{ "analysis_details": { "creation_time": "2017-11-07 20:24 (UTC+1)", "execution_successful": true, "number_of_processes": 4, "reputation_enabled": true, "termination_reason": "timeout", "type": "analysis_details", "version": 2, "vm_analysis_duration_time": "00:10:15" }, "artifacts": { "files": [ { "filename": "C:\\Users\\5P5NRG~1\\Desktop\\MYOBSU~1.JS", "hashes": [], "norm_filename": "c:\\users\\5p5nrg~1\\desktop\\myobsu~1.js", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp/pST790mv.exe", "hashes": [], "norm_filename": "c:\\users\\5p5nrg~1\\appdata\\local\\temp/pst790mv.exe", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_OUTPUT_HANDLE", "hashes": [], "norm_filename": "std_output_handle", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\container.dat", "hashes": [ { "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "type": "file_hash", "version": 1 }, { "md5_hash": "7c71ee83af910dec760c54b96ae19f9a", "sha1_hash": "ebd9fd4c6cb4c2a99fd486a0f2ce01daa256e5c8", "sha256_hash": "33f1cf8ae4f821e1688f8de8463bae342c550cbd6eb667b370bab71bc22f9282", "type": "file_hash", "version": 1 }, { "md5_hash": "f7b1337a85bf965b4b8ab67d65ec26c3", "sha1_hash": "79670586cdfc33f738677af4da640abcbc308743", "sha256_hash": "80428142e41c382f97a47b5a2366e158d40942112cd017a9ce3a1b74fc9ffd93", "type": "file_hash", "version": 1 }, { "md5_hash": "39b7c9d83ee86f07436876987f6bf5b3", "sha1_hash": "1892bd53396dbf427c13c63c22be20630d7c614f", "sha256_hash": "376c27701b84ccb518346deb5217c61516c42dd3c2a6280787f6d8756750e8aa", "type": "file_hash", "version": 1 }, { "md5_hash": "bbd299bace19431a912dceadba1d4683", "sha1_hash": "99388285449acf2c01cde866d921270a0e708484", "sha256_hash": "414946b215d6c2418bad7c558de09dd603f14c54c24447a6774e2e4a51d76a02", "type": "file_hash", "version": 1 }, { "md5_hash": "29040b560ca4c807bd187e4a070be64a", "sha1_hash": "558a339dacdce5b3c05e950712b856e57bc218e2", "sha256_hash": "bab2056daedad19db5a348dd37d32e97fda7261082808a9b5ceae04ec3b246a3", "type": "file_hash", "version": 1 }, { "md5_hash": "96de3dad77a9333b3941edcf97763093", "sha1_hash": "f89776d007f38a71ae967afa9006611704630e59", "sha256_hash": "a96413ba7afe34fa111e17ae8b01befe0cdb546be04904a02f92e113899b3ee0", "type": "file_hash", "version": 1 }, { "md5_hash": "4f1cd6376847e04626ed1f864b6d83c6", "sha1_hash": "58bba1d3e7b4e9f751937b584c8869689f2bd76a", "sha256_hash": "2d4db92a8f4db77980ffc53b50440cfa158e237dcae23f758fbcadc1e813309d", "type": "file_hash", "version": 1 }, { "md5_hash": "2124dedcce45e017b2b52ceea067f908", "sha1_hash": "b2ef626c65632a0e2cf8672e8a1b935970cfe9b5", "sha256_hash": "ff889ae413ec5a3f93750c59fd587b46849a1046ab401698507ff1fe2b9ffb0c", "type": "file_hash", "version": 1 }, { "md5_hash": "d2907d752b69c6654c839ea5186f8991", "sha1_hash": "040859a0b7a8d960957057fb46de31ac1efbbf60", "sha256_hash": "16d95ef314aa437c57296fb044c62b8866b1988883de2e061d2905e961fcd726", "type": "file_hash", "version": 1 }, { "md5_hash": "00642690ded7bb60887302ae669d3594", "sha1_hash": "c7d1b92ee49ef4af1a217e3f714966d0e429feeb", "sha256_hash": "e81d72ecc715998879b1c65bbc11852f4e2b36b5e409e301df146c5dfd46fe69", "type": "file_hash", "version": 1 }, { "md5_hash": "2fcabfa8f45e908bdd322512d97af55c", "sha1_hash": "bc870d783d89b1dfe87dfe83572cbbe0d9d51373", "sha256_hash": "74a7a900be85839c0cca0a5afca690aaa0d3c359886e87983a4af890680effb7", "type": "file_hash", "version": 1 }, { "md5_hash": "05d9c03b1d498b1ed988482850ce1d27", "sha1_hash": "75a080f4c54005703fd524c4a6b4272941d3d110", "sha256_hash": "ea6250d4e68955c06ff481da3fa354653dbb4417867e338861f04fc439716849", "type": "file_hash", "version": 1 }, { "md5_hash": "59b0194db8f7ab4b531fe53c5d318861", "sha1_hash": "27b7876c04a3d91007cb6b2d127a66613ebdc1df", "sha256_hash": "832baecc09332b754abdb3b3d3a7f32e19bfb533ad6d2cca49b86a8092861b2e", "type": "file_hash", "version": 1 }, { "md5_hash": "fc2d4c590d9c78b2f8bb25fb284ca97f", "sha1_hash": "591fe8f17424e2284e0c893f1d4e213c47a400a1", "sha256_hash": "0e6a06ecd934e0c6a62c59e13dd5bee3f4cb279f6767c7d5488b14ce8f8ad4c4", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\container.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\container.dat.tmp", "hashes": [ { "md5_hash": "7c71ee83af910dec760c54b96ae19f9a", "sha1_hash": "ebd9fd4c6cb4c2a99fd486a0f2ce01daa256e5c8", "sha256_hash": "33f1cf8ae4f821e1688f8de8463bae342c550cbd6eb667b370bab71bc22f9282", "type": "file_hash", "version": 1 }, { "md5_hash": "f7b1337a85bf965b4b8ab67d65ec26c3", "sha1_hash": "79670586cdfc33f738677af4da640abcbc308743", "sha256_hash": "80428142e41c382f97a47b5a2366e158d40942112cd017a9ce3a1b74fc9ffd93", "type": "file_hash", "version": 1 }, { "md5_hash": "39b7c9d83ee86f07436876987f6bf5b3", "sha1_hash": "1892bd53396dbf427c13c63c22be20630d7c614f", "sha256_hash": "376c27701b84ccb518346deb5217c61516c42dd3c2a6280787f6d8756750e8aa", "type": "file_hash", "version": 1 }, { "md5_hash": "bbd299bace19431a912dceadba1d4683", "sha1_hash": "99388285449acf2c01cde866d921270a0e708484", "sha256_hash": "414946b215d6c2418bad7c558de09dd603f14c54c24447a6774e2e4a51d76a02", "type": "file_hash", "version": 1 }, { "md5_hash": "29040b560ca4c807bd187e4a070be64a", "sha1_hash": "558a339dacdce5b3c05e950712b856e57bc218e2", "sha256_hash": "bab2056daedad19db5a348dd37d32e97fda7261082808a9b5ceae04ec3b246a3", "type": "file_hash", "version": 1 }, { "md5_hash": "96de3dad77a9333b3941edcf97763093", "sha1_hash": "f89776d007f38a71ae967afa9006611704630e59", "sha256_hash": "a96413ba7afe34fa111e17ae8b01befe0cdb546be04904a02f92e113899b3ee0", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\container.dat.tmp", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\crash_flag", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\crash_flag", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\transport", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\transport", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\pST790mv.exe", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\pst790mv.exe", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_INPUT_HANDLE", "hashes": [], "norm_filename": "std_input_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_ERROR_HANDLE", "hashes": [], "norm_filename": "std_error_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:", "hashes": [], "norm_filename": "c:", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users", "hashes": [], "norm_filename": "c:\\users", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\8054e6dc-e4db-4147-9938-ada26bf04150", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\8054e6dc-e4db-4147-9938-ada26bf04150", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\8054e6dc-e4db-4147-9938-ada26bf04150\\38e5d161-f6c8-43ba-9fe8-f1301b7b08b6", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\8054e6dc-e4db-4147-9938-ada26bf04150\\38e5d161-f6c8-43ba-9fe8-f1301b7b08b6", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "\\\\.\\NPF_NdisWanIp", "hashes": [], "norm_filename": "npf_ndiswanip", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\252e9d6f-46f0-4cf5-8686-f2a673c579a2\\1.dat", "hashes": [ { "md5_hash": "c18642c37123dd9520efa18db227cba1", "sha1_hash": "961fe841ad06e3d18495ecd3c7c1f90250f4363a", "sha256_hash": "4d4c440ee23a5e4a5c03928c7085c8bcea0d3b8d78c53c9e03970152064c83ce", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\programdata\\252e9d6f-46f0-4cf5-8686-f2a673c579a2\\1.dat", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\ProgramData\\252e9d6f-46f0-4cf5-8686-f2a673c579a2\\af77746e-8a65-4302-8042-f6017918c669.dll", "hashes": [ { "md5_hash": "ca98762b43ad6d6e4147089cae636fd5", "sha1_hash": "a8fb38628d6a0e3cbf3b593fdb16fba59ddbb04a", "sha256_hash": "d36bca25ec22d09410b4432fcc65fca29ac1101953dabd8be67598e8bb603210", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\programdata\\252e9d6f-46f0-4cf5-8686-f2a673c579a2\\af77746e-8a65-4302-8042-f6017918c669.dll", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 } ], "ips": [ { "ip_address": "192.99.181.10", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [ { "mutex_name": "df7689e6-c49f-4a86-82e8-6809a406872a", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [ { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows Script Host\\Settings", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows Script Host\\Settings", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\.JS", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CLASSES_ROOT\\JSFile\\ScriptEngine", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Script\\Features", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows NT\\CurrentVersion", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\AddressBook", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Adobe Flash Player Plugin", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Connection Manager", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DirectDrawEx", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Fontcore", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Google Chrome", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE40", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE4Data", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IE5BAKEX", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\IEData", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MobileOptionPack", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Mozilla Firefox 25.0 (x86 en-US)", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MozillaMaintenanceService", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SchedulingAgent", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\WIC", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2151757", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2467173", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2524860", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2544655", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2549743", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB2565063", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}.KB982573", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{26A24AE4-039D-4CA4-87B4-2F83217045FF}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{3c3aafc8-d898-43ec-998f-965ffdae065a}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{4A03706F-666A-4037-7777-5F2748764D10}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{582EA838-9199-3518-A05C-DB09462F68EC}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{68306422-7C57-373F-8860-D26CE4BA2A15}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{9BE518E6-ECC6-35A9-88E4-87755C07200F}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{B175520C-86A2-35A7-8619-86DC379688B9}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{e52a6842-b0ac-476e-b48f-378a97a67346}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2151757", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2467173", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2524860", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2544655", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2549743", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB2565063", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}.KB982573", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{f325f05b-f963-4640-a43b-c8a494cdda0f}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\DXM_Runtime", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\MPlayer2", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Office14.PRJPROR", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Office14.PROPLUSR", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Office14.VISIOR", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-0015-0409-1000-0000000FF1CE}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-0016-0409-1000-0000000FF1CE}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-0018-0409-1000-0000000FF1CE}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-0019-0409-1000-0000000FF1CE}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-001A-0409-1000-0000000FF1CE}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-001B-0409-1000-0000000FF1CE}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-001F-0409-1000-0000000FF1CE}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{0242505C-4E90-407F-9299-B5B275F50D86}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-001F-0409-1000-0000000FF1CE}_Office14.VISIOR_{0242505C-4E90-407F-9299-B5B275F50D86}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-001F-040C-1000-0000000FF1CE}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUSR_{B51389C8-2890-4633-81D8-47D2A7402274}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-001F-040C-1000-0000000FF1CE}_Office14.VISIOR_{B51389C8-2890-4633-81D8-47D2A7402274}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-001F-0C0A-1000-0000000FF1CE}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUSR_{1779650B-2E44-4A19-8DF6-3866D645764A}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.VISIOR_{1779650B-2E44-4A19-8DF6-3866D645764A}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-002C-0409-1000-0000000FF1CE}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-002C-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-002C-0409-1000-0000000FF1CE}_Office14.VISIOR_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-0043-0000-1000-0000000FF1CE}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-0043-0000-1000-0000000FF1CE}_Office14.VISIOR_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-0043-0409-1000-0000000FF1CE}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-0043-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-0043-0409-1000-0000000FF1CE}_Office14.VISIOR_{FCD1C311-8B02-4DBD-BA46-1079C629577E}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-0044-0409-1000-0000000FF1CE}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-0054-0409-1000-0000000FF1CE}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-0054-0409-1000-0000000FF1CE}_Office14.VISIOR_{7DC2B20B-31B9-4C7C-B8DC-8492A9A3095E}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-006E-0409-1000-0000000FF1CE}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-006E-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-006E-0409-1000-0000000FF1CE}_Office14.VISIOR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-00A1-0409-1000-0000000FF1CE}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-00B4-0409-1000-0000000FF1CE}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-00B4-0409-1000-0000000FF1CE}_Office14.PRJPROR_{316A864B-0547-40CE-B136-B02B4D18BF09}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-00BA-0409-1000-0000000FF1CE}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-0115-0409-1000-0000000FF1CE}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-0115-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-0115-0409-1000-0000000FF1CE}_Office14.VISIOR_{516CA4A9-98E6-4F77-A863-CBD8487368E4}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-0117-0409-1000-0000000FF1CE}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{91140000-0011-0000-1000-0000000FF1CE}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{91140000-003B-0000-1000-0000000FF1CE}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{91140000-003B-0000-1000-0000000FF1CE}_Office14.PRJPROR_{E6F88893-86F0-4CFB-B7E0-733575D1DEB4}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{91140000-0057-0000-1000-0000000FF1CE}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{9081486B-B26D-42DB-8D31-81C525A9526A}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{929FBD26-9020-399B-9A7A-751D61F0B942}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{94A631D5-B30A-3DD8-B65C-1117C09DA73E}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [ { "operations": "GET", "type": "url_artifact", "url": "https://moranaccountants-my.sharepoint.com/personal/lily_moranaccountants_com_au/_layouts/15/guestaccess.aspx?docid=03559bd7bd473450fab4c679cae4be913&authkey=AXWiRPNRVvwj9BsVKKyrAsc&e=259ca72ab9534857b5c3964310916b09", "version": 1 }, { "operations": "GET", "type": "url_artifact", "url": "httpbin.org/ip", "version": 1 } ], "version": 1 }, "extracted_files": [ { "archive_path": "extracted_files/fabec36aedbccf2c7a5b0c0e7e8ec7ea64a6a505", "file_type": "created_file", "id": "file_2", "md5_hash": "39dbb6858f88f7059a28700384c4d0f3", "norm_filename": "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\pst790mv.exe", "sha1_hash": "fabec36aedbccf2c7a5b0c0e7e8ec7ea64a6a505", "sha256_hash": "dc83d603a4589aa8397aba960b132fc7cae24cd7bca4d252616aac2c11beb6f6", "size": 517632, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ebd9fd4c6cb4c2a99fd486a0f2ce01daa256e5c8", "file_type": "created_file", "id": "file_3", "md5_hash": "7c71ee83af910dec760c54b96ae19f9a", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\container.dat.tmp", "sha1_hash": "ebd9fd4c6cb4c2a99fd486a0f2ce01daa256e5c8", "sha256_hash": "33f1cf8ae4f821e1688f8de8463bae342c550cbd6eb667b370bab71bc22f9282", "size": 336, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ebd9fd4c6cb4c2a99fd486a0f2ce01daa256e5c8", "file_type": "created_file", "id": "file_5", "md5_hash": "7c71ee83af910dec760c54b96ae19f9a", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\container.dat", "sha1_hash": "ebd9fd4c6cb4c2a99fd486a0f2ce01daa256e5c8", "sha256_hash": "33f1cf8ae4f821e1688f8de8463bae342c550cbd6eb667b370bab71bc22f9282", "size": 336, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/da39a3ee5e6b4b0d3255bfef95601890afd80709", "file_type": "created_file", "id": "file_4", "md5_hash": "d41d8cd98f00b204e9800998ecf8427e", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\container.dat", "sha1_hash": "da39a3ee5e6b4b0d3255bfef95601890afd80709", "sha256_hash": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855", "size": 0, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/79670586cdfc33f738677af4da640abcbc308743", "file_type": "created_file", "id": "file_6", "md5_hash": "f7b1337a85bf965b4b8ab67d65ec26c3", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\container.dat.tmp", "sha1_hash": "79670586cdfc33f738677af4da640abcbc308743", "sha256_hash": "80428142e41c382f97a47b5a2366e158d40942112cd017a9ce3a1b74fc9ffd93", "size": 384, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/79670586cdfc33f738677af4da640abcbc308743", "file_type": "created_file", "id": "file_7", "md5_hash": "f7b1337a85bf965b4b8ab67d65ec26c3", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\container.dat", "sha1_hash": "79670586cdfc33f738677af4da640abcbc308743", "sha256_hash": "80428142e41c382f97a47b5a2366e158d40942112cd017a9ce3a1b74fc9ffd93", "size": 384, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1892bd53396dbf427c13c63c22be20630d7c614f", "file_type": "created_file", "id": "file_8", "md5_hash": "39b7c9d83ee86f07436876987f6bf5b3", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\container.dat.tmp", "sha1_hash": "1892bd53396dbf427c13c63c22be20630d7c614f", "sha256_hash": "376c27701b84ccb518346deb5217c61516c42dd3c2a6280787f6d8756750e8aa", "size": 368, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1892bd53396dbf427c13c63c22be20630d7c614f", "file_type": "created_file", "id": "file_9", "md5_hash": "39b7c9d83ee86f07436876987f6bf5b3", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\container.dat", "sha1_hash": "1892bd53396dbf427c13c63c22be20630d7c614f", "sha256_hash": "376c27701b84ccb518346deb5217c61516c42dd3c2a6280787f6d8756750e8aa", "size": 368, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/99388285449acf2c01cde866d921270a0e708484", "file_type": "created_file", "id": "file_10", "md5_hash": "bbd299bace19431a912dceadba1d4683", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\container.dat.tmp", "sha1_hash": "99388285449acf2c01cde866d921270a0e708484", "sha256_hash": "414946b215d6c2418bad7c558de09dd603f14c54c24447a6774e2e4a51d76a02", "size": 448, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/99388285449acf2c01cde866d921270a0e708484", "file_type": "created_file", "id": "file_11", "md5_hash": "bbd299bace19431a912dceadba1d4683", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\container.dat", "sha1_hash": "99388285449acf2c01cde866d921270a0e708484", "sha256_hash": "414946b215d6c2418bad7c558de09dd603f14c54c24447a6774e2e4a51d76a02", "size": 448, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/558a339dacdce5b3c05e950712b856e57bc218e2", "file_type": "created_file", "id": "file_12", "md5_hash": "29040b560ca4c807bd187e4a070be64a", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\container.dat.tmp", "sha1_hash": "558a339dacdce5b3c05e950712b856e57bc218e2", "sha256_hash": "bab2056daedad19db5a348dd37d32e97fda7261082808a9b5ceae04ec3b246a3", "size": 592, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/558a339dacdce5b3c05e950712b856e57bc218e2", "file_type": "created_file", "id": "file_13", "md5_hash": "29040b560ca4c807bd187e4a070be64a", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\container.dat", "sha1_hash": "558a339dacdce5b3c05e950712b856e57bc218e2", "sha256_hash": "bab2056daedad19db5a348dd37d32e97fda7261082808a9b5ceae04ec3b246a3", "size": 592, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f89776d007f38a71ae967afa9006611704630e59", "file_type": "created_file", "id": "file_14", "md5_hash": "96de3dad77a9333b3941edcf97763093", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\container.dat.tmp", "sha1_hash": "f89776d007f38a71ae967afa9006611704630e59", "sha256_hash": "a96413ba7afe34fa111e17ae8b01befe0cdb546be04904a02f92e113899b3ee0", "size": 624, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f89776d007f38a71ae967afa9006611704630e59", "file_type": "created_file", "id": "file_15", "md5_hash": "96de3dad77a9333b3941edcf97763093", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\container.dat", "sha1_hash": "f89776d007f38a71ae967afa9006611704630e59", "sha256_hash": "a96413ba7afe34fa111e17ae8b01befe0cdb546be04904a02f92e113899b3ee0", "size": 624, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/afa53dd55fb041a1561da10d726663ba34f62ed8", "file_type": "created_file", "id": "file_16", "md5_hash": "103b6c9ab3452427fab5839ea9ca1270", "norm_filename": "c:\\windows\\tasks\\407dad5a-b5c6-4985-9878-a37532f9a55f.job", "sha1_hash": "afa53dd55fb041a1561da10d726663ba34f62ed8", "sha256_hash": "912fc888e36f94b7be9216aacd71817489db4b37c44ba27ad64b08c0b7034e79", "size": 504, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/961fe841ad06e3d18495ecd3c7c1f90250f4363a", "file_type": "created_file", "id": "file_17", "md5_hash": "c18642c37123dd9520efa18db227cba1", "norm_filename": "c:\\programdata\\252e9d6f-46f0-4cf5-8686-f2a673c579a2\\1.dat", "sha1_hash": "961fe841ad06e3d18495ecd3c7c1f90250f4363a", "sha256_hash": "4d4c440ee23a5e4a5c03928c7085c8bcea0d3b8d78c53c9e03970152064c83ce", "size": 32, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/58bba1d3e7b4e9f751937b584c8869689f2bd76a", "file_type": "created_file", "id": "file_19", "md5_hash": "4f1cd6376847e04626ed1f864b6d83c6", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\container.dat", "sha1_hash": "58bba1d3e7b4e9f751937b584c8869689f2bd76a", "sha256_hash": "2d4db92a8f4db77980ffc53b50440cfa158e237dcae23f758fbcadc1e813309d", "size": 752, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b2ef626c65632a0e2cf8672e8a1b935970cfe9b5", "file_type": "created_file", "id": "file_20", "md5_hash": "2124dedcce45e017b2b52ceea067f908", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\container.dat", "sha1_hash": "b2ef626c65632a0e2cf8672e8a1b935970cfe9b5", "sha256_hash": "ff889ae413ec5a3f93750c59fd587b46849a1046ab401698507ff1fe2b9ffb0c", "size": 768, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/040859a0b7a8d960957057fb46de31ac1efbbf60", "file_type": "created_file", "id": "file_21", "md5_hash": "d2907d752b69c6654c839ea5186f8991", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\container.dat", "sha1_hash": "040859a0b7a8d960957057fb46de31ac1efbbf60", "sha256_hash": "16d95ef314aa437c57296fb044c62b8866b1988883de2e061d2905e961fcd726", "size": 800, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c7d1b92ee49ef4af1a217e3f714966d0e429feeb", "file_type": "created_file", "id": "file_22", "md5_hash": "00642690ded7bb60887302ae669d3594", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\container.dat", "sha1_hash": "c7d1b92ee49ef4af1a217e3f714966d0e429feeb", "sha256_hash": "e81d72ecc715998879b1c65bbc11852f4e2b36b5e409e301df146c5dfd46fe69", "size": 832, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bc870d783d89b1dfe87dfe83572cbbe0d9d51373", "file_type": "created_file", "id": "file_23", "md5_hash": "2fcabfa8f45e908bdd322512d97af55c", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\container.dat", "sha1_hash": "bc870d783d89b1dfe87dfe83572cbbe0d9d51373", "sha256_hash": "74a7a900be85839c0cca0a5afca690aaa0d3c359886e87983a4af890680effb7", "size": 864, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/75a080f4c54005703fd524c4a6b4272941d3d110", "file_type": "created_file", "id": "file_25", "md5_hash": "05d9c03b1d498b1ed988482850ce1d27", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\container.dat", "sha1_hash": "75a080f4c54005703fd524c4a6b4272941d3d110", "sha256_hash": "ea6250d4e68955c06ff481da3fa354653dbb4417867e338861f04fc439716849", "size": 880, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/27b7876c04a3d91007cb6b2d127a66613ebdc1df", "file_type": "created_file", "id": "file_26", "md5_hash": "59b0194db8f7ab4b531fe53c5d318861", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\container.dat", "sha1_hash": "27b7876c04a3d91007cb6b2d127a66613ebdc1df", "sha256_hash": "832baecc09332b754abdb3b3d3a7f32e19bfb533ad6d2cca49b86a8092861b2e", "size": 1024, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/591fe8f17424e2284e0c893f1d4e213c47a400a1", "file_type": "created_file", "id": "file_28", "md5_hash": "fc2d4c590d9c78b2f8bb25fb284ca97f", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\454ae93e901dbdaa6732f2a7c8a0c95fc3e0c1b4\\container.dat", "sha1_hash": "591fe8f17424e2284e0c893f1d4e213c47a400a1", "sha256_hash": "0e6a06ecd934e0c6a62c59e13dd5bee3f4cb279f6767c7d5488b14ce8f8ad4c4", "size": 1088, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a8fb38628d6a0e3cbf3b593fdb16fba59ddbb04a", "file_type": "modified_file", "id": "file_18", "md5_hash": "ca98762b43ad6d6e4147089cae636fd5", "norm_filename": "c:\\programdata\\252e9d6f-46f0-4cf5-8686-f2a673c579a2\\af77746e-8a65-4302-8042-f6017918c669.dll", "sha1_hash": "a8fb38628d6a0e3cbf3b593fdb16fba59ddbb04a", "sha256_hash": "d36bca25ec22d09410b4432fcc65fca29ac1101953dabd8be67598e8bb603210", "size": 136192, "type": "extracted_file", "version": 1 } ], "process_dumps": [ { "archive_path": "process_dumps/process_00000001-region_00000001-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000001-region_00000001-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_29", "md5_hash": "3f69e7c372cc35093753e17cd0ff73cc", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dcc855a737fc029c34845a2e1993659bd45bb9c2", "sha256_hash": "60e05f0ae6f26169dfdf798fb00bcd7e8aa406cfba309db6a354ac410ab28aec", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000003-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000003-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_30", "md5_hash": "9b03d3862f626638beb029c59507fdea", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "127958d450562b39eb85c9d40f8557264070aa11", "sha256_hash": "a67b3c098064553678e8ce00c11cf0524d8cfd165ca49abdb882c3f2788ea5db", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000006-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000001-region_00000006-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_31", "md5_hash": "7459162c6b5d5914f42d81192a55a39e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8ad49ea2252bb212e26aac9677a27456dd0f3d0e", "sha256_hash": "a06c804891517482493d5379e258e307cfe6532b953ab334b3c43b89c48e64ff", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000010-addr_0x000007fffffd7000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000010-addr_0x000007fffffd7000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_32", "md5_hash": "771244f3b399f9b8a180e57cdc627b2a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bb82dd192e4200aa984f0315369274faa44d119f", "sha256_hash": "bda484a00ce9121f5590646d9e05c62624a9a968c676b92c6c8d87aa17cca658", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000011-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000011-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_33", "md5_hash": "e4348704a550a694e48982287d85757d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7a3734d522de1a2da7f2cb1cc547a92e632f9943", "sha256_hash": "cf6029b237f98544bf27162a7f7849300f146c00d225a4d2164c1783298e1cdd", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000144-addr_0x0000000000350000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000144-addr_0x0000000000350000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_34", "md5_hash": "5fc7b5f16d3a47298249a6d7be358fa7", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0617376f20893c9c4e1fa6662e1b76b6f97f675f", "sha256_hash": "e6a538315500504ea4118ec34d6297e7cda04f2f627b903f59545687e2a27aab", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000163-addr_0x00000000002b0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000163-addr_0x00000000002b0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_35", "md5_hash": "0b9f7713370607b23f12a276cea955e6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "976452933f199cfc21b3d14bd25d370fc144ef76", "sha256_hash": "ecded07b7fa8c65543ddfe11ec989bcec8a5f3937e79efc1342278c613056445", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000164-addr_0x0000000000450000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000164-addr_0x0000000000450000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_36", "md5_hash": "a94aab78dcb4aa55c83b1f349efd7ab0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "561fdfe99bded8e8b38a38471cf3179e8b9ba0e8", "sha256_hash": "954f20ae37f62fe88491d4ad67efa3788b22676383ce1abe3be8a814834139cd", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000171-addr_0x0000000000070000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000171-addr_0x0000000000070000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_37", "md5_hash": "a9ae44c05f624609a20cea7b762a7039", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c16e3f3dcc3793b285ccc535b498a51ee5c93626", "sha256_hash": "e04bfef8850c9bfb3313d044c4094214d388e50e2a4fa9d421967327682407a2", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000172-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000172-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_38", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000179-addr_0x0000000001c70000-size_0x00000000001f0000-perm_rw.bin", "filename": "process_00000001-region_00000179-addr_0x0000000001c70000-size_0x00000000001f0000-perm_rw.bin", "id": "proc_dump_39", "md5_hash": "be3104ab7e9859631658349e4304a35e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "14af18bf4584f850799288969d7fa8ee1d7a8c58", "sha256_hash": "b5afa04785a6d75fbd6e8a877e20aa772562f22fdbbcc126b9e5fe8156d8af05", "size": 2031616, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000181-addr_0x0000000001de0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000001-region_00000181-addr_0x0000000001de0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_40", "md5_hash": "2915f82d6c0f58388b17e8b94eff87ad", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ffb267b6bedfcaeed1b9e08f7adce9e1f48332f7", "sha256_hash": "2416f2cff6dd525decd81d27b54881a81aaa4396969f3fc13a1fbfc1c01997f9", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000182-addr_0x0000000001f80000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000182-addr_0x0000000001f80000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_41", "md5_hash": "989ab3060e7edc6d96fd9b01c17daa43", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a1be7bebebab35349d94fada2fb7ae9b2faf4de7", "sha256_hash": "57a702d5d2f3417824b1e4df2877360f3873fe8d0bebc26872e0146f0f89b6dc", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000183-addr_0x000007fffffdc000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000183-addr_0x000007fffffdc000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_42", "md5_hash": "05b054a9cabe07275b76afbce4352c36", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f74ba7379a6b25a37bcc3d0119e2883385a7ece8", "sha256_hash": "8401b813cb908325f28ccc0b04ed9b61ea130673589a8512f30522e50a7fb57f", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000187-addr_0x0000000002400000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000187-addr_0x0000000002400000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_43", "md5_hash": "fd2a1106b691f2ed67eae796b9d5081b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "69a313e7054f155bb38995428f30cf0ef1b6370d", "sha256_hash": "9e65cfc38e08bd4b4d4ef01dcfbf8a7311beb163f09900e175f3d0fdc2f67f91", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000188-addr_0x000007fffffda000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000188-addr_0x000007fffffda000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_44", "md5_hash": "b603ffc7579ec76819d85a5615b6f4a5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "511428e5feed9db9fe6bd6e1bfde9b32ebcb0884", "sha256_hash": "d875d723d6932bf494744a5f63183e4836266d97b9cfb02b3b2a71cc64684fbc", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000207-addr_0x0000000002510000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000207-addr_0x0000000002510000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_45", "md5_hash": "27f7278daf1d9fcd56efa633d7b9fa7c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8f8b5056eca71650a783359194b2dd1bccff2384", "sha256_hash": "e1160a14241cd6afb3f9622a9e9933a0830d741fae6a5a5a7d0aaf1f92c82dbf", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000208-addr_0x000007fffffd8000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000208-addr_0x000007fffffd8000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_46", "md5_hash": "9715d644ce2c6959092c15b59f91f72d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "22ae2bc787932e9aba5ed719f28551b4ca2fd0d5", "sha256_hash": "c152d8a5531c3bb0185cc77609e537ffb7e2e42b0b403a66cc437762130ab9ed", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000212-addr_0x0000000003640000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000212-addr_0x0000000003640000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_47", "md5_hash": "bbcaf1dd3930b4040585f4e32114ad95", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3169b50d23591b25c037a03a1c505685870d4a4c", "sha256_hash": "1379d62fadc0ba9ee6d036fc8db0c47f5f76971ba27faab083c49298f9182aea", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000214-addr_0x000007fffffd5000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000214-addr_0x000007fffffd5000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_48", "md5_hash": "c70201d14eb08bc708cc773e49505cde", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6c61ba2db715b9fdf6219b1c2b6698da34b1f1ee", "sha256_hash": "d25db59670ec6f86c7ca2e971323b7a80d2c1085f7dbc3bed85a72b12d23929f", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000218-addr_0x0000000003740000-size_0x00000000001f0000-perm_rw.bin", "filename": "process_00000001-region_00000218-addr_0x0000000003740000-size_0x00000000001f0000-perm_rw.bin", "id": "proc_dump_49", "md5_hash": "be3104ab7e9859631658349e4304a35e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "14af18bf4584f850799288969d7fa8ee1d7a8c58", "sha256_hash": "b5afa04785a6d75fbd6e8a877e20aa772562f22fdbbcc126b9e5fe8156d8af05", "size": 2031616, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000219-addr_0x0000000001e60000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000219-addr_0x0000000001e60000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_50", "md5_hash": "1fcf11e702535a69fc8deeded9d5edb3", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b51eb8914a6eee3fba664162814a6fd79f07a6a9", "sha256_hash": "dfbc291653f5bf21e4d3206883352286b8fc9a943dd56b6d1cc5486e9997d905", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000221-addr_0x0000000000240000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000221-addr_0x0000000000240000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_51", "md5_hash": "6842a7c879115ca005a56ca6d2b49b05", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "96e0473fa12b1fcbf8ee502808238dc63074a531", "sha256_hash": "c99aaf781bcf36480101159cd9ad7b18e4394c9a3cc4dc84dad5c55fdb544e3a", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000222-addr_0x00000000039e0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000222-addr_0x00000000039e0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_52", "md5_hash": "ef557a1623827cbc57e882ca87f9d398", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "449990ce66002baf3b4db929073fda64e9a75aeb", "sha256_hash": "4beb570cafdb24fd157dc5e8d7343acd465f1fbc2c5fae8d317b1173a4b79dc3", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000223-addr_0x000007fffffd3000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000223-addr_0x000007fffffd3000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_53", "md5_hash": "29078ef00068a641758d400978e5db6d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "06b6b338c3e15a3eacf152f0c30d0271cb2ebe07", "sha256_hash": "4157d575132b7342d73c83e795c750cc09d55262842b54ad385a9e879cf36ab8", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000225-addr_0x0000000003af0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000225-addr_0x0000000003af0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_54", "md5_hash": "0c729319c9273663c43d97615214b8df", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bea1b47443b4e966922302f803f82e3851bdfc41", "sha256_hash": "00471cedd753e0628621660ad9b129d0e00c56abfda3c127f3d7d88e2fa69456", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000226-addr_0x000007fffffae000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000226-addr_0x000007fffffae000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_55", "md5_hash": "eb78b77d7f2422641803109653af33cd", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d0aa365d0e926ce87924d9cc20a8234367aff9e6", "sha256_hash": "f2f9ddacae970571e55bd5774a11478d5d6d2d2dcd8b4b266a68fe84f3c00ea3", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000228-addr_0x0000000003cc0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000228-addr_0x0000000003cc0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_56", "md5_hash": "b0c5ab51cd2490c856d043aefd97c2f8", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e9ba73a6b60f69eecae59205ce9960dd97ce1737", "sha256_hash": "c0c671c24c58e2c01fa92273e83d647643a4fd751fabb7e2ac78fc1d24a93add", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000229-addr_0x000007fffffac000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000229-addr_0x000007fffffac000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_57", "md5_hash": "07cf1b134e708c38108b1ae495de8b0f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4addd1c5cf94e2d2f541092e2e042764f4822e70", "sha256_hash": "cc76ead844877d690ba214a7d39905212c667356eca804a840160bc19033dd75", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000232-addr_0x0000000003740000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000232-addr_0x0000000003740000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_58", "md5_hash": "da384f24fa60c4aa70d4c2bba01c4b3b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "750e15141faf422d0f985dd359615443a103c57c", "sha256_hash": "02d12ddf4b170f528ab30c0d80238a6dda3ff9015d449f932047ffaf444a56c7", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000233-addr_0x0000000003920000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000233-addr_0x0000000003920000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_59", "md5_hash": "e902bd81192207323a79bf064605cf0c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6a77424c26068348cc19c9ba650da9218129f0e1", "sha256_hash": "08c3b28043e130a33fa90eca84725938e49f80512cce02eb8343ecf3103a1343", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000234-addr_0x00000000041c0000-size_0x0000000000200000-perm_rw.bin", "filename": "process_00000001-region_00000234-addr_0x00000000041c0000-size_0x0000000000200000-perm_rw.bin", "id": "proc_dump_60", "md5_hash": "39289280fb284f1e023edd92f67586d4", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d8a59da282c13f55bb0d06fc9596a0ad7ed3c010", "sha256_hash": "4b07ad11336dcb239c0c5cab75e938621e96ec6e7321a6a616e2906f78f650f1", "size": 2097152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000235-addr_0x00000000043c0000-size_0x0000000000400000-perm_rw.bin", "filename": "process_00000001-region_00000235-addr_0x00000000043c0000-size_0x0000000000400000-perm_rw.bin", "id": "proc_dump_61", "md5_hash": "8fe4313585a3d771830518f9868f49c7", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "975b8da728612688da10c2bd4d65f9edabc65065", "sha256_hash": "81e6b4ef2a18f3b3448ab8757319e9a43f713d117b682ba2e196ddc344ccc3db", "size": 4194304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000236-addr_0x00000000047c0000-size_0x0000000000200000-perm_rw.bin", "filename": "process_00000001-region_00000236-addr_0x00000000047c0000-size_0x0000000000200000-perm_rw.bin", "id": "proc_dump_62", "md5_hash": "36f5ce5339599f0c231726d419f9ccc3", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d8608c6b6642caa01f3295f83da96e7292cd33ff", "sha256_hash": "1eb56b2e62f47896caa91dce0dc34b1149b1aa5a37e92c9bb3222ce0a410736f", "size": 2097152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000237-addr_0x00000000049c0000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000001-region_00000237-addr_0x00000000049c0000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_63", "md5_hash": "5d0443cc0019e11c287b886e72b76029", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "457f2fa2a66c66695c5e2754acfcb851e69d717a", "sha256_hash": "38b8acb2aea4cbc20db3650deb36dd26c14060054fa28ec9ae0a61bbc3449cef", "size": 1052672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000238-addr_0x0000000004b10000-size_0x0000000000800000-perm_rw.bin", "filename": "process_00000001-region_00000238-addr_0x0000000004b10000-size_0x0000000000800000-perm_rw.bin", "id": "proc_dump_64", "md5_hash": "16ddba1db64deb2a8053bf0a76521780", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8f516eab72866dc39f8f26a8a439dceb7e6fcbc3", "sha256_hash": "bbdfb0832e872c0c27a3d105eddc456e3a50bdb13a2bde710b7de13e0b8e2375", "size": 8388608, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000239-addr_0x0000000005310000-size_0x0000000000400000-perm_rw.bin", "filename": "process_00000001-region_00000239-addr_0x0000000005310000-size_0x0000000000400000-perm_rw.bin", "id": "proc_dump_65", "md5_hash": "fed44464001f019e2cae404534f4d4c8", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b83d0ec6de288041285c4956b5dca1a195406c9c", "sha256_hash": "70a23978949a9f73732d5ba235fbc40266405337e3110af45c54eaea3fafc5af", "size": 4194304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000241-addr_0x0000000006970000-size_0x0000000000800000-perm_rw.bin", "filename": "process_00000001-region_00000241-addr_0x0000000006970000-size_0x0000000000800000-perm_rw.bin", "id": "proc_dump_66", "md5_hash": "2d18ef06f2fe2be9b6441c1c1601bdbc", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d6f8b2e2bc204d0aba0bded6364f9d39d045f442", "sha256_hash": "767abc70938f4573cf2405fb405cd1f9ac4b44f3e5ba75f8f8a1ea5f0e1cecca", "size": 8388608, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000251-addr_0x0000000005710000-size_0x0000000000250000-perm_rw.bin", "filename": "process_00000001-region_00000251-addr_0x0000000005710000-size_0x0000000000250000-perm_rw.bin", "id": "proc_dump_67", "md5_hash": "d2a30f8759f8a2484c1a9a218bb3c16e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c6ce80b970effee9f137d28b3b615facc90e55bd", "sha256_hash": "0e90f4719bda43fe12213d69598153426e570d3b9ecaeb48c0b34f971439e9d1", "size": 2424832, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000252-addr_0x0000000005710000-size_0x0000000000140000-perm_rw.bin", "filename": "process_00000001-region_00000252-addr_0x0000000005710000-size_0x0000000000140000-perm_rw.bin", "id": "proc_dump_68", "md5_hash": "908c82d6f45c11e2d1d496136a41585d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "10173f5d2e0ff900b9a08467ba0979932f3dfb76", "sha256_hash": "ae6ca00c929303135d4f2fb42b497bfc55962fd1ecee5580c3fe0a995f671be3", "size": 1310720, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000253-addr_0x00000000058e0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000001-region_00000253-addr_0x00000000058e0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_69", "md5_hash": "4a968387cd95128cf9205c85b14240fe", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bd7bf9ccd2517d3808c65c783454b6dd4a7f64ae", "sha256_hash": "3611799aceb6e980c52e3be391f619ec44866652d16a3a6207ddae7b1d2fac55", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000254-addr_0x0000000003840000-size_0x00000000000c0000-perm_rw.bin", "filename": "process_00000001-region_00000254-addr_0x0000000003840000-size_0x00000000000c0000-perm_rw.bin", "id": "proc_dump_70", "md5_hash": "e66c8c6214f082bc49dd28694b962867", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "341faf965af919a2159edc248ddd81f5dbe2cc26", "sha256_hash": "eb814106e78b3ad20c6d85143a2c3b2140b22691978dfe27b6b4438ad6ac428c", "size": 786432, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000255-addr_0x0000000007170000-size_0x00000000001b0000-perm_rw.bin", "filename": "process_00000001-region_00000255-addr_0x0000000007170000-size_0x00000000001b0000-perm_rw.bin", "id": "proc_dump_71", "md5_hash": "2d28bd4916f6554b6f140326d07737be", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a87121345263fd8648f420bd376b1f1484bdb990", "sha256_hash": "2cadd8a3da162c7f0120005352e36d29340a029d392eea710eeca8909de09ff8", "size": 1769472, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000256-addr_0x0000000007320000-size_0x0000000000260000-perm_rw.bin", "filename": "process_00000001-region_00000256-addr_0x0000000007320000-size_0x0000000000260000-perm_rw.bin", "id": "proc_dump_72", "md5_hash": "62048020af3f53714e04331e3b74c2e6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5b44c6ea44bae81a31597f3e774cc1a7cdb75b5d", "sha256_hash": "fd15fb614d150098ff2ce4455d3bbc1e121ee9546488475aceab16d22302ea3c", "size": 2490368, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000258-addr_0x000000000b000000-size_0x0000000000400000-perm_rw.bin", "filename": "process_00000001-region_00000258-addr_0x000000000b000000-size_0x0000000000400000-perm_rw.bin", "id": "proc_dump_73", "md5_hash": "a9b883381f97f056cb02be9114216e9f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f0c6705dfe57f6089ab0e1fc3e2213ab334f7dd6", "sha256_hash": "4f9617d6827d0677b6b01dfb5b3dfa6b99bcbf677b07f65e0540d99a82663d20", "size": 4194304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000278-addr_0x0000000007320000-size_0x0000000000160000-perm_rw.bin", "filename": "process_00000001-region_00000278-addr_0x0000000007320000-size_0x0000000000160000-perm_rw.bin", "id": "proc_dump_74", "md5_hash": "d62d081ad730afda3fbc6370b9f55cfc", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b315c65c918d8f79de1c55227764f19ab3f94a2b", "sha256_hash": "cb8cc54271065cb5bb6615ed023d094b90f1a1827404cdcb6effd1488b238155", "size": 1441792, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000279-addr_0x0000000007500000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000001-region_00000279-addr_0x0000000007500000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_75", "md5_hash": "9ccb72dee068b4b0acf179fa2bf41bb8", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "731516b69c7b48508ff1571483ea4f6840f8b338", "sha256_hash": "d12253ff0499f3e1d0858e0b9b22f733e9f6ed13a91a4874b6ece13a874e6c86", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000281-addr_0x0000000007170000-size_0x0000000000110000-perm_rw.bin", "filename": "process_00000001-region_00000281-addr_0x0000000007170000-size_0x0000000000110000-perm_rw.bin", "id": "proc_dump_76", "md5_hash": "e35364fbaf4fe0442aff84e96c7a329b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "164aaca1b522a633e1bc31819d53b998cb949c06", "sha256_hash": "936545aeb386d336da2dabc270189e1507e388f4a5fd167c0df33b51d42e30b0", "size": 1114112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000282-addr_0x00000000072a0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000001-region_00000282-addr_0x00000000072a0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_77", "md5_hash": "53772eab6203255c68e93a0837c14bc0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a1e2a92a384787d27ea2be810fec2b53199cb9f8", "sha256_hash": "592b87df22a871a8074925438f5c06c2c9f48dcadb923119c797b084b131e334", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000285-addr_0x0000000000310000-size_0x0000000000020000-perm_.bin", "filename": "process_00000001-region_00000285-addr_0x0000000000310000-size_0x0000000000020000-perm_.bin", "id": "proc_dump_78", "md5_hash": "7765097321e8656e596d9d2f88f4e1ac", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "09bc545509d39820936ccdbafd5c08b48aebeefd", "sha256_hash": "e126a7bd7856b89308b1a4fae5c410b1cf870a978089600f01cde4e545198eed", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000290-addr_0x000000000b900000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000290-addr_0x000000000b900000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_79", "md5_hash": "7743172ef9313862834db9039c0918c6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bb201703463a672a5ebaee97c5215862370ff3ab", "sha256_hash": "80be146ad62c614b438afff4c1bf9899ea8be3dc53db60379d825a932f898c44", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000291-addr_0x000007fffffaa000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000291-addr_0x000007fffffaa000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_80", "md5_hash": "74c415be5ce092db22360f702e5a2301", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "83a419adf26af95ff37e3f6611f6ed80b367da1d", "sha256_hash": "5b44fd90d902f6a9ac4f8ee366a7965c07bb3c7e2a44f3951cf86a98666102c4", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000292-addr_0x0000000000330000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000292-addr_0x0000000000330000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_81", "md5_hash": "6f4133579d081ffe260081e35f703dea", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1b969baef0fb313b79b1904ecc5f6512a5abfce9", "sha256_hash": "7bd973e7a614c7a3015e9596f8de2f8949f02d27165c40688d0096b74607b007", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000295-addr_0x0000000007580000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000295-addr_0x0000000007580000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_82", "md5_hash": "b2804f23284cf4c67a8ab0420713276a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0b35e7cd58428ef21a877456ee1a51345a6e29e8", "sha256_hash": "246c4ec8ae355e4d0344b34fbf60915b6621e70eea91e031c79c734865eba7c9", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000297-addr_0x000007fffffa8000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000297-addr_0x000007fffffa8000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_83", "md5_hash": "eef97973c1b82419c0a3f602e092e82b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e102f85b253ec7d3aa31d33144c2503b0dba2a80", "sha256_hash": "7321c6224f96e2c0630ef583670759f4f76724123e00875fb4c92bcfb404ee29", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000304-addr_0x0000000001d50000-size_0x0000000000060000-perm_rw.bin", "filename": "process_00000001-region_00000304-addr_0x0000000001d50000-size_0x0000000000060000-perm_rw.bin", "id": "proc_dump_84", "md5_hash": "19f2e89416f363a5c04a8a7cd3683d44", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ebca98eba84b704c7dc94720ff48804f70171fb8", "sha256_hash": "3acedf9ce811810988e9cf4a609040059950c5d07faac1429bceb306bdd0e736", "size": 393216, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000305-addr_0x000000000ba00000-size_0x00000000001f0000-perm_rw.bin", "filename": "process_00000001-region_00000305-addr_0x000000000ba00000-size_0x00000000001f0000-perm_rw.bin", "id": "proc_dump_85", "md5_hash": "be3104ab7e9859631658349e4304a35e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "14af18bf4584f850799288969d7fa8ee1d7a8c58", "sha256_hash": "b5afa04785a6d75fbd6e8a877e20aa772562f22fdbbcc126b9e5fe8156d8af05", "size": 2031616, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000306-addr_0x000000000b750000-size_0x00000000001a0000-perm_rw.bin", "filename": "process_00000001-region_00000306-addr_0x000000000b750000-size_0x00000000001a0000-perm_rw.bin", "id": "proc_dump_86", "md5_hash": "8e59b0029b3d9ec03ed9b637523f4c4f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "314aefacbcaddb8c615f10badb2c22e2c5d40c9d", "sha256_hash": "bbf7c222bd6753b0ecd2a8d3270b9943ce5b79ad8a8be875b26c41d50aabffbf", "size": 1703936, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000308-addr_0x000000000b7b0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000308-addr_0x000000000b7b0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_87", "md5_hash": "7230f346ef71c138fbf755d8dba287e4", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f737019f8b0e7c8bc3354ee9fba2833d7b6f6617", "sha256_hash": "6d0fab67c413d163c7d1b03afcb97ded7811feb74358c79d2bccf713efa6545b", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000310-addr_0x000007fffffa6000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000310-addr_0x000007fffffa6000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_88", "md5_hash": "883b5a18d7e054d10a9994d835ac65db", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "743b493c57916d31b42233241227eeca60806254", "sha256_hash": "d39f3ca81f9b466bbfae686f3ae483672b5745cfa581b707364d1354ab790166", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000315-addr_0x000000000baa0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000001-region_00000315-addr_0x000000000baa0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_89", "md5_hash": "efe0ded3e2cc8f64159e05ad833147de", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0c1f131d6f128e6436bff2adbddce0f64d5a5d9c", "sha256_hash": "27035f246a561309ef1b0f6a426f19b1c60671f37fa7b985451012a5bbb95cf4", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000316-addr_0x000000000bbe0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000316-addr_0x000000000bbe0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_90", "md5_hash": "a2c2e9ead5ce5b070207537aa9b9736d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "494e51edafa083a0c9e52575e94ccc29c63efdd9", "sha256_hash": "a82401e4099783327c76a19b6ca0e0d9deb58db86f235b96cf9404c03e92dcd6", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000454-addr_0x000000000bdb0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000454-addr_0x000000000bdb0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_94", "md5_hash": "fd3631e80610c795a9dc4b88dd669450", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b982222873d5724330cc38289f442835e7727976", "sha256_hash": "70e66ce912bb6e18cd3cfa063a4f7953a4c92bf6302a731fa97f438c2906b32c", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000456-addr_0x000007fffffa4000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000456-addr_0x000007fffffa4000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_95", "md5_hash": "7c0201302918d3f6f70f6c88a4ff2623", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "64a8fb7410bb282539a2d721a4614c629d616f9f", "sha256_hash": "93697dfd4dd07659325b6b463e62a210611290c35c3ec18a6899b4bd7ae07bc9", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000458-addr_0x0000000001da0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000458-addr_0x0000000001da0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_96", "md5_hash": "d55c5e1a730e5f881f15864fa175c830", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4cfe76964b75eb455bdca85f3f4756ba4aa9d5ac", "sha256_hash": "0e9bbc8ac1612ebf19b7824055b02c1946350e3b010f3f62d3f91704fe99f861", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000465-addr_0x000000000bbf0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000465-addr_0x000000000bbf0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_97", "md5_hash": "c721b70f2c9868cd0abb8be0f209c084", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e46e174c587e5e8738f750c14acedd4f7e382292", "sha256_hash": "7fe74729b4819a8611023b704d64e92beba3c17b095669f861f46862f2e5057c", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000467-addr_0x0000000001d80000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000467-addr_0x0000000001d80000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_98", "md5_hash": "b4552e77ff3b8977ef0783356f21d666", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "35a5cb789d56cb5412cac639f3e956a825f20084", "sha256_hash": "adbbeef3426e47a1d5039dc41f2ce0cf27b13a05618be48281447ce1b5729de1", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000468-addr_0x000000000beb0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000468-addr_0x000000000beb0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_99", "md5_hash": "83ec308ea81b43276e9d0767c2e9cf4c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d01e775d86cf10253b093f4030886f8d78560646", "sha256_hash": "dc2a932827faf004cb116cc3dd714618ecafc81a4c1f793501073a55896c3dbb", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000469-addr_0x0000000002350000-size_0x00000000000b0000-perm_rwx.bin", "filename": "process_00000001-region_00000469-addr_0x0000000002350000-size_0x00000000000b0000-perm_rwx.bin", "id": "proc_dump_100", "md5_hash": "fa2fa0b80767d605dd04577f7f58fc60", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6a4db83e53a8d4865ef8a66c0516be3077af885b", "sha256_hash": "5231babe87b2980f07a70c653769b13c0f5f8d9cad0d3504da85a8f3ac582c7e", "size": 