_1506", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1952972800, "timestamp": "00:02:49.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 1953628160, "type": "region", "version": 1 }, "end_va": 1954050047, "entry_point": 1953628160, "filename": "\\Windows\\SysWOW64\\winspool.drv", "id": "region_1507", "name": "winspool.drv", "norm_filename": "c:\\windows\\syswow64\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 1953628160, "timestamp": "00:02:49.534", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1954807808, "type": "region", "version": 1 }, "end_va": 1955172351, "entry_point": 1954807808, "filename": "\\Windows\\SysWOW64\\bcryptprimitives.dll", "id": "region_1508", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\syswow64\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 1954807808, "timestamp": "00:02:49.539", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1955201024, "type": "region", "version": 1 }, "end_va": 1955241983, "entry_point": 1955201024, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1509", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1955201024, "timestamp": "00:02:49.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 1955266560, "type": "region", "version": 1 }, "end_va": 1955389439, "entry_point": 1955266560, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1510", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1955266560, "timestamp": "00:02:49.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1955397632, "type": "region", "version": 1 }, "end_va": 1956175871, "entry_point": 1955397632, "filename": "\\Windows\\SysWOW64\\comdlg32.dll", "id": "region_1511", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\syswow64\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 1955397632, "timestamp": "00:02:49.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1957167104, "type": "region", "version": 1 }, "end_va": 1957871615, "entry_point": 1957167104, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1512", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1957167104, "timestamp": "00:02:49.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1959423999, "entry_point": 1959395328, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_1513", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:02:49.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1363968, "start_va": 1959854080, "type": "region", "version": 1 }, "end_va": 1961218047, "entry_point": 1959854080, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1514", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1959854080, "timestamp": "00:02:49.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5099520, "start_va": 1961230336, "type": "region", "version": 1 }, "end_va": 1966329855, "entry_point": 1961230336, "filename": "\\Windows\\SysWOW64\\windows.storage.dll", "id": "region_1515", "name": "windows.storage.dll", "norm_filename": "c:\\windows\\syswow64\\windows.storage.dll", "region_type": "memory_mapped_file", "start_va": 1961230336, "timestamp": "00:02:49.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1966735360, "type": "region", "version": 1 }, "end_va": 1967009791, "entry_point": 1966735360, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1516", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1966735360, "timestamp": "00:02:49.631", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967841279, "entry_point": 1967063040, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1517", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:02:49.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1967915008, "type": "region", "version": 1 }, "end_va": 1968193535, "entry_point": 1967915008, "filename": "\\Windows\\SysWOW64\\powrprof.dll", "id": "region_1518", "name": "powrprof.dll", "norm_filename": "c:\\windows\\syswow64\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 1967915008, "timestamp": "00:02:49.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 958464, "start_va": 1969815552, "type": "region", "version": 1 }, "end_va": 1970774015, "entry_point": 1969815552, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1519", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1969815552, "timestamp": "00:02:49.651", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1971761151, "entry_point": 1971257344, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1520", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:02:49.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1972764672, "type": "region", "version": 1 }, "end_va": 1972813823, "entry_point": 1972764672, "filename": "\\Windows\\SysWOW64\\kernel.appcore.dll", "id": "region_1521", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\syswow64\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 1972764672, "timestamp": "00:02:49.849", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 577536, "start_va": 1973420032, "type": "region", "version": 1 }, "end_va": 1973997567, "entry_point": 1973420032, "filename": "\\Windows\\SysWOW64\\SHCore.dll", "id": "region_1522", "name": "shcore.dll", "norm_filename": "c:\\windows\\syswow64\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 1973420032, "timestamp": "00:02:49.855", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1810432, "start_va": 1974009856, "type": "region", "version": 1 }, "end_va": 1975820287, "entry_point": 1974009856, "filename": "\\Windows\\SysWOW64\\combase.dll", "id": "region_1523", "name": "combase.dll", "norm_filename": "c:\\windows\\syswow64\\combase.dll", "region_type": "memory_mapped_file", "start_va": 1974009856, "timestamp": "00:02:49.860", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1975906303, "entry_point": 1975844864, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_1524", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:02:50.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1310720, "start_va": 1976107008, "type": "region", "version": 1 }, "end_va": 1977417727, "entry_point": 1976107008, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1525", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1976107008, "timestamp": "00:02:50.188", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20705280, "start_va": 1980039168, "type": "region", "version": 1 }, "end_va": 2000744447, "entry_point": 1980039168, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_1526", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1980039168, "timestamp": "00:02:50.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001027071, "entry_point": 2000748544, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1527", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:02:51.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2146107392, "type": "region", "version": 1 }, "end_va": 2147155967, "entry_point": 0, "filename": null, "id": "region_1528", "name": "pagefile_0x000000007feb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2146107392, "timestamp": "00:02:51.265", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2147307520, "type": "region", "version": 1 }, "end_va": 2147319807, "entry_point": 0, "filename": null, "id": "region_1529", "name": "private_0x000000007ffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147307520, "timestamp": "00:02:51.266", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2147319808, "type": "region", "version": 1 }, "end_va": 2147332095, "entry_point": 0, "filename": null, "id": "region_1530", "name": "private_0x000000007ffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147319808, "timestamp": "00:02:51.266", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7143424, "type": "region", "version": 1 }, "end_va": 8749055, "entry_point": 0, "filename": null, "id": "region_1531", "name": "pagefile_0x00000000006d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7143424, "timestamp": "00:02:51.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 10223616, "type": "region", "version": 1 }, "end_va": 10289151, "entry_point": 0, "filename": null, "id": "region_1532", "name": "private_0x00000000009c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10223616, "timestamp": "00:02:51.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 1975910400, "type": "region", "version": 1 }, "end_va": 1976086527, "entry_point": 1975910400, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1533", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1975910400, "timestamp": "00:02:51.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1179648, "start_va": 2003304448, "type": "region", "version": 1 }, "end_va": 2004484095, "entry_point": 2003304448, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1534", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 2003304448, "timestamp": "00:02:51.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_1535", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:02:51.338", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4329471, "entry_point": 0, "filename": null, "id": "region_1536", "name": "private_0x0000000000420000", "norm_filename": null, "region_type": "private_memory", "start_va": 4325376, "timestamp": "00:02:51.338", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 4784127, "entry_point": 0, "filename": null, "id": "region_1537", "name": "private_0x0000000000480000", "norm_filename": null, "region_type": "private_memory", "start_va": 4718592, "timestamp": "00:02:51.339", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 10289152, "type": "region", "version": 1 }, "end_va": 11866111, "entry_point": 0, "filename": null, "id": "region_1538", "name": "pagefile_0x00000000009d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10289152, "timestamp": "00:02:51.339", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 11927552, "type": "region", "version": 1 }, "end_va": 32899071, "entry_point": 0, "filename": null, "id": "region_1539", "name": "pagefile_0x0000000000b60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11927552, "timestamp": "00:02:51.339", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 34406400, "type": "region", "version": 1 }, "end_va": 34471935, "entry_point": 0, "filename": null, "id": "region_1540", "name": "private_0x00000000020d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34406400, "timestamp": "00:02:51.340", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 479232, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951944703, "entry_point": 1951465472, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_1541", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:02:51.373", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1376256, "start_va": 8781824, "type": "region", "version": 1 }, "end_va": 10158079, "entry_point": 0, "filename": null, "id": "region_1542", "name": "private_0x0000000000860000", "norm_filename": null, "region_type": "private_memory", "start_va": 8781824, "timestamp": "00:02:51.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4395007, "entry_point": 0, "filename": null, "id": "region_1543", "name": "pagefile_0x0000000000430000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4390912, "timestamp": "00:02:51.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 5185536, "start_va": 34471936, "type": "region", "version": 1 }, "end_va": 39657471, "entry_point": 0, "filename": null, "id": "region_1544", "name": "pagefile_0x00000000020e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 34471936, "timestamp": "00:02:51.433", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3371008, "start_va": 39714816, "type": "region", "version": 1 }, "end_va": 43085823, "entry_point": 39714816, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1545", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 39714816, "timestamp": "00:02:51.434", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 598016, "start_va": 1977417728, "type": "region", "version": 1 }, "end_va": 1978015743, "entry_point": 1977417728, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_1546", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1977417728, "timestamp": "00:02:51.437", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 8781824, "type": "region", "version": 1 }, "end_va": 9830399, "entry_point": 0, "filename": null, "id": "region_1547", "name": "private_0x0000000000860000", "norm_filename": null, "region_type": "private_memory", "start_va": 8781824, "timestamp": "00:02:51.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 10092544, "type": "region", "version": 1 }, "end_va": 10158079, "entry_point": 0, "filename": null, "id": "region_1548", "name": "private_0x00000000009a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10092544, "timestamp": "00:02:51.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 43122688, "type": "region", "version": 1 }, "end_va": 45219839, "entry_point": 0, "filename": null, "id": "region_1549", "name": "private_0x0000000002920000", "norm_filename": null, "region_type": "private_memory", "start_va": 43122688, "timestamp": "00:02:51.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 4485119, "entry_point": 0, "filename": null, "id": "region_1550", "name": "private_0x0000000000440000", "norm_filename": null, "region_type": "private_memory", "start_va": 4456448, "timestamp": "00:02:53.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 5046271, "entry_point": 0, "filename": null, "id": "region_1551", "name": "private_0x0000000000490000", "norm_filename": null, "region_type": "private_memory", "start_va": 4784128, "timestamp": "00:02:53.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 32899072, "type": "region", "version": 1 }, "end_va": 33947647, "entry_point": 0, "filename": null, "id": "region_1552", "name": "private_0x0000000001f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 32899072, "timestamp": "00:02:53.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 45219840, "type": "region", "version": 1 }, "end_va": 49414143, "entry_point": 0, "filename": null, "id": "region_1553", "name": "private_0x0000000002b20000", "norm_filename": null, "region_type": "private_memory", "start_va": 45219840, "timestamp": "00:02:53.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 49414144, "type": "region", "version": 1 }, "end_va": 57802751, "entry_point": 0, "filename": null, "id": "region_1554", "name": "private_0x0000000002f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 49414144, "timestamp": "00:02:53.467", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16580608, "start_va": 57802752, "type": "region", "version": 1 }, "end_va": 74383359, "entry_point": 0, "filename": null, "id": "region_1555", "name": "private_0x0000000003720000", "norm_filename": null, "region_type": "private_memory", "start_va": 57802752, "timestamp": "00:02:53.467", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 74383360, "type": "region", "version": 1 }, "end_va": 75431935, "entry_point": 0, "filename": null, "id": "region_1556", "name": "private_0x00000000046f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 74383360, "timestamp": "00:02:53.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 557056, "start_va": 75431936, "type": "region", "version": 1 }, "end_va": 75988991, "entry_point": 0, "filename": null, "id": "region_1557", "name": "private_0x00000000047f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 75431936, "timestamp": "00:02:53.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 76021760, "type": "region", "version": 1 }, "end_va": 76935167, "entry_point": 76021760, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_1558", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 76021760, "timestamp": "00:02:53.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2146095104, "type": "region", "version": 1 }, "end_va": 2146107391, "entry_point": 0, "filename": null, "id": "region_1559", "name": "private_0x000000007fead000", "norm_filename": null, "region_type": "private_memory", "start_va": 2146095104, "timestamp": "00:02:53.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1951334400, "type": "region", "version": 1 }, "end_va": 1951412223, "entry_point": 1951334400, "filename": "\\Windows\\SysWOW64\\samlib.dll", "id": "region_1560", "name": "samlib.dll", "norm_filename": "c:\\windows\\syswow64\\samlib.dll", "region_type": "memory_mapped_file", "start_va": 1951334400, "timestamp": "00:02:53.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 4591615, "entry_point": 4521984, "filename": "\\Windows\\System32\\C_1256.NLS", "id": "region_1561", "name": "c_1256.nls", "norm_filename": "c:\\windows\\system32\\c_1256.nls", "region_type": "memory_mapped_file", "start_va": 4521984, "timestamp": "00:02:55.962", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 4853759, "entry_point": 4784128, "filename": "\\Windows\\System32\\C_1251.NLS", "id": "region_1562", "name": "c_1251.nls", "norm_filename": "c:\\windows\\system32\\c_1251.nls", "region_type": "memory_mapped_file", "start_va": 4784128, "timestamp": "00:02:55.962", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 4915200, "type": "region", "version": 1 }, "end_va": 4984831, "entry_point": 4915200, "filename": "\\Windows\\System32\\C_1254.NLS", "id": "region_1563", "name": "c_1254.nls", "norm_filename": "c:\\windows\\system32\\c_1254.nls", "region_type": "memory_mapped_file", "start_va": 4915200, "timestamp": "00:02:55.962", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 9830400, "type": "region", "version": 1 }, "end_va": 9900031, "entry_point": 9830400, "filename": "\\Windows\\System32\\C_1250.NLS", "id": "region_1564", "name": "c_1250.nls", "norm_filename": "c:\\windows\\system32\\c_1250.nls", "region_type": "memory_mapped_file", "start_va": 9830400, "timestamp": "00:02:55.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 9961472, "type": "region", "version": 1 }, "end_va": 10031103, "entry_point": 9961472, "filename": "\\Windows\\System32\\C_1253.NLS", "id": "region_1565", "name": "c_1253.nls", "norm_filename": "c:\\windows\\system32\\c_1253.nls", "region_type": "memory_mapped_file", "start_va": 9961472, "timestamp": "00:02:55.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 33947648, "type": "region", "version": 1 }, "end_va": 34017279, "entry_point": 33947648, "filename": "\\Windows\\System32\\C_1257.NLS", "id": "region_1566", "name": "c_1257.nls", "norm_filename": "c:\\windows\\system32\\c_1257.nls", "region_type": "memory_mapped_file", "start_va": 33947648, "timestamp": "00:02:55.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 34078720, "type": "region", "version": 1 }, "end_va": 34148351, "entry_point": 34078720, "filename": "\\Windows\\System32\\C_1255.NLS", "id": "region_1567", "name": "c_1255.nls", "norm_filename": "c:\\windows\\system32\\c_1255.nls", "region_type": "memory_mapped_file", "start_va": 34078720, "timestamp": "00:02:55.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 163840, "start_va": 34209792, "type": "region", "version": 1 }, "end_va": 34373631, "entry_point": 34209792, "filename": "\\Windows\\System32\\C_932.NLS", "id": "region_1568", "name": "c_932.nls", "norm_filename": "c:\\windows\\system32\\c_932.nls", "region_type": "memory_mapped_file", "start_va": 34209792, "timestamp": "00:02:55.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 200704, "start_va": 74383360, "type": "region", "version": 1 }, "end_va": 74584063, "entry_point": 74383360, "filename": "\\Windows\\System32\\C_949.NLS", "id": "region_1569", "name": "c_949.nls", "norm_filename": "c:\\windows\\system32\\c_949.nls", "region_type": "memory_mapped_file", "start_va": 74383360, "timestamp": "00:02:55.964", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 74645504, "type": "region", "version": 1 }, "end_va": 74715135, "entry_point": 74645504, "filename": "\\Windows\\System32\\C_874.NLS", "id": "region_1570", "name": "c_874.nls", "norm_filename": "c:\\windows\\system32\\c_874.nls", "region_type": "memory_mapped_file", "start_va": 74645504, "timestamp": "00:02:55.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 74776576, "type": "region", "version": 1 }, "end_va": 74846207, "entry_point": 74776576, "filename": "\\Windows\\System32\\C_1258.NLS", "id": "region_1571", "name": "c_1258.nls", "norm_filename": "c:\\windows\\system32\\c_1258.nls", "region_type": "memory_mapped_file", "start_va": 74776576, "timestamp": "00:02:55.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 200704, "start_va": 74907648, "type": "region", "version": 1 }, "end_va": 75108351, "entry_point": 74907648, "filename": "\\Windows\\System32\\C_936.NLS", "id": "region_1572", "name": "c_936.nls", "norm_filename": "c:\\windows\\system32\\c_936.nls", "region_type": "memory_mapped_file", "start_va": 74907648, "timestamp": "00:02:55.965", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 200704, "start_va": 75169792, "type": "region", "version": 1 }, "end_va": 75370495, "entry_point": 75169792, "filename": "\\Windows\\System32\\C_950.NLS", "id": "region_1573", "name": "c_950.nls", "norm_filename": "c:\\windows\\system32\\c_950.nls", "region_type": "memory_mapped_file", "start_va": 75169792, "timestamp": "00:02:55.966", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 1979645952, "type": "region", "version": 1 }, "end_va": 1980006399, "entry_point": 1979645952, "filename": "\\Windows\\SysWOW64\\coml2.dll", "id": "region_1574", "name": "coml2.dll", "norm_filename": "c:\\windows\\syswow64\\coml2.dll", "region_type": "memory_mapped_file", "start_va": 1979645952, "timestamp": "00:02:55.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 4669439, "entry_point": 0, "filename": null, "id": "region_1575", "name": "private_0x0000000000470000", "norm_filename": null, "region_type": "private_memory", "start_va": 4653056, "timestamp": "00:02:55.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 76939264, "type": "region", "version": 1 }, "end_va": 81133567, "entry_point": 0, "filename": null, "id": "region_1576", "name": "pagefile_0x0000000004960000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 76939264, "timestamp": "00:02:55.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 10158080, "type": "region", "version": 1 }, "end_va": 10223615, "entry_point": 0, "filename": null, "id": "region_1577", "name": "private_0x00000000009b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10158080, "timestamp": "00:02:55.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 76939264, "type": "region", "version": 1 }, "end_va": 77012991, "entry_point": 0, "filename": null, "id": "region_1578", "name": "private_0x0000000004960000", "norm_filename": null, "region_type": "private_memory", "start_va": 76939264, "timestamp": "00:02:55.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 20480, "start_va": 10158080, "type": "region", "version": 1 }, "end_va": 10178559, "entry_point": 0, "filename": null, "id": "region_1579", "name": "pagefile_0x00000000009b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10158080, "timestamp": "00:02:55.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 76939264, "type": "region", "version": 1 }, "end_va": 77463551, "entry_point": 0, "filename": null, "id": "region_1615", "name": "private_0x0000000004960000", "norm_filename": null, "region_type": "private_memory", "start_va": 76939264, "timestamp": "00:02:56.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 10158080, "type": "region", "version": 1 }, "end_va": 10162175, "entry_point": 0, "filename": null, "id": "region_1616", "name": "private_0x00000000009b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10158080, "timestamp": "00:02:56.034", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 589824, "start_va": 79036416, "type": "region", "version": 1 }, "end_va": 79626239, "entry_point": 0, "filename": null, "id": "region_1674", "name": "private_0x0000000004b60000", "norm_filename": null, "region_type": "private_memory", "start_va": 79036416, "timestamp": "00:02:57.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1951203328, "type": "region", "version": 1 }, "end_va": 1951281151, "entry_point": 1951203328, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_1675", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1951203328, "timestamp": "00:02:57.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951199231, "entry_point": 1951006720, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_1676", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:02:57.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970823167, "entry_point": 1970798592, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_1677", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:02:57.059", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 10158080, "type": "region", "version": 1 }, "end_va": 10174463, "entry_point": 0, "filename": null, "id": "region_1678", "name": "private_0x00000000009b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10158080, "timestamp": "00:02:57.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 163840, "start_va": 1950810112, "type": "region", "version": 1 }, "end_va": 1950973951, "entry_point": 1950810112, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_1679", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1950810112, "timestamp": "00:02:57.102", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 77463552, "type": "region", "version": 1 }, "end_va": 77471743, "entry_point": 0, "filename": null, "id": "region_1680", "name": "private_0x00000000049e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 77463552, "timestamp": "00:02:57.115", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\SysWOW64\\svchost.exe -k netsvcs", "filename": "c:\\windows\\syswow64\\svchost.exe", "id": "proc_8", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 8, "origin_monitor_id": 7, "ref_parent_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 831487, "entry_point": 786432, "filename": "\\Windows\\SysWOW64\\svchost.exe", "id": "region_1682", "name": "svchost.exe", "norm_filename": "c:\\windows\\syswow64\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 786432, "timestamp": "00:02:57.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "" ], "ref_process_dump": null, "size": 67108864, "start_va": 13041664, "type": "region", "version": 1 }, "end_va": 80150527, "entry_point": 0, "filename": null, "id": "region_1683", "name": "pagefile_0x0000000000c70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 13041664, "timestamp": "00:02:57.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 80150528, "type": "region", "version": 1 }, "end_va": 80281599, "entry_point": 0, "filename": null, "id": "region_1684", "name": "private_0x0000000004c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 80150528, "timestamp": "00:02:57.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 80281600, "type": "region", "version": 1 }, "end_va": 80289791, "entry_point": 0, "filename": null, "id": "region_1685", "name": "private_0x0000000004c90000", "norm_filename": null, "region_type": "private_memory", "start_va": 80281600, "timestamp": "00:02:57.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 80347136, "type": "region", "version": 1 }, "end_va": 80429055, "entry_point": 0, "filename": null, "id": "region_1686", "name": "pagefile_0x0000000004ca0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 80347136, "timestamp": "00:02:57.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 80478208, "type": "region", "version": 1 }, "end_va": 80740351, "entry_point": 0, "filename": null, "id": "region_1687", "name": "private_0x0000000004cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 80478208, "timestamp": "00:02:57.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 80740352, "type": "region", "version": 1 }, "end_va": 81002495, "entry_point": 0, "filename": null, "id": "region_1688", "name": "private_0x0000000004d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 80740352, "timestamp": "00:02:57.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 81002496, "type": "region", "version": 1 }, "end_va": 81018879, "entry_point": 0, "filename": null, "id": "region_1689", "name": "pagefile_0x0000000004d40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 81002496, "timestamp": "00:02:57.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 81068032, "type": "region", "version": 1 }, "end_va": 81072127, "entry_point": 0, "filename": null, "id": "region_1690", "name": "pagefile_0x0000000004d50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 81068032, "timestamp": "00:02:57.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 81133568, "type": "region", "version": 1 }, "end_va": 81141759, "entry_point": 0, "filename": null, "id": "region_1691", "name": "private_0x0000000004d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 81133568, "timestamp": "00:02:57.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1544192, "start_va": 2004484096, "type": "region", "version": 1 }, "end_va": 2006028287, "entry_point": 2004484096, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1692", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2004484096, "timestamp": "00:02:57.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2141847552, "type": "region", "version": 1 }, "end_va": 2141990911, "entry_point": 0, "filename": null, "id": "region_1693", "name": "pagefile_0x000000007faa0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2141847552, "timestamp": "00:02:57.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2142019584, "type": "region", "version": 1 }, "end_va": 2142023679, "entry_point": 0, "filename": null, "id": "region_1694", "name": "private_0x000000007faca000", "norm_filename": null, "region_type": "private_memory", "start_va": 2142019584, "timestamp": "00:02:57.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2142023680, "type": "region", "version": 1 }, "end_va": 2142027775, "entry_point": 0, "filename": null, "id": "region_1695", "name": "private_0x000000007facb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2142023680, "timestamp": "00:02:57.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2142031872, "type": "region", "version": 1 }, "end_va": 2142044159, "entry_point": 0, "filename": null, "id": "region_1696", "name": "private_0x000000007facd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2142031872, "timestamp": "00:02:57.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1697", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:57.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 138528141082624, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 138530288500735, "entry_point": 0, "filename": null, "id": "region_1698", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:02:57.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "" ], "ref_process_dump": null, "size": 2199023255552, "start_va": 138530288500736, "type": "region", "version": 1 }, "end_va": 140729311756287, "entry_point": 0, "filename": null, "id": "region_1699", "name": "pagefile_0x00007dfe18a30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 138530288500736, "timestamp": "00:02:57.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1843200, "start_va": 140729311756288, "type": "region", "version": 1 }, "end_va": 140729313599487, "entry_point": 140729311756288, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1700", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729311756288, "timestamp": "00:02:57.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8174690304, "start_va": 140729313599488, "type": "region", "version": 1 }, "end_va": 140737488289791, "entry_point": 0, "filename": null, "id": "region_1701", "name": "private_0x00007ffe18bf2000", "norm_filename": null, "region_type": "private_memory", "start_va": 140729313599488, "timestamp": "00:02:57.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 131072, "start_va": 81199104, "type": "region", "version": 1 }, "end_va": 81330175, "entry_point": 0, "filename": null, "id": "region_1702", "name": "private_0x0000000004d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 81199104, "timestamp": "00:02:57.156", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 81330176, "type": "region", "version": 1 }, "end_va": 81592319, "entry_point": 0, "filename": null, "id": "region_1703", "name": "private_0x0000000004d90000", "norm_filename": null, "region_type": "private_memory", "start_va": 81330176, "timestamp": "00:02:57.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 81592320, "type": "region", "version": 1 }, "end_va": 81854463, "entry_point": 0, "filename": null, "id": "region_1704", "name": "private_0x0000000004dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 81592320, "timestamp": "00:02:57.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 83230720, "type": "region", "version": 1 }, "end_va": 83259391, "entry_point": 0, "filename": null, "id": "region_1705", "name": "private_0x0000000004f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 83230720, "timestamp": "00:02:57.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 83886080, "type": "region", "version": 1 }, "end_va": 84934655, "entry_point": 0, "filename": null, "id": "region_1706", "name": "private_0x0000000005000000", "norm_filename": null, "region_type": "private_memory", "start_va": 83886080, "timestamp": "00:02:57.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1478230016, "type": "region", "version": 1 }, "end_va": 1478553599, "entry_point": 1478322912, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1707", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1478230016, "timestamp": "00:02:57.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 471040, "start_va": 1478557696, "type": "region", "version": 1 }, "end_va": 1479028735, "entry_point": 1478635344, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1708", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1478557696, "timestamp": "00:02:57.173", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2142007296, "type": "region", "version": 1 }, "end_va": 2142019583, "entry_point": 0, "filename": null, "id": "region_1709", "name": "private_0x000000007fac7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2142007296, "timestamp": "00:02:57.174", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 86835200, "type": "region", "version": 1 }, "end_va": 86851583, "entry_point": 0, "filename": null, "id": "region_1710", "name": "private_0x00000000052d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 86835200, "timestamp": "00:02:57.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1478164480, "type": "region", "version": 1 }, "end_va": 1478197247, "entry_point": 1478169696, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1711", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1478164480, "timestamp": "00:02:57.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 80150528, "type": "region", "version": 1 }, "end_va": 80216063, "entry_point": 0, "filename": null, "id": "region_1712", "name": "pagefile_0x0000000004c70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 80150528, "timestamp": "00:02:57.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 778240, "start_va": 81854464, "type": "region", "version": 1 }, "end_va": 82632703, "entry_point": 81854464, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1713", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 81854464, "timestamp": "00:02:57.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 82640896, "type": "region", "version": 1 }, "end_va": 82903039, "entry_point": 0, "filename": null, "id": "region_1714", "name": "private_0x0000000004ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 82640896, "timestamp": "00:02:57.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 82903040, "type": "region", "version": 1 }, "end_va": 83165183, "entry_point": 0, "filename": null, "id": "region_1715", "name": "private_0x0000000004f10000", "norm_filename": null, "region_type": "private_memory", "start_va": 82903040, "timestamp": "00:02:57.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 87031808, "type": "region", "version": 1 }, "end_va": 88080383, "entry_point": 0, "filename": null, "id": "region_1716", "name": "private_0x0000000005300000", "norm_filename": null, "region_type": "private_memory", "start_va": 87031808, "timestamp": "00:02:57.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1954807808, "type": "region", "version": 1 }, "end_va": 1955172351, "entry_point": 1955040448, "filename": "\\Windows\\SysWOW64\\bcryptprimitives.dll", "id": "region_1717", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\syswow64\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 1954807808, "timestamp": "00:02:57.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1955201024, "type": "region", "version": 1 }, "end_va": 1955241983, "entry_point": 1955211936, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1718", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1955201024, "timestamp": "00:02:57.207", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 1955266560, "type": "region", "version": 1 }, "end_va": 1955389439, "entry_point": 1955313216, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1719", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1955266560, "timestamp": "00:02:57.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1956184064, "type": "region", "version": 1 }, "end_va": 1957167103, "entry_point": 1956263888, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1720", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1956184064, "timestamp": "00:02:57.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1957167104, "type": "region", "version": 1 }, "end_va": 1957871615, "entry_point": 1957377712, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1721", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1957167104, "timestamp": "00:02:57.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1966735360, "type": "region", "version": 1 }, "end_va": 1967009791, "entry_point": 1966798192, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1722", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1966735360, "timestamp": "00:02:57.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 1978073088, "type": "region", "version": 1 }, "end_va": 1979604991, "entry_point": 1978714528, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1723", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1978073088, "timestamp": "00:02:57.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2140798976, "type": "region", "version": 1 }, "end_va": 2141847551, "entry_point": 0, "filename": null, "id": "region_1724", "name": "pagefile_0x000000007f9a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2140798976, "timestamp": "00:02:57.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2141995008, "type": "region", "version": 1 }, "end_va": 2142007295, "entry_point": 0, "filename": null, "id": "region_1725", "name": "private_0x000000007fac4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2141995008, "timestamp": "00:02:57.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1310720, "start_va": 1976107008, "type": "region", "version": 1 }, "end_va": 1977417727, "entry_point": 1976173184, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1726", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1976107008, "timestamp": "00:02:57.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1363968, "start_va": 1959854080, "type": "region", "version": 1 }, "end_va": 1961218047, "entry_point": 1960584656, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1727", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1959854080, "timestamp": "00:02:57.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 172032, "start_va": 83296256, "type": "region", "version": 1 }, "end_va": 83468287, "entry_point": 83317424, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1728", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 83296256, "timestamp": "00:02:57.219", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 84934656, "type": "region", "version": 1 }, "end_va": 86540287, "entry_point": 0, "filename": null, "id": "region_1729", "name": "pagefile_0x0000000005100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 84934656, "timestamp": "00:02:57.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 1975910400, "type": "region", "version": 1 }, "end_va": 1976086527, "entry_point": 1975931568, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1730", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1975910400, "timestamp": "00:02:57.221", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1179648, "start_va": 2003304448, "type": "region", "version": 1 }, "end_va": 2004484095, "entry_point": 2003584736, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1731", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 2003304448, "timestamp": "00:02:57.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967841279, "entry_point": 1967281712, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1732", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:02:57.224", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 675840, "start_va": 88080384, "type": "region", "version": 1 }, "end_va": 88756223, "entry_point": 0, "filename": null, "id": "region_1733", "name": "private_0x0000000005400000", "norm_filename": null, "region_type": "private_memory", "start_va": 88080384, "timestamp": "00:02:57.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 88801280, "type": "region", "version": 1 }, "end_va": 90898431, "entry_point": 0, "filename": null, "id": "region_1734", "name": "private_0x00000000054b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 88801280, "timestamp": "00:02:57.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 89128960, "type": "region", "version": 1 }, "end_va": 90177535, "entry_point": 0, "filename": null, "id": "region_1735", "name": "private_0x0000000005500000", "norm_filename": null, "region_type": "private_memory", "start_va": 89128960, "timestamp": "00:02:57.227", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 80216064, "type": "region", "version": 1 }, "end_va": 80220159, "entry_point": 80216064, "filename": "\\Windows\\SysWOW64\\en-US\\svchost.exe.mui", "id": "region_1736", "name": "svchost.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\svchost.exe.mui", "region_type": "memory_mapped_file", "start_va": 80216064, "timestamp": "00:02:57.232", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 90177536, "type": "region", "version": 1 }, "end_va": 91754495, "entry_point": 0, "filename": null, "id": "region_1737", "name": "pagefile_0x0000000005600000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 90177536, "timestamp": "00:02:57.237", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 91815936, "type": "region", "version": 1 }, "end_va": 112787455, "entry_point": 0, "filename": null, "id": "region_1738", "name": "pagefile_0x0000000005790000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 91815936, "timestamp": "00:02:57.237", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 80281600, "type": "region", "version": 1 }, "end_va": 80285695, "entry_point": 0, "filename": null, "id": "region_1739", "name": "private_0x0000000004c90000", "norm_filename": null, "region_type": "private_memory", "start_va": 80281600, "timestamp": "00:02:57.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 83165184, "type": "region", "version": 1 }, "end_va": 83169279, "entry_point": 0, "filename": null, "id": "region_1740", "name": "private_0x0000000004f50000", "norm_filename": null, "region_type": "private_memory", "start_va": 83165184, "timestamp": "00:02:57.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 114294784, "type": "region", "version": 1 }, "end_va": 114311167, "entry_point": 0, "filename": null, "id": "region_1741", "name": "private_0x0000000006d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 114294784, "timestamp": "00:02:57.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 115343360, "type": "region", "version": 1 }, "end_va": 116391935, "entry_point": 0, "filename": null, "id": "region_1742", "name": "private_0x0000000006e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 115343360, "timestamp": "00:02:57.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1971761151, "entry_point": 1971381168, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1743", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:02:57.243", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1951203328, "type": "region", "version": 1 }, "end_va": 1951281151, "entry_point": 1951241472, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_1744", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1951203328, "timestamp": "00:02:57.246", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1952514048, "type": "region", "version": 1 }, "end_va": 1952624639, "entry_point": 1952550928, "filename": "\\Windows\\SysWOW64\\bcrypt.dll", "id": "region_1745", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\syswow64\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 1952514048, "timestamp": "00:02:57.248", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951199231, "entry_point": 1951110448, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_1746", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:02:57.251", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3371008, "start_va": 116391936, "type": "region", "version": 1 }, "end_va": 119762943, "entry_point": 116391936, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1747", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 116391936, "timestamp": "00:02:57.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001027071, "entry_point": 2000869392, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1748", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:02:57.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1810432, "start_va": 1974009856, "type": "region", "version": 1 }, "end_va": 1975820287, "entry_point": 1974913968, "filename": "\\Windows\\SysWOW64\\combase.dll", "id": "region_1749", "name": "combase.dll", "norm_filename": "c:\\windows\\syswow64\\combase.dll", "region_type": "memory_mapped_file", "start_va": 1974009856, "timestamp": "00:02:57.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970823167, "entry_point": 1970803840, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_1750", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:02:57.271", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 83296256, "type": "region", "version": 1 }, "end_va": 83300351, "entry_point": 0, "filename": null, "id": "region_1751", "name": "private_0x0000000004f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 83296256, "timestamp": "00:02:57.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1952120832, "type": "region", "version": 1 }, "end_va": 1952161791, "entry_point": 1952133632, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_1752", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1952120832, "timestamp": "00:02:57.276", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 163840, "start_va": 1950810112, "type": "region", "version": 1 }, "end_va": 1950973951, "entry_point": 1950840960, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_1753", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1950810112, "timestamp": "00:02:57.283", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 83361792, "type": "region", "version": 1 }, "end_va": 83369983, "entry_point": 0, "filename": null, "id": "region_1754", "name": "private_0x0000000004f80000", "norm_filename": null, "region_type": "private_memory", "start_va": 83361792, "timestamp": "00:02:57.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 83361792, "type": "region", "version": 1 }, "end_va": 83623935, "entry_point": 0, "filename": null, "id": "region_1755", "name": "private_0x0000000004f80000", "norm_filename": null, "region_type": "private_memory", "start_va": 83361792, "timestamp": "00:02:57.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 83623936, "type": "region", "version": 1 }, "end_va": 83886079, "entry_point": 0, "filename": null, "id": "region_1756", "name": "private_0x0000000004fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 83623936, "timestamp": "00:02:57.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 86573056, "type": "region", "version": 1 }, "end_va": 86835199, "entry_point": 0, "filename": null, "id": "region_1757", "name": "private_0x0000000005290000", "norm_filename": null, "region_type": "private_memory", "start_va": 86573056, "timestamp": "00:02:57.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 86900736, "type": "region", "version": 1 }, "end_va": 86908927, "entry_point": 0, "filename": null, "id": "region_1758", "name": "private_0x00000000052e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 86900736, "timestamp": "00:02:57.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 88080384, "type": "region", "version": 1 }, "end_va": 88342527, "entry_point": 0, "filename": null, "id": "region_1759", "name": "private_0x0000000005400000", "norm_filename": null, "region_type": "private_memory", "start_va": 88080384, "timestamp": "00:02:57.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 88342528, "type": "region", "version": 1 }, "end_va": 88604671, "entry_point": 0, "filename": null, "id": "region_1760", "name": "private_0x0000000005440000", "norm_filename": null, "region_type": "private_memory", "start_va": 88342528, "timestamp": "00:02:57.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 20480, "start_va": 88735744, "type": "region", "version": 1 }, "end_va": 88756223, "entry_point": 0, "filename": null, "id": "region_1761", "name": "private_0x00000000054a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 88735744, "timestamp": "00:02:57.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 88801280, "type": "region", "version": 1 }, "end_va": 89063423, "entry_point": 0, "filename": null, "id": "region_1762", "name": "private_0x00000000054b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 88801280, "timestamp": "00:02:57.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 112787456, "type": "region", "version": 1 }, "end_va": 113836031, "entry_point": 0, "filename": null, "id": "region_1763", "name": "private_0x0000000006b90000", "norm_filename": null, "region_type": "private_memory", "start_va": 112787456, "timestamp": "00:02:57.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 113836032, "type": "region", "version": 1 }, "end_va": 114098175, "entry_point": 0, "filename": null, "id": "region_1764", "name": "private_0x0000000006c90000", "norm_filename": null, "region_type": "private_memory", "start_va": 113836032, "timestamp": "00:02:57.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 119799808, "type": "region", "version": 1 }, "end_va": 120848383, "entry_point": 0, "filename": null, "id": "region_1765", "name": "private_0x0000000007240000", "norm_filename": null, "region_type": "private_memory", "start_va": 119799808, "timestamp": "00:02:57.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 120848384, "type": "region", "version": 1 }, "end_va": 121896959, "entry_point": 0, "filename": null, "id": "region_1766", "name": "private_0x0000000007340000", "norm_filename": null, "region_type": "private_memory", "start_va": 120848384, "timestamp": "00:02:57.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 121896960, "type": "region", "version": 1 }, "end_va": 122945535, "entry_point": 0, "filename": null, "id": "region_1767", "name": "private_0x0000000007440000", "norm_filename": null, "region_type": "private_memory", "start_va": 121896960, "timestamp": "00:02:57.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 122945536, "type": "region", "version": 1 }, "end_va": 123994111, "entry_point": 0, "filename": null, "id": "region_1768", "name": "private_0x0000000007540000", "norm_filename": null, "region_type": "private_memory", "start_va": 122945536, "timestamp": "00:02:57.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 123994112, "type": "region", "version": 1 }, "end_va": 125042687, "entry_point": 0, "filename": null, "id": "region_1769", "name": "private_0x0000000007640000", "norm_filename": null, "region_type": "private_memory", "start_va": 123994112, "timestamp": "00:02:57.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 125042688, "type": "region", "version": 1 }, "end_va": 126091263, "entry_point": 0, "filename": null, "id": "region_1770", "name": "private_0x0000000007740000", "norm_filename": null, "region_type": "private_memory", "start_va": 125042688, "timestamp": "00:02:57.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2140712960, "type": "region", "version": 1 }, "end_va": 2140725247, "entry_point": 0, "filename": null, "id": "region_1771", "name": "private_0x000000007f98b000", "norm_filename": null, "region_type": "private_memory", "start_va": 2140712960, "timestamp": "00:02:57.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2140725248, "type": "region", "version": 1 }, "end_va": 2140737535, "entry_point": 0, "filename": null, "id": "region_1772", "name": "private_0x000000007f98e000", "norm_filename": null, "region_type": "private_memory", "start_va": 2140725248, "timestamp": "00:02:57.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2140737536, "type": "region", "version": 1 }, "end_va": 2140749823, "entry_point": 0, "filename": null, "id": "region_1773", "name": "private_0x000000007f991000", "norm_filename": null, "region_type": "private_memory", "start_va": 2140737536, "timestamp": "00:02:57.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2140749824, "type": "region", "version": 1 }, "end_va": 2140762111, "entry_point": 0, "filename": null, "id": "region_1774", "name": "private_0x000000007f994000", "norm_filename": null, "region_type": "private_memory", "start_va": 2140749824, "timestamp": "00:02:57.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2140762112, "type": "region", "version": 1 }, "end_va": 2140774399, "entry_point": 0, "filename": null, "id": "region_1775", "name": "private_0x000000007f997000", "norm_filename": null, "region_type": "private_memory", "start_va": 2140762112, "timestamp": "00:02:57.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2140774400, "type": "region", "version": 1 }, "end_va": 2140786687, "entry_point": 0, "filename": null, "id": "region_1776", "name": "private_0x000000007f99a000", "norm_filename": null, "region_type": "private_memory", "start_va": 2140774400, "timestamp": "00:02:57.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2140786688, "type": "region", "version": 1 }, "end_va": 2140798975, "entry_point": 0, "filename": null, "id": "region_1777", "name": "private_0x000000007f99d000", "norm_filename": null, "region_type": "private_memory", "start_va": 2140786688, "timestamp": "00:02:57.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2244608, "start_va": 1948516352, "type": "region", "version": 1 }, "end_va": 1950760959, "entry_point": 1948516352, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_1799", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1948516352, "timestamp": "00:02:57.420", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 81330176, "type": "region", "version": 1 }, "end_va": 81338367, "entry_point": 0, "filename": null, "id": "region_1800", "name": "private_0x0000000004d90000", "norm_filename": null, "region_type": "private_memory", "start_va": 81330176, "timestamp": "00:02:57.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 405504, "start_va": 81330176, "type": "region", "version": 1 }, "end_va": 81735679, "entry_point": 0, "filename": null, "id": "region_1855", "name": "private_0x0000000004d90000", "norm_filename": null, "region_type": "private_memory", "start_va": 81330176, "timestamp": "00:02:57.651", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2887680, "start_va": 1945567232, "type": "region", "version": 1 }, "end_va": 1948454911, "entry_point": 1945567232, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_1856", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1945567232, "timestamp": "00:02:57.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 577536, "start_va": 1973420032, "type": "region", "version": 1 }, "end_va": 1973997567, "entry_point": 1973719456, "filename": "\\Windows\\SysWOW64\\SHCore.dll", "id": "region_1857", "name": "shcore.dll", "norm_filename": "c:\\windows\\syswow64\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 1973420032, "timestamp": "00:02:57.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 81330176, "type": "region", "version": 1 }, "end_va": 81342463, "entry_point": 0, "filename": null, "id": "region_1858", "name": "private_0x0000000004d90000", "norm_filename": null, "region_type": "private_memory", "start_va": 81330176, "timestamp": "00:02:57.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1527808, "start_va": 1968242688, "type": "region", "version": 1 }, "end_va": 1969770495, "entry_point": 1968242688, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_1859", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1968242688, "timestamp": "00:02:57.706", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1972043776, "type": "region", "version": 1 }, "end_va": 1972101119, "entry_point": 1972043776, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_1860", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1972043776, "timestamp": "00:02:57.713", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1441792, "start_va": 1952645120, "type": "region", "version": 1 }, "end_va": 1954086911, "entry_point": 1952645120, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_1862", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1952645120, "timestamp": "00:02:57.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1972764672, "type": "region", "version": 1 }, "end_va": 1972813823, "entry_point": 1972779296, "filename": "\\Windows\\SysWOW64\\kernel.appcore.dll", "id": "region_1863", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\syswow64\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 1972764672, "timestamp": "00:02:57.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 479232, "start_va": 1951596544, "type": "region", "version": 1 }, "end_va": 1952075775, "entry_point": 1951832272, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_1864", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1951596544, "timestamp": "00:02:57.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1134592, "start_va": 126091264, "type": "region", "version": 1 }, "end_va": 127225855, "entry_point": 0, "filename": null, "id": "region_1865", "name": "private_0x0000000007840000", "norm_filename": null, "region_type": "private_memory", "start_va": 126091264, "timestamp": "00:02:57.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 127270912, "type": "region", "version": 1 }, "end_va": 129368063, "entry_point": 0, "filename": null, "id": "region_1866", "name": "private_0x0000000007960000", "norm_filename": null, "region_type": "private_memory", "start_va": 127270912, "timestamp": "00:02:57.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 127926272, "type": "region", "version": 1 }, "end_va": 128974847, "entry_point": 0, "filename": null, "id": "region_1867", "name": "private_0x0000000007a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 127926272, "timestamp": "00:02:57.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20705280, "start_va": 1980039168, "type": "region", "version": 1 }, "end_va": 2000744447, "entry_point": 1981849248, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_1868", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1980039168, "timestamp": "00:02:57.931", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5099520, "start_va": 1961230336, "type": "region", "version": 1 }, "end_va": 1966329855, "entry_point": 1963291744, "filename": "\\Windows\\SysWOW64\\windows.storage.dll", "id": "region_1869", "name": "windows.storage.dll", "norm_filename": "c:\\windows\\syswow64\\windows.storage.dll", "region_type": "memory_mapped_file", "start_va": 1961230336, "timestamp": "00:02:57.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1967915008, "type": "region", "version": 1 }, "end_va": 1968193535, "entry_point": 1967944320, "filename": "\\Windows\\SysWOW64\\powrprof.dll", "id": "region_1871", "name": "powrprof.dll", "norm_filename": "c:\\windows\\syswow64\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 1967915008, "timestamp": "00:02:57.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1975906303, "entry_point": 1975856704, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_1872", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:02:57.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 81330176, "type": "region", "version": 1 }, "end_va": 81334271, "entry_point": 0, "filename": null, "id": "region_1873", "name": "pagefile_0x0000000004d90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 81330176, "timestamp": "00:02:57.951", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 598016, "start_va": 1977417728, "type": "region", "version": 1 }, "end_va": 1978015743, "entry_point": 1977631952, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_1874", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1977417728, "timestamp": "00:02:57.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 954368, "start_va": 114360320, "type": "region", "version": 1 }, "end_va": 115314687, "entry_point": 114604432, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1875", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 114360320, "timestamp": "00:02:57.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 81395712, "type": "region", "version": 1 }, "end_va": 81399807, "entry_point": 81395712, "filename": "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat", "id": "region_1876", "name": "counters.dat", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat", "region_type": "memory_mapped_file", "start_va": 81395712, "timestamp": "00:02:57.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1971240959, "entry_point": 1970864128, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_1877", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:02:58.005", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1959423999, "entry_point": 1959402816, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_1878", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:02:58.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1952382976, "type": "region", "version": 1 }, "end_va": 1952452607, "entry_point": 1952382976, "filename": "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll", "id": "region_1879", "name": "ondemandconnroutehelper.dll", "norm_filename": "c:\\windows\\syswow64\\ondemandconnroutehelper.dll", "region_type": "memory_mapped_file", "start_va": 1952382976, "timestamp": "00:02:58.022", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 1952186368, "type": "region", "version": 1 }, "end_va": 1952382975, "entry_point": 1952205888, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_1880", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1952186368, "timestamp": "00:02:58.029", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951531008, "type": "region", "version": 1 }, "end_va": 1951563775, "entry_point": 1951539264, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_1881", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1951531008, "timestamp": "00:02:58.032", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 1944846336, "type": "region", "version": 1 }, "end_va": 1945530367, "entry_point": 1944846336, "filename": "\\Windows\\SysWOW64\\winhttp.dll", "id": "region_1882", "name": "winhttp.dll", "norm_filename": "c:\\windows\\syswow64\\winhttp.dll", "region_type": "memory_mapped_file", "start_va": 1944846336, "timestamp": "00:02:58.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 81461248, "type": "region", "version": 1 }, "end_va": 81723391, "entry_point": 0, "filename": null, "id": "region_1883", "name": "private_0x0000000004db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 81461248, "timestamp": "00:02:58.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 114360320, "type": "region", "version": 1 }, "end_va": 114622463, "entry_point": 0, "filename": null, "id": "region_1884", "name": "private_0x0000000006d10000", "norm_filename": null, "region_type": "private_memory", "start_va": 114360320, "timestamp": "00:02:58.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1944518656, "type": "region", "version": 1 }, "end_va": 1944838143, "entry_point": 1944518656, "filename": "\\Windows\\SysWOW64\\mswsock.dll", "id": "region_1886", "name": "mswsock.dll", "norm_filename": "c:\\windows\\syswow64\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1944518656, "timestamp": "00:02:58.127", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 81723392, "type": "region", "version": 1 }, "end_va": 81731583, "entry_point": 0, "filename": null, "id": "region_1887", "name": "pagefile_0x0000000004df0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 81723392, "timestamp": "00:02:58.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 81723392, "type": "region", "version": 1 }, "end_va": 81788927, "entry_point": 0, "filename": null, "id": "region_1888", "name": "pagefile_0x0000000004df0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 81723392, "timestamp": "00:02:58.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 114622464, "type": "region", "version": 1 }, "end_va": 114884607, "entry_point": 0, "filename": null, "id": "region_1889", "name": "private_0x0000000006d50000", "norm_filename": null, "region_type": "private_memory", "start_va": 114622464, "timestamp": "00:02:58.188", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 114884608, "type": "region", "version": 1 }, "end_va": 115146751, "entry_point": 0, "filename": null, "id": "region_1890", "name": "private_0x0000000006d90000", "norm_filename": null, "region_type": "private_memory", "start_va": 114884608, "timestamp": "00:02:58.188", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1943928832, "type": "region", "version": 1 }, "end_va": 1944469503, "entry_point": 1943928832, "filename": "\\Windows\\SysWOW64\\dnsapi.dll", "id": "region_1891", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1943928832, "timestamp": "00:02:58.188", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2140700672, "type": "region", "version": 1 }, "end_va": 2140712959, "entry_point": 0, "filename": null, "id": "region_1892", "name": "private_0x000000007f988000", "norm_filename": null, "region_type": "private_memory", "start_va": 2140700672, "timestamp": "00:02:58.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 81788928, "type": "region", "version": 1 }, "end_va": 81793023, "entry_point": 0, "filename": null, "id": "region_1893", "name": "pagefile_0x0000000004e00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 81788928, "timestamp": "00:02:58.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 126091264, "type": "region", "version": 1 }, "end_va": 126353407, "entry_point": 0, "filename": null, "id": "region_1894", "name": "private_0x0000000007840000", "norm_filename": null, "region_type": "private_memory", "start_va": 126091264, "timestamp": "00:02:58.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 126353408, "type": "region", "version": 1 }, "end_va": 126615551, "entry_point": 0, "filename": null, "id": "region_1895", "name": "private_0x0000000007880000", "norm_filename": null, "region_type": "private_memory", "start_va": 126353408, "timestamp": "00:02:58.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 20480, "start_va": 127205376, "type": "region", "version": 1 }, "end_va": 127225855, "entry_point": 0, "filename": null, "id": "region_1896", "name": "private_0x0000000007950000", "norm_filename": null, "region_type": "private_memory", "start_va": 127205376, "timestamp": "00:02:58.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1943601152, "type": "region", "version": 1 }, "end_va": 1943887871, "entry_point": 1943601152, "filename": "\\Windows\\SysWOW64\\FWPUCLNT.DLL", "id": "region_1897", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\syswow64\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 1943601152, "timestamp": "00:02:58.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2140688384, "type": "region", "version": 1 }, "end_va": 2140700671, "entry_point": 0, "filename": null, "id": "region_1898", "name": "private_0x000000007f985000", "norm_filename": null, "region_type": "private_memory", "start_va": 2140688384, "timestamp": "00:02:58.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 126615552, "type": "region", "version": 1 }, "end_va": 126877695, "entry_point": 0, "filename": null, "id": "region_1899", "name": "private_0x00000000078c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 126615552, "timestamp": "00:02:58.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 126877696, "type": "region", "version": 1 }, "end_va": 127139839, "entry_point": 0, "filename": null, "id": "region_1900", "name": "private_0x0000000007900000", "norm_filename": null, "region_type": "private_memory", "start_va": 126877696, "timestamp": "00:02:58.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951498239, "entry_point": 1951465472, "filename": "\\Windows\\SysWOW64\\rasadhlp.dll", "id": "region_1901", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\syswow64\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:02:58.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2140676096, "type": "region", "version": 1 }, "end_va": 2140688383, "entry_point": 0, "filename": null, "id": "region_1902", "name": "private_0x000000007f982000", "norm_filename": null, "region_type": "private_memory", "start_va": 2140676096, "timestamp": "00:02:58.