720896, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000474-addr_0x000000000bfd0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000474-addr_0x000000000bfd0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_101", "md5_hash": "fe4deebda71b4ad334331902842c1aea", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f9ecc8f6b8fbc2f222675c52ea70e7e95375036e", "sha256_hash": "3a94918e8504c236f19358bf340f15dc22834926706329384d23e99640e210f2", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000475-addr_0x000000000c0d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000475-addr_0x000000000c0d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_102", "md5_hash": "bcf2c24f04ea458cd65a47465bff3747", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bd405c7476727e766e2b613ae844571dd8cdde53", "sha256_hash": "ce6e88e7975914dac22418c304683afbd021b2bed6cc3faab879b234cc06bf74", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000476-addr_0x000007fffffa2000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000476-addr_0x000007fffffa2000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_103", "md5_hash": "4f10703c4db5b4e22d9b56c0cd0f5cbb", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "921661f7da9617403ca5adc9f0cfff4ca38c8106", "sha256_hash": "99683b71a204f56f284696f2a1e17ee707d6f5e4e2c1f6296a316bd9910b41ff", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000477-addr_0x000000000c1d0000-size_0x0000000000200000-perm_rw.bin", "filename": "process_00000001-region_00000477-addr_0x000000000c1d0000-size_0x0000000000200000-perm_rw.bin", "id": "proc_dump_104", "md5_hash": "ebd5d9b83917955f5832d4366375dff7", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0f4b34d22bc8e2d07a12a8bc690438037852e21b", "sha256_hash": "89702ca5cb3ab9a70b4ed4430913d3e729cbc0a14b6022d82e426e31b397c3f5", "size": 2097152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000480-addr_0x000000000c3d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000480-addr_0x000000000c3d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_105", "md5_hash": "fa2c5a8d7e683f6b40196c941a7f27bf", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2b7c6db42b43c29f287d2fab65ad798627927adc", "sha256_hash": "b3ef5c82eceb78c35e92bb48363f85ed81d29548e94455c9554d27dccd4a3412", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000481-addr_0x000000000c4d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000481-addr_0x000000000c4d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_106", "md5_hash": "6012d76028062d4e2052bf7ac2505e66", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dc33c71d55e9a3405515c60bfa57919bc87b6c15", "sha256_hash": "487869999a751f3c3d54eab8f88c48bca8cbe79cc4e0aa2b1bdfebe1b821e86f", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000482-addr_0x000000000c6f0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000482-addr_0x000000000c6f0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_107", "md5_hash": "e74981267fb70b7d8c8d79e806cae14f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9cf1c640e1270bfda3e6294fde5dc25563009db7", "sha256_hash": "7fd02de5acb6eee1b59dcfaa9f1ddb8654f2a44467087b80a21ed3affd83f1ca", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000484-addr_0x000007fffffa0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000484-addr_0x000007fffffa0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_108", "md5_hash": "a5894fa846e351cd0a8b286813e7af47", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "38df1ee730d3291f8d54831864747a8d3b786198", "sha256_hash": "3a3d48799cc25f2d1f2a1038780dd3ded57b1bf7e76c3afa68de4a03e278af6e", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000500-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000003-region_00000500-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_109", "md5_hash": "f3b264f515449ca7cf13cb5868368772", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7af8c96b6069c8aa30c7bd4ea6665ad10190f606", "sha256_hash": "6d8751b3b6e05d9fe1e60bcfacabfffbb08d3b9452156eb8fc286b05dc998ff5", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000501-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00000501-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_110", "md5_hash": "749372cce65f3cc2b55fec33af01b338", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9e3ff21506f70cc3c43646f140c5d14af69f6cd5", "sha256_hash": "1202b3d3b3da27cebbb8c8e6fbc39a4face31dff78e5918b2688f7589ca5e0d7", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000511-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000511-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_111", "md5_hash": "4696ab2ca65a11d1b1c77955cb4e63c8", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "902dd1976c22bbb045c02f76a07d337311332aee", "sha256_hash": "e70493b328005a06fd7c4f1c40dd9cef9a36132dfaff0cd333733b7946a6e73e", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000512-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000512-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_112", "md5_hash": "89745734d3e1bb38618047aef79880d9", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1cd462f5ea71f261d0243bb3143017704efb25db", "sha256_hash": "4bee1a01ca91b6cb18bddd15ea7475964da9b02c8ae6163196a935ac8b347898", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000513-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000513-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_113", "md5_hash": "3a920df6da0b5b5d98af5d98d485267a", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "802874e5228b5a50a1482b0c53e672a35b0a8634", "sha256_hash": "67ac882439cd396808f46abc8000c4d644e159c63f8679824fa86c41ce35118a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000515-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000003-region_00000515-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_114", "md5_hash": "64482dff92f6cabc3f5b4be59d92bfcc", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4a9f79bab640d684d780a9d34b35d567226123db", "sha256_hash": "b4e9d19a475728610bd35e3c6534ee13ef613586ec2a602e754506831253c3a8", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000517-addr_0x0000000000350000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000517-addr_0x0000000000350000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_115", "md5_hash": "c281d1901fc2ed30dd81a1f6a3389a2e", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "01c374bd7c9fbfba91946b293d93c7de3a2ce829", "sha256_hash": "0ca10b0fb8195bb0b78917b36008f6b2a5fb6f85efbbb1d408276ae3798b1c73", "size": 344064, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000521-addr_0x0000000000570000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000521-addr_0x0000000000570000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_116", "md5_hash": "bfd96e95f3cffafd40755ff25c509b9d", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f33fbebb657c528da8e8220834e75c4b46c1223d", "sha256_hash": "26dba4e7ea05dce5f39c92f1fbae57efdeba4d47155bb2605adf04bb4d2fb35e", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000563-addr_0x0000000000020000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000563-addr_0x0000000000020000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_117", "md5_hash": "0b918198eac9f55debd16a80cd997a23", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8e1eea81ef8d996a93deb43b75574296a0896bca", "sha256_hash": "65d2bc60463dd0de97b3c6df9137d2bd2c96d0766aad889eb104755daa3ad98b", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000564-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000564-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_118", "md5_hash": "48a98ed7ea937e3fe794b7d36b926cc7", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "446a03b0fd4aae9a579d385164f5fbfe5c7dc576", "sha256_hash": "6f98df74ec5fc5459be46e94aa99ba546e81c435ff7b5b90d8495878c210aa5e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000565-addr_0x0000000000220000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000565-addr_0x0000000000220000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_119", "md5_hash": "4abc7b080da3d94648a823c04aa881dd", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7a5fee6638bdbef22f1c15066f5238b2cf7735a0", "sha256_hash": "32834cffecc7491dae5da2193055a1dc3239d97ffe4c3f1fd8f27f3e8970307a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000566-addr_0x0000000000230000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000566-addr_0x0000000000230000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_120", "md5_hash": "d1975c638c4b487f35fcc44a8b1aeb02", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6e64597f9f83fcdd473c8f6ec47a4a1c1571c9cf", "sha256_hash": "ce5cb5bc2648127a8f74b706e1c41fe37b3c81b1a7ba04fe1564b0e55b0ee33d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000570-addr_0x00000000002e0000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000003-region_00000570-addr_0x00000000002e0000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_121", "md5_hash": "7e631aeaf2b938c0b4039f7ecb570bd5", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0f9a45d09944923f081cb47bfb6d153db47c7ea7", "sha256_hash": "943a886d5e29d271b073e3ab878c5c8a384caf8792b7e000882637b25ef1de0a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000571-addr_0x00000000002f0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000571-addr_0x00000000002f0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_122", "md5_hash": "5a0741a4a5c832ed0868088e8f1d7cec", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "97747440d59096f1da1238fd49874433a0152a00", "sha256_hash": "c95043b976a6cee6d0aeba90cc1bc34c0135bc4355339d34adeed9e9a865cd7a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000576-addr_0x0000000001cb0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000576-addr_0x0000000001cb0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_123", "md5_hash": "16443a6dc988b3ad96d0df4b2ffc4e12", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e8321f5951e14786b848e7f83e79dbe4dd5127ec", "sha256_hash": "a881942f25fad981f47f707a75064ab27c0ed726bdd1bea896b2402c5636fa8d", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000578-addr_0x0000000002210000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000578-addr_0x0000000002210000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_124", "md5_hash": "e27f52a825c047a270a6f0d1fa31b772", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f15ce6ce2bdf376dd007c7c7bb7cd513b6f8380d", "sha256_hash": "525ab044d56f6722f746254ad20bee1e124241431b4e155c5f51ac3ab516dea9", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000579-addr_0x000000007ef50000-size_0x0000000000060000-perm_rw.bin", "filename": "process_00000003-region_00000579-addr_0x000000007ef50000-size_0x0000000000060000-perm_rw.bin", "id": "proc_dump_125", "md5_hash": "3e28833516188d0f0fba88b51c9f5772", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7b788138dc718012ddde392d647d9fd3308b8732", "sha256_hash": "bdf95e1c9e701165cb2c6abe8359df1bc413a7eb9387f4a33df363e681962763", "size": 393216, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000581-addr_0x00000000020f0000-size_0x00000000000d0000-perm_rw.bin", "filename": "process_00000003-region_00000581-addr_0x00000000020f0000-size_0x00000000000d0000-perm_rw.bin", "id": "proc_dump_126", "md5_hash": "15b89ceba9a1f426b3236fac53e2a4d3", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e4c1f6c4ca39353a0406a869f2ecb7b71c58c1d0", "sha256_hash": "e705d2fc4628cd9b17d9393f6235152940b4aa88113dc8acf75f17149b0ff408", "size": 851968, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000591-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000591-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_127", "md5_hash": "75b250403f1e0c5a9933fb8006ab0eb9", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9b587eb2524335b1e679edd8e383edabda08befb", "sha256_hash": "d063c4f3e4470a8bda0cd3c5c37bc32126ab60cf42f5e8550cd26525ad9431ca", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000595-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000595-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_128", "md5_hash": "08bf4f9701bfa9f9e5d774d945333508", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "90945c6713c0bf06261d3f0df3764cfb5137f2ee", "sha256_hash": "c75fb051ff96ab7f4845d6c3b147360163062b4823682c7c12ba510db7582b54", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000597-addr_0x0000000002500000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000597-addr_0x0000000002500000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_129", "md5_hash": "2fdc0bcf40b06c59151f466af2af9e6b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0f429e4f943df9c15ae483dde655a1d3c06312b9", "sha256_hash": "52646c60225d087f6152c3579b571f7c6eeccc6355f9f2b8bdaa448bb0db30d0", "size": 266240, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000598-addr_0x00000000027b0000-size_0x00000000000d2000-perm_rwx.bin", "filename": "process_00000003-region_00000598-addr_0x00000000027b0000-size_0x00000000000d2000-perm_rwx.bin", "id": "proc_dump_130", "md5_hash": "1986f59de1d665a2e639fce37941939a", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b09dcf8fbd82c903ba7e8e6d4f89a371a9bbcdc1", "sha256_hash": "004ece196d8998c9f43db3f1930d78f1137c8591f431d5e87f619504e66440a6", "size": 167936, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000600-addr_0x0000000002600000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000600-addr_0x0000000002600000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_131", "md5_hash": "561f77d303fd40cd5b83ebe290a4314b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "af84a74b5e0f5b72612e9fffff1c2e02e8ec8772", "sha256_hash": "e3e827d052603618df7f314a2782e03b0ab568b351652e85a70b21e01d514ce6", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000601-addr_0x0000000000560000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000003-region_00000601-addr_0x0000000000560000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_132", "md5_hash": "0383953a1fc0ef460d36d24fd7b611de", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "99dba5eed6556fda6cb96552b0059ea82be50911", "sha256_hash": "f2373a52e48ae65f6fb1c2e84f895d371a8319910630baee2a80fd9c57880dec", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000615-addr_0x0000000002b60000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000615-addr_0x0000000002b60000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_146", "md5_hash": "6f5d65d3de2f8936b64064e4af5132ad", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "222b232a61ecf822ae3100324cbdb734e97a3769", "sha256_hash": "143636a9278ae878b5b1860c659c010072f3fe49ac9f16840f2df2e5f6203010", "size": 999424, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000616-addr_0x0000000002c60000-size_0x0000000000200000-perm_rw.bin", "filename": "process_00000003-region_00000616-addr_0x0000000002c60000-size_0x0000000000200000-perm_rw.bin", "id": "proc_dump_147", "md5_hash": "b15c5bd7d064be971d0e7dde31517c94", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7a651f005f28835a33842318d736edb226b4e826", "sha256_hash": "5409e472148db605a1707ec2fddeef854f005e65162ea70f1909f701a0e816ee", "size": 1679360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000617-addr_0x0000000002e60000-size_0x0000000000189000-perm_rw.bin", "filename": "process_00000003-region_00000617-addr_0x0000000002e60000-size_0x0000000000189000-perm_rw.bin", "id": "proc_dump_148", "md5_hash": "286fe5d42ebc3b4c454cf27bf30d14b7", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "04638ebd7d3b4470ab77878bac4f652ab81ce7d9", "sha256_hash": "a9900da009f053231fb0c51c095336c3159999c208f8dd821c333a3859c807fe", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000619-addr_0x00000000020f0000-size_0x0000000000081000-perm_rw.bin", "filename": "process_00000003-region_00000619-addr_0x00000000020f0000-size_0x0000000000081000-perm_rw.bin", "id": "proc_dump_149", "md5_hash": "eb6a447fedd1a9187adb8d0f37e2582b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f5b9f85714cf44a6a40e2dc0f7a65521460d46da", "sha256_hash": "461b65d6d934c8bf864c27161d7dcda9f8924a894ec46c55aa1354c505188c46", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000620-addr_0x0000000002180000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000620-addr_0x0000000002180000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_150", "md5_hash": "c5449aa718ceeac61ce20f9f5b8e2a81", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "884c8b93599d5cf4f8a96c3a2e7fac8b5ffdbe4a", "sha256_hash": "8fb9ac9524e35acdba7f85ae61de604b59c7336780438a48d6e7a440d7a9c16f", "size": 53248, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000621-addr_0x0000000004400000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000003-region_00000621-addr_0x0000000004400000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_151", "md5_hash": "2fc0f2c27e4c747681c6bd283d5270a6", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9eba5b0301dba37d160300e2e12dd46ac62d0cdc", "sha256_hash": "9a9a053156b9652cdd4047c69ba20aedccf0eb75355b9f1c7efcf0006ebb40b1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000622-addr_0x0000000004510000-size_0x00000000000f1000-perm_rw.bin", "filename": "process_00000003-region_00000622-addr_0x0000000004510000-size_0x00000000000f1000-perm_rw.bin", "id": "proc_dump_152", "md5_hash": "ee89bcf3178c79460b29d750b161cd7f", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3f738cf1ed7a7e6b21f8e578a51abc12fd05b523", "sha256_hash": "d2fa66a74c9019fc7888c62aa902c60cbfb5a219024b21c12e60e71a2b987476", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000623-addr_0x0000000002700000-size_0x0000000000091000-perm_rw.bin", "filename": "process_00000003-region_00000623-addr_0x0000000002700000-size_0x0000000000091000-perm_rw.bin", "id": "proc_dump_153", "md5_hash": "0578d5b9d08c18be6ce49086078ebb88", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a1b9e6f1b85343f4d2f16ace25fe1aa394b3e1f3", "sha256_hash": "c2595798962bd36c7b0aa2c0687d63d118b989054a27ba33de0816f16f1ed69c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000624-addr_0x0000000004610000-size_0x0000000000111000-perm_rw.bin", "filename": "process_00000003-region_00000624-addr_0x0000000004610000-size_0x0000000000111000-perm_rw.bin", "id": "proc_dump_154", "md5_hash": "1018d273c3939b0461276e53a4f99087", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c5278104e346131ffb4d2ef105cce23746562a08", "sha256_hash": "c3eca92f4cd44476a4710b7dd28bbc5e23c4f3d9356b5b706c0b814593ae51f4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000625-addr_0x0000000004730000-size_0x0000000000181000-perm_rw.bin", "filename": "process_00000003-region_00000625-addr_0x0000000004730000-size_0x0000000000181000-perm_rw.bin", "id": "proc_dump_155", "md5_hash": "0a45cee396ff3eb85ee4d773e3a73f21", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "993025f7ce7a723d3fc1a96536a2539f380153aa", "sha256_hash": "5aedd376339572b0bee31ba9cb503f79bf541e691eda8a8209e692e1875d66b2", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000626-addr_0x00000000048c0000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000003-region_00000626-addr_0x00000000048c0000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_156", "md5_hash": "36cab75b2da894d52908e8834ef97466", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bf65e9fa1debf82d305f7028cab01d5326db1188", "sha256_hash": "bc0c9232422883738c925254adc70a687fc83e43fee7a2c53d962692a898db22", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000627-addr_0x00000000049d0000-size_0x0000000000400000-perm_rw.bin", "filename": "process_00000003-region_00000627-addr_0x00000000049d0000-size_0x0000000000400000-perm_rw.bin", "id": "proc_dump_157", "md5_hash": "002ea28854b1752f03aa48cfe825d2ef", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "92abce0da5d7df7d6be257683b5fdce8a2149354", "sha256_hash": "54cb6cf4f1e06e65f252e441b398a2b95d5aebc61aee50db45e3be3376532d06", "size": 462848, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000635-addr_0x0000000004dd0000-size_0x0000000000076000-perm_rwx.bin", "filename": "process_00000003-region_00000635-addr_0x0000000004dd0000-size_0x0000000000076000-perm_rwx.bin", "id": "proc_dump_158", "md5_hash": "73c96876771c4ef0842382e4ab73abf9", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a1f249a2c46363330156000184c5c9449f3faef7", "sha256_hash": "5d3cc16ae3683169e156e7f6bf7ceefe0608d7af83269ab947d4bf08cd8e87d5", "size": 483328, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000639-addr_0x0000000004e50000-size_0x0000000000220000-perm_rw.bin", "filename": "process_00000003-region_00000639-addr_0x0000000004e50000-size_0x0000000000220000-perm_rw.bin", "id": "proc_dump_159", "md5_hash": "a266da0f276743ff6c1ca64c6ca8601e", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0e2e41316ce444a773d1f8d7040e5c28afa26678", "sha256_hash": "51406ebb3364f8111394d4dc33770db0bf19de30a4cfe4d9344ee533f67056b2", "size": 2228224, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000648-addr_0x0000000000560000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000648-addr_0x0000000000560000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_160", "md5_hash": "1a984301ef4cef5f20a76111c5a53933", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dd8cee9951d7207d1000631018d69f29a1fe676f", "sha256_hash": "51a2434aafe8c116cc3b1c6a27bd811249eedb6bc21adac90c451010e9a7e966", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000649-addr_0x0000000004e50000-size_0x0000000000076000-perm_rw.bin", "filename": "process_00000003-region_00000649-addr_0x0000000004e50000-size_0x0000000000076000-perm_rw.bin", "id": "proc_dump_161", "md5_hash": "aea3ae8e478efe03b9ff2e6b3a7582d3", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1d48ea10d61b6993156c99a7c51fceb20c6bbd08", "sha256_hash": "6413b386195a3a8a88d6efe94f3780b52804253ea826cd53cbdb7666f9a2bcdb", "size": 483328, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000650-addr_0x0000000005030000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000650-addr_0x0000000005030000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_162", "md5_hash": "469496b128b63ecdb84c9dc35baa57d3", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d46c907798ce89649a47ecf12be409caf1a6b51f", "sha256_hash": "753a2faeea8063a5c026f8680bf3a91c773d799f741618c2ec821c95c570a772", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000653-addr_0x0000000001c90000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000653-addr_0x0000000001c90000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_163", "md5_hash": "dc07c232742b84c8cea8f4637be312c9", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ffb0f24b4e40673e47ff7c2df99e731b23f1a998", "sha256_hash": "0d844c89c8e2c7b0af800840a2eb567fac53db9c0a03d9f020394d93b4dc5d46", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000655-addr_0x000000007ef4d000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000655-addr_0x000000007ef4d000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_164", "md5_hash": "a01c553f9d34b7ef6c032b6ae9d30594", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e2f9ab47d3eaff18c89f3212558c58c3ef5db00b", "sha256_hash": "632347fa070fae3aeb59aa4a8f41218b8e7273656409901a6b90d0e24d84c5fd", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000659-addr_0x000000007ef4a000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000659-addr_0x000000007ef4a000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_165", "md5_hash": "cc9cfb85848d4cd0461dff0cc2d41367", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "31b204eb5459c9ab8bd239874d55f61bbe16436c", "sha256_hash": "333b8f8207dc286ddb4ac75ed6a9e9e1baecfbc37f6cfd035c8f53381de120c2", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000660-addr_0x0000000004fd0000-size_0x0000000000050000-perm_rw.bin", "filename": "process_00000003-region_00000660-addr_0x0000000004fd0000-size_0x0000000000050000-perm_rw.bin", "id": "proc_dump_166", "md5_hash": "f9a70fbb470e8ee722a6a861f92e77fd", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1fe9b15888b611ac2daf72ed05d3eb9596355d21", "sha256_hash": "94a8ae99fbdd545a4574c96197929edb8913a9f5921e90cb543ca9e13ee5e22a", "size": 327680, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000666-addr_0x000000007ef44000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000666-addr_0x000000007ef44000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_167", "md5_hash": "b3e8808bb956ad1c5ae74f9bd18a9fa0", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5bf8a38cd69c716f7a532325c8451d7fc762fb34", "sha256_hash": "ffaa22ef43489d461d33ff72f829efbfc42dd3c811d87bde41f1b2e7c8f82140", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000667-addr_0x000000007ef47000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000667-addr_0x000000007ef47000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_168", "md5_hash": "1a45049e2974b1e87528e98fc8d44d5f", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8875797e935c9098007d059d36caeb3e5309cacc", "sha256_hash": "edce112a6a5bdea17d3f9b68eb838a3f676af86393a49723a68a79573567a804", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000671-addr_0x000000007ef41000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000671-addr_0x000000007ef41000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_169", "md5_hash": "13c25738ca6b2954a549e3f88e80e58b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "267755a3264bcda591a7c794f80df9608b9f1f17", "sha256_hash": "2e64bc05b819451d121154d10f7e19e9adf2a9d69382b192737a708943516d34", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000677-addr_0x000000007ef3e000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000677-addr_0x000000007ef3e000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_170", "md5_hash": "61e419e5a6bca076cbb8682f2bbaca51", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5a51ed18463dda46f7c9754cfa92419465c477e0", "sha256_hash": "3590c9228316064fa77b1cbb1eb104d7579a054fd237bcfe4aa7943fa81ba7a0", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000679-addr_0x00000000058c0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000679-addr_0x00000000058c0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_171", "md5_hash": "73ad22bbf6e5c1e33a9a670a12b3c28f", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "008f52f97ccd3d4da4a75592e20bf1034abbbe1f", "sha256_hash": "1ed972fff8bb9ea9f147ee5510a99f0629f3204d72d4e93d82829f7be6c514c1", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000682-addr_0x000000007ef3b000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000682-addr_0x000000007ef3b000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_172", "md5_hash": "1751cb409c5ab70698c40aaa32a8798b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71d745d0f4011e3ddc6d9e117e89c66359c70b23", "sha256_hash": "a800ef2e37bc7cee0ced201765ddf5e98487129a8e79a33fd2dcfa7a6776be38", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000683-addr_0x0000000001c90000-size_0x0000000000009000-perm_rwx.bin", "filename": "process_00000003-region_00000683-addr_0x0000000001c90000-size_0x0000000000009000-perm_rwx.bin", "id": "proc_dump_173", "md5_hash": "f3ff52ea2f45797ad9d07451a657c59a", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "17cd9a7278ea3fb995f0611617d71361a87c4307", "sha256_hash": "28242eedab7a3a13104e6db18029d19b14fbede742ed796d1b5bdffaa886d747", "size": 36864, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000684-addr_0x0000000005870000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000684-addr_0x0000000005870000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_174", "md5_hash": "db1e0afa471fa070f59880d8bdbd5284", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "76b24a1dc1c600aae6fcac659bab8a7753950d9d", "sha256_hash": "a3d94cbce0d57be55367e1c16682575b5914275259d72cc0cc39cb9ec97f1916", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000685-addr_0x0000000005900000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000685-addr_0x0000000005900000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_175", "md5_hash": "fb507e3100f8fc378c56ad972f9592e1", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "421d599c5e6d7dd185d2566d7bc92b9e96097c4b", "sha256_hash": "9da9a2f1c5bc59b2050b012e93458bfb974be49135c1096e9f6b9deb8e7e4520", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000686-addr_0x000000007ef38000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000686-addr_0x000000007ef38000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_176", "md5_hash": "faa511047ee283c5ab610fef5f88786e", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "87a495b6ebe4c9e8f37e79f48096d68bea8053e8", "sha256_hash": "835c279207403596a49601042f40229db863d6d25a6227d9204b6a6ef94d74a2", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000687-addr_0x0000000001c90000-size_0x000000000000a000-perm_rwx.bin", "filename": "process_00000003-region_00000687-addr_0x0000000001c90000-size_0x000000000000a000-perm_rwx.bin", "id": "proc_dump_177", "md5_hash": "d341688e006ecdf4a93b14000b207876", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "56149b0dbdaf3fef3a7b81637d2f777b057f021d", "sha256_hash": "cee00cfc6e1ec4f237f5047e6865c3b80d2700a908c9cdc9da76d7f739c221df", "size": 40960, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000690-addr_0x000000007ef38000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000690-addr_0x000000007ef38000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_178", "md5_hash": "812c390227c81f8c81e0061e186b5562", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cfd8752f1202379429341616be85eef7b020f991", "sha256_hash": "82484ee5d98df06af4fdf5dd345b22b02514176b49edbd421c457dd36d1aac57", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000698-addr_0x0000000004fe0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000698-addr_0x0000000004fe0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_179", "md5_hash": "0b0319bc0ebdffb5ef4e2c70486f2c1c", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "88e81282c4baf2d1dba1c8cfd6679334d2e54957", "sha256_hash": "d687ce4aa97e2b322a92082c21bc73466651fa699a664e4776a3e6765de1f2b5", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000725-addr_0x0000000005a00000-size_0x0000000000200000-perm_rw.bin", "filename": "process_00000003-region_00000725-addr_0x0000000005a00000-size_0x0000000000200000-perm_rw.bin", "id": "proc_dump_190", "md5_hash": "14856363a5644b7f04ef372d02b2c3ba", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "449a7475f399b9046a91d87e072b5a172f288785", "sha256_hash": "23b51d66104ce4d19170bad51e861e78be7b34a0ab54dae2a0d7798b25e111d0", "size": 2097152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000726-addr_0x0000000005c00000-size_0x0000000000081000-perm_rw.bin", "filename": "process_00000003-region_00000726-addr_0x0000000005c00000-size_0x0000000000081000-perm_rw.bin", "id": "proc_dump_191", "md5_hash": "a96e75ba4fc45caae6465737ebb49a9f", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "91b4e08376dd29ba955ced6c00c264e3ffb79d7c", "sha256_hash": "a6f67c3e285d9d60a37a945b5381377648771d46df1b66ae128298db84df68af", "size": 487424, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000707-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000004-region_00000707-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_180", "md5_hash": "39d67dee934e22e830d3131cb37b3520", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2d86779c04c8551190a80b6cd6576ba171b08bbc", "sha256_hash": "b4e2b281aee084429df5125791bf4d121f13c3b9a120c27f152fa12cee6f5a10", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000708-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000004-region_00000708-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_181", "md5_hash": "267a6b0a9e703ec139240e33321d12d3", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "497d758b867f62868b4cb841ca1a4f5ebdc255a0", "sha256_hash": "40c65188a6bb286b07026393297c8a657820b43a838959aafb059d4307b941ba", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000711-addr_0x0000000000060000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000711-addr_0x0000000000060000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_182", "md5_hash": "16e65230eb8cb2b7df864f84330163d2", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8aab166dc80ffcb8dc669e502e9149192ca318d0", "sha256_hash": "1785bdb7aae9964f9b198eeaa020103afe2b688c47b16e3f2235935343ef1841", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000712-addr_0x0000000000170000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000712-addr_0x0000000000170000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_183", "md5_hash": "3896491bfca9d460aeede1bf38a51b18", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "515b6089703a3d3e9210ef0054bd28b96ba6aeb1", "sha256_hash": "d5d5672ce2d1321ff0ba8c083300dbe8bd98e3bf042aa6d659423b8625aa8194", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000713-addr_0x00000000001f0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000713-addr_0x00000000001f0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_184", "md5_hash": "921f6507f0b9a04af3ca9d71937bc563", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9c8dbce53264b13bb5dd4d432af3a10cc3dc6312", "sha256_hash": "397cbc0ef8b7cd6b83c60683f3a8e7524df68c10f633ddfa46319d0ce9b4bce9", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000718-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000004-region_00000718-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_185", "md5_hash": "3fcd7188b9fee15bd2a98b0b43f38b4f", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d27f00116850dd9f9e61a4f888e67be1dbcd8708", "sha256_hash": "93529c52e4d314f1f4df5df9d24517153c934d9b5f9081e0969e6b56aa5a4f2d", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000719-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000719-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_186", "md5_hash": "ca9af7fb61462fab998be919a78414ff", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "152b44ebdb17cf1fcf80dbee53102fb69f4d7248", "sha256_hash": "6ecfb7439000d172092323ad1b2fca3bc11b9ea506714648a4619feb611c5a63", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000720-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000720-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_187", "md5_hash": "6b10c7d96af8702e0c55f956642383b9", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a36a20a1834942b4df029ec2a59d5fb5e23d51eb", "sha256_hash": "5a62b238ab3e65d7e4129ca96356d798f2908da02c98b278895d2cb54d777366", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000722-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000004-region_00000722-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_188", "md5_hash": "b27358830821a3e58731eafd1ee77f12", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f11d81ea2cb43ab865f9b6eab6b614afe2616716", "sha256_hash": "18c83b08430e1352783e99e48751a3c7c876022d0712ea80751eefa931865073", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000724-addr_0x0000000000070000-size_0x0000000000076000-perm_rwx.bin", "filename": "process_00000004-region_00000724-addr_0x0000000000070000-size_0x0000000000076000-perm_rwx.bin", "id": "proc_dump_189", "md5_hash": "989600470d38469716754f2192efb3e2", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8226b615e673f094b9213e51abf7c59ad3ca7dea", "sha256_hash": "2c054f6a4bb824bc721244596179e60569d6c3d23a82b01f3b4f2a8cd0b8b92c", "size": 483328, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000727-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000005-region_00000727-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_192", "md5_hash": "500cb1e3b0c088f8cb4f84b08221ece4", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f6deb8fccc7736838e2d78bfb5a7da22f02f86ab", "sha256_hash": "5567bd77770a9d05b48e6aa762257fa93cc78c4515134cb98921d32df9bd132e", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000728-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00000728-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_193", "md5_hash": "b722b0902d30745cb9edb1018a02ffde", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3ca501fe952a1aa6f7145b6a4b551b21618161e0", "sha256_hash": "43d5aae943686a81f2e3ec899f2a211daff3ee91b302b8c0d31b5737a8ca6059", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000731-addr_0x0000000000060000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000731-addr_0x0000000000060000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_194", "md5_hash": "ca1d5e6199ab8a2b3bd7ff92ebe0cb66", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "59c7e99cf34b82fe5546c8c08befc3588e3f8bd0", "sha256_hash": "2b7bf5b1486a53a20aa60c01f5fd0c6a78f35260f705a4fa3a1ab9f01191152c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000732-addr_0x0000000000090000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000732-addr_0x0000000000090000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_195", "md5_hash": "18cee9ce192f20e5171841ce18f34200", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cc63f1d921f297baca8f36c8f0b2c4428fde7f01", "sha256_hash": "ba8ae42f7ff0a668d18cd5fc5fc5fbc297c57c14e16cf8819f12e42be49cb870", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000733-addr_0x0000000000110000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000733-addr_0x0000000000110000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_196", "md5_hash": "f363b49d3eb8d680c0530bd9cd946821", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d15734b151f29a2eeb84a9b215e691f966de8623", "sha256_hash": "ab413fc72dfbf02fab70eaf5cb309c39e97b50a9217f330082a22872aef3029d", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000738-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000005-region_00000738-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_197", "md5_hash": "d076aa0e9ab27a85b86196ed868a6436", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fb8fe1b852d9e7494d12c29efeb6bf51ea072fe1", "sha256_hash": "8ae095b7ed85ba8d043682981d48748e968ca850dc24c7de42f2e2993639919f", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000739-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000739-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_198", "md5_hash": "b20d5d0b00bc855d3066c0a498e90429", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6f7f8432335c87abd19d5cf8e600d8cf972d0513", "sha256_hash": "df32893c4eb1378a8e2de98e55202789e51b714c70685d46a83a3cf9c716d911", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000740-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000740-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_199", "md5_hash": "bcca5e3ebf5a738498938af61b6618ba", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "366334145b76c7aa93722dab216a50c628850d81", "sha256_hash": "2887f2dee59d9f56ecb51699ab48d068c17c558956dea137b7692ff48a3ac3ac", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000742-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000005-region_00000742-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_200", "md5_hash": "9019bd9ef9c78e6b4ca150338d6d95d6", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71ab930045d60cb336340d5feb5fad53d1a79b86", "sha256_hash": "5fa52719c00a6cbf2bbdca1ee314cee2aa09ebe0f216c30b68e2010eaca8fbfe", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000744-addr_0x0000000000150000-size_0x0000000000076000-perm_rwx.bin", "filename": "process_00000005-region_00000744-addr_0x0000000000150000-size_0x0000000000076000-perm_rwx.bin", "id": "proc_dump_201", "md5_hash": "4e8a6b7ea2a4942ac9da015cfd8bcced", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "93e12ea8e20738bab9b389e5ef37fd2cbd3f7e41", "sha256_hash": "35d1aca7b711545b77ab88365408c11584c868f4f8a7167b1e3278a0220b7f0a", "size": 483328, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000745-addr_0x00000000003a0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000005-region_00000745-addr_0x00000000003a0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_202", "md5_hash": "0e5e727ae86fd5d8a615a8ccd88660b5", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5a8fc72311daf3279ecacc4d63db4946ff4d84a4", "sha256_hash": "a0cec0043e75e937bb0f9c07bcb6b1e307d841d8533ee6b08cf50cb72f023aa9", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000749-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000005-region_00000749-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_203", "md5_hash": "b46f3843640b69ad5662be4725fdc945", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0e75237a1fbdd53a997c4eeb1edd2bb564d8a807", "sha256_hash": "38c951c9edf5ae977e1973ccf4e1e12a99527b069870bd786b4534c92e936b92", "size": 483328, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000753-addr_0x00000000005f0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000753-addr_0x00000000005f0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_204", "md5_hash": "696f98147308176070c4ecb13c4669a3", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a9d14802345c9dbc90a0ff2d455df4eaf79a3291", "sha256_hash": "1e2276f070ef9d11ab57f8441e40efd9784e0ff8fd420bb30bfc77b19188f698", "size": 118784, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000769-addr_0x00000000005a0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000769-addr_0x00000000005a0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_205", "md5_hash": "ec6682f018b8c4a909db1bb3c67a344c", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "73a64d57140b3b9e6c9479aaeb584fc7aca53a76", "sha256_hash": "3175e6bc7a0d1f348e1c1aefd60f563054c456937c0398c253feadd3c83fae19", "size": 57344, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000773-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000773-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_206", "md5_hash": "663e0c81aa5e0a3ff2a43da751ac3ea6", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e73f43d3b9108b46aa594a997edc25f4aa778b3a", "sha256_hash": "83341888a1a94ed307472f9945ea15735d3580b3043db1b990ac64f5eda31432", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000774-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000774-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_207", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 } ], "processes": [ { "cmd_line": "\"C:\\Windows\\System32\\CScript.exe\" \"C:\\Users\\5P5NRG~1\\Desktop\\MYOBSU~1.JS\" ", "filename": "c:\\windows\\system32\\cscript.exe", "id": "proc_1", "image_name": "cscript.exe", "monitor_reason": "analysis_target", "monitored_id": 1, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "process_00000001-region_00000001-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_29", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:10.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_2", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:10.465", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000003-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_30", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_3", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:10.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:10.465", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_5", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:10.561", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000006-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_31", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_6", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:10.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 4288806912, "type": "region", "version": 1 }, "end_va": 4288974847, "entry_point": 4288806912, "filename": "\\Windows\\System32\\cscript.exe", "id": "region_7", "name": "cscript.exe", "norm_filename": "c:\\windows\\system32\\cscript.exe", "region_type": "memory_mapped_file", "start_va": 4288806912, "timestamp": "00:00:10.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791781998592, "type": "region", "version": 1 }, "end_va": 8791782002687, "entry_point": 8791781998592, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_8", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791781998592, "timestamp": "00:00:10.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_9", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:00:10.567", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000010-addr_0x000007fffffd7000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_32", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 8796092854272, "type": "region", "version": 1 }, "end_va": 8796092858367, "entry_point": 0, "filename": null, "id": "region_10", "name": "private_0x000007fffffd7000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092854272, "timestamp": "00:00:10.567", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000011-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_33", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_11", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:00:10.567", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000144-addr_0x0000000000350000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_34", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 4521983, "entry_point": 0, "filename": null, "id": "region_144", "name": "private_0x0000000000350000", "norm_filename": null, "region_type": "private_memory", "start_va": 3473408, "timestamp": "00:00:12.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 1992753152, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_145", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1992753152, "timestamp": "00:00:12.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791747723264, "type": "region", "version": 1 }, "end_va": 8791748161535, "entry_point": 8791747723264, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_146", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791747723264, "timestamp": "00:00:12.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_147", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:12.286", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_148", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:12.286", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2060287, "entry_point": 1638400, "filename": "\\Windows\\System32\\locale.nls", "id": "region_149", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1638400, "timestamp": "00:00:12.286", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 1991704576, "filename": "\\Windows\\System32\\user32.dll", "id": "region_150", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1991704576, "timestamp": "00:00:12.286", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_151", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:12.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_152", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:12.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791729504256, "type": "region", "version": 1 }, "end_va": 8791729553407, "entry_point": 8791729504256, "filename": "\\Windows\\System32\\version.dll", "id": "region_153", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791729504256, "timestamp": "00:00:12.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791768956928, "type": "region", "version": 1 }, "end_va": 8791770189823, "entry_point": 8791768956928, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_154", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791768956928, "timestamp": "00:00:12.353", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791770202112, "type": "region", "version": 1 }, "end_va": 8791772311551, "entry_point": 8791770202112, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_155", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791770202112, "timestamp": "00:00:12.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791772364800, "type": "region", "version": 1 }, "end_va": 8791773261823, "entry_point": 8791772364800, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_156", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791772364800, "timestamp": "00:00:12.866", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791774396416, "type": "region", "version": 1 }, "end_va": 8791775047679, "entry_point": 8791774396416, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_157", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791774396416, "timestamp": "00:00:12.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791775051776, "type": "region", "version": 1 }, "end_va": 8791775932415, "entry_point": 8791775051776, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_158", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791775051776, "timestamp": "00:00:12.947", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791775969280, "type": "region", "version": 1 }, "end_va": 8791776026623, "entry_point": 8791775969280, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_159", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791775969280, "timestamp": "00:00:12.960", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791776034816, "type": "region", "version": 1 }, "end_va": 8791776456703, "entry_point": 8791776034816, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_160", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791776034816, "timestamp": "00:00:12.968", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791777148928, "type": "region", "version": 1 }, "end_va": 8791777972223, "entry_point": 8791777148928, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_161", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791777148928, "timestamp": "00:00:13.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791780229120, "type": "region", "version": 1 }, "end_va": 8791780356095, "entry_point": 8791780229120, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_162", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791780229120, "timestamp": "00:00:13.022", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000163-addr_0x00000000002b0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_35", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2883583, "entry_point": 0, "filename": null, "id": "region_163", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:00:13.053", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000164-addr_0x0000000000450000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_36", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 5570559, "entry_point": 0, "filename": null, "id": "region_164", "name": "private_0x0000000000450000", "norm_filename": null, "region_type": "private_memory", "start_va": 4521984, "timestamp": "00:00:13.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 5570560, "type": "region", "version": 1 }, "end_va": 7176191, "entry_point": 0, "filename": null, "id": "region_165", "name": "pagefile_0x0000000000550000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5570560, "timestamp": "00:00:13.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791773282304, "type": "region", "version": 1 }, "end_va": 8791774367743, "entry_point": 8791773282304, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_166", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791773282304, "timestamp": "00:00:13.054", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791779966976, "type": "region", "version": 1 }, "end_va": 8791780155391, "entry_point": 8791779966976, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_167", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791779966976, "timestamp": "00:00:13.062", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 290815, "entry_point": 0, "filename": null, "id": "region_168", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:13.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 335871, "entry_point": 0, "filename": null, "id": "region_169", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:13.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 405503, "entry_point": 393216, "filename": "\\Windows\\System32\\en-US\\cscript.exe.mui", "id": "region_170", "name": "cscript.exe.mui", "norm_filename": "c:\\windows\\system32\\en-us\\cscript.exe.mui", "region_type": "memory_mapped_file", "start_va": 393216, "timestamp": "00:00:13.079", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000171-addr_0x0000000000070000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_37", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 462847, "entry_point": 0, "filename": null, "id": "region_171", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:00:13.085", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000172-addr_0x0000000000080000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_38", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 528383, "entry_point": 0, "filename": null, "id": "region_172", "name": "private_0x0000000000080000", "norm_filename": null, "region_type": "private_memory", "start_va": 524288, "timestamp": "00:00:13.085", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7208960, "type": "region", "version": 1 }, "end_va": 8785919, "entry_point": 0, "filename": null, "id": "region_173", "name": "pagefile_0x00000000006e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7208960, "timestamp": "00:00:13.085", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8847360, "type": "region", "version": 1 }, "end_va": 29818879, "entry_point": 0, "filename": null, "id": "region_174", "name": "pagefile_0x0000000000870000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8847360, "timestamp": "00:00:13.086", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 512000, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2609151, "entry_point": 2097152, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_175", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 2097152, "timestamp": "00:00:13.