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 86900736, "type": "region", "version": 1 }, "end_va": 86908927, "entry_point": 0, "filename": null, "id": "region_1903", "name": "pagefile_0x00000000052e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 86900736, "timestamp": "00:02:58.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2134016, "start_va": 1941438464, "type": "region", "version": 1 }, "end_va": 1943572479, "entry_point": 1941438464, "filename": "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849\\comctl32.dll", "id": "region_1904", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1941438464, "timestamp": "00:02:58.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 86966272, "type": "region", "version": 1 }, "end_va": 86978559, "entry_point": 86966272, "filename": "\\Windows\\SysWOW64\\en-US\\mswsock.dll.mui", "id": "region_1905", "name": "mswsock.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\mswsock.dll.mui", "region_type": "memory_mapped_file", "start_va": 86966272, "timestamp": "00:02:58.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 88604672, "type": "region", "version": 1 }, "end_va": 88612863, "entry_point": 0, "filename": null, "id": "region_1906", "name": "pagefile_0x0000000005480000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 88604672, "timestamp": "00:02:58.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1941045248, "type": "region", "version": 1 }, "end_va": 1941438463, "entry_point": 1941045248, "filename": "\\Windows\\SysWOW64\\schannel.dll", "id": "region_1907", "name": "schannel.dll", "norm_filename": "c:\\windows\\syswow64\\schannel.dll", "region_type": "memory_mapped_file", "start_va": 1941045248, "timestamp": "00:02:58.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 88670208, "type": "region", "version": 1 }, "end_va": 88674303, "entry_point": 0, "filename": null, "id": "region_1908", "name": "private_0x0000000005490000", "norm_filename": null, "region_type": "private_memory", "start_va": 88670208, "timestamp": "00:02:58.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 89063424, "type": "region", "version": 1 }, "end_va": 89067519, "entry_point": 0, "filename": null, "id": "region_1909", "name": "private_0x00000000054f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 89063424, "timestamp": "00:02:58.513", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\SysWOW64\\svchost.exe -k netsvcs", "filename": "c:\\windows\\syswow64\\svchost.exe", "id": "proc_9", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 9, "origin_monitor_id": 7, "ref_parent_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 831487, "entry_point": 796448, "filename": "\\Windows\\SysWOW64\\svchost.exe", "id": "region_1778", "name": "svchost.exe", "norm_filename": "c:\\windows\\syswow64\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 786432, "timestamp": "00:02:57.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "" ], "ref_process_dump": null, "size": 67108864, "start_va": 9437184, "type": "region", "version": 1 }, "end_va": 76546047, "entry_point": 0, "filename": null, "id": "region_1779", "name": "pagefile_0x0000000000900000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9437184, "timestamp": "00:02:57.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 76546048, "type": "region", "version": 1 }, "end_va": 76677119, "entry_point": 0, "filename": null, "id": "region_1780", "name": "private_0x0000000004900000", "norm_filename": null, "region_type": "private_memory", "start_va": 76546048, "timestamp": "00:02:57.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 76677120, "type": "region", "version": 1 }, "end_va": 76685311, "entry_point": 0, "filename": null, "id": "region_1781", "name": "private_0x0000000004920000", "norm_filename": null, "region_type": "private_memory", "start_va": 76677120, "timestamp": "00:02:57.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 76742656, "type": "region", "version": 1 }, "end_va": 76824575, "entry_point": 0, "filename": null, "id": "region_1782", "name": "pagefile_0x0000000004930000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 76742656, "timestamp": "00:02:57.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 76873728, "type": "region", "version": 1 }, "end_va": 77135871, "entry_point": 0, "filename": null, "id": "region_1783", "name": "private_0x0000000004950000", "norm_filename": null, "region_type": "private_memory", "start_va": 76873728, "timestamp": "00:02:57.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 77135872, "type": "region", "version": 1 }, "end_va": 77398015, "entry_point": 0, "filename": null, "id": "region_1784", "name": "private_0x0000000004990000", "norm_filename": null, "region_type": "private_memory", "start_va": 77135872, "timestamp": "00:02:57.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 77398016, "type": "region", "version": 1 }, "end_va": 77414399, "entry_point": 0, "filename": null, "id": "region_1785", "name": "pagefile_0x00000000049d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 77398016, "timestamp": "00:02:57.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 77463552, "type": "region", "version": 1 }, "end_va": 77467647, "entry_point": 0, "filename": null, "id": "region_1786", "name": "pagefile_0x00000000049e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 77463552, "timestamp": "00:02:57.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 77529088, "type": "region", "version": 1 }, "end_va": 77537279, "entry_point": 0, "filename": null, "id": "region_1787", "name": "private_0x00000000049f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 77529088, "timestamp": "00:02:57.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1544192, "start_va": 2004484096, "type": "region", "version": 1 }, "end_va": 2006028287, "entry_point": 2004484096, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1788", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2004484096, "timestamp": "00:02:57.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2134638592, "type": "region", "version": 1 }, "end_va": 2134781951, "entry_point": 0, "filename": null, "id": "region_1789", "name": "pagefile_0x000000007f3c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2134638592, "timestamp": "00:02:57.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2134786048, "type": "region", "version": 1 }, "end_va": 2134790143, "entry_point": 0, "filename": null, "id": "region_1790", "name": "private_0x000000007f3e4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2134786048, "timestamp": "00:02:57.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2134818816, "type": "region", "version": 1 }, "end_va": 2134831103, "entry_point": 0, "filename": null, "id": "region_1791", "name": "private_0x000000007f3ec000", "norm_filename": null, "region_type": "private_memory", "start_va": 2134818816, "timestamp": "00:02:57.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2134831104, "type": "region", "version": 1 }, "end_va": 2134835199, "entry_point": 0, "filename": null, "id": "region_1792", "name": "private_0x000000007f3ef000", "norm_filename": null, "region_type": "private_memory", "start_va": 2134831104, "timestamp": "00:02:57.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1793", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:57.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 138528141082624, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 138530288500735, "entry_point": 0, "filename": null, "id": "region_1794", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:02:57.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "" ], "ref_process_dump": null, "size": 2199023255552, "start_va": 138530288500736, "type": "region", "version": 1 }, "end_va": 140729311756287, "entry_point": 0, "filename": null, "id": "region_1795", "name": "pagefile_0x00007dfe18a30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 138530288500736, "timestamp": "00:02:57.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1843200, "start_va": 140729311756288, "type": "region", "version": 1 }, "end_va": 140729313599487, "entry_point": 140729311756288, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1796", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729311756288, "timestamp": "00:02:57.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8174690304, "start_va": 140729313599488, "type": "region", "version": 1 }, "end_va": 140737488289791, "entry_point": 0, "filename": null, "id": "region_1797", "name": "private_0x00007ffe18bf2000", "norm_filename": null, "region_type": "private_memory", "start_va": 140729313599488, "timestamp": "00:02:57.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 131072, "start_va": 77594624, "type": "region", "version": 1 }, "end_va": 77725695, "entry_point": 0, "filename": null, "id": "region_1798", "name": "private_0x0000000004a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 77594624, "timestamp": "00:02:57.381", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 77725696, "type": "region", "version": 1 }, "end_va": 77987839, "entry_point": 0, "filename": null, "id": "region_1801", "name": "private_0x0000000004a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 77725696, "timestamp": "00:02:57.457", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 77987840, "type": "region", "version": 1 }, "end_va": 78249983, "entry_point": 0, "filename": null, "id": "region_1802", "name": "private_0x0000000004a60000", "norm_filename": null, "region_type": "private_memory", "start_va": 77987840, "timestamp": "00:02:57.457", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 80216064, "type": "region", "version": 1 }, "end_va": 80244735, "entry_point": 0, "filename": null, "id": "region_1803", "name": "private_0x0000000004c80000", "norm_filename": null, "region_type": "private_memory", "start_va": 80216064, "timestamp": "00:02:57.457", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 80740352, "type": "region", "version": 1 }, "end_va": 81788927, "entry_point": 0, "filename": null, "id": "region_1804", "name": "private_0x0000000004d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 80740352, "timestamp": "00:02:57.457", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1478230016, "type": "region", "version": 1 }, "end_va": 1478553599, "entry_point": 1478322912, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1805", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1478230016, "timestamp": "00:02:57.457", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 471040, "start_va": 1478557696, "type": "region", "version": 1 }, "end_va": 1479028735, "entry_point": 1478635344, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1806", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1478557696, "timestamp": "00:02:57.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2134806528, "type": "region", "version": 1 }, "end_va": 2134818815, "entry_point": 0, "filename": null, "id": "region_1807", "name": "private_0x000000007f3e9000", "norm_filename": null, "region_type": "private_memory", "start_va": 2134806528, "timestamp": "00:02:57.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 78708736, "type": "region", "version": 1 }, "end_va": 78725119, "entry_point": 0, "filename": null, "id": "region_1808", "name": "private_0x0000000004b10000", "norm_filename": null, "region_type": "private_memory", "start_va": 78708736, "timestamp": "00:02:57.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1478164480, "type": "region", "version": 1 }, "end_va": 1478197247, "entry_point": 1478169696, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1809", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1478164480, "timestamp": "00:02:57.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 76546048, "type": "region", "version": 1 }, "end_va": 76611583, "entry_point": 0, "filename": null, "id": "region_1810", "name": "pagefile_0x0000000004900000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 76546048, "timestamp": "00:02:57.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 78249984, "type": "region", "version": 1 }, "end_va": 78512127, "entry_point": 0, "filename": null, "id": "region_1811", "name": "private_0x0000000004aa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 78249984, "timestamp": "00:02:57.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 778240, "start_va": 78774272, "type": "region", "version": 1 }, "end_va": 79552511, "entry_point": 78774272, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1812", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 78774272, "timestamp": "00:02:57.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 79560704, "type": "region", "version": 1 }, "end_va": 79822847, "entry_point": 0, "filename": null, "id": "region_1813", "name": "private_0x0000000004be0000", "norm_filename": null, "region_type": "private_memory", "start_va": 79560704, "timestamp": "00:02:57.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 81788928, "type": "region", "version": 1 }, "end_va": 82837503, "entry_point": 0, "filename": null, "id": "region_1814", "name": "private_0x0000000004e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 81788928, "timestamp": "00:02:57.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1954807808, "type": "region", "version": 1 }, "end_va": 1955172351, "entry_point": 1955040448, "filename": "\\Windows\\SysWOW64\\bcryptprimitives.dll", "id": "region_1815", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\syswow64\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 1954807808, "timestamp": "00:02:57.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1955201024, "type": "region", "version": 1 }, "end_va": 1955241983, "entry_point": 1955211936, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1816", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1955201024, "timestamp": "00:02:57.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 1955266560, "type": "region", "version": 1 }, "end_va": 1955389439, "entry_point": 1955313216, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1817", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1955266560, "timestamp": "00:02:57.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1956184064, "type": "region", "version": 1 }, "end_va": 1957167103, "entry_point": 1956263888, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1818", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1956184064, "timestamp": "00:02:57.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1957167104, "type": "region", "version": 1 }, "end_va": 1957871615, "entry_point": 1957377712, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1819", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1957167104, "timestamp": "00:02:57.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1966735360, "type": "region", "version": 1 }, "end_va": 1967009791, "entry_point": 1966798192, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1820", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1966735360, "timestamp": "00:02:57.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 1978073088, "type": "region", "version": 1 }, "end_va": 1979604991, "entry_point": 1978714528, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1821", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1978073088, "timestamp": "00:02:57.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2133590016, "type": "region", "version": 1 }, "end_va": 2134638591, "entry_point": 0, "filename": null, "id": "region_1822", "name": "pagefile_0x000000007f2c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2133590016, "timestamp": "00:02:57.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2134794240, "type": "region", "version": 1 }, "end_va": 2134806527, "entry_point": 0, "filename": null, "id": "region_1823", "name": "private_0x000000007f3e6000", "norm_filename": null, "region_type": "private_memory", "start_va": 2134794240, "timestamp": "00:02:57.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1310720, "start_va": 1976107008, "type": "region", "version": 1 }, "end_va": 1977417727, "entry_point": 1976173184, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1824", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1976107008, "timestamp": "00:02:57.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1363968, "start_va": 1959854080, "type": "region", "version": 1 }, "end_va": 1961218047, "entry_point": 1960584656, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1825", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1959854080, "timestamp": "00:02:57.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 172032, "start_va": 78512128, "type": "region", "version": 1 }, "end_va": 78684159, "entry_point": 78533296, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1826", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 78512128, "timestamp": "00:02:57.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 82837504, "type": "region", "version": 1 }, "end_va": 84443135, "entry_point": 0, "filename": null, "id": "region_1827", "name": "pagefile_0x0000000004f00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 82837504, "timestamp": "00:02:57.537", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 1975910400, "type": "region", "version": 1 }, "end_va": 1976086527, "entry_point": 1975931568, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1828", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1975910400, "timestamp": "00:02:57.537", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1179648, "start_va": 2003304448, "type": "region", "version": 1 }, "end_va": 2004484095, "entry_point": 2003584736, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1829", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 2003304448, "timestamp": "00:02:57.539", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967841279, "entry_point": 1967281712, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1830", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:02:57.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 610304, "start_va": 84475904, "type": "region", "version": 1 }, "end_va": 85086207, "entry_point": 0, "filename": null, "id": "region_1831", "name": "private_0x0000000005090000", "norm_filename": null, "region_type": "private_memory", "start_va": 84475904, "timestamp": "00:02:57.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 85131264, "type": "region", "version": 1 }, "end_va": 87228415, "entry_point": 0, "filename": null, "id": "region_1832", "name": "private_0x0000000005130000", "norm_filename": null, "region_type": "private_memory", "start_va": 85131264, "timestamp": "00:02:57.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 85983232, "type": "region", "version": 1 }, "end_va": 87031807, "entry_point": 0, "filename": null, "id": "region_1833", "name": "private_0x0000000005200000", "norm_filename": null, "region_type": "private_memory", "start_va": 85983232, "timestamp": "00:02:57.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 76611584, "type": "region", "version": 1 }, "end_va": 76615679, "entry_point": 76611584, "filename": "\\Windows\\SysWOW64\\en-US\\svchost.exe.mui", "id": "region_1834", "name": "svchost.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\svchost.exe.mui", "region_type": "memory_mapped_file", "start_va": 76611584, "timestamp": "00:02:57.547", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 87031808, "type": "region", "version": 1 }, "end_va": 88608767, "entry_point": 0, "filename": null, "id": "region_1835", "name": "pagefile_0x0000000005300000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 87031808, "timestamp": "00:02:57.547", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 88670208, "type": "region", "version": 1 }, "end_va": 109641727, "entry_point": 0, "filename": null, "id": "region_1836", "name": "pagefile_0x0000000005490000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 88670208, "timestamp": "00:02:57.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 76677120, "type": "region", "version": 1 }, "end_va": 76681215, "entry_point": 0, "filename": null, "id": "region_1837", "name": "private_0x0000000004920000", "norm_filename": null, "region_type": "private_memory", "start_va": 76677120, "timestamp": "00:02:57.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 78512128, "type": "region", "version": 1 }, "end_va": 78516223, "entry_point": 0, "filename": null, "id": "region_1838", "name": "private_0x0000000004ae0000", "norm_filename": null, "region_type": "private_memory", "start_va": 78512128, "timestamp": "00:02:57.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 84934656, "type": "region", "version": 1 }, "end_va": 84951039, "entry_point": 0, "filename": null, "id": "region_1839", "name": "private_0x0000000005100000", "norm_filename": null, "region_type": "private_memory", "start_va": 84934656, "timestamp": "00:02:57.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 20480, "start_va": 85065728, "type": "region", "version": 1 }, "end_va": 85086207, "entry_point": 0, "filename": null, "id": "region_1840", "name": "private_0x0000000005120000", "norm_filename": null, "region_type": "private_memory", "start_va": 85065728, "timestamp": "00:02:57.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 110100480, "type": "region", "version": 1 }, "end_va": 111149055, "entry_point": 0, "filename": null, "id": "region_1841", "name": "private_0x0000000006900000", "norm_filename": null, "region_type": "private_memory", "start_va": 110100480, "timestamp": "00:02:57.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1971761151, "entry_point": 1971381168, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1842", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:02:57.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1951203328, "type": "region", "version": 1 }, "end_va": 1951281151, "entry_point": 1951241472, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_1843", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1951203328, "timestamp": "00:02:57.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1952514048, "type": "region", "version": 1 }, "end_va": 1952624639, "entry_point": 1952550928, "filename": "\\Windows\\SysWOW64\\bcrypt.dll", "id": "region_1844", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\syswow64\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 1952514048, "timestamp": "00:02:57.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951199231, "entry_point": 1951110448, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_1845", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:02:57.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3371008, "start_va": 111149056, "type": "region", "version": 1 }, "end_va": 114520063, "entry_point": 111149056, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1846", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 111149056, "timestamp": "00:02:57.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001027071, "entry_point": 2000869392, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1847", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:02:57.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1810432, "start_va": 1974009856, "type": "region", "version": 1 }, "end_va": 1975820287, "entry_point": 1974913968, "filename": "\\Windows\\SysWOW64\\combase.dll", "id": "region_1848", "name": "combase.dll", "norm_filename": "c:\\windows\\syswow64\\combase.dll", "region_type": "memory_mapped_file", "start_va": 1974009856, "timestamp": "00:02:57.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970823167, "entry_point": 1970803840, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_1849", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:02:57.574", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 78577664, "type": "region", "version": 1 }, "end_va": 78581759, "entry_point": 0, "filename": null, "id": "region_1850", "name": "private_0x0000000004af0000", "norm_filename": null, "region_type": "private_memory", "start_va": 78577664, "timestamp": "00:02:57.576", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1952120832, "type": "region", "version": 1 }, "end_va": 1952161791, "entry_point": 1952133632, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_1851", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1952120832, "timestamp": "00:02:57.579", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 163840, "start_va": 1950810112, "type": "region", "version": 1 }, "end_va": 1950973951, "entry_point": 1950840960, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_1852", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1950810112, "timestamp": "00:02:57.587", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 78643200, "type": "region", "version": 1 }, "end_va": 78651391, "entry_point": 0, "filename": null, "id": "region_1853", "name": "private_0x0000000004b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 78643200, "timestamp": "00:02:57.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 80281600, "type": "region", "version": 1 }, "end_va": 80543743, "entry_point": 0, "filename": null, "id": "region_2631", "name": "private_0x0000000004c90000", "norm_filename": null, "region_type": "private_memory", "start_va": 80281600, "timestamp": "00:03:32.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 85655552, "type": "region", "version": 1 }, "end_va": 85917695, "entry_point": 0, "filename": null, "id": "region_2632", "name": "private_0x00000000051b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 85655552, "timestamp": "00:03:32.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 109641728, "type": "region", "version": 1 }, "end_va": 109903871, "entry_point": 0, "filename": null, "id": "region_2633", "name": "private_0x0000000006890000", "norm_filename": null, "region_type": "private_memory", "start_va": 109641728, "timestamp": "00:03:32.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 115605504, "type": "region", "version": 1 }, "end_va": 116654079, "entry_point": 0, "filename": null, "id": "region_2634", "name": "private_0x0000000006e40000", "norm_filename": null, "region_type": "private_memory", "start_va": 115605504, "timestamp": "00:03:32.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 119799808, "type": "region", "version": 1 }, "end_va": 120848383, "entry_point": 0, "filename": null, "id": "region_2635", "name": "private_0x0000000007240000", "norm_filename": null, "region_type": "private_memory", "start_va": 119799808, "timestamp": "00:03:32.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 120848384, "type": "region", "version": 1 }, "end_va": 121110527, "entry_point": 0, "filename": null, "id": "region_2636", "name": "private_0x0000000007340000", "norm_filename": null, "region_type": "private_memory", "start_va": 120848384, "timestamp": "00:03:32.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2133504000, "type": "region", "version": 1 }, "end_va": 2133516287, "entry_point": 0, "filename": null, "id": "region_2637", "name": "private_0x000000007f2ab000", "norm_filename": null, "region_type": "private_memory", "start_va": 2133504000, "timestamp": "00:03:32.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2133516288, "type": "region", "version": 1 }, "end_va": 2133528575, "entry_point": 0, "filename": null, "id": "region_2638", "name": "private_0x000000007f2ae000", "norm_filename": null, "region_type": "private_memory", "start_va": 2133516288, "timestamp": "00:03:32.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2133565440, "type": "region", "version": 1 }, "end_va": 2133577727, "entry_point": 0, "filename": null, "id": "region_2639", "name": "private_0x000000007f2ba000", "norm_filename": null, "region_type": "private_memory", "start_va": 2133565440, "timestamp": "00:03:32.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 78643200, "type": "region", "version": 1 }, "end_va": 78647295, "entry_point": 0, "filename": null, "id": "region_2641", "name": "private_0x0000000004b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 78643200, "timestamp": "00:03:32.580", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 405504, "start_va": 84475904, "type": "region", "version": 1 }, "end_va": 84881407, "entry_point": 0, "filename": null, "id": "region_2642", "name": "private_0x0000000005090000", "norm_filename": null, "region_type": "private_memory", "start_va": 84475904, "timestamp": "00:03:32.586", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\updee12df24.exe\" -update", "filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\updee12df24.exe", "id": "proc_12", "image_name": "updee12df24.exe", "monitor_reason": "child_process", "monitored_id": 12, "origin_monitor_id": 8, "ref_parent_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2354", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:03:04.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2355", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:03:04.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_2356", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:03:04.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 655359, "entry_point": 0, "filename": null, "id": "region_2357", "name": "private_0x0000000000060000", "norm_filename": null, "region_type": "private_memory", "start_va": 393216, "timestamp": "00:03:04.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 1703935, "entry_point": 0, "filename": null, "id": "region_2358", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:03:04.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 219545600, "type": "region", "version": 1 }, "end_va": 219869183, "entry_point": 219545600, "filename": "\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\updee12df24.exe", "id": "region_2359", "name": "updee12df24.exe", "norm_filename": "c:\\users\\ciihmn~1\\appdata\\local\\temp\\updee12df24.exe", "region_type": "memory_mapped_file", "start_va": 219545600, "timestamp": "00:03:04.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1544192, "start_va": 2004484096, "type": "region", "version": 1 }, "end_va": 2006028287, "entry_point": 2004484096, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2360", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2004484096, "timestamp": "00:03:04.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_2361", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:03:04.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_2362", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:03:04.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_2363", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:03:04.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2364", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:03:04.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2365", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:03:04.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 140727164338176, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 140729311756287, "entry_point": 0, "filename": null, "id": "region_2366", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:03:04.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1843200, "start_va": 140729311756288, "type": "region", "version": 1 }, "end_va": 140729313599487, "entry_point": 140729311756288, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2367", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729311756288, "timestamp": "00:03:04.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8174690304, "start_va": 140729313599488, "type": "region", "version": 1 }, "end_va": 140737488289791, "entry_point": 0, "filename": null, "id": "region_2368", "name": "private_0x00007ffe18bf2000", "norm_filename": null, "region_type": "private_memory", "start_va": 140729313599488, "timestamp": "00:03:04.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1720319, "entry_point": 0, "filename": null, "id": "region_2371", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:03:04.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_2372", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:03:04.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1843199, "entry_point": 0, "filename": null, "id": "region_2373", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:03:04.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_2375", "name": "private_0x00000000002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2883584, "timestamp": "00:03:04.761", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1478230016, "type": "region", "version": 1 }, "end_va": 1478553599, "entry_point": 1478322912, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_2376", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1478230016, "timestamp": "00:03:04.761", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 471040, "start_va": 1478557696, "type": "region", "version": 1 }, "end_va": 1479028735, "entry_point": 1478635344, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_2377", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1478557696, "timestamp": "00:03:04.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4915200, "type": "region", "version": 1 }, "end_va": 5963775, "entry_point": 0, "filename": null, "id": "region_2378", "name": "private_0x00000000004b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4915200, "timestamp": "00:03:04.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1478164480, "type": "region", "version": 1 }, "end_va": 1478197247, "entry_point": 1478169696, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_2379", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1478164480, "timestamp": "00:03:04.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2382", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:03:04.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 778240, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2678783, "entry_point": 1900544, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2383", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1900544, "timestamp": "00:03:04.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 593920, "start_va": 1938358272, "type": "region", "version": 1 }, "end_va": 1938952191, "entry_point": 1938623152, "filename": "\\Windows\\SysWOW64\\apphelp.dll", "id": "region_2384", "name": "apphelp.dll", "norm_filename": "c:\\windows\\syswow64\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 1938358272, "timestamp": "00:03:04.828", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1956184064, "type": "region", "version": 1 }, "end_va": 1957167103, "entry_point": 1956263888, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_2385", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1956184064, "timestamp": "00:03:04.828", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 1978073088, "type": "region", "version": 1 }, "end_va": 1979604991, "entry_point": 1978714528, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_2386", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1978073088, "timestamp": "00:03:04.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2146107392, "type": "region", "version": 1 }, "end_va": 2147155967, "entry_point": 0, "filename": null, "id": "region_2387", "name": "pagefile_0x000000007feb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2146107392, "timestamp": "00:03:04.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 147455, "entry_point": 0, "filename": null, "id": "region_2388", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:03:04.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_2389", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:03:04.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2691071, "entry_point": 0, "filename": null, "id": "region_2390", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:03:04.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 3211263, "entry_point": 0, "filename": null, "id": "region_2391", "name": "private_0x00000000002d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2949120, "timestamp": "00:03:04.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 4259839, "entry_point": 0, "filename": null, "id": "region_2392", "name": "private_0x0000000000310000", "norm_filename": null, "region_type": "private_memory", "start_va": 3211264, "timestamp": "00:03:04.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5963776, "type": "region", "version": 1 }, "end_va": 7569407, "entry_point": 0, "filename": null, "id": "region_2393", "name": "pagefile_0x00000000005b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5963776, "timestamp": "00:03:04.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 9043968, "type": "region", "version": 1 }, "end_va": 9109503, "entry_point": 0, "filename": null, "id": "region_2394", "name": "private_0x00000000008a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9043968, "timestamp": "00:03:04.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9109504, "type": "region", "version": 1 }, "end_va": 10686463, "entry_point": 0, "filename": null, "id": "region_2395", "name": "pagefile_0x00000000008b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9109504, "timestamp": "00:03:04.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10747904, "type": "region", "version": 1 }, "end_va": 31719423, "entry_point": 0, "filename": null, "id": "region_2396", "name": "pagefile_0x0000000000a40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10747904, "timestamp": "00:03:04.974", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1936457728, "type": "region", "version": 1 }, "end_va": 1936592895, "entry_point": 1936457728, "filename": "\\Windows\\SysWOW64\\devobj.dll", "id": "region_2397", "name": "devobj.dll", "norm_filename": "c:\\windows\\syswow64\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1936457728, "timestamp": "00:03:04.974", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1936654336, "type": "region", "version": 1 }, "end_va": 1936752639, "entry_point": 1936654336, "filename": "\\Windows\\SysWOW64\\msacm32.dll", "id": "region_2398", "name": "msacm32.dll", "norm_filename": "c:\\windows\\syswow64\\msacm32.dll", "region_type": "memory_mapped_file", "start_va": 1936654336, "timestamp": "00:03:04.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 1936785408, "type": "region", "version": 1 }, "end_va": 1936928767, "entry_point": 1936785408, "filename": "\\Windows\\SysWOW64\\winmmbase.dll", "id": "region_2399", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\syswow64\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 1936785408, "timestamp": "00:03:04.992", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 1936982016, "type": "region", "version": 1 }, "end_va": 1937129471, "entry_point": 1936982016, "filename": "\\Windows\\SysWOW64\\winmm.dll", "id": "region_2400", "name": "winmm.dll", "norm_filename": "c:\\windows\\syswow64\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1936982016, "timestamp": "00:03:05.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 1937178624, "type": "region", "version": 1 }, "end_va": 1937321983, "entry_point": 1937178624, "filename": "\\Windows\\SysWOW64\\msvfw32.dll", "id": "region_2401", "name": "msvfw32.dll", "norm_filename": "c:\\windows\\syswow64\\msvfw32.dll", "region_type": "memory_mapped_file", "start_va": 1937178624, "timestamp": "00:03:05.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 598016, "start_va": 1937375232, "type": "region", "version": 1 }, "end_va": 1937973247, "entry_point": 1937431904, "filename": "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll", "id": "region_2402", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1937375232, "timestamp": "00:03:05.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1938227200, "type": "region", "version": 1 }, "end_va": 1938341887, "entry_point": 1938227200, "filename": "\\Windows\\SysWOW64\\avifil32.dll", "id": "region_2403", "name": "avifil32.dll", "norm_filename": "c:\\windows\\syswow64\\avifil32.dll", "region_type": "memory_mapped_file", "start_va": 1938227200, "timestamp": "00:03:05.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1939931136, "type": "region", "version": 1 }, "end_va": 1940205567, "entry_point": 1939931136, "filename": "\\Windows\\SysWOW64\\pdh.dll", "id": "region_2404", "name": "pdh.dll", "norm_filename": "c:\\windows\\syswow64\\pdh.dll", "region_type": "memory_mapped_file", "start_va": 1939931136, "timestamp": "00:03:05.026", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1940258816, "type": "region", "version": 1 }, "end_va": 1940340735, "entry_point": 1940258816, "filename": "\\Windows\\SysWOW64\\avicap32.dll", "id": "region_2405", "name": "avicap32.dll", "norm_filename": "c:\\windows\\syswow64\\avicap32.dll", "region_type": "memory_mapped_file", "start_va": 1940258816, "timestamp": "00:03:05.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2887680, "start_va": 1945567232, "type": "region", "version": 1 }, "end_va": 1948454911, "entry_point": 1947861776, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_2406", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1945567232, "timestamp": "00:03:05.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951531008, "type": "region", "version": 1 }, "end_va": 1951563775, "entry_point": 1951539264, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_2407", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1951531008, "timestamp": "00:03:05.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1952120832, "type": "region", "version": 1 }, "end_va": 1952161791, "entry_point": 1952133632, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_2408", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1952120832, "timestamp": "00:03:05.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 1952186368, "type": "region", "version": 1 }, "end_va": 1952382975, "entry_point": 1952205888, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_2409", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1952186368, "timestamp": "00:03:05.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1441792, "start_va": 1952645120, "type": "region", "version": 1 }, "end_va": 1954086911, "entry_point": 1953093904, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_2410", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1952645120, "timestamp": "00:03:05.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1954807808, "type": "region", "version": 1 }, "end_va": 1955172351, "entry_point": 1955040448, "filename": "\\Windows\\SysWOW64\\bcryptprimitives.dll", "id": "region_2411", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\syswow64\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 1954807808, "timestamp": "00:03:05.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1955201024, "type": "region", "version": 1 }, "end_va": 1955241983, "entry_point": 1955211936, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_2412", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1955201024, "timestamp": "00:03:05.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 1955266560, "type": "region", "version": 1 }, "end_va": 1955389439, "entry_point": 1955313216, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_2413", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1955266560, "timestamp": "00:03:05.053", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1957167104, "type": "region", "version": 1 }, "end_va": 1957871615, "entry_point": 1957377712, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_2414", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1957167104, "timestamp": "00:03:05.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1959423999, "entry_point": 1959402816, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_2415", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:03:05.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1363968, "start_va": 1959854080, "type": "region", "version": 1 }, "end_va": 1961218047, "entry_point": 1960584656, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_2416", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1959854080, "timestamp": "00:03:05.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5099520, "start_va": 1961230336, "type": "region", "version": 1 }, "end_va": 1966329855, "entry_point": 1963291744, "filename": "\\Windows\\SysWOW64\\windows.storage.dll", "id": "region_2417", "name": "windows.storage.dll", "norm_filename": "c:\\windows\\syswow64\\windows.storage.dll", "region_type": "memory_mapped_file", "start_va": 1961230336, "timestamp": "00:03:05.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1966735360, "type": "region", "version": 1 }, "end_va": 1967009791, "entry_point": 1966798192, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_2418", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1966735360, "timestamp": "00:03:05.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967841279, "entry_point": 1967281712, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_2419", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:03:05.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1967915008, "type": "region", "version": 1 }, "end_va": 1968193535, "entry_point": 1967944320, "filename": "\\Windows\\SysWOW64\\powrprof.dll", "id": "region_2420", "name": "powrprof.dll", "norm_filename": "c:\\windows\\syswow64\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 1967915008, "timestamp": "00:03:05.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 958464, "start_va": 1969815552, "type": "region", "version": 1 }, "end_va": 1970774015, "entry_point": 1970059664, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_2421", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1969815552, "timestamp": "00:03:05.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1971240959, "entry_point": 1970943664, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_2422", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:03:05.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1971761151, "entry_point": 1971381168, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_2423", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:03:05.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 221184, "start_va": 1971781632, "type": "region", "version": 1 }, "end_va": 1972002815, "entry_point": 1971781632, "filename": "\\Windows\\SysWOW64\\cfgmgr32.dll", "id": "region_2424", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\syswow64\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1971781632, "timestamp": "00:03:05.059", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1972764672, "type": "region", "version": 1 }, "end_va": 1972813823, "entry_point": 1972779296, "filename": "\\Windows\\SysWOW64\\kernel.appcore.dll", "id": "region_2425", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\syswow64\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 1972764672, "timestamp": "00:03:05.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 577536, "start_va": 1973420032, "type": "region", "version": 1 }, "end_va": 1973997567, "entry_point": 1973719456, "filename": "\\Windows\\SysWOW64\\SHCore.dll", "id": "region_2426", "name": "shcore.dll", "norm_filename": "c:\\windows\\syswow64\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 1973420032, "timestamp": "00:03:05.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1810432, "start_va": 1974009856, "type": "region", "version": 1 }, "end_va": 1975820287, "entry_point": 1974913968, "filename": "\\Windows\\SysWOW64\\combase.dll", "id": "region_2427", "name": "combase.dll", "norm_filename": "c:\\windows\\syswow64\\combase.dll", "region_type": "memory_mapped_file", "start_va": 1974009856, "timestamp": "00:03:05.070", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1975906303, "entry_point": 1975856704, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_2428", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:03:05.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 1975910400, "type": "region", "version": 1 }, "end_va": 1976086527, "entry_point": 1975931568, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2429", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1975910400, "timestamp": "00:03:05.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1310720, "start_va": 1976107008, "type": "region", "version": 1 }, "end_va": 1977417727, "entry_point": 1976173184, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_2430", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1976107008, "timestamp": "00:03:05.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 598016, "start_va": 1977417728, "type": "region", "version": 1 }, "end_va": 1978015743, "entry_point": 1977631952, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_2431", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1977417728, "timestamp": "00:03:05.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20705280, "start_va": 1980039168, "type": "region", "version": 1 }, "end_va": 2000744447, "entry_point": 1981849248, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_2432", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1980039168, "timestamp": "00:03:05.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001027071, "entry_point": 2000869392, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_2433", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:03:05.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1179648, "start_va": 2003304448, "type": "region", "version": 1 }, "end_va": 2004484095, "entry_point": 2003584736, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_2434", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 2003304448, "timestamp": "00:03:05.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2147319808, "type": "region", "version": 1 }, "end_va": 2147332095, "entry_point": 0, "filename": null, "id": "region_2435", "name": "private_0x000000007ffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147319808, "timestamp": "00:03:05.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2760703, "entry_point": 2752512, "filename": "\\Windows\\SysWOW64\\en-US\\msvfw32.dll.mui", "id": "region_2437", "name": "msvfw32.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\msvfw32.dll.mui", "region_type": "memory_mapped_file", "start_va": 2752512, "timestamp": "00:03:05.111", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2830335, "entry_point": 2818048, "filename": "\\Windows\\SysWOW64\\en-US\\avicap32.dll.mui", "id": "region_2438", "name": "avicap32.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\avicap32.dll.mui", "region_type": "memory_mapped_file", "start_va": 2818048, "timestamp": "00:03:05.121", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 4521983, "entry_point": 0, "filename": null, "id": "region_2439", "name": "private_0x0000000000410000", "norm_filename": null, "region_type": "private_memory", "start_va": 4259840, "timestamp": "00:03:05.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 4538367, "entry_point": 0, "filename": null, "id": "region_2440", "name": "private_0x0000000000450000", "norm_filename": null, "region_type": "private_memory", "start_va": 4521984, "timestamp": "00:03:05.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 7602176, "type": "region", "version": 1 }, "end_va": 8650751, "entry_point": 0, "filename": null, "id": "region_2441", "name": "private_0x0000000000740000", "norm_filename": null, "region_type": "private_memory", "start_va": 7602176, "timestamp": "00:03:05.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 33161216, "type": "region", "version": 1 }, "end_va": 33226751, "entry_point": 0, "filename": null, "id": "region_2442", "name": "private_0x0000000001fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33161216, "timestamp": "00:03:05.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 33751040, "type": "region", "version": 1 }, "end_va": 33816575, "entry_point": 0, "filename": null, "id": "region_2443", "name": "private_0x0000000002030000", "norm_filename": null, "region_type": "private_memory", "start_va": 33751040, "timestamp": "00:03:05.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2147307520, "type": "region", "version": 1 }, "end_va": 2147319807, "entry_point": 0, "filename": null, "id": "region_2444", "name": "private_0x000000007ffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147307520, "timestamp": "00:03:05.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 479232, "start_va": 1951596544, "type": "region", "version": 1 }, "end_va": 1952075775, "entry_point": 1951832272, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_2445", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1951596544, "timestamp": "00:03:05.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1769472, "start_va": 33816576, "type": "region", "version": 1 }, "end_va": 35586047, "entry_point": 0, "filename": null, "id": "region_2446", "name": "private_0x0000000002040000", "norm_filename": null, "region_type": "private_memory", "start_va": 33816576, "timestamp": "00:03:05.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 131072, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 4718591, "entry_point": 0, "filename": null, "id": "region_2448", "name": "private_0x0000000000460000", "norm_filename": null, "region_type": "private_memory", "start_va": 4587520, "timestamp": "00:03:05.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 8650752, "type": "region", "version": 1 }, "end_va": 8912895, "entry_point": 0, "filename": null, "id": "region_2449", "name": "private_0x0000000000840000", "norm_filename": null, "region_type": "private_memory", "start_va": 8650752, "timestamp": "00:03:05.230", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 31719424, "type": "region", "version": 1 }, "end_va": 32767999, "entry_point": 0, "filename": null, "id": "region_2450", "name": "private_0x0000000001e40000", "norm_filename": null, "region_type": "private_memory", "start_va": 31719424, "timestamp": "00:03:05.230", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2146095104, "type": "region", "version": 1 }, "end_va": 2146107391, "entry_point": 0, "filename": null, "id": "region_2451", "name": "private_0x000000007fead000", "norm_filename": null, "region_type": "private_memory", "start_va": 2146095104, "timestamp": "00:03:05.230", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 589824, "start_va": 37289984, "type": "region", "version": 1 }, "end_va": 37879807, "entry_point": 0, "filename": null, "id": "region_2452", "name": "private_0x0000000002390000", "norm_filename": null, "region_type": "private_memory", "start_va": 37289984, "timestamp": "00:03:05.237", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1951203328, "type": "region", "version": 1 }, "end_va": 1951281151, "entry_point": 1951241472, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_2453", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1951203328, "timestamp": "00:03:05.238", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1952514048, "type": "region", "version": 1 }, "end_va": 1952624639, "entry_point": 1952550928, "filename": "\\Windows\\SysWOW64\\bcrypt.dll", "id": "region_2454", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\syswow64\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 1952514048, "timestamp": "00:03:05.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951199231, "entry_point": 1951110448, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2455", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:03:05.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3371008, "start_va": 37879808, "type": "region", "version": 1 }, "end_va": 41250815, "entry_point": 37879808, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2456", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 37879808, "timestamp": "00:03:05.244", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970823167, "entry_point": 1970803840, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_2457", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:03:05.251", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 4722687, "entry_point": 0, "filename": null, "id": "region_2458", "name": "private_0x0000000000480000", "norm_filename": null, "region_type": "private_memory", "start_va": 4718592, "timestamp": "00:03:05.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 163840, "start_va": 1950810112, "type": "region", "version": 1 }, "end_va": 1950973951, "entry_point": 1950840960, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_2459", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1950810112, "timestamp": "00:03:05.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 4796415, "entry_point": 0, "filename": null, "id": "region_2460", "name": "private_0x0000000000490000", "norm_filename": null, "region_type": "private_memory", "start_va": 4784128, "timestamp": "00:03:05.266", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 4849664, "type": "region", "version": 1 }, "end_va": 4866047, "entry_point": 0, "filename": null, "id": "region_2461", "name": "private_0x00000000004a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4849664, "timestamp": "00:03:05.270", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 32768000, "type": "region", "version": 1 }, "end_va": 33030143, "entry_point": 0, "filename": null, "id": "region_2462", "name": "private_0x0000000001f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 32768000, "timestamp": "00:03:05.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 33816576, "type": "region", "version": 1 }, "end_va": 34865151, "entry_point": 0, "filename": null, "id": "region_2463", "name": "private_0x0000000002040000", "norm_filename": null, "region_type": "private_memory", "start_va": 33816576, "timestamp": "00:03:05.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 35520512, "type": "region", "version": 1 }, "end_va": 35586047, "entry_point": 0, "filename": null, "id": "region_2464", "name": "private_0x00000000021e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35520512, "timestamp": "00:03:05.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2146082816, "type": "region", "version": 1 }, "end_va": 2146095103, "entry_point": 0, "filename": null, "id": "region_2465", "name": "private_0x000000007feaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2146082816, "timestamp": "00:03:05.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 4849663, "entry_point": 0, "filename": null, "id": "region_2466", "name": "private_0x0000000000490000", "norm_filename": null, "region_type": "private_memory", "start_va": 4784128, "timestamp": "00:03:05.353", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 8650752, "type": "region", "version": 1 }, "end_va": 8724479, "entry_point": 0, "filename": null, "id": "region_2468", "name": "private_0x0000000000840000", "norm_filename": null, "region_type": "private_memory", "start_va": 8650752, "timestamp": "00:03:05.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 20480, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 4804607, "entry_point": 0, "filename": null, "id": "region_2469", "name": "pagefile_0x0000000000490000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4784128, "timestamp": "00:03:05.355", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 33292288, "type": "region", "version": 1 }, "end_va": 33652735, "entry_point": 0, "filename": null, "id": "region_2566", "name": "private_0x0000000001fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33292288, "timestamp": "00:03:23.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 4788223, "entry_point": 0, "filename": null, "id": "region_2569", "name": "private_0x0000000000490000", "norm_filename": null, "region_type": "private_memory", "start_va": 4784128, "timestamp": "00:03:31.304", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8650752, "type": "region", "version": 1 }, "end_va": 8654847, "entry_point": 0, "filename": null, "id": "region_2570", "name": "private_0x0000000000840000", "norm_filename": null, "region_type": "private_memory", "start_va": 8650752, "timestamp": "00:03:31.311", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 35586048, "type": "region", "version": 1 }, "end_va": 36634623, "entry_point": 0, "filename": null, "id": "region_2599", "name": "private_0x00000000021f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35586048, "timestamp": "00:03:31.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 589824, "start_va": 43253760, "type": "region", "version": 1 }, "end_va": 43843583, "entry_point": 0, "filename": null, "id": "region_2623", "name": "private_0x0000000002940000", "norm_filename": null, "region_type": "private_memory", "start_va": 43253760, "timestamp": "00:03:31.960", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8650752, "type": "region", "version": 1 }, "end_va": 8654847, "entry_point": 0, "filename": null, "id": "region_2624", "name": "pagefile_0x0000000000840000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8650752, "timestamp": "00:03:31.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 8716288, "type": "region", "version": 1 }, "end_va": 8732671, "entry_point": 0, "filename": null, "id": "region_2625", "name": "private_0x0000000000850000", "norm_filename": null, "region_type": "private_memory", "start_va": 8716288, "timestamp": "00:03:31.989", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 8716288, "type": "region", "version": 1 }, "end_va": 8724479, "entry_point": 0, "filename": null, "id": "region_2626", "name": "private_0x0000000000850000", "norm_filename": null, "region_type": "private_memory", "start_va": 8716288, "timestamp": "00:03:32.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 8781824, "type": "region", "version": 1 }, "end_va": 8798207, "entry_point": 0, "filename": null, "id": "region_2627", "name": "private_0x0000000000860000", "norm_filename": null, "region_type": "private_memory", "start_va": 8781824, "timestamp": "00:03:32.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 8847360, "type": "region", "version": 1 }, "end_va": 8863743, "entry_point": 0, "filename": null, "id": "region_2628", "name": "private_0x0000000000870000", "norm_filename": null, "region_type": "private_memory", "start_va": 8847360, "timestamp": "00:03:32.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 303104, "start_va": 34865152, "type": "region", "version": 1 }, "end_va": 35168255, "entry_point": 0, "filename": null, "id": "region_2646", "name": "private_0x0000000002140000", "norm_filename": null, "region_type": "private_memory", "start_va": 34865152, "timestamp": "00:03:33.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 34865152, "type": "region", "version": 1 }, "end_va": 35127295, "entry_point": 0, "filename": null, "id": "region_2806", "name": "private_0x0000000002140000", "norm_filename": null, "region_type": "private_memory", "start_va": 34865152, "timestamp": "00:04:05.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 35127296, "type": "region", "version": 1 }, "end_va": 35389439, "entry_point": 0, "filename": null, "id": "region_2807", "name": "private_0x0000000002180000", "norm_filename": null, "region_type": "private_memory", "start_va": 35127296, "timestamp": "00:04:05.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 36634624, "type": "region", "version": 1 }, "end_va": 37683199, "entry_point": 0, "filename": null, "id": "region_2808", "name": "private_0x00000000022f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 36634624, "timestamp": "00:04:05.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 41287680, "type": "region", "version": 1 }, "end_va": 42336255, "entry_point": 0, "filename": null, "id": "region_2809", "name": "private_0x0000000002760000", "norm_filename": null, "region_type": "private_memory", "start_va": 41287680, "timestamp": "00:04:05.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2146070528, "type": "region", "version": 1 }, "end_va": 2146082815, "entry_point": 0, "filename": null, "id": "region_2810", "name": "private_0x000000007fea7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2146070528, "timestamp": "00:04:05.226", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\containers.exe\"", "filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\containers.exe", "id": "proc_13", "image_name": "containers.exe", "monitor_reason": "child_process", "monitored_id": 13, "origin_monitor_id": 12, "ref_parent_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2648", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:03:33.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2649", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:03:33.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_2650", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:03:33.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 655359, "entry_point": 0, "filename": null, "id": "region_2651", "name": "private_0x0000000000060000", "norm_filename": null, "region_type": "private_memory", "start_va": 393216, "timestamp": "00:03:33.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 1703935, "entry_point": 0, "filename": null, "id": "region_2652", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:03:33.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1720319, "entry_point": 0, "filename": null, "id": "region_2653", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:03:33.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_2654", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:03:33.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1843199, "entry_point": 0, "filename": null, "id": "region_2655", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:03:33.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 219545600, "type": "region", "version": 1 }, "end_va": 219869183, "entry_point": 219626270, "filename": "\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\containers.exe", "id": "region_2656", "name": "containers.exe", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\containers.exe", "region_type": "memory_mapped_file", "start_va": 219545600, "timestamp": "00:03:33.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1544192, "start_va": 2004484096, "type": "region", "version": 1 }, "end_va": 2006028287, "entry_point": 2004484096, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2657", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2004484096, "timestamp": "00:03:33.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_2658", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:03:33.677", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_2659", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:03:33.677", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_2660", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:03:33.677", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2661", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:03:33.677", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2662", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:03:33.677", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 140727164338176, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 140729311756287, "entry_point": 0, "filename": null, "id": "region_2663", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:03:33.677", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1843200, "start_va": 140729311756288, "type": "region", "version": 1 }, "end_va": 140729313599487, "entry_point": 140729311756288, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2664", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729311756288, "timestamp": "00:03:33.677", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8174690304, "start_va": 140729313599488, "type": "region", "version": 1 }, "end_va": 140737488289791, "entry_point": 0, "filename": null, "id": "region_2665", "name": "private_0x00007ffe18bf2000", "norm_filename": null, "region_type": "private_memory", "start_va": 140729313599488, "timestamp": "00:03:33.678", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_2666", "name": "private_0x0000000000260000", "norm_filename": null, "region_type": "private_memory", "start_va": 2490368, "timestamp": "00:03:33.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1478230016, "type": "region", "version": 1 }, "end_va": 1478553599, "entry_point": 1478322912, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_2667", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1478230016, "timestamp": "00:03:33.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 471040, "start_va": 1478557696, "type": "region", "version": 1 }, "end_va": 1479028735, "entry_point": 1478635344, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_2668", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1478557696, "timestamp": "00:03:33.693", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 4915199, "entry_point": 0, "filename": null, "id": "region_2669", "name": "private_0x00000000003b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3866624, "timestamp": "00:03:33.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1478164480, "type": "region", "version": 1 }, "end_va": 1478197247, "entry_point": 1478169696, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_2670", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1478164480, "timestamp": "00:03:33.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2671", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:03:33.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 147455, "entry_point": 0, "filename": null, "id": "region_2672", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:03:33.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_2673", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:03:33.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 778240, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 3334143, "entry_point": 2555904, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2674", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2555904, "timestamp": "00:03:33.