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 512000, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2609151, "entry_point": 2150088, "filename": "\\Windows\\System32\\rpcss.dll", "id": "region_176", "name": "rpcss.dll", "norm_filename": "c:\\windows\\system32\\rpcss.dll", "region_type": "memory_mapped_file", "start_va": 2097152, "timestamp": "00:00:13.095", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791743332352, "type": "region", "version": 1 }, "end_va": 8791743393791, "entry_point": 8791743332352, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_177", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791743332352, "timestamp": "00:00:13.096", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791708860416, "type": "region", "version": 1 }, "end_va": 8791709212671, "entry_point": 8791708860416, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_178", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791708860416, "timestamp": "00:00:13.111", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000179-addr_0x0000000001c70000-size_0x00000000001f0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_39", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2031616, "start_va": 29818880, "type": "region", "version": 1 }, "end_va": 31850495, "entry_point": 0, "filename": null, "id": "region_179", "name": "private_0x0000000001c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 29818880, "timestamp": "00:00:13.124", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 29818880, "type": "region", "version": 1 }, "end_va": 30732287, "entry_point": 0, "filename": null, "id": "region_180", "name": "pagefile_0x0000000001c70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29818880, "timestamp": "00:00:13.204", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000181-addr_0x0000000001de0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_40", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 31326208, "type": "region", "version": 1 }, "end_va": 31850495, "entry_point": 0, "filename": null, "id": "region_181", "name": "private_0x0000000001de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31326208, "timestamp": "00:00:13.204", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000182-addr_0x0000000001f80000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_41", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 33030144, "type": "region", "version": 1 }, "end_va": 34078719, "entry_point": 0, "filename": null, "id": "region_182", "name": "private_0x0000000001f80000", "norm_filename": null, "region_type": "private_memory", "start_va": 33030144, "timestamp": "00:00:13.276", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000183-addr_0x000007fffffdc000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_42", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_183", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:00:13.276", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 34078720, "type": "region", "version": 1 }, "end_va": 37023743, "entry_point": 34078720, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_184", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 34078720, "timestamp": "00:00:13.284", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2179071, "entry_point": 2107588, "filename": "\\Windows\\System32\\cscript.exe", "id": "region_185", "name": "cscript.exe", "norm_filename": "c:\\windows\\system32\\cscript.exe", "region_type": "memory_mapped_file", "start_va": 2097152, "timestamp": "00:00:13.285", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 593920, "start_va": 8791743397888, "type": "region", "version": 1 }, "end_va": 8791743991807, "entry_point": 8791743397888, "filename": "\\Windows\\System32\\sxs.dll", "id": "region_186", "name": "sxs.dll", "norm_filename": "c:\\windows\\system32\\sxs.dll", "region_type": "memory_mapped_file", "start_va": 8791743397888, "timestamp": "00:00:13.293", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000187-addr_0x0000000002400000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_43", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 37748736, "type": "region", "version": 1 }, "end_va": 38797311, "entry_point": 0, "filename": null, "id": "region_187", "name": "private_0x0000000002400000", "norm_filename": null, "region_type": "private_memory", "start_va": 37748736, "timestamp": "00:00:13.310", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000188-addr_0x000007fffffda000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_44", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_188", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:00:13.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791704797184, "type": "region", "version": 1 }, "end_va": 8791704895487, "entry_point": 8791704797184, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_189", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 8791704797184, "timestamp": "00:00:13.310", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2232319, "entry_point": 0, "filename": null, "id": "region_190", "name": "pagefile_0x0000000000220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2228224, "timestamp": "00:00:13.323", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791751196672, "type": "region", "version": 1 }, "end_va": 8791751823359, "entry_point": 8791751196672, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_191", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791751196672, "timestamp": "00:00:13.324", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2297855, "entry_point": 0, "filename": null, "id": "region_192", "name": "pagefile_0x0000000000230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2293760, "timestamp": "00:00:13.337", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 929792, "start_va": 8791579820032, "type": "region", "version": 1 }, "end_va": 8791580749823, "entry_point": 8791579820032, "filename": "\\Windows\\System32\\jscript.dll", "id": "region_193", "name": "jscript.dll", "norm_filename": "c:\\windows\\system32\\jscript.dll", "region_type": "memory_mapped_file", "start_va": 8791579820032, "timestamp": "00:00:13.345", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791776493568, "type": "region", "version": 1 }, "end_va": 8791776956415, "entry_point": 8791776493568, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_194", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791776493568, "timestamp": "00:00:13.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2367487, "entry_point": 0, "filename": null, "id": "region_195", "name": "pagefile_0x0000000000240000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2359296, "timestamp": "00:00:13.462", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 237568, "start_va": 8791745822720, "type": "region", "version": 1 }, "end_va": 8791746060287, "entry_point": 8791745822720, "filename": "\\Windows\\System32\\wintrust.dll", "id": "region_196", "name": "wintrust.dll", "norm_filename": "c:\\windows\\system32\\wintrust.dll", "region_type": "memory_mapped_file", "start_va": 8791745822720, "timestamp": "00:00:13.467", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1470464, "start_va": 8791746215936, "type": "region", "version": 1 }, "end_va": 8791747686399, "entry_point": 8791746215936, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_197", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 8791746215936, "timestamp": "00:00:13.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791745101824, "type": "region", "version": 1 }, "end_va": 8791745163263, "entry_point": 8791745101824, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_198", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 8791745101824, "timestamp": "00:00:13.492", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791737040896, "type": "region", "version": 1 }, "end_va": 8791737135103, "entry_point": 8791737040896, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_199", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791737040896, "timestamp": "00:00:13.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 282624, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2641919, "entry_point": 2359296, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_200", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 2359296, "timestamp": "00:00:13.515", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 282624, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2641919, "entry_point": 2363492, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_201", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 2359296, "timestamp": "00:00:13.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791733895168, "type": "region", "version": 1 }, "end_va": 8791734185983, "entry_point": 8791733899364, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_205", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791733895168, "timestamp": "00:00:13.549", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000207-addr_0x0000000002510000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_45", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 38862848, "type": "region", "version": 1 }, "end_va": 39911423, "entry_point": 0, "filename": null, "id": "region_207", "name": "private_0x0000000002510000", "norm_filename": null, "region_type": "private_memory", "start_va": 38862848, "timestamp": "00:00:13.552", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000208-addr_0x000007fffffd8000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_46", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092866559, "entry_point": 0, "filename": null, "id": "region_208", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:00:13.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791652171776, "type": "region", "version": 1 }, "end_va": 8791652216831, "entry_point": 8791652171776, "filename": "\\Windows\\System32\\msisip.dll", "id": "region_209", "name": "msisip.dll", "norm_filename": "c:\\windows\\system32\\msisip.dll", "region_type": "memory_mapped_file", "start_va": 8791652171776, "timestamp": "00:00:13.560", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16777216, "start_va": 39911424, "type": "region", "version": 1 }, "end_va": 56688639, "entry_point": 0, "filename": null, "id": "region_210", "name": "pagefile_0x0000000002610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 39911424, "timestamp": "00:00:13.582", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2433023, "entry_point": 0, "filename": null, "id": "region_211", "name": "pagefile_0x0000000000250000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2424832, "timestamp": "00:00:13.582", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000212-addr_0x0000000003640000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_47", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 56885248, "type": "region", "version": 1 }, "end_va": 57933823, "entry_point": 0, "filename": null, "id": "region_212", "name": "private_0x0000000003640000", "norm_filename": null, "region_type": "private_memory", "start_va": 56885248, "timestamp": "00:00:13.585", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 118784, "start_va": 8791651385344, "type": "region", "version": 1 }, "end_va": 8791651504127, "entry_point": 8791651385344, "filename": "\\Windows\\System32\\wshext.dll", "id": "region_213", "name": "wshext.dll", "norm_filename": "c:\\windows\\system32\\wshext.dll", "region_type": "memory_mapped_file", "start_va": 8791651385344, "timestamp": "00:00:13.585", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000214-addr_0x000007fffffd5000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_48", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092846080, "type": "region", "version": 1 }, "end_va": 8796092854271, "entry_point": 0, "filename": null, "id": "region_214", "name": "private_0x000007fffffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092846080, "timestamp": "00:00:13.595", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 8791590699008, "type": "region", "version": 1 }, "end_va": 8791591354367, "entry_point": 8791590699008, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll", "id": "region_215", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 8791590699008, "timestamp": "00:00:13.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 618496, "start_va": 8791750017024, "type": "region", "version": 1 }, "end_va": 8791750635519, "entry_point": 8791750017024, "filename": "\\Windows\\System32\\comdlg32.dll", "id": "region_216", "name": "comdlg32.dll", "norm_filename": "c:\\windows\\system32\\comdlg32.dll", "region_type": "memory_mapped_file", "start_va": 8791750017024, "timestamp": "00:00:13.678", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14188544, "start_va": 8791752245248, "type": "region", "version": 1 }, "end_va": 8791766433791, "entry_point": 8791752245248, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_217", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 8791752245248, "timestamp": "00:00:13.692", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000218-addr_0x0000000003740000-size_0x00000000001f0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_49", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2031616, "start_va": 57933824, "type": "region", "version": 1 }, "end_va": 59965439, "entry_point": 0, "filename": null, "id": "region_218", "name": "private_0x0000000003740000", "norm_filename": null, "region_type": "private_memory", "start_va": 57933824, "timestamp": "00:00:14.314", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000219-addr_0x0000000001e60000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_50", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 31850496, "type": "region", "version": 1 }, "end_va": 32899071, "entry_point": 0, "filename": null, "id": "region_219", "name": "private_0x0000000001e60000", "norm_filename": null, "region_type": "private_memory", "start_va": 31850496, "timestamp": "00:00:14.315", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 8791590436864, "type": "region", "version": 1 }, "end_va": 8791590682623, "entry_point": 8791590436864, "filename": "\\Windows\\System32\\scrobj.dll", "id": "region_220", "name": "scrobj.dll", "norm_filename": "c:\\windows\\system32\\scrobj.dll", "region_type": "memory_mapped_file", "start_va": 8791590436864, "timestamp": "00:00:14.326", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000221-addr_0x0000000000240000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_51", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_221", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:00:14.353", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000222-addr_0x00000000039e0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_52", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 60686336, "type": "region", "version": 1 }, "end_va": 61734911, "entry_point": 0, "filename": null, "id": "region_222", "name": "private_0x00000000039e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 60686336, "timestamp": "00:00:14.367", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000223-addr_0x000007fffffd3000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_53", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092837888, "type": "region", "version": 1 }, "end_va": 8796092846079, "entry_point": 0, "filename": null, "id": "region_223", "name": "private_0x000007fffffd3000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092837888, "timestamp": "00:00:14.367", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791744315392, "type": "region", "version": 1 }, "end_va": 8791744397311, "entry_point": 8791744315392, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_224", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791744315392, "timestamp": "00:00:14.368", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000225-addr_0x0000000003af0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_54", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 61800448, "type": "region", "version": 1 }, "end_va": 62849023, "entry_point": 0, "filename": null, "id": "region_225", "name": "private_0x0000000003af0000", "norm_filename": null, "region_type": "private_memory", "start_va": 61800448, "timestamp": "00:00:14.380", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000226-addr_0x000007fffffae000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_55", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_226", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:00:14.381", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2428927, "entry_point": 2424832, "filename": "\\Windows\\System32\\tzres.dll", "id": "region_227", "name": "tzres.dll", "norm_filename": "c:\\windows\\system32\\tzres.dll", "region_type": "memory_mapped_file", "start_va": 2424832, "timestamp": "00:00:14.395", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000228-addr_0x0000000003cc0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_56", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 63700992, "type": "region", "version": 1 }, "end_va": 64749567, "entry_point": 0, "filename": null, "id": "region_228", "name": "private_0x0000000003cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 63700992, "timestamp": "00:00:14.403", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000229-addr_0x000007fffffac000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_57", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092678144, "type": "region", "version": 1 }, "end_va": 8796092686335, "entry_point": 0, "filename": null, "id": "region_229", "name": "private_0x000007fffffac000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092678144, "timestamp": "00:00:14.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 64749568, "type": "region", "version": 1 }, "end_va": 68890623, "entry_point": 0, "filename": null, "id": "region_230", "name": "pagefile_0x0000000003dc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 64749568, "timestamp": "00:00:14.404", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000232-addr_0x0000000003740000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_58", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 57933824, "type": "region", "version": 1 }, "end_va": 58982399, "entry_point": 0, "filename": null, "id": "region_232", "name": "private_0x0000000003740000", "norm_filename": null, "region_type": "private_memory", "start_va": 57933824, "timestamp": "00:00:18.174", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000233-addr_0x0000000003920000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_59", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 59899904, "type": "region", "version": 1 }, "end_va": 59965439, "entry_point": 0, "filename": null, "id": "region_233", "name": "private_0x0000000003920000", "norm_filename": null, "region_type": "private_memory", "start_va": 59899904, "timestamp": "00:00:18.174", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000234-addr_0x00000000041c0000-size_0x0000000000200000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_60", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2097152, "start_va": 68943872, "type": "region", "version": 1 }, "end_va": 71041023, "entry_point": 0, "filename": null, "id": "region_234", "name": "private_0x00000000041c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68943872, "timestamp": "00:00:18.175", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000235-addr_0x00000000043c0000-size_0x0000000000400000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_61", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4194304, "start_va": 71041024, "type": "region", "version": 1 }, "end_va": 75235327, "entry_point": 0, "filename": null, "id": "region_235", "name": "private_0x00000000043c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 71041024, "timestamp": "00:00:18.175", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000236-addr_0x00000000047c0000-size_0x0000000000200000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_62", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2097152, "start_va": 75235328, "type": "region", "version": 1 }, "end_va": 77332479, "entry_point": 0, "filename": null, "id": "region_236", "name": "private_0x00000000047c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 75235328, "timestamp": "00:00:18.175", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000237-addr_0x00000000049c0000-size_0x0000000000101000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_63", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 77332480, "type": "region", "version": 1 }, "end_va": 78385151, "entry_point": 0, "filename": null, "id": "region_237", "name": "private_0x00000000049c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 77332480, "timestamp": "00:00:18.175", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000238-addr_0x0000000004b10000-size_0x0000000000800000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_64", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8388608, "start_va": 78708736, "type": "region", "version": 1 }, "end_va": 87097343, "entry_point": 0, "filename": null, "id": "region_238", "name": "private_0x0000000004b10000", "norm_filename": null, "region_type": "private_memory", "start_va": 78708736, "timestamp": "00:00:18.176", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000239-addr_0x0000000005310000-size_0x0000000000400000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_65", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4194304, "start_va": 87097344, "type": "region", "version": 1 }, "end_va": 91291647, "entry_point": 0, "filename": null, "id": "region_239", "name": "private_0x0000000005310000", "norm_filename": null, "region_type": "private_memory", "start_va": 87097344, "timestamp": "00:00:18.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16580608, "start_va": 93978624, "type": "region", "version": 1 }, "end_va": 110559231, "entry_point": 0, "filename": null, "id": "region_240", "name": "private_0x00000000059a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 93978624, "timestamp": "00:00:18.177", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000241-addr_0x0000000006970000-size_0x0000000000800000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_66", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8388608, "start_va": 110559232, "type": "region", "version": 1 }, "end_va": 118947839, "entry_point": 0, "filename": null, "id": "region_241", "name": "private_0x0000000006970000", "norm_filename": null, "region_type": "private_memory", "start_va": 110559232, "timestamp": "00:00:18.177", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16580608, "start_va": 124256256, "type": "region", "version": 1 }, "end_va": 140836863, "entry_point": 0, "filename": null, "id": "region_242", "name": "private_0x0000000007680000", "norm_filename": null, "region_type": "private_memory", "start_va": 124256256, "timestamp": "00:00:18.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 10489856, "start_va": 140836864, "type": "region", "version": 1 }, "end_va": 151326719, "entry_point": 0, "filename": null, "id": "region_243", "name": "private_0x0000000008650000", "norm_filename": null, "region_type": "private_memory", "start_va": 140836864, "timestamp": "00:00:18.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16580608, "start_va": 151388160, "type": "region", "version": 1 }, "end_va": 167968767, "entry_point": 0, "filename": null, "id": "region_244", "name": "private_0x0000000009060000", "norm_filename": null, "region_type": "private_memory", "start_va": 151388160, "timestamp": "00:00:18.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16580608, "start_va": 167968768, "type": "region", "version": 1 }, "end_va": 184549375, "entry_point": 0, "filename": null, "id": "region_245", "name": "private_0x000000000a030000", "norm_filename": null, "region_type": "private_memory", "start_va": 167968768, "timestamp": "00:00:18.179", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 163840, "start_va": 8791651188736, "type": "region", "version": 1 }, "end_va": 8791651352575, "entry_point": 8791651188736, "filename": "\\Windows\\System32\\wshom.ocx", "id": "region_246", "name": "wshom.ocx", "norm_filename": "c:\\windows\\system32\\wshom.ocx", "region_type": "memory_mapped_file", "start_va": 8791651188736, "timestamp": "00:00:18.182", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791693066240, "type": "region", "version": 1 }, "end_va": 8791693164543, "entry_point": 8791693066240, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_247", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 8791693066240, "timestamp": "00:00:18.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 8791591747584, "type": "region", "version": 1 }, "end_va": 8791591960575, "entry_point": 8791591747584, "filename": "\\Windows\\System32\\scrrun.dll", "id": "region_248", "name": "scrrun.dll", "norm_filename": "c:\\windows\\system32\\scrrun.dll", "region_type": "memory_mapped_file", "start_va": 8791591747584, "timestamp": "00:00:18.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2506751, "entry_point": 2429040, "filename": "\\Windows\\System32\\wshom.ocx", "id": "region_249", "name": "wshom.ocx", "norm_filename": "c:\\windows\\system32\\wshom.ocx", "region_type": "memory_mapped_file", "start_va": 2424832, "timestamp": "00:00:18.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1916928, "start_va": 8791586570240, "type": "region", "version": 1 }, "end_va": 8791588487167, "entry_point": 8791586570240, "filename": "\\Windows\\System32\\msxml3.dll", "id": "region_250", "name": "msxml3.dll", "norm_filename": "c:\\windows\\system32\\msxml3.dll", "region_type": "memory_mapped_file", "start_va": 8791586570240, "timestamp": "00:00:18.247", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000251-addr_0x0000000005710000-size_0x0000000000250000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_67", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2424832, "start_va": 91291648, "type": "region", "version": 1 }, "end_va": 93716479, "entry_point": 0, "filename": null, "id": "region_251", "name": "private_0x0000000005710000", "norm_filename": null, "region_type": "private_memory", "start_va": 91291648, "timestamp": "00:00:18.275", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000252-addr_0x0000000005710000-size_0x0000000000140000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_68", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1310720, "start_va": 91291648, "type": "region", "version": 1 }, "end_va": 92602367, "entry_point": 0, "filename": null, "id": "region_252", "name": "private_0x0000000005710000", "norm_filename": null, "region_type": "private_memory", "start_va": 91291648, "timestamp": "00:00:18.279", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000253-addr_0x00000000058e0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_69", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 93192192, "type": "region", "version": 1 }, "end_va": 93716479, "entry_point": 0, "filename": null, "id": "region_253", "name": "private_0x00000000058e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 93192192, "timestamp": "00:00:18.280", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000254-addr_0x0000000003840000-size_0x00000000000c0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_70", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 786432, "start_va": 58982400, "type": "region", "version": 1 }, "end_va": 59768831, "entry_point": 0, "filename": null, "id": "region_254", "name": "private_0x0000000003840000", "norm_filename": null, "region_type": "private_memory", "start_va": 58982400, "timestamp": "00:00:18.281", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000255-addr_0x0000000007170000-size_0x00000000001b0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_71", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1769472, "start_va": 118947840, "type": "region", "version": 1 }, "end_va": 120717311, "entry_point": 0, "filename": null, "id": "region_255", "name": "private_0x0000000007170000", "norm_filename": null, "region_type": "private_memory", "start_va": 118947840, "timestamp": "00:00:18.281", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000256-addr_0x0000000007320000-size_0x0000000000260000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_72", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2490368, "start_va": 120717312, "type": "region", "version": 1 }, "end_va": 123207679, "entry_point": 0, "filename": null, "id": "region_256", "name": "private_0x0000000007320000", "norm_filename": null, "region_type": "private_memory", "start_va": 120717312, "timestamp": "00:00:18.282", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 62849024, "type": "region", "version": 1 }, "end_va": 63635455, "entry_point": 62849024, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_257", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 62849024, "timestamp": "00:00:18.287", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000258-addr_0x000000000b000000-size_0x0000000000400000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_73", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4194304, "start_va": 184549376, "type": "region", "version": 1 }, "end_va": 188743679, "entry_point": 0, "filename": null, "id": "region_258", "name": "private_0x000000000b000000", "norm_filename": null, "region_type": "private_memory", "start_va": 184549376, "timestamp": "00:00:18.