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4915200, "type": "region", "version": 1 }, "end_va": 5963775, "entry_point": 0, "filename": null, "id": "region_2675", "name": "private_0x00000000004b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4915200, "timestamp": "00:03:33.721", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1954807808, "type": "region", "version": 1 }, "end_va": 1955172351, "entry_point": 1955040448, "filename": "\\Windows\\SysWOW64\\bcryptprimitives.dll", "id": "region_2676", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\syswow64\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 1954807808, "timestamp": "00:03:33.721", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1955201024, "type": "region", "version": 1 }, "end_va": 1955241983, "entry_point": 1955211936, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_2677", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1955201024, "timestamp": "00:03:33.721", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 1955266560, "type": "region", "version": 1 }, "end_va": 1955389439, "entry_point": 1955313216, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_2678", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1955266560, "timestamp": "00:03:33.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1956184064, "type": "region", "version": 1 }, "end_va": 1957167103, "entry_point": 1956263888, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_2679", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1956184064, "timestamp": "00:03:33.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1957167104, "type": "region", "version": 1 }, "end_va": 1957871615, "entry_point": 1957377712, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_2680", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1957167104, "timestamp": "00:03:33.723", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1363968, "start_va": 1959854080, "type": "region", "version": 1 }, "end_va": 1961218047, "entry_point": 1960584656, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_2681", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1959854080, "timestamp": "00:03:33.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5099520, "start_va": 1961230336, "type": "region", "version": 1 }, "end_va": 1966329855, "entry_point": 1963291744, "filename": "\\Windows\\SysWOW64\\windows.storage.dll", "id": "region_2682", "name": "windows.storage.dll", "norm_filename": "c:\\windows\\syswow64\\windows.storage.dll", "region_type": "memory_mapped_file", "start_va": 1961230336, "timestamp": "00:03:33.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1966735360, "type": "region", "version": 1 }, "end_va": 1967009791, "entry_point": 1966798192, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_2683", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1966735360, "timestamp": "00:03:33.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967841279, "entry_point": 1967281712, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_2684", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:03:33.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1967915008, "type": "region", "version": 1 }, "end_va": 1968193535, "entry_point": 1967944320, "filename": "\\Windows\\SysWOW64\\powrprof.dll", "id": "region_2685", "name": "powrprof.dll", "norm_filename": "c:\\windows\\syswow64\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 1967915008, "timestamp": "00:03:33.728", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1971761151, "entry_point": 1971381168, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_2686", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:03:33.729", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1972764672, "type": "region", "version": 1 }, "end_va": 1972813823, "entry_point": 1972779296, "filename": "\\Windows\\SysWOW64\\kernel.appcore.dll", "id": "region_2687", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\syswow64\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 1972764672, "timestamp": "00:03:33.729", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 577536, "start_va": 1973420032, "type": "region", "version": 1 }, "end_va": 1973997567, "entry_point": 1973719456, "filename": "\\Windows\\SysWOW64\\SHCore.dll", "id": "region_2688", "name": "shcore.dll", "norm_filename": "c:\\windows\\syswow64\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 1973420032, "timestamp": "00:03:33.730", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1810432, "start_va": 1974009856, "type": "region", "version": 1 }, "end_va": 1975820287, "entry_point": 1974913968, "filename": "\\Windows\\SysWOW64\\combase.dll", "id": "region_2689", "name": "combase.dll", "norm_filename": "c:\\windows\\syswow64\\combase.dll", "region_type": "memory_mapped_file", "start_va": 1974009856, "timestamp": "00:03:33.730", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1310720, "start_va": 1976107008, "type": "region", "version": 1 }, "end_va": 1977417727, "entry_point": 1976173184, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_2690", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1976107008, "timestamp": "00:03:33.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 1978073088, "type": "region", "version": 1 }, "end_va": 1979604991, "entry_point": 1978714528, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_2691", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1978073088, "timestamp": "00:03:33.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20705280, "start_va": 1980039168, "type": "region", "version": 1 }, "end_va": 2000744447, "entry_point": 1981849248, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_2692", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1980039168, "timestamp": "00:03:33.732", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001027071, "entry_point": 2000869392, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_2693", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:03:33.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2146107392, "type": "region", "version": 1 }, "end_va": 2147155967, "entry_point": 0, "filename": null, "id": "region_2694", "name": "pagefile_0x000000007feb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2146107392, "timestamp": "00:03:33.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2147319808, "type": "region", "version": 1 }, "end_va": 2147332095, "entry_point": 0, "filename": null, "id": "region_2695", "name": "private_0x000000007ffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147319808, "timestamp": "00:03:33.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_2696", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:03:33.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2166783, "entry_point": 0, "filename": null, "id": "region_2697", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:03:33.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2236415, "entry_point": 2228224, "filename": "\\Windows\\SysWOW64\\en-US\\msvfw32.dll.mui", "id": "region_2698", "name": "msvfw32.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\msvfw32.dll.mui", "region_type": "memory_mapped_file", "start_va": 2228224, "timestamp": "00:03:33.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2306047, "entry_point": 2293760, "filename": "\\Windows\\SysWOW64\\en-US\\avicap32.dll.mui", "id": "region_2699", "name": "avicap32.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\avicap32.dll.mui", "region_type": "memory_mapped_file", "start_va": 2293760, "timestamp": "00:03:33.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2375679, "entry_point": 0, "filename": null, "id": "region_2700", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:03:33.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5963776, "type": "region", "version": 1 }, "end_va": 7569407, "entry_point": 0, "filename": null, "id": "region_2701", "name": "pagefile_0x00000000005b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5963776, "timestamp": "00:03:33.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 8323072, "type": "region", "version": 1 }, "end_va": 8388607, "entry_point": 0, "filename": null, "id": "region_2702", "name": "private_0x00000000007f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8323072, "timestamp": "00:03:33.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 8716288, "type": "region", "version": 1 }, "end_va": 8781823, "entry_point": 0, "filename": null, "id": "region_2703", "name": "private_0x0000000000850000", "norm_filename": null, "region_type": "private_memory", "start_va": 8716288, "timestamp": "00:03:33.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 8978432, "type": "region", "version": 1 }, "end_va": 9043967, "entry_point": 0, "filename": null, "id": "region_2704", "name": "private_0x0000000000890000", "norm_filename": null, "region_type": "private_memory", "start_va": 8978432, "timestamp": "00:03:33.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9043968, "type": "region", "version": 1 }, "end_va": 10620927, "entry_point": 0, "filename": null, "id": "region_2705", "name": "pagefile_0x00000000008a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9043968, "timestamp": "00:03:33.793", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10682368, "type": "region", "version": 1 }, "end_va": 31653887, "entry_point": 0, "filename": null, "id": "region_2706", "name": "pagefile_0x0000000000a30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10682368, "timestamp": "00:03:33.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1936457728, "type": "region", "version": 1 }, "end_va": 1936592895, "entry_point": 1936494752, "filename": "\\Windows\\SysWOW64\\devobj.dll", "id": "region_2707", "name": "devobj.dll", "norm_filename": "c:\\windows\\syswow64\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1936457728, "timestamp": "00:03:33.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1936654336, "type": "region", "version": 1 }, "end_va": 1936752639, "entry_point": 1936670912, "filename": "\\Windows\\SysWOW64\\msacm32.dll", "id": "region_2708", "name": "msacm32.dll", "norm_filename": "c:\\windows\\syswow64\\msacm32.dll", "region_type": "memory_mapped_file", "start_va": 1936654336, "timestamp": "00:03:33.795", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 1936785408, "type": "region", "version": 1 }, "end_va": 1936928767, "entry_point": 1936818736, "filename": "\\Windows\\SysWOW64\\winmmbase.dll", "id": "region_2709", "name": "winmmbase.dll", "norm_filename": "c:\\windows\\syswow64\\winmmbase.dll", "region_type": "memory_mapped_file", "start_va": 1936785408, "timestamp": "00:03:33.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 147456, "start_va": 1936982016, "type": "region", "version": 1 }, "end_va": 1937129471, "entry_point": 1937000576, "filename": "\\Windows\\SysWOW64\\winmm.dll", "id": "region_2710", "name": "winmm.dll", "norm_filename": "c:\\windows\\syswow64\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1936982016, "timestamp": "00:03:33.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 143360, "start_va": 1937178624, "type": "region", "version": 1 }, "end_va": 1937321983, "entry_point": 1937257440, "filename": "\\Windows\\SysWOW64\\msvfw32.dll", "id": "region_2711", "name": "msvfw32.dll", "norm_filename": "c:\\windows\\syswow64\\msvfw32.dll", "region_type": "memory_mapped_file", "start_va": 1937178624, "timestamp": "00:03:33.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 598016, "start_va": 1937375232, "type": "region", "version": 1 }, "end_va": 1937973247, "entry_point": 1937431904, "filename": "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll", "id": "region_2712", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.10240.16384_none_49c02355cf03478c\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1937375232, "timestamp": "00:03:33.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1938227200, "type": "region", "version": 1 }, "end_va": 1938341887, "entry_point": 1938313984, "filename": "\\Windows\\SysWOW64\\avifil32.dll", "id": "region_2713", "name": "avifil32.dll", "norm_filename": "c:\\windows\\syswow64\\avifil32.dll", "region_type": "memory_mapped_file", "start_va": 1938227200, "timestamp": "00:03:33.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1939931136, "type": "region", "version": 1 }, "end_va": 1940205567, "entry_point": 1939987312, "filename": "\\Windows\\SysWOW64\\pdh.dll", "id": "region_2714", "name": "pdh.dll", "norm_filename": "c:\\windows\\syswow64\\pdh.dll", "region_type": "memory_mapped_file", "start_va": 1939931136, "timestamp": "00:03:33.799", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1940258816, "type": "region", "version": 1 }, "end_va": 1940340735, "entry_point": 1940316560, "filename": "\\Windows\\SysWOW64\\avicap32.dll", "id": "region_2715", "name": "avicap32.dll", "norm_filename": "c:\\windows\\syswow64\\avicap32.dll", "region_type": "memory_mapped_file", "start_va": 1940258816, "timestamp": "00:03:33.799", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2887680, "start_va": 1945567232, "type": "region", "version": 1 }, "end_va": 1948454911, "entry_point": 1947861776, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_2716", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1945567232, "timestamp": "00:03:33.800", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951531008, "type": "region", "version": 1 }, "end_va": 1951563775, "entry_point": 1951539264, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_2717", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1951531008, "timestamp": "00:03:33.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1952120832, "type": "region", "version": 1 }, "end_va": 1952161791, "entry_point": 1952133632, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_2718", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1952120832, "timestamp": "00:03:33.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 1952186368, "type": "region", "version": 1 }, "end_va": 1952382975, "entry_point": 1952205888, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_2719", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1952186368, "timestamp": "00:03:33.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1441792, "start_va": 1952645120, "type": "region", "version": 1 }, "end_va": 1954086911, "entry_point": 1953093904, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_2720", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1952645120, "timestamp": "00:03:33.804", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1959423999, "entry_point": 1959402816, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_2721", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:03:33.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 958464, "start_va": 1969815552, "type": "region", "version": 1 }, "end_va": 1970774015, "entry_point": 1970059664, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_2722", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1969815552, "timestamp": "00:03:33.807", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1971240959, "entry_point": 1970943664, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_2723", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:03:33.807", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 221184, "start_va": 1971781632, "type": "region", "version": 1 }, "end_va": 1972002815, "entry_point": 1971798672, "filename": "\\Windows\\SysWOW64\\cfgmgr32.dll", "id": "region_2724", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\syswow64\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1971781632, "timestamp": "00:03:33.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1975906303, "entry_point": 1975856704, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_2725", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:03:33.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 1975910400, "type": "region", "version": 1 }, "end_va": 1976086527, "entry_point": 1975931568, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2726", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1975910400, "timestamp": "00:03:33.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 598016, "start_va": 1977417728, "type": "region", "version": 1 }, "end_va": 1978015743, "entry_point": 1977631952, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_2727", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1977417728, "timestamp": "00:03:33.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1179648, "start_va": 2003304448, "type": "region", "version": 1 }, "end_va": 2004484095, "entry_point": 2003584736, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_2728", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 2003304448, "timestamp": "00:03:33.812", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 479232, "start_va": 1951596544, "type": "region", "version": 1 }, "end_va": 1952075775, "entry_point": 1951832272, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_2729", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1951596544, "timestamp": "00:03:33.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 917504, "start_va": 31653888, "type": "region", "version": 1 }, "end_va": 32571391, "entry_point": 0, "filename": null, "id": "region_2730", "name": "private_0x0000000001e30000", "norm_filename": null, "region_type": "private_memory", "start_va": 31653888, "timestamp": "00:03:33.874", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3371008, "start_va": 32571392, "type": "region", "version": 1 }, "end_va": 35942399, "entry_point": 32571392, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2731", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 32571392, "timestamp": "00:03:33.936", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_2732", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:03:33.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 35979264, "type": "region", "version": 1 }, "end_va": 37027839, "entry_point": 0, "filename": null, "id": "region_2733", "name": "private_0x0000000002250000", "norm_filename": null, "region_type": "private_memory", "start_va": 35979264, "timestamp": "00:03:33.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3416063, "entry_point": 0, "filename": null, "id": "region_2734", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:03:33.946", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 20480, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2445311, "entry_point": 0, "filename": null, "id": "region_2735", "name": "pagefile_0x0000000000250000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2424832, "timestamp": "00:03:33.947", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 32047104, "type": "region", "version": 1 }, "end_va": 32407551, "entry_point": 0, "filename": null, "id": "region_2738", "name": "private_0x0000000001e90000", "norm_filename": null, "region_type": "private_memory", "start_va": 32047104, "timestamp": "00:03:55.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 32505856, "type": "region", "version": 1 }, "end_va": 32571391, "entry_point": 0, "filename": null, "id": "region_2739", "name": "private_0x0000000001f00000", "norm_filename": null, "region_type": "private_memory", "start_va": 32505856, "timestamp": "00:03:55.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_2740", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:04:03.776", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 37027840, "type": "region", "version": 1 }, "end_va": 38076415, "entry_point": 0, "filename": null, "id": "region_2741", "name": "private_0x0000000002350000", "norm_filename": null, "region_type": "private_memory", "start_va": 37027840, "timestamp": "00:04:03.776", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2147307520, "type": "region", "version": 1 }, "end_va": 2147319807, "entry_point": 0, "filename": null, "id": "region_2742", "name": "private_0x000000007ffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147307520, "timestamp": "00:04:03.776", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 0, "filename": null, "id": "region_2743", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:04:04.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3608575, "entry_point": 0, "filename": null, "id": "region_2744", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:04:04.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 38076416, "type": "region", "version": 1 }, "end_va": 39124991, "entry_point": 0, "filename": null, "id": "region_2772", "name": "private_0x0000000002450000", "norm_filename": null, "region_type": "private_memory", "start_va": 38076416, "timestamp": "00:04:04.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 589824, "start_va": 7667712, "type": "region", "version": 1 }, "end_va": 8257535, "entry_point": 0, "filename": null, "id": "region_2796", "name": "private_0x0000000000750000", "norm_filename": null, "region_type": "private_memory", "start_va": 7667712, "timestamp": "00:04:05.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1951203328, "type": "region", "version": 1 }, "end_va": 1951281151, "entry_point": 1951241472, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_2797", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1951203328, "timestamp": "00:04:05.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1952514048, "type": "region", "version": 1 }, "end_va": 1952624639, "entry_point": 1952550928, "filename": "\\Windows\\SysWOW64\\bcrypt.dll", "id": "region_2798", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\syswow64\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 1952514048, "timestamp": "00:04:05.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951199231, "entry_point": 1951110448, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_2799", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:04:05.163", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3608575, "entry_point": 0, "filename": null, "id": "region_2800", "name": "pagefile_0x0000000000370000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3604480, "timestamp": "00:04:05.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970823167, "entry_point": 1970803840, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_2801", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:04:05.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3686399, "entry_point": 0, "filename": null, "id": "region_2802", "name": "private_0x0000000000380000", "norm_filename": null, "region_type": "private_memory", "start_va": 3670016, "timestamp": "00:04:05.191", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 163840, "start_va": 1950810112, "type": "region", "version": 1 }, "end_va": 1950973951, "entry_point": 1950840960, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_2803", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1950810112, "timestamp": "00:04:05.194", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 3739647, "entry_point": 0, "filename": null, "id": "region_2804", "name": "private_0x0000000000390000", "norm_filename": null, "region_type": "private_memory", "start_va": 3735552, "timestamp": "00:04:05.198", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\system32\\cmd.exe\" /c \"C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\upd3171fe7c.bat\"", "filename": "c:\\windows\\syswow64\\cmd.exe", "id": "proc_14", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 14, "origin_monitor_id": 12, "ref_parent_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 327680, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 3145727, "entry_point": 2818048, "filename": "\\Windows\\SysWOW64\\cmd.exe", "id": "region_2812", "name": "cmd.exe", "norm_filename": "c:\\windows\\syswow64\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 2818048, "timestamp": "00:04:05.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "" ], "ref_process_dump": null, "size": 67108864, "start_va": 14942208, "type": "region", "version": 1 }, "end_va": 82051071, "entry_point": 0, "filename": null, "id": "region_2813", "name": "pagefile_0x0000000000e40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14942208, "timestamp": "00:04:05.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 82051072, "type": "region", "version": 1 }, "end_va": 82182143, "entry_point": 0, "filename": null, "id": "region_2814", "name": "private_0x0000000004e40000", "norm_filename": null, "region_type": "private_memory", "start_va": 82051072, "timestamp": "00:04:05.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 82182144, "type": "region", "version": 1 }, "end_va": 82190335, "entry_point": 0, "filename": null, "id": "region_2815", "name": "private_0x0000000004e60000", "norm_filename": null, "region_type": "private_memory", "start_va": 82182144, "timestamp": "00:04:05.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 82247680, "type": "region", "version": 1 }, "end_va": 82329599, "entry_point": 0, "filename": null, "id": "region_2816", "name": "pagefile_0x0000000004e70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 82247680, "timestamp": "00:04:05.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 82378752, "type": "region", "version": 1 }, "end_va": 82640895, "entry_point": 0, "filename": null, "id": "region_2817", "name": "private_0x0000000004e90000", "norm_filename": null, "region_type": "private_memory", "start_va": 82378752, "timestamp": "00:04:05.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 82640896, "type": "region", "version": 1 }, "end_va": 83689471, "entry_point": 0, "filename": null, "id": "region_2818", "name": "private_0x0000000004ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 82640896, "timestamp": "00:04:05.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 83689472, "type": "region", "version": 1 }, "end_va": 83705855, "entry_point": 0, "filename": null, "id": "region_2819", "name": "pagefile_0x0000000004fd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 83689472, "timestamp": "00:04:05.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 83755008, "type": "region", "version": 1 }, "end_va": 83759103, "entry_point": 0, "filename": null, "id": "region_2820", "name": "pagefile_0x0000000004fe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 83755008, "timestamp": "00:04:05.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 83820544, "type": "region", "version": 1 }, "end_va": 83828735, "entry_point": 0, "filename": null, "id": "region_2821", "name": "private_0x0000000004ff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 83820544, "timestamp": "00:04:05.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1544192, "start_va": 2004484096, "type": "region", "version": 1 }, "end_va": 2006028287, "entry_point": 2004484096, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2822", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2004484096, "timestamp": "00:04:05.277", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2129985536, "type": "region", "version": 1 }, "end_va": 2130128895, "entry_point": 0, "filename": null, "id": "region_2823", "name": "pagefile_0x000000007ef50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2129985536, "timestamp": "00:04:05.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130141184, "type": "region", "version": 1 }, "end_va": 2130145279, "entry_point": 0, "filename": null, "id": "region_2824", "name": "private_0x000000007ef76000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130141184, "timestamp": "00:04:05.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130153472, "type": "region", "version": 1 }, "end_va": 2130157567, "entry_point": 0, "filename": null, "id": "region_2825", "name": "private_0x000000007ef79000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130153472, "timestamp": "00:04:05.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130169856, "type": "region", "version": 1 }, "end_va": 2130182143, "entry_point": 0, "filename": null, "id": "region_2826", "name": "private_0x000000007ef7d000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130169856, "timestamp": "00:04:05.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2827", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:04:05.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 138528141082624, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 138530288500735, "entry_point": 0, "filename": null, "id": "region_2828", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:04:05.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "" ], "ref_process_dump": null, "size": 2199023255552, "start_va": 138530288500736, "type": "region", "version": 1 }, "end_va": 140729311756287, "entry_point": 0, "filename": null, "id": "region_2829", "name": "pagefile_0x00007dfe18a30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 138530288500736, "timestamp": "00:04:05.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1843200, "start_va": 140729311756288, "type": "region", "version": 1 }, "end_va": 140729313599487, "entry_point": 140729311756288, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2830", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729311756288, "timestamp": "00:04:05.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8174690304, "start_va": 140729313599488, "type": "region", "version": 1 }, "end_va": 140737488289791, "entry_point": 0, "filename": null, "id": "region_2831", "name": "private_0x00007ffe18bf2000", "norm_filename": null, "region_type": "private_memory", "start_va": 140729313599488, "timestamp": "00:04:05.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 84213760, "type": "region", "version": 1 }, "end_va": 84279295, "entry_point": 0, "filename": null, "id": "region_2832", "name": "private_0x0000000005050000", "norm_filename": null, "region_type": "private_memory", "start_va": 84213760, "timestamp": "00:04:05.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1478230016, "type": "region", "version": 1 }, "end_va": 1478553599, "entry_point": 1478322912, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_2833", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1478230016, "timestamp": "00:04:05.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 471040, "start_va": 1478557696, "type": "region", "version": 1 }, "end_va": 1479028735, "entry_point": 1478635344, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_2834", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1478557696, "timestamp": "00:04:05.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 85196800, "type": "region", "version": 1 }, "end_va": 86245375, "entry_point": 0, "filename": null, "id": "region_2835", "name": "private_0x0000000005140000", "norm_filename": null, "region_type": "private_memory", "start_va": 85196800, "timestamp": "00:04:05.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1478164480, "type": "region", "version": 1 }, "end_va": 1478197247, "entry_point": 1478169696, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_2836", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1478164480, "timestamp": "00:04:05.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 82051072, "type": "region", "version": 1 }, "end_va": 82116607, "entry_point": 0, "filename": null, "id": "region_2837", "name": "pagefile_0x0000000004e40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 82051072, "timestamp": "00:04:05.319", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 778240, "start_va": 84279296, "type": "region", "version": 1 }, "end_va": 85057535, "entry_point": 84279296, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2838", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 84279296, "timestamp": "00:04:05.319", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1956184064, "type": "region", "version": 1 }, "end_va": 1957167103, "entry_point": 1956263888, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_2839", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1956184064, "timestamp": "00:04:05.320", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 1978073088, "type": "region", "version": 1 }, "end_va": 1979604991, "entry_point": 1978714528, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_2840", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1978073088, "timestamp": "00:04:05.321", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2128936960, "type": "region", "version": 1 }, "end_va": 2129985535, "entry_point": 0, "filename": null, "id": "region_2841", "name": "pagefile_0x000000007ee50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2128936960, "timestamp": "00:04:05.321", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 82116608, "type": "region", "version": 1 }, "end_va": 82132991, "entry_point": 0, "filename": null, "id": "region_2912", "name": "private_0x0000000004e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 82116608, "timestamp": "00:04:05.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 83886080, "type": "region", "version": 1 }, "end_va": 84148223, "entry_point": 0, "filename": null, "id": "region_2913", "name": "private_0x0000000005000000", "norm_filename": null, "region_type": "private_memory", "start_va": 83886080, "timestamp": "00:04:05.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 86245376, "type": "region", "version": 1 }, "end_va": 87293951, "entry_point": 0, "filename": null, "id": "region_2914", "name": "private_0x0000000005240000", "norm_filename": null, "region_type": "private_memory", "start_va": 86245376, "timestamp": "00:04:05.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 88408064, "type": "region", "version": 1 }, "end_va": 88473599, "entry_point": 0, "filename": null, "id": "region_2915", "name": "private_0x0000000005450000", "norm_filename": null, "region_type": "private_memory", "start_va": 88408064, "timestamp": "00:04:05.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967841279, "entry_point": 1967281712, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_2916", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:04:05.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130157568, "type": "region", "version": 1 }, "end_va": 2130169855, "entry_point": 0, "filename": null, "id": "region_2917", "name": "private_0x000000007ef7a000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130157568, "timestamp": "00:04:05.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 82182144, "type": "region", "version": 1 }, "end_va": 82198527, "entry_point": 0, "filename": null, "id": "region_2918", "name": "private_0x0000000004e60000", "norm_filename": null, "region_type": "private_memory", "start_va": 82182144, "timestamp": "00:04:05.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1952448512, "type": "region", "version": 1 }, "end_va": 1952481279, "entry_point": 1952448512, "filename": "\\Windows\\SysWOW64\\cmdext.dll", "id": "region_2919", "name": "cmdext.dll", "norm_filename": "c:\\windows\\syswow64\\cmdext.dll", "region_type": "memory_mapped_file", "start_va": 1952448512, "timestamp": "00:04:05.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1971761151, "entry_point": 1971381168, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_2920", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:04:05.991", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1966735360, "type": "region", "version": 1 }, "end_va": 1967009791, "entry_point": 1966798192, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_2921", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1966735360, "timestamp": "00:04:05.992", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1957167104, "type": "region", "version": 1 }, "end_va": 1957871615, "entry_point": 1957377712, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_2922", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1957167104, "timestamp": "00:04:05.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 1955266560, "type": "region", "version": 1 }, "end_va": 1955389439, "entry_point": 1955313216, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_2923", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1955266560, "timestamp": "00:04:05.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1955201024, "type": "region", "version": 1 }, "end_va": 1955241983, "entry_point": 1955211936, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_2924", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1955201024, "timestamp": "00:04:05.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1954807808, "type": "region", "version": 1 }, "end_va": 1955172351, "entry_point": 1955040448, "filename": "\\Windows\\SysWOW64\\bcryptprimitives.dll", "id": "region_2925", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\syswow64\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 1954807808, "timestamp": "00:04:05.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 84148224, "type": "region", "version": 1 }, "end_va": 84213759, "entry_point": 0, "filename": null, "id": "region_2926", "name": "private_0x0000000005040000", "norm_filename": null, "region_type": "private_memory", "start_va": 84148224, "timestamp": "00:04:06.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 135168, "start_va": 87293952, "type": "region", "version": 1 }, "end_va": 87429119, "entry_point": 87293952, "filename": "\\Windows\\SysWOW64\\en-US\\cmd.exe.mui", "id": "region_2927", "name": "cmd.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\cmd.exe.mui", "region_type": "memory_mapped_file", "start_va": 87293952, "timestamp": "00:04:06.035", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 87490560, "type": "region", "version": 1 }, "end_va": 88403967, "entry_point": 87490560, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_2928", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 87490560, "timestamp": "00:04:06.039", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\SysWOW64\\svchost.exe -k netsvcs", "filename": "c:\\windows\\syswow64\\svchost.exe", "id": "proc_16", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 16, "origin_monitor_id": 13, "ref_parent_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 831487, "entry_point": 796448, "filename": "\\Windows\\SysWOW64\\svchost.exe", "id": "region_2979", "name": "svchost.exe", "norm_filename": "c:\\windows\\syswow64\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 786432, "timestamp": "00:05:05.271", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "" ], "ref_process_dump": null, "size": 67108864, "start_va": 15990784, "type": "region", "version": 1 }, "end_va": 83099647, "entry_point": 0, "filename": null, "id": "region_2980", "name": "pagefile_0x0000000000f40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 15990784, "timestamp": "00:05:05.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 83099648, "type": "region", "version": 1 }, "end_va": 83230719, "entry_point": 0, "filename": null, "id": "region_2981", "name": "private_0x0000000004f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 83099648, "timestamp": "00:05:05.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 83230720, "type": "region", "version": 1 }, "end_va": 83238911, "entry_point": 0, "filename": null, "id": "region_2982", "name": "private_0x0000000004f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 83230720, "timestamp": "00:05:05.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 83296256, "type": "region", "version": 1 }, "end_va": 83378175, "entry_point": 0, "filename": null, "id": "region_2983", "name": "pagefile_0x0000000004f70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 83296256, "timestamp": "00:05:05.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 83427328, "type": "region", "version": 1 }, "end_va": 83689471, "entry_point": 0, "filename": null, "id": "region_2984", "name": "private_0x0000000004f90000", "norm_filename": null, "region_type": "private_memory", "start_va": 83427328, "timestamp": "00:05:05.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 83689472, "type": "region", "version": 1 }, "end_va": 83951615, "entry_point": 0, "filename": null, "id": "region_2985", "name": "private_0x0000000004fd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 83689472, "timestamp": "00:05:05.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 83951616, "type": "region", "version": 1 }, "end_va": 83967999, "entry_point": 0, "filename": null, "id": "region_2986", "name": "pagefile_0x0000000005010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 83951616, "timestamp": "00:05:05.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 84017152, "type": "region", "version": 1 }, "end_va": 84021247, "entry_point": 0, "filename": null, "id": "region_2987", "name": "pagefile_0x0000000005020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 84017152, "timestamp": "00:05:05.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 84082688, "type": "region", "version": 1 }, "end_va": 84090879, "entry_point": 0, "filename": null, "id": "region_2988", "name": "private_0x0000000005030000", "norm_filename": null, "region_type": "private_memory", "start_va": 84082688, "timestamp": "00:05:05.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1544192, "start_va": 2004484096, "type": "region", "version": 1 }, "end_va": 2006028287, "entry_point": 2004484096, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2989", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2004484096, "timestamp": "00:05:05.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130116608, "type": "region", "version": 1 }, "end_va": 2130259967, "entry_point": 0, "filename": null, "id": "region_2990", "name": "pagefile_0x000000007ef70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130116608, "timestamp": "00:05:05.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130276352, "type": "region", "version": 1 }, "end_va": 2130280447, "entry_point": 0, "filename": null, "id": "region_2991", "name": "private_0x000000007ef97000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130276352, "timestamp": "00:05:05.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130296832, "type": "region", "version": 1 }, "end_va": 2130309119, "entry_point": 0, "filename": null, "id": "region_2992", "name": "private_0x000000007ef9c000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130296832, "timestamp": "00:05:05.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130309120, "type": "region", "version": 1 }, "end_va": 2130313215, "entry_point": 0, "filename": null, "id": "region_2993", "name": "private_0x000000007ef9f000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130309120, "timestamp": "00:05:05.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2994", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:05:05.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 138528141082624, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 138530288500735, "entry_point": 0, "filename": null, "id": "region_2995", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:05:05.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "" ], "ref_process_dump": null, "size": 2199023255552, "start_va": 138530288500736, "type": "region", "version": 1 }, "end_va": 140729311756287, "entry_point": 0, "filename": null, "id": "region_2996", "name": "pagefile_0x00007dfe18a30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 138530288500736, "timestamp": "00:05:05.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1843200, "start_va": 140729311756288, "type": "region", "version": 1 }, "end_va": 140729313599487, "entry_point": 140729311756288, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2997", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729311756288, "timestamp": "00:05:05.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8174690304, "start_va": 140729313599488, "type": "region", "version": 1 }, "end_va": 140737488289791, "entry_point": 0, "filename": null, "id": "region_2998", "name": "private_0x00007ffe18bf2000", "norm_filename": null, "region_type": "private_memory", "start_va": 140729313599488, "timestamp": "00:05:05.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 131072, "start_va": 84148224, "type": "region", "version": 1 }, "end_va": 84279295, "entry_point": 0, "filename": null, "id": "region_2999", "name": "private_0x0000000005040000", "norm_filename": null, "region_type": "private_memory", "start_va": 84148224, "timestamp": "00:05:05.276", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 84279296, "type": "region", "version": 1 }, "end_va": 84541439, "entry_point": 0, "filename": null, "id": "region_3000", "name": "private_0x0000000005060000", "norm_filename": null, "region_type": "private_memory", "start_va": 84279296, "timestamp": "00:05:05.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 84541440, "type": "region", "version": 1 }, "end_va": 84803583, "entry_point": 0, "filename": null, "id": "region_3001", "name": "private_0x00000000050a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 84541440, "timestamp": "00:05:05.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 86704128, "type": "region", "version": 1 }, "end_va": 86732799, "entry_point": 0, "filename": null, "id": "region_3002", "name": "private_0x00000000052b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 86704128, "timestamp": "00:05:05.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 87031808, "type": "region", "version": 1 }, "end_va": 88080383, "entry_point": 0, "filename": null, "id": "region_3003", "name": "private_0x0000000005300000", "norm_filename": null, "region_type": "private_memory", "start_va": 87031808, "timestamp": "00:05:05.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1478230016, "type": "region", "version": 1 }, "end_va": 1478553599, "entry_point": 1478322912, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_3004", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1478230016, "timestamp": "00:05:05.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 471040, "start_va": 1478557696, "type": "region", "version": 1 }, "end_va": 1479028735, "entry_point": 1478635344, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_3005", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1478557696, "timestamp": "00:05:05.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130284544, "type": "region", "version": 1 }, "end_va": 2130296831, "entry_point": 0, "filename": null, "id": "region_3006", "name": "private_0x000000007ef99000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130284544, "timestamp": "00:05:05.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 86638592, "type": "region", "version": 1 }, "end_va": 86654975, "entry_point": 0, "filename": null, "id": "region_3007", "name": "private_0x00000000052a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 86638592, "timestamp": "00:05:05.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1478164480, "type": "region", "version": 1 }, "end_va": 1478197247, "entry_point": 1478169696, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_3008", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1478164480, "timestamp": "00:05:05.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 83099648, "type": "region", "version": 1 }, "end_va": 83165183, "entry_point": 0, "filename": null, "id": "region_3009", "name": "pagefile_0x0000000004f40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 83099648, "timestamp": "00:05:05.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 778240, "start_va": 84803584, "type": "region", "version": 1 }, "end_va": 85581823, "entry_point": 84803584, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3010", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 84803584, "timestamp": "00:05:05.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 85590016, "type": "region", "version": 1 }, "end_va": 85852159, "entry_point": 0, "filename": null, "id": "region_3011", "name": "private_0x00000000051a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 85590016, "timestamp": "00:05:05.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 85852160, "type": "region", "version": 1 }, "end_va": 86114303, "entry_point": 0, "filename": null, "id": "region_3012", "name": "private_0x00000000051e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 85852160, "timestamp": "00:05:05.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 88080384, "type": "region", "version": 1 }, "end_va": 89128959, "entry_point": 0, "filename": null, "id": "region_3013", "name": "private_0x0000000005400000", "norm_filename": null, "region_type": "private_memory", "start_va": 88080384, "timestamp": "00:05:05.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1954807808, "type": "region", "version": 1 }, "end_va": 1955172351, "entry_point": 1955040448, "filename": "\\Windows\\SysWOW64\\bcryptprimitives.dll", "id": "region_3014", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\syswow64\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 1954807808, "timestamp": "00:05:05.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1955201024, "type": "region", "version": 1 }, "end_va": 1955241983, "entry_point": 1955211936, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_3015", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1955201024, "timestamp": "00:05:05.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 1955266560, "type": "region", "version": 1 }, "end_va": 1955389439, "entry_point": 1955313216, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_3016", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1955266560, "timestamp": "00:05:05.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1956184064, "type": "region", "version": 1 }, "end_va": 1957167103, "entry_point": 1956263888, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_3017", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1956184064, "timestamp": "00:05:05.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1957167104, "type": "region", "version": 1 }, "end_va": 1957871615, "entry_point": 1957377712, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_3018", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1957167104, "timestamp": "00:05:05.318", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1966735360, "type": "region", "version": 1 }, "end_va": 1967009791, "entry_point": 1966798192, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_3019", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1966735360, "timestamp": "00:05:05.318", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 1978073088, "type": "region", "version": 1 }, "end_va": 1979604991, "entry_point": 1978714528, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_3020", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1978073088, "timestamp": "00:05:05.319", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2129068032, "type": "region", "version": 1 }, "end_va": 2130116607, "entry_point": 0, "filename": null, "id": "region_3021", "name": "pagefile_0x000000007ee70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2129068032, "timestamp": "00:05:05.319", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130264064, "type": "region", "version": 1 }, "end_va": 2130276351, "entry_point": 0, "filename": null, "id": "region_3022", "name": "private_0x000000007ef94000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130264064, "timestamp": "00:05:05.319", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1310720, "start_va": 1976107008, "type": "region", "version": 1 }, "end_va": 1977417727, "entry_point": 1976173184, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_3023", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1976107008, "timestamp": "00:05:05.323", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1363968, "start_va": 1959854080, "type": "region", "version": 1 }, "end_va": 1961218047, "entry_point": 1960584656, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_3024", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1959854080, "timestamp": "00:05:05.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 172032, "start_va": 86114304, "type": "region", "version": 1 }, "end_va": 86286335, "entry_point": 86135472, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_3025", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 86114304, "timestamp": "00:05:05.328", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 89128960, "type": "region", "version": 1 }, "end_va": 90734591, "entry_point": 0, "filename": null, "id": "region_3026", "name": "pagefile_0x0000000005500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 89128960, "timestamp": "00:05:05.328", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 1975910400, "type": "region", "version": 1 }, "end_va": 1976086527, "entry_point": 1975931568, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_3027", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1975910400, "timestamp": "00:05:05.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1179648, "start_va": 2003304448, "type": "region", "version": 1 }, "end_va": 2004484095, "entry_point": 2003584736, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_3028", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 2003304448, "timestamp": "00:05:05.331", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967841279, "entry_point": 1967281712, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_3029", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:05:05.332", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 544768, "start_va": 90767360, "type": "region", "version": 1 }, "end_va": 91312127, "entry_point": 0, "filename": null, "id": "region_3030", "name": "private_0x0000000005690000", "norm_filename": null, "region_type": "private_memory", "start_va": 90767360, "timestamp": "00:05:05.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 91357184, "type": "region", "version": 1 }, "end_va": 93454335, "entry_point": 0, "filename": null, "id": "region_3031", "name": "private_0x0000000005720000", "norm_filename": null, "region_type": "private_memory", "start_va": 91357184, "timestamp": "00:05:05.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 92274688, "type": "region", "version": 1 }, "end_va": 93323263, "entry_point": 0, "filename": null, "id": "region_3032", "name": "private_0x0000000005800000", "norm_filename": null, "region_type": "private_memory", "start_va": 92274688, "timestamp": "00:05:05.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 83165184, "type": "region", "version": 1 }, "end_va": 83169279, "entry_point": 83165184, "filename": "\\Windows\\SysWOW64\\en-US\\svchost.exe.mui", "id": "region_3033", "name": "svchost.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\svchost.exe.mui", "region_type": "memory_mapped_file", "start_va": 83165184, "timestamp": "00:05:05.338", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 93323264, "type": "region", "version": 1 }, "end_va": 94900223, "entry_point": 0, "filename": null, "id": "region_3034", "name": "pagefile_0x0000000005900000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 93323264, "timestamp": "00:05:05.338", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 94961664, "type": "region", "version": 1 }, "end_va": 115933183, "entry_point": 0, "filename": null, "id": "region_3035", "name": "pagefile_0x0000000005a90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 94961664, "timestamp": "00:05:05.339", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 83230720, "type": "region", "version": 1 }, "end_va": 83234815, "entry_point": 0, "filename": null, "id": "region_3036", "name": "private_0x0000000004f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 83230720, "timestamp": "00:05:05.344", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 86114304, "type": "region", "version": 1 }, "end_va": 86118399, "entry_point": 0, "filename": null, "id": "region_3037", "name": "private_0x0000000005220000", "norm_filename": null, "region_type": "private_memory", "start_va": 86114304, "timestamp": "00:05:05.344", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 86507520, "type": "region", "version": 1 }, "end_va": 86523903, "entry_point": 0, "filename": null, "id": "region_3038", "name": "private_0x0000000005280000", "norm_filename": null, "region_type": "private_memory", "start_va": 86507520, "timestamp": "00:05:05.345", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 116391936, "type": "region", "version": 1 }, "end_va": 117440511, "entry_point": 0, "filename": null, "id": "region_3039", "name": "private_0x0000000006f00000", "norm_filename": null, "region_type": "private_memory", "start_va": 116391936, "timestamp": "00:05:05.345", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1971761151, "entry_point": 1971381168, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_3040", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:05:05.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1951203328, "type": "region", "version": 1 }, "end_va": 1951281151, "entry_point": 1951241472, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_3041", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1951203328, "timestamp": "00:05:05.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1952514048, "type": "region", "version": 1 }, "end_va": 1952624639, "entry_point": 1952550928, "filename": "\\Windows\\SysWOW64\\bcrypt.dll", "id": "region_3042", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\syswow64\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 1952514048, "timestamp": "00:05:05.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951199231, "entry_point": 1951110448, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_3043", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:05:05.352", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3371008, "start_va": 117440512, "type": "region", "version": 1 }, "end_va": 120811519, "entry_point": 117440512, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3044", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 117440512, "timestamp": "00:05:05.354", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001027071, "entry_point": 2000869392, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_3045", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:05:05.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1810432, "start_va": 1974009856, "type": "region", "version": 1 }, "end_va": 1975820287, "entry_point": 1974913968, "filename": "\\Windows\\SysWOW64\\combase.dll", "id": "region_3046", "name": "combase.dll", "norm_filename": "c:\\windows\\syswow64\\combase.dll", "region_type": "memory_mapped_file", "start_va": 1974009856, "timestamp": "00:05:05.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970823167, "entry_point": 1970803840, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_3047", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:05:05.389", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 86179840, "type": "region", "version": 1 }, "end_va": 86183935, "entry_point": 0, "filename": null, "id": "region_3048", "name": "private_0x0000000005230000", "norm_filename": null, "region_type": "private_memory", "start_va": 86179840, "timestamp": "00:05:05.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1952120832, "type": "region", "version": 1 }, "end_va": 1952161791, "entry_point": 1952133632, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_3049", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1952120832, "timestamp": "00:05:05.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 163840, "start_va": 1950810112, "type": "region", "version": 1 }, "end_va": 1950973951, "entry_point": 1950840960, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_3050", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1950810112, "timestamp": "00:05:05.400", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 86245376, "type": "region", "version": 1 }, "end_va": 86249471, "entry_point": 0, "filename": null, "id": "region_3051", "name": "private_0x0000000005240000", "norm_filename": null, "region_type": "private_memory", "start_va": 86245376, "timestamp": "00:05:05.407", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 84279296, "type": "region", "version": 1 }, "end_va": 84283391, "entry_point": 0, "filename": null, "id": "region_3073", "name": "private_0x0000000005060000", "norm_filename": null, "region_type": "private_memory", "start_va": 84279296, "timestamp": "00:05:05.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 86245376, "type": "region", "version": 1 }, "end_va": 86507519, "entry_point": 0, "filename": null, "id": "region_3074", "name": "private_0x0000000005240000", "norm_filename": null, "region_type": "private_memory", "start_va": 86245376, "timestamp": "00:05:05.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 86769664, "type": "region", "version": 1 }, "end_va": 87031807, "entry_point": 0, "filename": null, "id": "region_3075", "name": "private_0x00000000052c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 86769664, "timestamp": "00:05:05.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 90767360, "type": "region", "version": 1 }, "end_va": 91029503, "entry_point": 0, "filename": null, "id": "region_3076", "name": "private_0x0000000005690000", "norm_filename": null, "region_type": "private_memory", "start_va": 90767360, "timestamp": "00:05:05.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 91029504, "type": "region", "version": 1 }, "end_va": 91291647, "entry_point": 0, "filename": null, "id": "region_3077", "name": "private_0x00000000056d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 91029504, "timestamp": "00:05:05.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 20480, "start_va": 91291648, "type": "region", "version": 1 }, "end_va": 91312127, "entry_point": 0, "filename": null, "id": "region_3078", "name": "private_0x0000000005710000", "norm_filename": null, "region_type": "private_memory", "start_va": 91291648, "timestamp": "00:05:05.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 91357184, "type": "region", "version": 1 }, "end_va": 91619327, "entry_point": 0, "filename": null, "id": "region_3079", "name": "private_0x0000000005720000", "norm_filename": null, "region_type": "private_memory", "start_va": 91357184, "timestamp": "00:05:05.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 91619328, "type": "region", "version": 1 }, "end_va": 91881471, "entry_point": 0, "filename": null, "id": "region_3080", "name": "private_0x0000000005760000", "norm_filename": null, "region_type": "private_memory", "start_va": 91619328, "timestamp": "00:05:05.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 91881472, "type": "region", "version": 1 }, "end_va": 92143615, "entry_point": 0, "filename": null, "id": "region_3081", "name": "private_0x00000000057a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 91881472, "timestamp": "00:05:05.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 120848384, "type": "region", "version": 1 }, "end_va": 121896959, "entry_point": 0, "filename": null, "id": "region_3082", "name": "private_0x0000000007340000", "norm_filename": null, "region_type": "private_memory", "start_va": 120848384, "timestamp": "00:05:05.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 121896960, "type": "region", "version": 1 }, "end_va": 122945535, "entry_point": 0, "filename": null, "id": "region_3083", "name": "private_0x0000000007440000", "norm_filename": null, "region_type": "private_memory", "start_va": 121896960, "timestamp": "00:05:05.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 122945536, "type": "region", "version": 1 }, "end_va": 123994111, "entry_point": 0, "filename": null, "id": "region_3084", "name": "private_0x0000000007540000", "norm_filename": null, "region_type": "private_memory", "start_va": 122945536, "timestamp": "00:05:05.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 123994112, "type": "region", "version": 1 }, "end_va": 125042687, "entry_point": 0, "filename": null, "id": "region_3085", "name": "private_0x0000000007640000", "norm_filename": null, "region_type": "private_memory", "start_va": 123994112, "timestamp": "00:05:05.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 125042688, "type": "region", "version": 1 }, "end_va": 126091263, "entry_point": 0, "filename": null, "id": "region_3086", "name": "private_0x0000000007740000", "norm_filename": null, "region_type": "private_memory", "start_va": 125042688, "timestamp": "00:05:05.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 126091264, "type": "region", "version": 1 }, "end_va": 127139839, "entry_point": 0, "filename": null, "id": "region_3087", "name": "private_0x0000000007840000", "norm_filename": null, "region_type": "private_memory", "start_va": 126091264, "timestamp": "00:05:05.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 127139840, "type": "region", "version": 1 }, "end_va": 128188415, "entry_point": 0, "filename": null, "id": "region_3088", "name": "private_0x0000000007940000", "norm_filename": null, "region_type": "private_memory", "start_va": 127139840, "timestamp": "00:05:05.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2128982016, "type": "region", "version": 1 }, "end_va": 2128994303, "entry_point": 0, "filename": null, "id": "region_3089", "name": "private_0x000000007ee5b000", "norm_filename": null, "region_type": "private_memory", "start_va": 2128982016, "timestamp": "00:05:05.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2128994304, "type": "region", "version": 1 }, "end_va": 2129006591, "entry_point": 0, "filename": null, "id": "region_3090", "name": "private_0x000000007ee5e000", "norm_filename": null, "region_type": "private_memory", "start_va": 2128994304, "timestamp": "00:05:05.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2129006592, "type": "region", "version": 1 }, "end_va": 2129018879, "entry_point": 0, "filename": null, "id": "region_3091", "name": "private_0x000000007ee61000", "norm_filename": null, "region_type": "private_memory", "start_va": 2129006592, "timestamp": "00:05:05.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2129018880, "type": "region", "version": 1 }, "end_va": 2129031167, "entry_point": 0, "filename": null, "id": "region_3092", "name": "private_0x000000007ee64000", "norm_filename": null, "region_type": "private_memory", "start_va": 2129018880, "timestamp": "00:05:05.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2129031168, "type": "region", "version": 1 }, "end_va": 2129043455, "entry_point": 0, "filename": null, "id": "region_3093", "name": "private_0x000000007ee67000", "norm_filename": null, "region_type": "private_memory", "start_va": 2129031168, "timestamp": "00:05:05.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2129043456, "type": "region", "version": 1 }, "end_va": 2129055743, "entry_point": 0, "filename": null, "id": "region_3094", "name": "private_0x000000007ee6a000", "norm_filename": null, "region_type": "private_memory", "start_va": 2129043456, "timestamp": "00:05:05.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2129055744, "type": "region", "version": 1 }, "end_va": 2129068031, "entry_point": 0, "filename": null, "id": "region_3095", "name": "private_0x000000007ee6d000", "norm_filename": null, "region_type": "private_memory", "start_va": 2129055744, "timestamp": "00:05:05.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2244608, "start_va": 1948516352, "type": "region", "version": 1 }, "end_va": 1950760959, "entry_point": 1949446400, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_3106", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1948516352, "timestamp": "00:05:05.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2887680, "start_va": 1945567232, "type": "region", "version": 1 }, "end_va": 1948454911, "entry_point": 1947861776, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_3107", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1945567232, "timestamp": "00:05:05.522", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 577536, "start_va": 1973420032, "type": "region", "version": 1 }, "end_va": 1973997567, "entry_point": 1973719456, "filename": "\\Windows\\SysWOW64\\SHCore.dll", "id": "region_3108", "name": "shcore.dll", "norm_filename": "c:\\windows\\syswow64\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 1973420032, "timestamp": "00:05:05.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1527808, "start_va": 1968242688, "type": "region", "version": 1 }, "end_va": 1969770495, "entry_point": 1968601040, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_3137", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1968242688, "timestamp": "00:05:05.571", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1972043776, "type": "region", "version": 1 }, "end_va": 1972101119, "entry_point": 1972065376, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_3138", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1972043776, "timestamp": "00:05:05.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1441792, "start_va": 1952645120, "type": "region", "version": 1 }, "end_va": 1954086911, "entry_point": 1953093904, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_3140", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1952645120, "timestamp": "00:05:05.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1972764672, "type": "region", "version": 1 }, "end_va": 1972813823, "entry_point": 1972779296, "filename": "\\Windows\\SysWOW64\\kernel.appcore.dll", "id": "region_3141", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\syswow64\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 1972764672, "timestamp": "00:05:05.587", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 303104, "start_va": 84279296, "type": "region", "version": 1 }, "end_va": 84582399, "entry_point": 0, "filename": null, "id": "region_3143", "name": "private_0x0000000005060000", "norm_filename": null, "region_type": "private_memory", "start_va": 84279296, "timestamp": "00:05:05.