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2559999, "entry_point": 2555904, "filename": "\\Windows\\System32\\msxml3r.dll", "id": "region_259", "name": "msxml3r.dll", "norm_filename": "c:\\windows\\system32\\msxml3r.dll", "region_type": "memory_mapped_file", "start_va": 2555904, "timestamp": "00:00:18.305", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 110592, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2732031, "entry_point": 2845440, "filename": "\\Windows\\System32\\msxml3.dll", "id": "region_260", "name": "msxml3.dll", "norm_filename": "c:\\windows\\system32\\msxml3.dll", "region_type": "memory_mapped_file", "start_va": 2621440, "timestamp": "00:00:18.323", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1540096, "start_va": 8791748444160, "type": "region", "version": 1 }, "end_va": 8791749984255, "entry_point": 8791748444160, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_261", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 8791748444160, "timestamp": "00:00:18.330", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1220608, "start_va": 8791780360192, "type": "region", "version": 1 }, "end_va": 8791781580799, "entry_point": 8791780360192, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_262", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 8791780360192, "timestamp": "00:00:18.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2461696, "start_va": 8791766466560, "type": "region", "version": 1 }, "end_va": 8791768928255, "entry_point": 8791766466560, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_263", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 8791766466560, "timestamp": "00:00:18.366", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2760703, "entry_point": 0, "filename": null, "id": "region_264", "name": "pagefile_0x00000000002a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2752512, "timestamp": "00:00:18.380", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2048000, "start_va": 8791720394752, "type": "region", "version": 1 }, "end_va": 8791722442751, "entry_point": 8791720394752, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "id": "region_265", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 8791720394752, "timestamp": "00:00:18.380", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2887679, "entry_point": 2883584, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_266", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 2883584, "timestamp": "00:00:18.431", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 2957311, "entry_point": 0, "filename": null, "id": "region_267", "name": "pagefile_0x00000000002d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2949120, "timestamp": "00:00:18.432", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791743135744, "type": "region", "version": 1 }, "end_va": 8791743287295, "entry_point": 8791743135744, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_268", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791743135744, "timestamp": "00:00:18.435", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2887679, "entry_point": 0, "filename": null, "id": "region_269", "name": "pagefile_0x00000000002c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2883584, "timestamp": "00:00:18.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791744446464, "type": "region", "version": 1 }, "end_va": 8791744507903, "entry_point": 8791744446464, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_270", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 8791744446464, "timestamp": "00:00:18.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 49152, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3063807, "entry_point": 3014656, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat", "id": "region_271", "name": "index.dat", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 3014656, "timestamp": "00:00:18.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3112959, "entry_point": 3080192, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat", "id": "region_272", "name": "index.dat", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "region_type": "memory_mapped_file", "start_va": 3080192, "timestamp": "00:00:18.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3211263, "entry_point": 3145728, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "id": "region_273", "name": "index.dat", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 3145728, "timestamp": "00:00:18.459", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 8791727603712, "type": "region", "version": 1 }, "end_va": 8791727788031, "entry_point": 8791727603712, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_274", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 8791727603712, "timestamp": "00:00:18.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 8791751852032, "type": "region", "version": 1 }, "end_va": 8791752187903, "entry_point": 8791751852032, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_275", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 8791751852032, "timestamp": "00:00:18.479", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 315392, "start_va": 8791781605376, "type": "region", "version": 1 }, "end_va": 8791781920767, "entry_point": 8791781605376, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_276", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 8791781605376, "timestamp": "00:00:18.494", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 8791780163584, "type": "region", "version": 1 }, "end_va": 8791780196351, "entry_point": 8791780163584, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_277", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 8791780163584, "timestamp": "00:00:18.508", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000278-addr_0x0000000007320000-size_0x0000000000160000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_74", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1441792, "start_va": 120717312, "type": "region", "version": 1 }, "end_va": 122159103, "entry_point": 0, "filename": null, "id": "region_278", "name": "private_0x0000000007320000", "norm_filename": null, "region_type": "private_memory", "start_va": 120717312, "timestamp": "00:00:18.519", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000279-addr_0x0000000007500000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_75", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 122683392, "type": "region", "version": 1 }, "end_va": 123207679, "entry_point": 0, "filename": null, "id": "region_279", "name": "private_0x0000000007500000", "norm_filename": null, "region_type": "private_memory", "start_va": 122683392, "timestamp": "00:00:18.519", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 372736, "start_va": 8791735074816, "type": "region", "version": 1 }, "end_va": 8791735447551, "entry_point": 8791735074816, "filename": "\\Windows\\System32\\dnsapi.dll", "id": "region_280", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\system32\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 8791735074816, "timestamp": "00:00:18.524", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000281-addr_0x0000000007170000-size_0x0000000000110000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_76", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1114112, "start_va": 118947840, "type": "region", "version": 1 }, "end_va": 120061951, "entry_point": 0, "filename": null, "id": "region_281", "name": "private_0x0000000007170000", "norm_filename": null, "region_type": "private_memory", "start_va": 118947840, "timestamp": "00:00:18.542", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000282-addr_0x00000000072a0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_77", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 120193024, "type": "region", "version": 1 }, "end_va": 120717311, "entry_point": 0, "filename": null, "id": "region_282", "name": "private_0x00000000072a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 120193024, "timestamp": "00:00:18.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 8791717773312, "type": "region", "version": 1 }, "end_va": 8791717933055, "entry_point": 8791717773312, "filename": "\\Windows\\System32\\IPHLPAPI.DLL", "id": "region_283", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\system32\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 8791717773312, "timestamp": "00:00:18.543", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 8791717707776, "type": "region", "version": 1 }, "end_va": 8791717752831, "entry_point": 8791717707776, "filename": "\\Windows\\System32\\winnsi.dll", "id": "region_284", "name": "winnsi.dll", "norm_filename": "c:\\windows\\system32\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 8791717707776, "timestamp": "00:00:18.557", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000285-addr_0x0000000000310000-size_0x0000000000020000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_78", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3342335, "entry_point": 0, "filename": null, "id": "region_285", "name": "private_0x0000000000310000", "norm_filename": null, "region_type": "private_memory", "start_va": 3211264, "timestamp": "00:00:18.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 188743680, "type": "region", "version": 1 }, "end_va": 192163839, "entry_point": 0, "filename": null, "id": "region_286", "name": "pagefile_0x000000000b400000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 188743680, "timestamp": "00:00:18.593", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 401408, "start_va": 8791612522496, "type": "region", "version": 1 }, "end_va": 8791612923903, "entry_point": 8791612522496, "filename": "\\Windows\\System32\\rasapi32.dll", "id": "region_287", "name": "rasapi32.dll", "norm_filename": "c:\\windows\\system32\\rasapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791612522496, "timestamp": "00:00:18.600", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000290-addr_0x000000000b900000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_79", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 193986560, "type": "region", "version": 1 }, "end_va": 195035135, "entry_point": 0, "filename": null, "id": "region_290", "name": "private_0x000000000b900000", "norm_filename": null, "region_type": "private_memory", "start_va": 193986560, "timestamp": "00:00:18.631", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000291-addr_0x000007fffffaa000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_80", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092669952, "type": "region", "version": 1 }, "end_va": 8796092678143, "entry_point": 0, "filename": null, "id": "region_291", "name": "private_0x000007fffffaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092669952, "timestamp": "00:00:18.631", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000292-addr_0x0000000000330000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_81", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3346431, "entry_point": 0, "filename": null, "id": "region_292", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:00:18.633", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000295-addr_0x0000000007580000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_82", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 123207680, "type": "region", "version": 1 }, "end_va": 124256255, "entry_point": 0, "filename": null, "id": "region_295", "name": "private_0x0000000007580000", "norm_filename": null, "region_type": "private_memory", "start_va": 123207680, "timestamp": "00:00:18.658", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000297-addr_0x000007fffffa8000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_83", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092661760, "type": "region", "version": 1 }, "end_va": 8796092669951, "entry_point": 0, "filename": null, "id": "region_297", "name": "private_0x000007fffffa8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092661760, "timestamp": "00:00:18.667", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000304-addr_0x0000000001d50000-size_0x0000000000060000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_84", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 393216, "start_va": 30736384, "type": "region", "version": 1 }, "end_va": 31129599, "entry_point": 0, "filename": null, "id": "region_304", "name": "private_0x0000000001d50000", "norm_filename": null, "region_type": "private_memory", "start_va": 30736384, "timestamp": "00:00:18.737", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000305-addr_0x000000000ba00000-size_0x00000000001f0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_85", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2031616, "start_va": 195035136, "type": "region", "version": 1 }, "end_va": 197066751, "entry_point": 0, "filename": null, "id": "region_305", "name": "private_0x000000000ba00000", "norm_filename": null, "region_type": "private_memory", "start_va": 195035136, "timestamp": "00:00:18.738", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000306-addr_0x000000000b750000-size_0x00000000001a0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_86", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1703936, "start_va": 192217088, "type": "region", "version": 1 }, "end_va": 193921023, "entry_point": 0, "filename": null, "id": "region_306", "name": "private_0x000000000b750000", "norm_filename": null, "region_type": "private_memory", "start_va": 192217088, "timestamp": "00:00:18.739", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000308-addr_0x000000000b7b0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_87", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 192610304, "type": "region", "version": 1 }, "end_va": 193658879, "entry_point": 0, "filename": null, "id": "region_308", "name": "private_0x000000000b7b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 192610304, "timestamp": "00:00:18.768", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000310-addr_0x000007fffffa6000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_88", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092653568, "type": "region", "version": 1 }, "end_va": 8796092661759, "entry_point": 0, "filename": null, "id": "region_310", "name": "private_0x000007fffffa6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092653568, "timestamp": "00:00:18.776", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000315-addr_0x000000000baa0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_89", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 195690496, "type": "region", "version": 1 }, "end_va": 196214783, "entry_point": 0, "filename": null, "id": "region_315", "name": "private_0x000000000baa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 195690496, "timestamp": "00:00:18.831", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000316-addr_0x000000000bbe0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_90", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 197001216, "type": "region", "version": 1 }, "end_va": 197066751, "entry_point": 0, "filename": null, "id": "region_316", "name": "private_0x000000000bbe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 197001216, "timestamp": "00:00:18.831", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000454-addr_0x000000000bdb0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_94", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 198901760, "type": "region", "version": 1 }, "end_va": 199950335, "entry_point": 0, "filename": null, "id": "region_454", "name": "private_0x000000000bdb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 198901760, "timestamp": "00:00:30.348", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000456-addr_0x000007fffffa4000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_95", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092645376, "type": "region", "version": 1 }, "end_va": 8796092653567, "entry_point": 0, "filename": null, "id": "region_456", "name": "private_0x000007fffffa4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092645376, "timestamp": "00:00:30.349", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000458-addr_0x0000000001da0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_96", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 31064064, "type": "region", "version": 1 }, "end_va": 31129599, "entry_point": 0, "filename": null, "id": "region_458", "name": "private_0x0000000001da0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31064064, "timestamp": "00:00:30.466", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000465-addr_0x000000000bbf0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_97", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 197066752, "type": "region", "version": 1 }, "end_va": 198115327, "entry_point": 0, "filename": null, "id": "region_465", "name": "private_0x000000000bbf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 197066752, "timestamp": "00:00:32.375", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000467-addr_0x0000000001d80000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_98", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 30932992, "type": "region", "version": 1 }, "end_va": 30998527, "entry_point": 0, "filename": null, "id": "region_467", "name": "private_0x0000000001d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 30932992, "timestamp": "00:00:32.398", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000468-addr_0x000000000beb0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_99", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 199950336, "type": "region", "version": 1 }, "end_va": 200998911, "entry_point": 0, "filename": null, "id": "region_468", "name": "private_0x000000000beb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 199950336, "timestamp": "00:00:32.399", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000469-addr_0x0000000002350000-size_0x00000000000b0000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_100", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 720896, "start_va": 37027840, "type": "region", "version": 1 }, "end_va": 37748735, "entry_point": 0, "filename": null, "id": "region_469", "name": "private_0x0000000002350000", "norm_filename": null, "region_type": "private_memory", "start_va": 37027840, "timestamp": "00:00:32.407", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000474-addr_0x000000000bfd0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_101", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 201129984, "type": "region", "version": 1 }, "end_va": 202178559, "entry_point": 0, "filename": null, "id": "region_474", "name": "private_0x000000000bfd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 201129984, "timestamp": "00:00:34.671", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000475-addr_0x000000000c0d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_102", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 202178560, "type": "region", "version": 1 }, "end_va": 203227135, "entry_point": 0, "filename": null, "id": "region_475", "name": "private_0x000000000c0d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 202178560, "timestamp": "00:00:34.672", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000476-addr_0x000007fffffa2000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_103", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092637184, "type": "region", "version": 1 }, "end_va": 8796092645375, "entry_point": 0, "filename": null, "id": "region_476", "name": "private_0x000007fffffa2000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092637184, "timestamp": "00:00:34.673", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000477-addr_0x000000000c1d0000-size_0x0000000000200000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_104", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2097152, "start_va": 203227136, "type": "region", "version": 1 }, "end_va": 205324287, "entry_point": 0, "filename": null, "id": "region_477", "name": "private_0x000000000c1d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 203227136, "timestamp": "00:00:34.690", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000480-addr_0x000000000c3d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_105", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 205324288, "type": "region", "version": 1 }, "end_va": 206372863, "entry_point": 0, "filename": null, "id": "region_480", "name": "private_0x000000000c3d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 205324288, "timestamp": "00:00:34.764", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000481-addr_0x000000000c4d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_106", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 206372864, "type": "region", "version": 1 }, "end_va": 207421439, "entry_point": 0, "filename": null, "id": "region_481", "name": "private_0x000000000c4d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 206372864, "timestamp": "00:00:34.793", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000482-addr_0x000000000c6f0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_107", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 208601088, "type": "region", "version": 1 }, "end_va": 209649663, "entry_point": 0, "filename": null, "id": "region_482", "name": "private_0x000000000c6f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 208601088, "timestamp": "00:00:34.838", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000484-addr_0x000007fffffa0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_108", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092628992, "type": "region", "version": 1 }, "end_va": 8796092637183, "entry_point": 0, "filename": null, "id": "region_484", "name": "private_0x000007fffffa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092628992, "timestamp": "00:00:34.852", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\pST790mv.exe\" ", "filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\pst790mv.exe", "id": "proc_3", "image_name": "pst790mv.exe", "monitor_reason": "child_process", "monitored_id": 3, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000003-region_00000500-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_109", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_500", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:35.393", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000501-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_110", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_501", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:35.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_502", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:35.394", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_503", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:00:35.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_504", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:35.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1654783, "entry_point": 0, "filename": null, "id": "region_505", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:00:35.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1708031, "entry_point": 0, "filename": null, "id": "region_506", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:00:35.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 268435456, "type": "region", "version": 1 }, "end_va": 268972031, "entry_point": 268435456, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\pST790mv.exe", "id": "region_507", "name": "pst790mv.exe", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\pst790mv.exe", "region_type": "memory_mapped_file", "start_va": 268435456, "timestamp": "00:00:35.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_508", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:00:35.397", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997471743, "entry_point": 1995898880, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_509", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:00:35.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_510", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:35.482", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000511-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_111", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_511", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:35.482", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000512-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_112", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_512", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:35.483", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000513-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_113", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_513", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:35.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_514", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:35.483", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000515-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_114", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_515", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:35.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_516", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:35.483", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000517-addr_0x0000000000350000-size_0x0000000000080000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_115", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 0, "filename": null, "id": "region_517", "name": "private_0x0000000000350000", "norm_filename": null, "region_type": "private_memory", "start_va": 3473408, "timestamp": "00:00:35.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951039487, "entry_point": 1951006720, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_518", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:00:35.602", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1951072256, "type": "region", "version": 1 }, "end_va": 1951449087, "entry_point": 1951072256, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_519", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1951072256, "timestamp": "00:00:35.611", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951723519, "entry_point": 1951465472, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_520", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:00:35.617", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000521-addr_0x0000000000570000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_116", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 6750207, "entry_point": 0, "filename": null, "id": "region_521", "name": "private_0x0000000000570000", "norm_filename": null, "region_type": "private_memory", "start_va": 5701632, "timestamp": "00:00:35.631", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1985961983, "entry_point": 1985675264, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_522", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:35.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1986002944, "type": "region", "version": 1 }, "end_va": 1987117055, "entry_point": 1986002944, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_523", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1986002944, "timestamp": "00:00:35.680", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 0, "filename": null, "id": "region_524", "name": "private_0x0000000076b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1991704576, "timestamp": "00:00:35.860", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 0, "filename": null, "id": "region_525", "name": "private_0x0000000076c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992753152, "timestamp": "00:00:35.860", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_526", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:36.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2191359, "entry_point": 1769472, "filename": "\\Windows\\System32\\locale.nls", "id": "region_527", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1769472, "timestamp": "00:00:36.488", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1950285824, "type": "region", "version": 1 }, "end_va": 1950363647, "entry_point": 1950285824, "filename": "\\Windows\\SysWOW64\\dwmapi.dll", "id": "region_528", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\syswow64\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1950285824, "timestamp": "00:00:36.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1952907264, "type": "region", "version": 1 }, "end_va": 1952935935, "entry_point": 1952907264, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_529", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1952907264, "timestamp": "00:00:36.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1952972800, "type": "region", "version": 1 }, "end_va": 1953087487, "entry_point": 1952972800, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_530", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1952972800, "timestamp": "00:00:36.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1953103872, "type": "region", "version": 1 }, "end_va": 1953148927, "entry_point": 1953103872, "filename": "\\Windows\\SysWOW64\\traffic.dll", "id": "region_531", "name": "traffic.dll", "norm_filename": "c:\\windows\\syswow64\\traffic.dll", "region_type": "memory_mapped_file", "start_va": 1953103872, "timestamp": "00:00:36.516", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1953169408, "type": "region", "version": 1 }, "end_va": 1953222655, "entry_point": 1953169408, "filename": "\\Windows\\SysWOW64\\wtsapi32.dll", "id": "region_532", "name": "wtsapi32.dll", "norm_filename": "c:\\windows\\syswow64\\wtsapi32.dll", "region_type": "memory_mapped_file", "start_va": 1953169408, "timestamp": "00:00:36.522", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1953234944, "type": "region", "version": 1 }, "end_va": 1953480703, "entry_point": 1953234944, "filename": "\\Windows\\SysWOW64\\oleacc.dll", "id": "region_533", "name": "oleacc.dll", "norm_filename": "c:\\windows\\syswow64\\oleacc.dll", "region_type": "memory_mapped_file", "start_va": 1953234944, "timestamp": "00:00:36.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1953497088, "type": "region", "version": 1 }, "end_va": 1953521663, "entry_point": 1953497088, "filename": "\\Windows\\SysWOW64\\dciman32.dll", "id": "region_534", "name": "dciman32.dll", "norm_filename": "c:\\windows\\syswow64\\dciman32.dll", "region_type": "memory_mapped_file", "start_va": 1953497088, "timestamp": "00:00:36.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 946176, "start_va": 1953562624, "type": "region", "version": 1 }, "end_va": 1954508799, "entry_point": 1953562624, "filename": "\\Windows\\SysWOW64\\ddraw.dll", "id": "region_535", "name": "ddraw.dll", "norm_filename": "c:\\windows\\syswow64\\ddraw.dll", "region_type": "memory_mapped_file", "start_va": 1953562624, "timestamp": "00:00:36.556", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 139264, "start_va": 1954545664, "type": "region", "version": 1 }, "end_va": 1954684927, "entry_point": 1954545664, "filename": "\\Windows\\SysWOW64\\glu32.dll", "id": "region_536", "name": "glu32.dll", "norm_filename": "c:\\windows\\syswow64\\glu32.dll", "region_type": "memory_mapped_file", "start_va": 1954545664, "timestamp": "00:00:36.571", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 819200, "start_va": 1954742272, "type": "region", "version": 1 }, "end_va": 1955561471, "entry_point": 1954742272, "filename": "\\Windows\\SysWOW64\\opengl32.dll", "id": "region_537", "name": "opengl32.dll", "norm_filename": "c:\\windows\\syswow64\\opengl32.dll", "region_type": "memory_mapped_file", "start_va": 1954742272, "timestamp": "00:00:36.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1955594240, "type": "region", "version": 1 }, "end_va": 1955839999, "entry_point": 1955594240, "filename": "\\Windows\\SysWOW64\\pdh.dll", "id": "region_538", "name": "pdh.dll", "norm_filename": "c:\\windows\\syswow64\\pdh.dll", "region_type": "memory_mapped_file", "start_va": 1955594240, "timestamp": "00:00:36.592", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 204800, "start_va": 1955856384, "type": "region", "version": 1 }, "end_va": 1956061183, "entry_point": 1955856384, "filename": "\\Windows\\SysWOW64\\winmm.dll", "id": "region_539", "name": "winmm.dll", "norm_filename": "c:\\windows\\syswow64\\winmm.dll", "region_type": "memory_mapped_file", "start_va": 1955856384, "timestamp": "00:00:36.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1956118528, "type": "region", "version": 1 }, "end_va": 1956200447, "entry_point": 1956118528, "filename": "\\Windows\\SysWOW64\\msacm32.dll", "id": "region_540", "name": "msacm32.dll", "norm_filename": "c:\\windows\\syswow64\\msacm32.dll", "region_type": "memory_mapped_file", "start_va": 1956118528, "timestamp": "00:00:36.610", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1956249600, "type": "region", "version": 1 }, "end_va": 1956323327, "entry_point": 1956249600, "filename": "\\Windows\\SysWOW64\\mpr.dll", "id": "region_541", "name": "mpr.dll", "norm_filename": "c:\\windows\\syswow64\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 1956249600, "timestamp": "00:00:36.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1957429248, "type": "region", "version": 1 }, "end_va": 1957478399, "entry_point": 1957429248, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_542", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1957429248, "timestamp": "00:00:36.632", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1957887999, "entry_point": 1957494784, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_543", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:00:36.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958281215, "entry_point": 1957888000, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_544", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:00:36.646", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1960443903, "entry_point": 1959395328, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_545", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:00:36.653", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1960443904, "type": "region", "version": 1 }, "end_va": 1960484863, "entry_point": 1960443904, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_546", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1960443904, "timestamp": "00:00:36.705", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1960509440, "type": "region", "version": 1 }, "end_va": 1961345023, "entry_point": 1960509440, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_547", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1960509440, "timestamp": "00:00:36.712", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961361408, "type": "region", "version": 1 }, "end_va": 1961463807, "entry_point": 1961361408, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_548", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961361408, "timestamp": "00:00:36.721", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1961492480, "type": "region", "version": 1 }, "end_va": 1962147839, "entry_point": 1961492480, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_549", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1961492480, "timestamp": "00:00:36.728", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1978531840, "type": "region", "version": 1 }, "end_va": 1979514879, "entry_point": 1978531840, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_550", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978531840, "timestamp": "00:00:36.791", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1979514880, "type": "region", "version": 1 }, "end_va": 1979539455, "entry_point": 1979514880, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_551", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1979514880, "timestamp": "00:00:36.823", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1979580416, "type": "region", "version": 1 }, "end_va": 1980166143, "entry_point": 1979580416, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_552", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1979580416, "timestamp": "00:00:36.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1982660608, "type": "region", "version": 1 }, "end_va": 1982734335, "entry_point": 1982660608, "filename": "\\Windows\\SysWOW64\\devobj.dll", "id": "region_553", "name": "devobj.dll", "norm_filename": "c:\\windows\\syswow64\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1982660608, "timestamp": "00:00:36.840", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1982791680, "type": "region", "version": 1 }, "end_va": 1983008767, "entry_point": 1982791680, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_554", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1982791680, "timestamp": "00:00:36.847", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1983643648, "type": "region", "version": 1 }, "end_va": 1983803391, "entry_point": 1983643648, "filename": "\\Windows\\SysWOW64\\cfgmgr32.dll", "id": "region_555", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\syswow64\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1983643648, "timestamp": "00:00:36.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984430079, "entry_point": 1983840256, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_556", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:00:36.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985019904, "type": "region", "version": 1 }, "end_va": 1985662975, "entry_point": 1985019904, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_557", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985019904, "timestamp": "00:00:36.904", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1987117056, "type": "region", "version": 1 }, "end_va": 1988542463, "entry_point": 1987117056, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_558", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1987117056, "timestamp": "00:00:36.912", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1988755456, "type": "region", "version": 1 }, "end_va": 1990447103, "entry_point": 1988755456, "filename": "\\Windows\\SysWOW64\\setupapi.dll", "id": "region_559", "name": "setupapi.dll", "norm_filename": "c:\\windows\\syswow64\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1988755456, "timestamp": "00:00:37.126", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1990459392, "type": "region", "version": 1 }, "end_va": 1991163903, "entry_point": 1990459392, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_560", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1990459392, "timestamp": "00:00:37.140", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_561", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:37.154", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_562", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:37.154", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000563-addr_0x0000000000020000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_117", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_563", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:37.194", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000564-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_118", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_564", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:37.194", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000565-addr_0x0000000000220000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_119", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2232319, "entry_point": 0, "filename": null, "id": "region_565", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:00:37.194", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000566-addr_0x0000000000230000-size_0x0000000000080000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_120", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 0, "filename": null, "id": "region_566", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:00:37.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2846719, "entry_point": 0, "filename": null, "id": "region_567", "name": "pagefile_0x00000000002b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2818048, "timestamp": "00:00:37.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2891775, "entry_point": 0, "filename": null, "id": "region_568", "name": "pagefile_0x00000000002c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2883584, "timestamp": "00:00:37.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 2953215, "entry_point": 2949120, "filename": "\\Windows\\SysWOW64\\oleaccrc.dll", "id": "region_569", "name": "oleaccrc.dll", "norm_filename": "c:\\windows\\syswow64\\oleaccrc.dll", "region_type": "memory_mapped_file", "start_va": 2949120, "timestamp": "00:00:37.195", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000570-addr_0x00000000002e0000-size_0x0000000000002000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_121", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3022847, "entry_point": 0, "filename": null, "id": "region_570", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:00:37.202", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000571-addr_0x00000000002f0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_122", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3084287, "entry_point": 0, "filename": null, "id": "region_571", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:00:37.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3149823, "entry_point": 0, "filename": null, "id": "region_572", "name": "pagefile_0x0000000000300000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3145728, "timestamp": "00:00:37.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 5603327, "entry_point": 0, "filename": null, "id": "region_573", "name": "pagefile_0x00000000003d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3997696, "timestamp": "00:00:37.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6750208, "type": "region", "version": 1 }, "end_va": 8327167, "entry_point": 0, "filename": null, "id": "region_574", "name": "pagefile_0x0000000000670000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6750208, "timestamp": "00:00:37.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 8388608, "type": "region", "version": 1 }, "end_va": 29360127, "entry_point": 0, "filename": null, "id": "region_575", "name": "pagefile_0x0000000000800000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8388608, "timestamp": "00:00:37.202", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000576-addr_0x0000000001cb0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_123", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 30081024, "type": "region", "version": 1 }, "end_va": 30343167, "entry_point": 0, "filename": null, "id": "region_576", "name": "private_0x0000000001cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30081024, "timestamp": "00:00:37.202", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 30343168, "type": "region", "version": 1 }, "end_va": 34484223, "entry_point": 0, "filename": null, "id": "region_577", "name": "pagefile_0x0000000001cf0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 30343168, "timestamp": "00:00:37.203", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000578-addr_0x0000000002210000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_124", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 35717120, "type": "region", "version": 1 }, "end_va": 35782655, "entry_point": 0, "filename": null, "id": "region_578", "name": "private_0x0000000002210000", "norm_filename": null, "region_type": "private_memory", "start_va": 35717120, "timestamp": "00:00:37.203", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000579-addr_0x000000007ef50000-size_0x0000000000060000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_125", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 393216, "start_va": 2129985536, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_579", "name": "private_0x000000007ef50000", "norm_filename": null, "region_type": "private_memory", "start_va": 2129985536, "timestamp": "00:00:37.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1950416896, "type": "region", "version": 1 }, "end_va": 1950941183, "entry_point": 1950416896, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_580", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1950416896, "timestamp": "00:00:37.223", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000581-addr_0x00000000020f0000-size_0x00000000000d0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_126", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 851968, "start_va": 34537472, "type": "region", "version": 1 }, "end_va": 35389439, "entry_point": 0, "filename": null, "id": "region_581", "name": "private_0x00000000020f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34537472, "timestamp": "00:00:37.237", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 35782656, "type": "region", "version": 1 }, "end_va": 36696063, "entry_point": 0, "filename": null, "id": "region_582", "name": "pagefile_0x0000000002220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 35782656, "timestamp": "00:00:37.238", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1952841728, "type": "region", "version": 1 }, "end_va": 1952874495, "entry_point": 1952841728, "filename": "\\Windows\\SysWOW64\\drprov.dll", "id": "region_583", "name": "drprov.dll", "norm_filename": "c:\\windows\\syswow64\\drprov.dll", "region_type": "memory_mapped_file", "start_va": 1952841728, "timestamp": "00:00:37.242", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 167936, "start_va": 1952645120, "type": "region", "version": 1 }, "end_va": 1952813055, "entry_point": 1952645120, "filename": "\\Windows\\SysWOW64\\winsta.dll", "id": "region_584", "name": "winsta.dll", "norm_filename": "c:\\windows\\syswow64\\winsta.dll", "region_type": "memory_mapped_file", "start_va": 1952645120, "timestamp": "00:00:37.258", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1952514048, "type": "region", "version": 1 }, "end_va": 1952595967, "entry_point": 1952514048, "filename": "\\Windows\\SysWOW64\\ntlanman.dll", "id": "region_585", "name": "ntlanman.dll", "norm_filename": "c:\\windows\\syswow64\\ntlanman.dll", "region_type": "memory_mapped_file", "start_va": 1952514048, "timestamp": "00:00:37.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1952382976, "type": "region", "version": 1 }, "end_va": 1952477183, "entry_point": 1952382976, "filename": "\\Windows\\SysWOW64\\davclnt.dll", "id": "region_586", "name": "davclnt.dll", "norm_filename": "c:\\windows\\syswow64\\davclnt.dll", "region_type": "memory_mapped_file", "start_va": 1952382976, "timestamp": "00:00:37.285", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1952317440, "type": "region", "version": 1 }, "end_va": 1952350207, "entry_point": 1952317440, "filename": "\\Windows\\SysWOW64\\davhlpr.dll", "id": "region_587", "name": "davhlpr.dll", "norm_filename": "c:\\windows\\syswow64\\davhlpr.dll", "region_type": "memory_mapped_file", "start_va": 1952317440, "timestamp": "00:00:37.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3473407, "entry_point": 0, "filename": null, "id": "region_588", "name": "private_0x0000000000310000", "norm_filename": null, "region_type": "private_memory", "start_va": 3211264, "timestamp": "00:00:37.316", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 36700160, "type": "region", "version": 1 }, "end_va": 37748735, "entry_point": 0, "filename": null, "id": "region_589", "name": "private_0x0000000002300000", "norm_filename": null, "region_type": "private_memory", "start_va": 36700160, "timestamp": "00:00:37.317", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1952251904, "type": "region", "version": 1 }, "end_va": 1952313343, "entry_point": 1952251904, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_590", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1952251904, "timestamp": "00:00:37.317", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000591-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_127", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_591", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:00:37.323", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 29360128, "type": "region", "version": 1 }, "end_va": 29622271, "entry_point": 0, "filename": null, "id": "region_592", "name": "private_0x0000000001c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 29360128, "timestamp": "00:00:37.330", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 37748736, "type": "region", "version": 1 }, "end_va": 38797311, "entry_point": 0, "filename": null, "id": "region_593", "name": "private_0x0000000002400000", "norm_filename": null, "region_type": "private_memory", "start_va": 37748736, "timestamp": "00:00:37.330", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1952186368, "type": "region", "version": 1 }, "end_va": 1952231423, "entry_point": 1952186368, "filename": "\\Windows\\SysWOW64\\cscapi.dll", "id": "region_594", "name": "cscapi.dll", "norm_filename": "c:\\windows\\syswow64\\cscapi.dll", "region_type": "memory_mapped_file", "start_va": 1952186368, "timestamp": "00:00:37.330", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000595-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_128", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_595", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:00:37.337", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1952120832, "type": "region", "version": 1 }, "end_va": 1952157695, "entry_point": 1952120832, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_596", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1952120832, "timestamp": "00:00:37.341", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000597-addr_0x0000000002500000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_129", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 38797312, "type": "region", "version": 1 }, "end_va": 39845887, "entry_point": 0, "filename": null, "id": "region_597", "name": "private_0x0000000002500000", "norm_filename": null, "region_type": "private_memory", "start_va": 38797312, "timestamp": "00:00:37.454", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000598-addr_0x00000000027b0000-size_0x00000000000d2000-perm_rwx.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_130", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 860160, "start_va": 41615360, "type": "region", "version": 1 }, "end_va": 42475519, "entry_point": 0, "filename": null, "id": "region_598", "name": "private_0x00000000027b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41615360, "timestamp": "00:00:37.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 42532864, "type": "region", "version": 1 }, "end_va": 45477887, "entry_point": 42532864, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_599", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 42532864, "timestamp": "00:00:37.481", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000600-addr_0x0000000002600000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_131", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 39845888, "type": "region", "version": 1 }, "end_va": 40894463, "entry_point": 0, "filename": null, "id": "region_600", "name": "private_0x0000000002600000", "norm_filename": null, "region_type": "private_memory", "start_va": 39845888, "timestamp": "00:00:39.175", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000601-addr_0x0000000000560000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_132", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 5640191, "entry_point": 0, "filename": null, "id": "region_601", "name": "private_0x0000000000560000", "norm_filename": null, "region_type": "private_memory", "start_va": 5636096, "timestamp": "00:00:39.188", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000615-addr_0x0000000002b60000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_146", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 45481984, "type": "region", "version": 1 }, "end_va": 46530559, "entry_point": 0, "filename": null, "id": "region_615", "name": "private_0x0000000002b60000", "norm_filename": null, "region_type": "private_memory", "start_va": 45481984, "timestamp": "00:00:40.682", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000616-addr_0x0000000002c60000-size_0x0000000000200000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_147", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2097152, "start_va": 46530560, "type": "region", "version": 1 }, "end_va": 48627711, "entry_point": 0, "filename": null, "id": "region_616", "name": "private_0x0000000002c60000", "norm_filename": null, "region_type": "private_memory", "start_va": 46530560, "timestamp": "00:00:40.683", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000617-addr_0x0000000002e60000-size_0x0000000000189000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_148", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1609728, "start_va": 48627712, "type": "region", "version": 1 }, "end_va": 50237439, "entry_point": 0, "filename": null, "id": "region_617", "name": "private_0x0000000002e60000", "norm_filename": null, "region_type": "private_memory", "start_va": 48627712, "timestamp": "00:00:40.