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 479232, "start_va": 1951596544, "type": "region", "version": 1 }, "end_va": 1952075775, "entry_point": 1951832272, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_3149", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1951596544, "timestamp": "00:05:05.609", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 610304, "start_va": 128188416, "type": "region", "version": 1 }, "end_va": 128798719, "entry_point": 0, "filename": null, "id": "region_3150", "name": "private_0x0000000007a40000", "norm_filename": null, "region_type": "private_memory", "start_va": 128188416, "timestamp": "00:05:05.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 128843776, "type": "region", "version": 1 }, "end_va": 130940927, "entry_point": 0, "filename": null, "id": "region_3151", "name": "private_0x0000000007ae0000", "norm_filename": null, "region_type": "private_memory", "start_va": 128843776, "timestamp": "00:05:05.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 128974848, "type": "region", "version": 1 }, "end_va": 130023423, "entry_point": 0, "filename": null, "id": "region_3152", "name": "private_0x0000000007b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 128974848, "timestamp": "00:05:05.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20705280, "start_va": 1980039168, "type": "region", "version": 1 }, "end_va": 2000744447, "entry_point": 1981849248, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_3164", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1980039168, "timestamp": "00:05:05.789", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5099520, "start_va": 1961230336, "type": "region", "version": 1 }, "end_va": 1966329855, "entry_point": 1963291744, "filename": "\\Windows\\SysWOW64\\windows.storage.dll", "id": "region_3165", "name": "windows.storage.dll", "norm_filename": "c:\\windows\\syswow64\\windows.storage.dll", "region_type": "memory_mapped_file", "start_va": 1961230336, "timestamp": "00:05:05.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1967915008, "type": "region", "version": 1 }, "end_va": 1968193535, "entry_point": 1967944320, "filename": "\\Windows\\SysWOW64\\powrprof.dll", "id": "region_3167", "name": "powrprof.dll", "norm_filename": "c:\\windows\\syswow64\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 1967915008, "timestamp": "00:05:05.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1975844864, "type": "region", "version": 1 }, "end_va": 1975906303, "entry_point": 1975856704, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_3168", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1975844864, "timestamp": "00:05:05.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 84279296, "type": "region", "version": 1 }, "end_va": 84283391, "entry_point": 0, "filename": null, "id": "region_3169", "name": "pagefile_0x0000000005060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 84279296, "timestamp": "00:05:05.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 598016, "start_va": 1977417728, "type": "region", "version": 1 }, "end_va": 1978015743, "entry_point": 1977631952, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_3170", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1977417728, "timestamp": "00:05:05.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 954368, "start_va": 130023424, "type": "region", "version": 1 }, "end_va": 130977791, "entry_point": 130267536, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_3171", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 130023424, "timestamp": "00:05:05.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 84344832, "type": "region", "version": 1 }, "end_va": 84348927, "entry_point": 84344832, "filename": "\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCache\\counters.dat", "id": "region_3172", "name": "counters.dat", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat", "region_type": "memory_mapped_file", "start_va": 84344832, "timestamp": "00:05:05.812", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1971240959, "entry_point": 1970943664, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_3173", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:05:05.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1959423999, "entry_point": 1959402816, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_3174", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:05:05.823", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1952382976, "type": "region", "version": 1 }, "end_va": 1952452607, "entry_point": 1952400032, "filename": "\\Windows\\SysWOW64\\OnDemandConnRouteHelper.dll", "id": "region_3175", "name": "ondemandconnroutehelper.dll", "norm_filename": "c:\\windows\\syswow64\\ondemandconnroutehelper.dll", "region_type": "memory_mapped_file", "start_va": 1952382976, "timestamp": "00:05:05.828", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 1952186368, "type": "region", "version": 1 }, "end_va": 1952382975, "entry_point": 1952205888, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_3176", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1952186368, "timestamp": "00:05:05.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951531008, "type": "region", "version": 1 }, "end_va": 1951563775, "entry_point": 1951539264, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_3177", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1951531008, "timestamp": "00:05:05.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 684032, "start_va": 1944846336, "type": "region", "version": 1 }, "end_va": 1945530367, "entry_point": 1945109968, "filename": "\\Windows\\SysWOW64\\winhttp.dll", "id": "region_3178", "name": "winhttp.dll", "norm_filename": "c:\\windows\\syswow64\\winhttp.dll", "region_type": "memory_mapped_file", "start_va": 1944846336, "timestamp": "00:05:05.834", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 84410368, "type": "region", "version": 1 }, "end_va": 84672511, "entry_point": 0, "filename": null, "id": "region_3179", "name": "private_0x0000000005080000", "norm_filename": null, "region_type": "private_memory", "start_va": 84410368, "timestamp": "00:05:05.836", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 115933184, "type": "region", "version": 1 }, "end_va": 116195327, "entry_point": 0, "filename": null, "id": "region_3180", "name": "private_0x0000000006e90000", "norm_filename": null, "region_type": "private_memory", "start_va": 115933184, "timestamp": "00:05:05.836", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 84672512, "type": "region", "version": 1 }, "end_va": 84738047, "entry_point": 0, "filename": null, "id": "region_3182", "name": "pagefile_0x00000000050c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 84672512, "timestamp": "00:05:05.852", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 84738048, "type": "region", "version": 1 }, "end_va": 84742143, "entry_point": 0, "filename": null, "id": "region_3201", "name": "pagefile_0x00000000050d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 84738048, "timestamp": "00:05:06.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 86573056, "type": "region", "version": 1 }, "end_va": 86581247, "entry_point": 0, "filename": null, "id": "region_3202", "name": "pagefile_0x0000000005290000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 86573056, "timestamp": "00:05:06.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 92143616, "type": "region", "version": 1 }, "end_va": 92155903, "entry_point": 92143616, "filename": "\\Windows\\SysWOW64\\en-US\\mswsock.dll.mui", "id": "region_3203", "name": "mswsock.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\mswsock.dll.mui", "region_type": "memory_mapped_file", "start_va": 92143616, "timestamp": "00:05:06.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 92209152, "type": "region", "version": 1 }, "end_va": 92217343, "entry_point": 0, "filename": null, "id": "region_3204", "name": "pagefile_0x00000000057f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 92209152, "timestamp": "00:05:06.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 40960, "start_va": 116195328, "type": "region", "version": 1 }, "end_va": 116236287, "entry_point": 116195328, "filename": "\\Windows\\SysWOW64\\en-US\\crypt32.dll.mui", "id": "region_3205", "name": "crypt32.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\crypt32.dll.mui", "region_type": "memory_mapped_file", "start_va": 116195328, "timestamp": "00:05:06.496", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 128188416, "type": "region", "version": 1 }, "end_va": 128450559, "entry_point": 0, "filename": null, "id": "region_3206", "name": "private_0x0000000007a40000", "norm_filename": null, "region_type": "private_memory", "start_va": 128188416, "timestamp": "00:05:06.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 128450560, "type": "region", "version": 1 }, "end_va": 128712703, "entry_point": 0, "filename": null, "id": "region_3207", "name": "private_0x0000000007a80000", "norm_filename": null, "region_type": "private_memory", "start_va": 128450560, "timestamp": "00:05:06.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 20480, "start_va": 128778240, "type": "region", "version": 1 }, "end_va": 128798719, "entry_point": 0, "filename": null, "id": "region_3208", "name": "private_0x0000000007ad0000", "norm_filename": null, "region_type": "private_memory", "start_va": 128778240, "timestamp": "00:05:06.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 130023424, "type": "region", "version": 1 }, "end_va": 130285567, "entry_point": 0, "filename": null, "id": "region_3209", "name": "private_0x0000000007c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 130023424, "timestamp": "00:05:06.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 130285568, "type": "region", "version": 1 }, "end_va": 130547711, "entry_point": 0, "filename": null, "id": "region_3210", "name": "private_0x0000000007c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 130285568, "timestamp": "00:05:06.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 130547712, "type": "region", "version": 1 }, "end_va": 130809855, "entry_point": 0, "filename": null, "id": "region_3211", "name": "private_0x0000000007c80000", "norm_filename": null, "region_type": "private_memory", "start_va": 130547712, "timestamp": "00:05:06.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 130809856, "type": "region", "version": 1 }, "end_va": 131071999, "entry_point": 0, "filename": null, "id": "region_3212", "name": "private_0x0000000007cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 130809856, "timestamp": "00:05:06.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 131072000, "type": "region", "version": 1 }, "end_va": 131334143, "entry_point": 0, "filename": null, "id": "region_3213", "name": "private_0x0000000007d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072000, "timestamp": "00:05:06.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 131334144, "type": "region", "version": 1 }, "end_va": 131596287, "entry_point": 0, "filename": null, "id": "region_3214", "name": "private_0x0000000007d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 131334144, "timestamp": "00:05:06.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 132120576, "type": "region", "version": 1 }, "end_va": 133169151, "entry_point": 0, "filename": null, "id": "region_3215", "name": "private_0x0000000007e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 132120576, "timestamp": "00:05:06.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 1940455424, "type": "region", "version": 1 }, "end_va": 1940561919, "entry_point": 1940519600, "filename": "\\Windows\\SysWOW64\\ncryptsslp.dll", "id": "region_3216", "name": "ncryptsslp.dll", "norm_filename": "c:\\windows\\syswow64\\ncryptsslp.dll", "region_type": "memory_mapped_file", "start_va": 1940455424, "timestamp": "00:05:06.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 1940586496, "type": "region", "version": 1 }, "end_va": 1940713471, "entry_point": 1940622960, "filename": "\\Windows\\SysWOW64\\gpapi.dll", "id": "region_3217", "name": "gpapi.dll", "norm_filename": "c:\\windows\\syswow64\\gpapi.dll", "region_type": "memory_mapped_file", "start_va": 1940586496, "timestamp": "00:05:06.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 163840, "start_va": 1940717568, "type": "region", "version": 1 }, "end_va": 1940881407, "entry_point": 1940805168, "filename": "\\Windows\\SysWOW64\\ntasn1.dll", "id": "region_3218", "name": "ntasn1.dll", "norm_filename": "c:\\windows\\syswow64\\ntasn1.dll", "region_type": "memory_mapped_file", "start_va": 1940717568, "timestamp": "00:05:06.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 131072, "start_va": 1940914176, "type": "region", "version": 1 }, "end_va": 1941045247, "entry_point": 1940966880, "filename": "\\Windows\\SysWOW64\\ncrypt.dll", "id": "region_3219", "name": "ncrypt.dll", "norm_filename": "c:\\windows\\syswow64\\ncrypt.dll", "region_type": "memory_mapped_file", "start_va": 1940914176, "timestamp": "00:05:06.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1941045248, "type": "region", "version": 1 }, "end_va": 1941438463, "entry_point": 1941149008, "filename": "\\Windows\\SysWOW64\\schannel.dll", "id": "region_3220", "name": "schannel.dll", "norm_filename": "c:\\windows\\syswow64\\schannel.dll", "region_type": "memory_mapped_file", "start_va": 1941045248, "timestamp": "00:05:06.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2134016, "start_va": 1941438464, "type": "region", "version": 1 }, "end_va": 1943572479, "entry_point": 1941992688, "filename": "\\Windows\\WinSxS\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849\\comctl32.dll", "id": "region_3221", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1941438464, "timestamp": "00:05:06.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1943601152, "type": "region", "version": 1 }, "end_va": 1943887871, "entry_point": 1943685424, "filename": "\\Windows\\SysWOW64\\FWPUCLNT.DLL", "id": "region_3222", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\syswow64\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 1943601152, "timestamp": "00:05:06.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1943928832, "type": "region", "version": 1 }, "end_va": 1944469503, "entry_point": 1943990720, "filename": "\\Windows\\SysWOW64\\dnsapi.dll", "id": "region_3223", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1943928832, "timestamp": "00:05:06.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1944518656, "type": "region", "version": 1 }, "end_va": 1944838143, "entry_point": 1944569360, "filename": "\\Windows\\SysWOW64\\mswsock.dll", "id": "region_3224", "name": "mswsock.dll", "norm_filename": "c:\\windows\\syswow64\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1944518656, "timestamp": "00:05:06.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951334400, "type": "region", "version": 1 }, "end_va": 1951367167, "entry_point": 1951341984, "filename": "\\Windows\\SysWOW64\\dpapi.dll", "id": "region_3225", "name": "dpapi.dll", "norm_filename": "c:\\windows\\syswow64\\dpapi.dll", "region_type": "memory_mapped_file", "start_va": 1951334400, "timestamp": "00:05:06.503", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\SysWOW64\\svchost.exe -k netsvcs", "filename": "c:\\windows\\syswow64\\svchost.exe", "id": "proc_17", "image_name": "svchost.exe", "monitor_reason": "child_process", "monitored_id": 17, "origin_monitor_id": 13, "ref_parent_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3052", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:05:05.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_3053", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:05:05.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_3054", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:05:05.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 655359, "entry_point": 0, "filename": null, "id": "region_3055", "name": "private_0x0000000000060000", "norm_filename": null, "region_type": "private_memory", "start_va": 393216, "timestamp": "00:05:05.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 671743, "entry_point": 0, "filename": null, "id": "region_3056", "name": "pagefile_0x00000000000a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 655360, "timestamp": "00:05:05.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 724991, "entry_point": 0, "filename": null, "id": "region_3057", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:05:05.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 831487, "entry_point": 796448, "filename": "\\Windows\\SysWOW64\\svchost.exe", "id": "region_3058", "name": "svchost.exe", "norm_filename": "c:\\windows\\syswow64\\svchost.exe", "region_type": "memory_mapped_file", "start_va": 786432, "timestamp": "00:05:05.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "" ], "ref_process_dump": null, "size": 67108864, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 67960831, "entry_point": 0, "filename": null, "id": "region_3059", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:05:05.429", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 67960832, "type": "region", "version": 1 }, "end_va": 68222975, "entry_point": 0, "filename": null, "id": "region_3060", "name": "private_0x00000000040d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 67960832, "timestamp": "00:05:05.429", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 68222976, "type": "region", "version": 1 }, "end_va": 68231167, "entry_point": 0, "filename": null, "id": "region_3061", "name": "private_0x0000000004110000", "norm_filename": null, "region_type": "private_memory", "start_va": 68222976, "timestamp": "00:05:05.429", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1544192, "start_va": 2004484096, "type": "region", "version": 1 }, "end_va": 2006028287, "entry_point": 2004484096, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_3062", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2004484096, "timestamp": "00:05:05.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2137784320, "type": "region", "version": 1 }, "end_va": 2137927679, "entry_point": 0, "filename": null, "id": "region_3063", "name": "pagefile_0x000000007f6c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137784320, "timestamp": "00:05:05.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2137952256, "type": "region", "version": 1 }, "end_va": 2137964543, "entry_point": 0, "filename": null, "id": "region_3064", "name": "private_0x000000007f6e9000", "norm_filename": null, "region_type": "private_memory", "start_va": 2137952256, "timestamp": "00:05:05.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2137964544, "type": "region", "version": 1 }, "end_va": 2137968639, "entry_point": 0, "filename": null, "id": "region_3065", "name": "private_0x000000007f6ec000", "norm_filename": null, "region_type": "private_memory", "start_va": 2137964544, "timestamp": "00:05:05.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2137976832, "type": "region", "version": 1 }, "end_va": 2137980927, "entry_point": 0, "filename": null, "id": "region_3066", "name": "private_0x000000007f6ef000", "norm_filename": null, "region_type": "private_memory", "start_va": 2137976832, "timestamp": "00:05:05.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_3067", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:05:05.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 138528141082624, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 138530288500735, "entry_point": 0, "filename": null, "id": "region_3068", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:05:05.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "" ], "ref_process_dump": null, "size": 2199023255552, "start_va": 138530288500736, "type": "region", "version": 1 }, "end_va": 140729311756287, "entry_point": 0, "filename": null, "id": "region_3069", "name": "pagefile_0x00007dfe18a30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 138530288500736, "timestamp": "00:05:05.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1843200, "start_va": 140729311756288, "type": "region", "version": 1 }, "end_va": 140729313599487, "entry_point": 140729311756288, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_3070", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140729311756288, "timestamp": "00:05:05.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8174690304, "start_va": 140729313599488, "type": "region", "version": 1 }, "end_va": 140737488289791, "entry_point": 0, "filename": null, "id": "region_3071", "name": "private_0x00007ffe18bf2000", "norm_filename": null, "region_type": "private_memory", "start_va": 140729313599488, "timestamp": "00:05:05.431", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 131072, "start_va": 68288512, "type": "region", "version": 1 }, "end_va": 68419583, "entry_point": 0, "filename": null, "id": "region_3072", "name": "private_0x0000000004120000", "norm_filename": null, "region_type": "private_memory", "start_va": 68288512, "timestamp": "00:05:05.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 68419584, "type": "region", "version": 1 }, "end_va": 68681727, "entry_point": 0, "filename": null, "id": "region_3096", "name": "private_0x0000000004140000", "norm_filename": null, "region_type": "private_memory", "start_va": 68419584, "timestamp": "00:05:05.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 68681728, "type": "region", "version": 1 }, "end_va": 68943871, "entry_point": 0, "filename": null, "id": "region_3097", "name": "private_0x0000000004180000", "norm_filename": null, "region_type": "private_memory", "start_va": 68681728, "timestamp": "00:05:05.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 69926912, "type": "region", "version": 1 }, "end_va": 69955583, "entry_point": 0, "filename": null, "id": "region_3098", "name": "private_0x00000000042b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 69926912, "timestamp": "00:05:05.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 70254592, "type": "region", "version": 1 }, "end_va": 71303167, "entry_point": 0, "filename": null, "id": "region_3099", "name": "private_0x0000000004300000", "norm_filename": null, "region_type": "private_memory", "start_va": 70254592, "timestamp": "00:05:05.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1478230016, "type": "region", "version": 1 }, "end_va": 1478553599, "entry_point": 1478322912, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_3100", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1478230016, "timestamp": "00:05:05.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 471040, "start_va": 1478557696, "type": "region", "version": 1 }, "end_va": 1479028735, "entry_point": 1478635344, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_3101", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1478557696, "timestamp": "00:05:05.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2137939968, "type": "region", "version": 1 }, "end_va": 2137952255, "entry_point": 0, "filename": null, "id": "region_3102", "name": "private_0x000000007f6e6000", "norm_filename": null, "region_type": "private_memory", "start_va": 2137939968, "timestamp": "00:05:05.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 81919, "entry_point": 0, "filename": null, "id": "region_3103", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:05:05.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1478164480, "type": "region", "version": 1 }, "end_va": 1478197247, "entry_point": 1478169696, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_3104", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1478164480, "timestamp": "00:05:05.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_3109", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:05:05.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 778240, "start_va": 68943872, "type": "region", "version": 1 }, "end_va": 69722111, "entry_point": 68943872, "filename": "\\Windows\\System32\\locale.nls", "id": "region_3110", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 68943872, "timestamp": "00:05:05.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 69992448, "type": "region", "version": 1 }, "end_va": 70254591, "entry_point": 0, "filename": null, "id": "region_3111", "name": "private_0x00000000042c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 69992448, "timestamp": "00:05:05.540", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 71303168, "type": "region", "version": 1 }, "end_va": 72351743, "entry_point": 0, "filename": null, "id": "region_3112", "name": "private_0x0000000004400000", "norm_filename": null, "region_type": "private_memory", "start_va": 71303168, "timestamp": "00:05:05.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 72351744, "type": "region", "version": 1 }, "end_va": 72613887, "entry_point": 0, "filename": null, "id": "region_3113", "name": "private_0x0000000004500000", "norm_filename": null, "region_type": "private_memory", "start_va": 72351744, "timestamp": "00:05:05.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1954807808, "type": "region", "version": 1 }, "end_va": 1955172351, "entry_point": 1955040448, "filename": "\\Windows\\SysWOW64\\bcryptprimitives.dll", "id": "region_3114", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\syswow64\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 1954807808, "timestamp": "00:05:05.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1955201024, "type": "region", "version": 1 }, "end_va": 1955241983, "entry_point": 1955211936, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_3115", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1955201024, "timestamp": "00:05:05.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 1955266560, "type": "region", "version": 1 }, "end_va": 1955389439, "entry_point": 1955313216, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_3116", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1955266560, "timestamp": "00:05:05.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1956184064, "type": "region", "version": 1 }, "end_va": 1957167103, "entry_point": 1956263888, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_3117", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1956184064, "timestamp": "00:05:05.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1957167104, "type": "region", "version": 1 }, "end_va": 1957871615, "entry_point": 1957377712, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_3118", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1957167104, "timestamp": "00:05:05.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1966735360, "type": "region", "version": 1 }, "end_va": 1967009791, "entry_point": 1966798192, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_3119", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1966735360, "timestamp": "00:05:05.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 1978073088, "type": "region", "version": 1 }, "end_va": 1979604991, "entry_point": 1978714528, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_3120", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1978073088, "timestamp": "00:05:05.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2136735744, "type": "region", "version": 1 }, "end_va": 2137784319, "entry_point": 0, "filename": null, "id": "region_3121", "name": "pagefile_0x000000007f5c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2136735744, "timestamp": "00:05:05.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2137927680, "type": "region", "version": 1 }, "end_va": 2137939967, "entry_point": 0, "filename": null, "id": "region_3122", "name": "private_0x000000007f6e3000", "norm_filename": null, "region_type": "private_memory", "start_va": 2137927680, "timestamp": "00:05:05.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1310720, "start_va": 1976107008, "type": "region", "version": 1 }, "end_va": 1977417727, "entry_point": 1976173184, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_3123", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1976107008, "timestamp": "00:05:05.546", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1363968, "start_va": 1959854080, "type": "region", "version": 1 }, "end_va": 1961218047, "entry_point": 1960584656, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_3124", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1959854080, "timestamp": "00:05:05.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 172032, "start_va": 69730304, "type": "region", "version": 1 }, "end_va": 69902335, "entry_point": 69751472, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_3125", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 69730304, "timestamp": "00:05:05.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 72613888, "type": "region", "version": 1 }, "end_va": 74219519, "entry_point": 0, "filename": null, "id": "region_3126", "name": "pagefile_0x0000000004540000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72613888, "timestamp": "00:05:05.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 1975910400, "type": "region", "version": 1 }, "end_va": 1976086527, "entry_point": 1975931568, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_3127", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1975910400, "timestamp": "00:05:05.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1179648, "start_va": 2003304448, "type": "region", "version": 1 }, "end_va": 2004484095, "entry_point": 2003584736, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_3128", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 2003304448, "timestamp": "00:05:05.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967841279, "entry_point": 1967281712, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_3129", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:05:05.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2052096, "start_va": 74252288, "type": "region", "version": 1 }, "end_va": 76304383, "entry_point": 0, "filename": null, "id": "region_3130", "name": "private_0x00000000046d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 74252288, "timestamp": "00:05:05.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 76349440, "type": "region", "version": 1 }, "end_va": 78446591, "entry_point": 0, "filename": null, "id": "region_3131", "name": "private_0x00000000048d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 76349440, "timestamp": "00:05:05.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 76546048, "type": "region", "version": 1 }, "end_va": 77594623, "entry_point": 0, "filename": null, "id": "region_3132", "name": "private_0x0000000004900000", "norm_filename": null, "region_type": "private_memory", "start_va": 76546048, "timestamp": "00:05:05.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 196608, "filename": "\\Windows\\SysWOW64\\en-US\\svchost.exe.mui", "id": "region_3133", "name": "svchost.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\svchost.exe.mui", "region_type": "memory_mapped_file", "start_va": 196608, "timestamp": "00:05:05.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 74252288, "type": "region", "version": 1 }, "end_va": 75829247, "entry_point": 0, "filename": null, "id": "region_3134", "name": "pagefile_0x00000000046d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 74252288, "timestamp": "00:05:05.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 20480, "start_va": 76283904, "type": "region", "version": 1 }, "end_va": 76304383, "entry_point": 0, "filename": null, "id": "region_3135", "name": "private_0x00000000048c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 76283904, "timestamp": "00:05:05.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 77594624, "type": "region", "version": 1 }, "end_va": 98566143, "entry_point": 0, "filename": null, "id": "region_3136", "name": "pagefile_0x0000000004a00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 77594624, "timestamp": "00:05:05.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 69730304, "type": "region", "version": 1 }, "end_va": 69734399, "entry_point": 0, "filename": null, "id": "region_3144", "name": "private_0x0000000004280000", "norm_filename": null, "region_type": "private_memory", "start_va": 69730304, "timestamp": "00:05:05.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 69795840, "type": "region", "version": 1 }, "end_va": 69799935, "entry_point": 0, "filename": null, "id": "region_3145", "name": "private_0x0000000004290000", "norm_filename": null, "region_type": "private_memory", "start_va": 69795840, "timestamp": "00:05:05.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 75956224, "type": "region", "version": 1 }, "end_va": 75972607, "entry_point": 0, "filename": null, "id": "region_3146", "name": "private_0x0000000004870000", "norm_filename": null, "region_type": "private_memory", "start_va": 75956224, "timestamp": "00:05:05.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 98566144, "type": "region", "version": 1 }, "end_va": 99614719, "entry_point": 0, "filename": null, "id": "region_3147", "name": "private_0x0000000005e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 98566144, "timestamp": "00:05:05.606", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1971257344, "type": "region", "version": 1 }, "end_va": 1971761151, "entry_point": 1971381168, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_3148", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1971257344, "timestamp": "00:05:05.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1951203328, "type": "region", "version": 1 }, "end_va": 1951281151, "entry_point": 1951241472, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_3153", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1951203328, "timestamp": "00:05:05.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1952514048, "type": "region", "version": 1 }, "end_va": 1952624639, "entry_point": 1952550928, "filename": "\\Windows\\SysWOW64\\bcrypt.dll", "id": "region_3154", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\syswow64\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 1952514048, "timestamp": "00:05:05.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951199231, "entry_point": 1951110448, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_3155", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:05:05.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3371008, "start_va": 99614720, "type": "region", "version": 1 }, "end_va": 102985727, "entry_point": 99614720, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_3156", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 99614720, "timestamp": "00:05:05.649", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 2000748544, "type": "region", "version": 1 }, "end_va": 2001027071, "entry_point": 2000869392, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_3157", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 2000748544, "timestamp": "00:05:05.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1810432, "start_va": 1974009856, "type": "region", "version": 1 }, "end_va": 1975820287, "entry_point": 1974913968, "filename": "\\Windows\\SysWOW64\\combase.dll", "id": "region_3158", "name": "combase.dll", "norm_filename": "c:\\windows\\syswow64\\combase.dll", "region_type": "memory_mapped_file", "start_va": 1974009856, "timestamp": "00:05:05.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970823167, "entry_point": 1970803840, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_3159", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:05:05.714", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 69861376, "type": "region", "version": 1 }, "end_va": 69865471, "entry_point": 0, "filename": null, "id": "region_3160", "name": "private_0x00000000042a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 69861376, "timestamp": "00:05:05.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1952120832, "type": "region", "version": 1 }, "end_va": 1952161791, "entry_point": 1952133632, "filename": "\\Windows\\SysWOW64\\secur32.dll", "id": "region_3161", "name": "secur32.dll", "norm_filename": "c:\\windows\\syswow64\\secur32.dll", "region_type": "memory_mapped_file", "start_va": 1952120832, "timestamp": "00:05:05.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 163840, "start_va": 1950810112, "type": "region", "version": 1 }, "end_va": 1950973951, "entry_point": 1950840960, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_3162", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1950810112, "timestamp": "00:05:05.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 75890688, "type": "region", "version": 1 }, "end_va": 75894783, "entry_point": 0, "filename": null, "id": "region_3163", "name": "private_0x0000000004860000", "norm_filename": null, "region_type": "private_memory", "start_va": 75890688, "timestamp": "00:05:05.732", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 76021760, "type": "region", "version": 1 }, "end_va": 76283903, "entry_point": 0, "filename": null, "id": "region_3183", "name": "private_0x0000000004880000", "norm_filename": null, "region_type": "private_memory", "start_va": 76021760, "timestamp": "00:05:05.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 103022592, "type": "region", "version": 1 }, "end_va": 104071167, "entry_point": 0, "filename": null, "id": "region_3184", "name": "private_0x0000000006240000", "norm_filename": null, "region_type": "private_memory", "start_va": 103022592, "timestamp": "00:05:05.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 104071168, "type": "region", "version": 1 }, "end_va": 104333311, "entry_point": 0, "filename": null, "id": "region_3185", "name": "private_0x0000000006340000", "norm_filename": null, "region_type": "private_memory", "start_va": 104071168, "timestamp": "00:05:05.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 104333312, "type": "region", "version": 1 }, "end_va": 105381887, "entry_point": 0, "filename": null, "id": "region_3186", "name": "private_0x0000000006380000", "norm_filename": null, "region_type": "private_memory", "start_va": 104333312, "timestamp": "00:05:05.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 105381888, "type": "region", "version": 1 }, "end_va": 105644031, "entry_point": 0, "filename": null, "id": "region_3187", "name": "private_0x0000000006480000", "norm_filename": null, "region_type": "private_memory", "start_va": 105381888, "timestamp": "00:05:05.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 105644032, "type": "region", "version": 1 }, "end_va": 106692607, "entry_point": 0, "filename": null, "id": "region_3188", "name": "private_0x00000000064c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 105644032, "timestamp": "00:05:05.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 106692608, "type": "region", "version": 1 }, "end_va": 106954751, "entry_point": 0, "filename": null, "id": "region_3189", "name": "private_0x00000000065c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 106692608, "timestamp": "00:05:05.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 106954752, "type": "region", "version": 1 }, "end_va": 108003327, "entry_point": 0, "filename": null, "id": "region_3190", "name": "private_0x0000000006600000", "norm_filename": null, "region_type": "private_memory", "start_va": 106954752, "timestamp": "00:05:05.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 108003328, "type": "region", "version": 1 }, "end_va": 108265471, "entry_point": 0, "filename": null, "id": "region_3191", "name": "private_0x0000000006700000", "norm_filename": null, "region_type": "private_memory", "start_va": 108003328, "timestamp": "00:05:05.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 108265472, "type": "region", "version": 1 }, "end_va": 109314047, "entry_point": 0, "filename": null, "id": "region_3192", "name": "private_0x0000000006740000", "norm_filename": null, "region_type": "private_memory", "start_va": 108265472, "timestamp": "00:05:05.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 109314048, "type": "region", "version": 1 }, "end_va": 109576191, "entry_point": 0, "filename": null, "id": "region_3193", "name": "private_0x0000000006840000", "norm_filename": null, "region_type": "private_memory", "start_va": 109314048, "timestamp": "00:05:05.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 109576192, "type": "region", "version": 1 }, "end_va": 110624767, "entry_point": 0, "filename": null, "id": "region_3194", "name": "private_0x0000000006880000", "norm_filename": null, "region_type": "private_memory", "start_va": 109576192, "timestamp": "00:05:05.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2136662016, "type": "region", "version": 1 }, "end_va": 2136674303, "entry_point": 0, "filename": null, "id": "region_3195", "name": "private_0x000000007f5ae000", "norm_filename": null, "region_type": "private_memory", "start_va": 2136662016, "timestamp": "00:05:05.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2136674304, "type": "region", "version": 1 }, "end_va": 2136686591, "entry_point": 0, "filename": null, "id": "region_3196", "name": "private_0x000000007f5b1000", "norm_filename": null, "region_type": "private_memory", "start_va": 2136674304, "timestamp": "00:05:05.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2136686592, "type": "region", "version": 1 }, "end_va": 2136698879, "entry_point": 0, "filename": null, "id": "region_3197", "name": "private_0x000000007f5b4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2136686592, "timestamp": "00:05:05.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2136698880, "type": "region", "version": 1 }, "end_va": 2136711167, "entry_point": 0, "filename": null, "id": "region_3198", "name": "private_0x000000007f5b7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2136698880, "timestamp": "00:05:05.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2136711168, "type": "region", "version": 1 }, "end_va": 2136723455, "entry_point": 0, "filename": null, "id": "region_3199", "name": "private_0x000000007f5ba000", "norm_filename": null, "region_type": "private_memory", "start_va": 2136711168, "timestamp": "00:05:05.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2136723456, "type": "region", "version": 1 }, "end_va": 2136735743, "entry_point": 0, "filename": null, "id": "region_3200", "name": "private_0x000000007f5bd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2136723456, "timestamp": "00:05:05.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 110624768, "type": "region", "version": 1 }, "end_va": 110886911, "entry_point": 0, "filename": null, "id": "region_3303", "name": "private_0x0000000006980000", "norm_filename": null, "region_type": "private_memory", "start_va": 110624768, "timestamp": "00:06:05.901", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 110886912, "type": "region", "version": 1 }, "end_va": 111149055, "entry_point": 0, "filename": null, "id": "region_3304", "name": "private_0x00000000069c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 110886912, "timestamp": "00:06:05.901", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 111149056, "type": "region", "version": 1 }, "end_va": 112197631, "entry_point": 0, "filename": null, "id": "region_3305", "name": "private_0x0000000006a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 111149056, "timestamp": "00:06:05.901", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2136649728, "type": "region", "version": 1 }, "end_va": 2136662015, "entry_point": 0, "filename": null, "id": "region_3306", "name": "private_0x000000007f5ab000", "norm_filename": null, "region_type": "private_memory", "start_va": 2136649728, "timestamp": "00:06:05.901", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 69992448, "type": "region", "version": 1 }, "end_va": 70017023, "entry_point": 0, "filename": null, "id": "region_3909", "name": "private_0x00000000042c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 69992448, "timestamp": "00:07:05.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 70123520, "type": "region", "version": 1 }, "end_va": 70139903, "entry_point": 0, "filename": null, "id": "region_3910", "name": "private_0x00000000042e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 70123520, "timestamp": "00:07:05.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 112197632, "type": "region", "version": 1 }, "end_va": 113246207, "entry_point": 0, "filename": null, "id": "region_3911", "name": "private_0x0000000006b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 112197632, "timestamp": "00:07:05.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 113246208, "type": "region", "version": 1 }, "end_va": 114294783, "entry_point": 0, "filename": null, "id": "region_3913", "name": "private_0x0000000006c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 113246208, "timestamp": "00:07:05.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 69632, "start_va": 76349440, "type": "region", "version": 1 }, "end_va": 76419071, "entry_point": 0, "filename": null, "id": "region_3915", "name": "private_0x00000000048d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 76349440, "timestamp": "00:07:06.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 479232, "start_va": 1951596544, "type": "region", "version": 1 }, "end_va": 1952075775, "entry_point": 1951832272, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_3916", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1951596544, "timestamp": "00:07:06.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1724416, "start_va": 114294784, "type": "region", "version": 1 }, "end_va": 116019199, "entry_point": 0, "filename": null, "id": "region_3917", "name": "private_0x0000000006d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 114294784, "timestamp": "00:07:06.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 116064256, "type": "region", "version": 1 }, "end_va": 118161407, "entry_point": 0, "filename": null, "id": "region_3918", "name": "private_0x0000000006eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 116064256, "timestamp": "00:07:06.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 116391936, "type": "region", "version": 1 }, "end_va": 117440511, "entry_point": 0, "filename": null, "id": "region_3919", "name": "private_0x0000000006f00000", "norm_filename": null, "region_type": "private_memory", "start_va": 116391936, "timestamp": "00:07:06.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 139264, "start_va": 1940258816, "type": "region", "version": 1 }, "end_va": 1940398079, "entry_point": 1940299392, "filename": "\\Windows\\SysWOW64\\cabinet.dll", "id": "region_3920", "name": "cabinet.dll", "norm_filename": "c:\\windows\\syswow64\\cabinet.dll", "region_type": "memory_mapped_file", "start_va": 1940258816, "timestamp": "00:07:06.022", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 } ], "remarks": { "critical": [], "non_critical": [ { "comment": "The dump total size limit was reached during the analysis. Some memory dump may be missing in the reports. You can increase the limit in the configuration.", "id": 512, "type": "remark", "version": 1 }, { "comment": "The operating system was rebooted during the analysis.", "id": 128, "type": "remark", "version": 1 }, { "comment": "The maximum number of dumps was reached during the analysis. Some memory dumps may be missing in the reports. You can increase the limit in the configuration.", "id": 2048, "type": "remark", "version": 1 }, { "comment": "The overall sleep time of all monitored processes was truncated from 1 minute to 10 seconds to reveal dormant functionality.", "id": 262144, "type": "remark", "version": 1 } ], "type": "remarks", "version": 1 }, "sample_details": { "filename": "zeuspanda.vir.exe", "id": 20389, "md5_hash": "c9522f83c60a595694b2e4c6657982d0", "sample_type": "windows_exe_(x86-32)", "sha1_hash": "8011fd0a959b7d17696306c4ab36c4974540cada", "sha256_hash": "b34abadaa54fa828fc3d1b1540004f5dd94873918d5b3f2a3eab49272b67415b", "size": 404480, "type": "sample_details", "version": 1 }, "screenshots": [ { "screenshot_archive_path": "screenshots/screenshot_27449.png", "size": 282523, "thumbnail_archive_path": "screenshots/thumbnail_27449.png", "timestamp": "00:00:27.449", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_29830.png", "size": 530586, "thumbnail_archive_path": "screenshots/thumbnail_29830.png", "timestamp": "00:00:29.830", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_122958.png", "size": 8479, "thumbnail_archive_path": "screenshots/thumbnail_122958.png", "timestamp": "00:02:02.958", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_138923.png", "size": 3848, "thumbnail_archive_path": "screenshots/thumbnail_138923.png", "timestamp": "00:02:18.923", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_144100.png", "size": 458733, "thumbnail_archive_path": "screenshots/thumbnail_144100.png", "timestamp": "00:02:24.100", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_99999999.png", "size": 527616, "thumbnail_archive_path": "screenshots/thumbnail_99999999.png", "timestamp": "03:46:39.999", "type": "screenshot", "version": 1 } ], "type": "summary", "version": 1, "vm_and_analyzer_details": { "adobe_acrobat_reader_version": "not_installed", "analyzer_build_date": "2017-10-17 16:08", "analyzer_version": "2.2.0", "chrome_version": "58.0.3029.110", "firefox_version": "53.0.3", "flash_version": "25.0.0.148", "internet_explorer_version": "11.0.10240.16384", "java_version": "8.0.1310.11", "microsoft_excel_version": "not_installed", "microsoft_office_version": "not_installed", "microsoft_power_point_version": "not_installed", "microsoft_project_version": "not_installed", "microsoft_publisher_version": "not_installed", "microsoft_visio_version": "not_installed", "microsoft_word_version": "not_installed", "silverlight_version": "not_installed", "type": "vm_and_analyzer_details", "version": 1, "vm_architecture": "x86_64-bit", "vm_kernel_version": "10.0.10240.16384_(c68ee22f-dcf6-4778-95c5-4a862be16567)", "vm_name": null, "vm_os": "windows_10_threshold_1" }, "vti": { "type": "vti", "version": 1, "vti_built_in_rules_version": "2.6", "vti_rule_matches": [ { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_info_stealing", "category_desc": "Information Stealing", "operation": "_read_system_data", "operation_desc": "Read system data", "ref_gfncalls": [ { "ref_id": "gfn_303", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_windows_install_date", "technique_desc": "Read the Windows installation date from registry.", "technique_path": "built_in._info_stealing._read_system_data.vmray_read_windows_install_date", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_info_stealing", "category_desc": "Information Stealing", "operation": "_read_system_data", "operation_desc": "Read system data", "ref_gfncalls": [ { "ref_id": "gfn_305", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_windows_license_by_registry", "technique_desc": "Readout Windows license key.", "technique_path": "built_in._info_stealing._read_system_data.vmray_read_windows_license_by_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "8C5FF35F44C67C34381EFF128FE58575", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_312", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"8C5FF35F44C67C34381EFF128FE58575\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "BA375714EF21E8EC8F43FB71FA3700CC", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_330", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"BA375714EF21E8EC8F43FB71FA3700CC\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Sandboxie_SingleInstanceMutex_Control", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_348", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Sandboxie_SingleInstanceMutex_Control\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Frz_State", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_349", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Frz_State\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_detect_application_sandbox", "operation_desc": "Try to detect application sandbox", "ref_gfncalls": [ { "ref_id": "gfn_353", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_detect_wine_by_getprocaddress", "technique_desc": "Possibly trying to detect \"wine\" by calling GetProcAddress() on \"wine_get_unix_file_name\".", "technique_path": "built_in._anti_analysis._detect_application_sandbox.vmray_detect_wine_by_getprocaddress", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "4F35AC27449784784508471CC1E930C7", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_375", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"4F35AC27449784784508471CC1E930C7\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_740", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"\"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\containers.exe\"\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "DD53550AC9EB25CC6151CE1EB2A70FC3", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_1129", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"DD53550AC9EB25CC6151CE1EB2A70FC3\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_1136", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"\"C:\\Windows\\system32\\cmd.exe\" /c \"C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\upd7d80021e.bat\"\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_dynamic_api_usage", "operation_desc": "Dynamic API usage", "ref_gfncalls": [ { "ref_id": "gfn_1144", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_dynamic_api_usage_by_api", "technique_desc": "Resolve above average number of APIs.", "technique_path": "built_in._anti_analysis._dynamic_api_usage.vmray_dynamic_api_usage_by_api", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_1258", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Windows\\SysWOW64\\svchost.exe -k netsvcs\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "EF45F0E754F1354293A017BE4F985965", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_1259", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"EF45F0E754F1354293A017BE4F985965\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_executable_page", "operation_desc": "Create a page with write and execute permissions", "ref_gfncalls": [ { "ref_id": "gfn_1260", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_allocate_wx_page", "technique_desc": "Allocate a page in a foreign process with \"PAGE_EXECUTE_READWRITE\" permissions, often used to dynamically unpack code.", "technique_path": "built_in._process._create_executable_page.vmray_allocate_wx_page", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "8EB663269EDB2551D78D6BE980D8D1D5", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_1299", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"8EB663269EDB2551D78D6BE980D8D1D5\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "3A05CFF4EB7DE2EF8F3985678370FA5D", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_1344", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"3A05CFF4EB7DE2EF8F3985678370FA5D\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "99DCC4F63896BA52D9D5D3F7098E00E5", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_1349", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"99DCC4F63896BA52D9D5D3F7098E00E5\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Ombi", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_1357", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 1776 byte in \"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Ombi\\Uzapze\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "55A4DE17653FCFB535BFCEB7986C3B1D", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_1379", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"55A4DE17653FCFB535BFCEB7986C3B1D\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "843724E431E9542E94836F8E62819404", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_1394", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"843724E431E9542E94836F8E62819404\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "ACD86ED691154353041C7827C4241C0D", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_1404", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"ACD86ED691154353041C7827C4241C0D\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "BA6E0713253533C2BD32E023F51DAAB1", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_1405", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"BA6E0713253533C2BD32E023F51DAAB1\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\Currentversion\\Run", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_persistence", "category_desc": "Persistence", "operation": "_install_startup_script", "operation_desc": "Install system startup script or application", "ref_gfncalls": [ { "ref_id": "gfn_1407", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_startup_script_by_registry", "technique_desc": "Add \"\"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\containers.exe\"\" to windows startup via registry.", "technique_path": "built_in._persistence._install_startup_script.vmray_install_startup_script_by_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "E69AF5C9A1CE7CC06B48F35248935FCD", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_1413", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"E69AF5C9A1CE7CC06B48F35248935FCD\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_delay_execution", "operation_desc": "Delay execution", "ref_gfncalls": [ { "ref_id": "gfn_1461", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_delay_execution_by_sleep", "technique_desc": "One thread sleeps more than 5 minutes.", "technique_path": "built_in._anti_analysis._delay_execution.vmray_delay_execution_by_sleep", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "8592029A1BBD0F5EDCA2A860E613ACDB", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_1778", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"8592029A1BBD0F5EDCA2A860E613ACDB\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Ombi", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_2075", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 1680 byte in \"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Ombi\\Axoha\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "5576A023ACFCB1DF07119694F5D31AAB", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_4231", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"5576A023ACFCB1DF07119694F5D31AAB\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "E60F35D6C376C5F82E917CA84B9C2F25", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_4379", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"E60F35D6C376C5F82E917CA84B9C2F25\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_detect_fw", "operation_desc": "Try to detect firewall", "ref_gfncalls": [ { "ref_id": "gfn_9", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_detect_fw_by_wmi_query", "technique_desc": "Check for firewall via WMI query: \"select * from firewallproduct\".", "technique_path": "built_in._anti_analysis._detect_fw.vmray_detect_fw_by_wmi_query", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_5088", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"\"C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\updee12df24.exe\" -update\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "690CE47B932790ABBAE4486C8750D5B2", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_5321", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"690CE47B932790ABBAE4486C8750D5B2\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "1F6114CF197C565BFF427879E00139DA", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_5454", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"1F6114CF197C565BFF427879E00139DA\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Ombi", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_5458", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 95680 byte in \"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Ombi\\Akudfeen\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Ombi", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_5625", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 215872 byte in \"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Ombi\\Akudfeen\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Ombi", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_5855", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 310112 byte in \"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Ombi\\Akudfeen\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_11873", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"\"C:\\Windows\\system32\\cmd.exe\" /c \"C:\\Users\\CIIHMN~1\\AppData\\Local\\Temp\\upd3171fe7c.bat\"\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "B7B640FD598619C28BD4F0051E0616B4", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_16270", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"B7B640FD598619C28BD4F0051E0616B4\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "C144897552FBD8087BCACE2DF5968566", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_16358", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"C144897552FBD8087BCACE2DF5968566\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_os", "category_desc": "OS", "operation": "_use_encryption_api", "operation_desc": "Use encryption API", "ref_gfncalls": [ { "ref_id": "gfn_17145", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_use_encryption_api", "technique_desc": "Use above average number of encryption APIs.", "technique_path": "built_in._os._use_encryption_api.vmray_use_encryption_api", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "8E6BA92214C9B423A575DAF2D449D162", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_18950", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"8E6BA92214C9B423A575DAF2D449D162\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Local\\Microsoft\\Windows\\INetCookies\\8489XH4E.txt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcookies\\8489xh4e.txt", "operations": [ "read" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_browser", "category_desc": "Browser", "operation": "_browser_data_cookies", "operation_desc": "Read data related to browser cookies", "ref_gfncalls": [ { "ref_id": "gfn_22734", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_browser_cookies", "technique_desc": "Read Cookies for \"Microsoft Internet Explorer\".", "technique_path": "built_in._browser._browser_data_cookies.vmray_read_browser_cookies", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Ombi", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_24248", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 531328 byte in \"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Ombi\\Akudfeen\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Ombi", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_24465", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 807168 byte in \"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Ombi\\Akudfeen\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Ombi", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_24566", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 818816 byte in \"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Ombi\\Akudfeen\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Ombi", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_24716", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 837968 byte in \"HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Ombi\\Akudfeen\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_system", "operation_desc": "Write into memory of another process", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory_system", "technique_desc": "\"c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\containers.exe\" modifies memory of \"c:\\windows\\syswow64\\svchost.exe\"", "technique_path": "built_in._injection._modify_memory_system.vmray_modify_memory_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_non_system", "operation_desc": "Write into memory of a process running from a created or modified executable", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory", "technique_desc": "\"c:\\windows\\syswow64\\svchost.exe\" modifies memory of \"c:\\users\\ciihmn~1\\appdata\\local\\temp\\updee12df24.exe\"", "technique_path": "built_in._injection._modify_memory_non_system.vmray_modify_memory", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_control_flow_system", "operation_desc": "Modify control flow of another process", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_remote_thread_system", "technique_desc": "\"c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\containers.exe\" creates thread in \"c:\\windows\\syswow64\\svchost.exe\"", "technique_path": "built_in._injection._modify_control_flow_system.vmray_create_remote_thread_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_control_flow_non_system", "operation_desc": "Modify control flow of a process running from a created or modified executable", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_remote_thread_non_system", "technique_desc": "\"c:\\windows\\syswow64\\svchost.exe\" creates thread in \"c:\\users\\ciihmn~1\\appdata\\local\\temp\\updee12df24.exe\"", "technique_path": "built_in._injection._modify_control_flow_non_system.vmray_create_remote_thread_non_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/31F9UVfEun/0I1aalj/7QGREH4HU/RK/5rEg\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/mtV/jshKPnn7S1/Vn/HMa/z/b-N/oK/Q\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/pW6teVTI/k-sq/J/2j7/cmhBJoSRZ8F/qDQ\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/8C1SLhHn/2_/8tA/E/H/Fbk/8JMoO2Tv/9/2Kg\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/xnecdWiG1/m9/J5MGn6/T/2YACd/yAYfNpLQ\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/SEP4vYw6/sPlMZ/3/v0URdi/NOLRdM5J/cg\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/NrY/r/c5FHX/_/0aFNoP8C8TO/VnC/g/\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/9piYZTuz9/2sx1Clf5U1sISMKMW81/q/MQ\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/l6yH/j4/plG2GbX2ldR8utbqF/HD/A\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/WJFCdFULD/tP/ZaEGn/rc/211/J/v/ijQ/fN4EQ\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/cIh/g/P/V0METF/RW/hZEvuN/Yd5W/J/w/\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/sTx52Lxwi/k/OhkZ/j_hXlZYAu/ad/N6VyPA\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/TkN2Lgy/t9dSY/UHKX3/Va/P4CpZe5q/Lw\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/3qeDwipy/0M/15F3rEV/lgCANe/hdf5/O/PQ\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/rSps/ke9sIH_-V/lJ/DI/sKWc/MRONw/\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/KbnKhnNec/qN/5/yGGXDaERSOtCLSf9QC/g\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/1R52/0u4pYTz_/ExM/AI/4f/XM8U/L/d/g\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/Ydqt/uth/tJ1TJV1Vo/FcOR/W_NPMA\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/OLKU5tAB/rPB/XBjjZZ2/N-Pfmw/N-N_Bg\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/BaoB/o/d1zEU_M/SWNz/EN/2nQPZRBg\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/De1Yth/p9kt/Cn/nFYkQAKMa/NRvIPHQ/\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/VTNb4H/t/ehSMTnlcHV_E4at/VMNw/Jg\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/YrhHB3/us5/0/G0-ef1/NZ/O/fDWW/-V/WDA/\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/ywhAhCZ/mst0E/m/Xuf/FhGG/fO/NQ/c1HMw\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/aV1M3/guotHj7McBB8QtOzM9oNJ/Q\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/gyRVM2W/hM/VOBU/C/fc/UZI/I-So/MMBZP/Q\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/6puLAJKud/1c/xpH0zn/bVRVR8KQTtZ0Dw\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/yl/mtBlP3TBX01/IHcuJe/_tHKA\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/PlKl8Vi16/s9BXP/zX7TxAHId6ubq9oLQ\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/4jfU08/19Z6B/j2VEkt/XJILd/Nv1YEQ\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/qE/kvltF/nzoV2/RANMO/gc9JP/AQ\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/DStLW/p-9oH1rpd/VV9/Jva2/dttpAA\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/3VIs/0OpV/I/D77b/1ICJ_uWMcF3N/w\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/Syy/sMVlAHTUdV/hI/I/sucUe/5HFw\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/eCf57FZh/hv9/6ZjrrfElUMtT/QNd/FkLA\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/5TGta2dCc5/1uhbJ2/y/f/QmJSRI/e/xRe/N/fdg\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/jypPt/ic/VsA3/n/HX1FhBdiccsdKLg\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/ddDmp7/h/9/hY/Pn/2aQkV1HML/S/Zv/N6KQ\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"330f35e9f647.loan/zrx/mc5kKX_VXFNJC8/Cd/eO/VGPg\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"google.com/\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\ciihmn~1\\appdata\\local\\temp\\updee12df24.exe\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_execute_dropped_pe_file", "operation_desc": "Execute dropped PE file", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_dropped_pe_file", "technique_desc": "Execute dropped file \"c:\\users\\ciihmn~1\\appdata\\local\\temp\\updee12df24.exe\".", "technique_path": "built_in._pe._execute_dropped_pe_file.vmray_execute_dropped_pe_file", "type": "vti_rule_match", "version": 1 } ], "vti_rule_type": "Default (PE, ...)", "vti_score": 95 }, "yara": { "apply_yara": true, "apply_yara_on_created_files": true, "apply_yara_on_modified_files": true, "apply_yara_on_pcap_file": true, "apply_yara_on_process_dumps": true, "apply_yara_on_sample_files": true, "match_count": 0, "matches": [], "ruleset_count": 7, "type": "yara", "version": 1 } }