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 20975616, "start_va": 50266112, "type": "region", "version": 1 }, "end_va": 71241727, "entry_point": 0, "filename": null, "id": "region_618", "name": "private_0x0000000002ff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 50266112, "timestamp": "00:00:40.884", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000619-addr_0x00000000020f0000-size_0x0000000000081000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_149", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 528384, "start_va": 34537472, "type": "region", "version": 1 }, "end_va": 35065855, "entry_point": 0, "filename": null, "id": "region_619", "name": "private_0x00000000020f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 34537472, "timestamp": "00:00:41.067", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000620-addr_0x0000000002180000-size_0x0000000000040000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_150", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 35127296, "type": "region", "version": 1 }, "end_va": 35389439, "entry_point": 0, "filename": null, "id": "region_620", "name": "private_0x0000000002180000", "norm_filename": null, "region_type": "private_memory", "start_va": 35127296, "timestamp": "00:00:41.067", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000621-addr_0x0000000004400000-size_0x0000000000101000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_151", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 71303168, "type": "region", "version": 1 }, "end_va": 72355839, "entry_point": 0, "filename": null, "id": "region_621", "name": "private_0x0000000004400000", "norm_filename": null, "region_type": "private_memory", "start_va": 71303168, "timestamp": "00:00:41.182", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000622-addr_0x0000000004510000-size_0x00000000000f1000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_152", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 987136, "start_va": 72417280, "type": "region", "version": 1 }, "end_va": 73404415, "entry_point": 0, "filename": null, "id": "region_622", "name": "private_0x0000000004510000", "norm_filename": null, "region_type": "private_memory", "start_va": 72417280, "timestamp": "00:00:41.235", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000623-addr_0x0000000002700000-size_0x0000000000091000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_153", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 593920, "start_va": 40894464, "type": "region", "version": 1 }, "end_va": 41488383, "entry_point": 0, "filename": null, "id": "region_623", "name": "private_0x0000000002700000", "norm_filename": null, "region_type": "private_memory", "start_va": 40894464, "timestamp": "00:00:41.266", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000624-addr_0x0000000004610000-size_0x0000000000111000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_154", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1118208, "start_va": 73465856, "type": "region", "version": 1 }, "end_va": 74584063, "entry_point": 0, "filename": null, "id": "region_624", "name": "private_0x0000000004610000", "norm_filename": null, "region_type": "private_memory", "start_va": 73465856, "timestamp": "00:00:41.287", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000625-addr_0x0000000004730000-size_0x0000000000181000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_155", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1576960, "start_va": 74645504, "type": "region", "version": 1 }, "end_va": 76222463, "entry_point": 0, "filename": null, "id": "region_625", "name": "private_0x0000000004730000", "norm_filename": null, "region_type": "private_memory", "start_va": 74645504, "timestamp": "00:00:41.438", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000626-addr_0x00000000048c0000-size_0x0000000000101000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_156", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 76283904, "type": "region", "version": 1 }, "end_va": 77336575, "entry_point": 0, "filename": null, "id": "region_626", "name": "private_0x00000000048c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 76283904, "timestamp": "00:00:42.437", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000627-addr_0x00000000049d0000-size_0x0000000000400000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_157", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4194304, "start_va": 77398016, "type": "region", "version": 1 }, "end_va": 81592319, "entry_point": 0, "filename": null, "id": "region_627", "name": "private_0x00000000049d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 77398016, "timestamp": "00:00:42.437", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1951989760, "type": "region", "version": 1 }, "end_va": 1952079871, "entry_point": 1951989760, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_628", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1951989760, "timestamp": "00:00:42.437", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 29622272, "type": "region", "version": 1 }, "end_va": 29868031, "entry_point": 29622272, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_629", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 29622272, "timestamp": "00:00:42.446", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 245760, "start_va": 29622272, "type": "region", "version": 1 }, "end_va": 29868031, "entry_point": 29627021, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_630", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 29622272, "timestamp": "00:00:42.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1951727616, "type": "region", "version": 1 }, "end_va": 1951969279, "entry_point": 1951732365, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_634", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1951727616, "timestamp": "00:00:42.463", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000635-addr_0x0000000004dd0000-size_0x0000000000076000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_158", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 483328, "start_va": 81592320, "type": "region", "version": 1 }, "end_va": 82075647, "entry_point": 0, "filename": null, "id": "region_635", "name": "private_0x0000000004dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 81592320, "timestamp": "00:00:42.469", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1980563456, "type": "region", "version": 1 }, "end_va": 1981730815, "entry_point": 1980563456, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_636", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1980563456, "timestamp": "00:00:42.484", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1995702272, "type": "region", "version": 1 }, "end_va": 1995751423, "entry_point": 1995702272, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_637", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1995702272, "timestamp": "00:00:42.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1949958144, "type": "region", "version": 1 }, "end_va": 1950236671, "entry_point": 1949958144, "filename": "\\Windows\\SysWOW64\\dnsapi.dll", "id": "region_638", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1949958144, "timestamp": "00:00:42.511", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000639-addr_0x0000000004e50000-size_0x0000000000220000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_159", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2228224, "start_va": 82116608, "type": "region", "version": 1 }, "end_va": 84344831, "entry_point": 0, "filename": null, "id": "region_639", "name": "private_0x0000000004e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 82116608, "timestamp": "00:00:42.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1959329792, "type": "region", "version": 1 }, "end_va": 1959350271, "entry_point": 1959329792, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_640", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1959329792, "timestamp": "00:00:42.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1962147840, "type": "region", "version": 1 }, "end_va": 1975033855, "entry_point": 1962147840, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_641", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1962147840, "timestamp": "00:00:42.537", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1980170240, "type": "region", "version": 1 }, "end_va": 1980526591, "entry_point": 1980170240, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_642", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1980170240, "timestamp": "00:00:43.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 1949564928, "type": "region", "version": 1 }, "end_va": 1949925375, "entry_point": 1949564928, "filename": "\\Windows\\SysWOW64\\winhttp.dll", "id": "region_643", "name": "winhttp.dll", "norm_filename": "c:\\windows\\syswow64\\winhttp.dll", "region_type": "memory_mapped_file", "start_va": 1949564928, "timestamp": "00:00:43.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1949237248, "type": "region", "version": 1 }, "end_va": 1949560831, "entry_point": 1949237248, "filename": "\\Windows\\SysWOW64\\webio.dll", "id": "region_644", "name": "webio.dll", "norm_filename": "c:\\windows\\syswow64\\webio.dll", "region_type": "memory_mapped_file", "start_va": 1949237248, "timestamp": "00:00:43.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1638400, "start_va": 1947598848, "type": "region", "version": 1 }, "end_va": 1949237247, "entry_point": 1947598848, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll", "id": "region_645", "name": "gdiplus.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll", "region_type": "memory_mapped_file", "start_va": 1947598848, "timestamp": "00:00:43.407", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1947467776, "type": "region", "version": 1 }, "end_va": 1947537407, "entry_point": 1947467776, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_646", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1947467776, "timestamp": "00:00:43.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1947336704, "type": "region", "version": 1 }, "end_va": 1947439103, "entry_point": 1947336704, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_647", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1947336704, "timestamp": "00:00:43.445", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000648-addr_0x0000000000560000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_160", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 5636096, "type": "region", "version": 1 }, "end_va": 5640191, "entry_point": 0, "filename": null, "id": "region_648", "name": "private_0x0000000000560000", "norm_filename": null, "region_type": "private_memory", "start_va": 5636096, "timestamp": "00:00:43.462", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000649-addr_0x0000000004e50000-size_0x0000000000076000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_161", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 483328, "start_va": 82116608, "type": "region", "version": 1 }, "end_va": 82599935, "entry_point": 0, "filename": null, "id": "region_649", "name": "private_0x0000000004e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 82116608, "timestamp": "00:00:43.463", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000650-addr_0x0000000005030000-size_0x0000000000040000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_162", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 84082688, "type": "region", "version": 1 }, "end_va": 84344831, "entry_point": 0, "filename": null, "id": "region_650", "name": "private_0x0000000005030000", "norm_filename": null, "region_type": "private_memory", "start_va": 84082688, "timestamp": "00:00:43.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 29622272, "type": "region", "version": 1 }, "end_va": 29626367, "entry_point": 0, "filename": null, "id": "region_651", "name": "pagefile_0x0000000001c40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 29622272, "timestamp": "00:00:43.539", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 29687808, "type": "region", "version": 1 }, "end_va": 29949951, "entry_point": 0, "filename": null, "id": "region_652", "name": "private_0x0000000001c50000", "norm_filename": null, "region_type": "private_memory", "start_va": 29687808, "timestamp": "00:00:43.576", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000653-addr_0x0000000001c90000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_163", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 29949952, "type": "region", "version": 1 }, "end_va": 30015487, "entry_point": 0, "filename": null, "id": "region_653", "name": "private_0x0000000001c90000", "norm_filename": null, "region_type": "private_memory", "start_va": 29949952, "timestamp": "00:00:43.576", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 82640896, "type": "region", "version": 1 }, "end_va": 83689471, "entry_point": 0, "filename": null, "id": "region_654", "name": "private_0x0000000004ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 82640896, "timestamp": "00:00:43.576", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000655-addr_0x000000007ef4d000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_164", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2129973248, "type": "region", "version": 1 }, "end_va": 2129985535, "entry_point": 0, "filename": null, "id": "region_655", "name": "private_0x000000007ef4d000", "norm_filename": null, "region_type": "private_memory", "start_va": 2129973248, "timestamp": "00:00:43.577", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 35389440, "type": "region", "version": 1 }, "end_va": 35651583, "entry_point": 0, "filename": null, "id": "region_656", "name": "private_0x00000000021c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 35389440, "timestamp": "00:00:43.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 84344832, "type": "region", "version": 1 }, "end_va": 85393407, "entry_point": 0, "filename": null, "id": "region_657", "name": "private_0x0000000005070000", "norm_filename": null, "region_type": "private_memory", "start_va": 84344832, "timestamp": "00:00:43.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1947074560, "type": "region", "version": 1 }, "end_va": 1947320319, "entry_point": 1947074560, "filename": "\\Windows\\SysWOW64\\mswsock.dll", "id": "region_658", "name": "mswsock.dll", "norm_filename": "c:\\windows\\syswow64\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1947074560, "timestamp": "00:00:43.603", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000659-addr_0x000000007ef4a000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_165", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2129960960, "type": "region", "version": 1 }, "end_va": 2129973247, "entry_point": 0, "filename": null, "id": "region_659", "name": "private_0x000000007ef4a000", "norm_filename": null, "region_type": "private_memory", "start_va": 2129960960, "timestamp": "00:00:43.611", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000660-addr_0x0000000004fd0000-size_0x0000000000050000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_166", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 327680, "start_va": 83689472, "type": "region", "version": 1 }, "end_va": 84017151, "entry_point": 0, "filename": null, "id": "region_660", "name": "private_0x0000000004fd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 83689472, "timestamp": "00:00:43.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1947009024, "type": "region", "version": 1 }, "end_va": 1947029503, "entry_point": 1947009024, "filename": "\\Windows\\SysWOW64\\WSHTCPIP.DLL", "id": "region_661", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\syswow64\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 1947009024, "timestamp": "00:00:43.618", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 85393408, "type": "region", "version": 1 }, "end_va": 85655551, "entry_point": 0, "filename": null, "id": "region_662", "name": "private_0x0000000005170000", "norm_filename": null, "region_type": "private_memory", "start_va": 85393408, "timestamp": "00:00:44.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 85655552, "type": "region", "version": 1 }, "end_va": 86704127, "entry_point": 0, "filename": null, "id": "region_663", "name": "private_0x00000000051b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 85655552, "timestamp": "00:00:44.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 86704128, "type": "region", "version": 1 }, "end_va": 86966271, "entry_point": 0, "filename": null, "id": "region_664", "name": "private_0x00000000052b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 86704128, "timestamp": "00:00:44.364", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 86966272, "type": "region", "version": 1 }, "end_va": 88014847, "entry_point": 0, "filename": null, "id": "region_665", "name": "private_0x00000000052f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 86966272, "timestamp": "00:00:44.364", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000666-addr_0x000000007ef44000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_167", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2129936384, "type": "region", "version": 1 }, "end_va": 2129948671, "entry_point": 0, "filename": null, "id": "region_666", "name": "private_0x000000007ef44000", "norm_filename": null, "region_type": "private_memory", "start_va": 2129936384, "timestamp": "00:00:44.364", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000667-addr_0x000000007ef47000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_168", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2129948672, "type": "region", "version": 1 }, "end_va": 2129960959, "entry_point": 0, "filename": null, "id": "region_667", "name": "private_0x000000007ef47000", "norm_filename": null, "region_type": "private_memory", "start_va": 2129948672, "timestamp": "00:00:44.365", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000671-addr_0x000000007ef41000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_169", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2129924096, "type": "region", "version": 1 }, "end_va": 2129936383, "entry_point": 0, "filename": null, "id": "region_671", "name": "private_0x000000007ef41000", "norm_filename": null, "region_type": "private_memory", "start_va": 2129924096, "timestamp": "00:00:44.604", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000677-addr_0x000000007ef3e000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_170", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2129911808, "type": "region", "version": 1 }, "end_va": 2129924095, "entry_point": 0, "filename": null, "id": "region_677", "name": "private_0x000000007ef3e000", "norm_filename": null, "region_type": "private_memory", "start_va": 2129911808, "timestamp": "00:00:44.659", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000679-addr_0x00000000058c0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_171", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 93061120, "type": "region", "version": 1 }, "end_va": 93323263, "entry_point": 0, "filename": null, "id": "region_679", "name": "private_0x00000000058c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 93061120, "timestamp": "00:00:45.592", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000682-addr_0x000000007ef3b000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_172", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2129899520, "type": "region", "version": 1 }, "end_va": 2129911807, "entry_point": 0, "filename": null, "id": "region_682", "name": "private_0x000000007ef3b000", "norm_filename": null, "region_type": "private_memory", "start_va": 2129899520, "timestamp": "00:00:45.828", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000683-addr_0x0000000001c90000-size_0x0000000000009000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_173", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 36864, "start_va": 29949952, "type": "region", "version": 1 }, "end_va": 29986815, "entry_point": 0, "filename": null, "id": "region_683", "name": "private_0x0000000001c90000", "norm_filename": null, "region_type": "private_memory", "start_va": 29949952, "timestamp": "00:00:47.326", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000684-addr_0x0000000005870000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_174", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 92733440, "type": "region", "version": 1 }, "end_va": 92995583, "entry_point": 0, "filename": null, "id": "region_684", "name": "private_0x0000000005870000", "norm_filename": null, "region_type": "private_memory", "start_va": 92733440, "timestamp": "00:00:47.326", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000685-addr_0x0000000005900000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_175", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 93323264, "type": "region", "version": 1 }, "end_va": 94371839, "entry_point": 0, "filename": null, "id": "region_685", "name": "private_0x0000000005900000", "norm_filename": null, "region_type": "private_memory", "start_va": 93323264, "timestamp": "00:00:47.327", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000686-addr_0x000000007ef38000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_176", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2129887232, "type": "region", "version": 1 }, "end_va": 2129899519, "entry_point": 0, "filename": null, "id": "region_686", "name": "private_0x000000007ef38000", "norm_filename": null, "region_type": "private_memory", "start_va": 2129887232, "timestamp": "00:00:47.327", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000687-addr_0x0000000001c90000-size_0x000000000000a000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_177", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 40960, "start_va": 29949952, "type": "region", "version": 1 }, "end_va": 29990911, "entry_point": 0, "filename": null, "id": "region_687", "name": "private_0x0000000001c90000", "norm_filename": null, "region_type": "private_memory", "start_va": 29949952, "timestamp": "00:01:18.897", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000690-addr_0x000000007ef38000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_178", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2129887232, "type": "region", "version": 1 }, "end_va": 2129899519, "entry_point": 0, "filename": null, "id": "region_690", "name": "private_0x000000007ef38000", "norm_filename": null, "region_type": "private_memory", "start_va": 2129887232, "timestamp": "00:01:18.898", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000698-addr_0x0000000004fe0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_179", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 83755008, "type": "region", "version": 1 }, "end_va": 84017151, "entry_point": 0, "filename": null, "id": "region_698", "name": "private_0x0000000004fe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 83755008, "timestamp": "00:01:29.132", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000725-addr_0x0000000005a00000-size_0x0000000000200000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_190", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2097152, "start_va": 94371840, "type": "region", "version": 1 }, "end_va": 96468991, "entry_point": 0, "filename": null, "id": "region_725", "name": "private_0x0000000005a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 94371840, "timestamp": "00:01:29.466", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000726-addr_0x0000000005c00000-size_0x0000000000081000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_191", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 528384, "start_va": 96468992, "type": "region", "version": 1 }, "end_va": 96997375, "entry_point": 0, "filename": null, "id": "region_726", "name": "private_0x0000000005c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 96468992, "timestamp": "00:01:29.466", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\system32\\dllhost.exe\"", "filename": "c:\\windows\\syswow64\\dllhost.exe", "id": "proc_4", "image_name": "dllhost.exe", "monitor_reason": "child_process", "monitored_id": 4, "origin_monitor_id": 3, "ref_parent_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000004-region_00000707-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_180", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_707", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:29.440", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000708-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_181", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_708", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:29.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_709", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:29.440", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_710", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:29.446", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000711-addr_0x0000000000060000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_182", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_711", "name": "private_0x0000000000060000", "norm_filename": null, "region_type": "private_memory", "start_va": 393216, "timestamp": "00:01:29.447", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000712-addr_0x0000000000170000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_183", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1769471, "entry_point": 0, "filename": null, "id": "region_712", "name": "private_0x0000000000170000", "norm_filename": null, "region_type": "private_memory", "start_va": 1507328, "timestamp": "00:01:29.447", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000713-addr_0x00000000001f0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_184", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_713", "name": "private_0x00000000001f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2031616, "timestamp": "00:01:29.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 11206656, "type": "region", "version": 1 }, "end_va": 11227135, "entry_point": 11206656, "filename": "\\Windows\\SysWOW64\\dllhost.exe", "id": "region_714", "name": "dllhost.exe", "norm_filename": "c:\\windows\\syswow64\\dllhost.exe", "region_type": "memory_mapped_file", "start_va": 11206656, "timestamp": "00:01:29.447", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_715", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:01:29.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997471743, "entry_point": 1995898880, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_716", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:01:29.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_717", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:29.455", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000718-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_185", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_718", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:29.455", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000719-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_186", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_719", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:29.456", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000720-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_187", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_720", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:29.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_721", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:29.456", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000722-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_188", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_722", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:29.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_723", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:29.456", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000724-addr_0x0000000000070000-size_0x0000000000076000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_189", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 483328, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 942079, "entry_point": 0, "filename": null, "id": "region_724", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:29.457", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\system32\\dllhost.exe\"", "filename": "c:\\windows\\syswow64\\dllhost.exe", "id": "proc_5", "image_name": "dllhost.exe", "monitor_reason": "child_process", "monitored_id": 5, "origin_monitor_id": 3, "ref_parent_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000005-region_00000727-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_192", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_727", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:29.495", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000728-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_193", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_728", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:29.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_729", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:29.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_730", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:29.498", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000731-addr_0x0000000000060000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_194", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_731", "name": "private_0x0000000000060000", "norm_filename": null, "region_type": "private_memory", "start_va": 393216, "timestamp": "00:01:29.498", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000732-addr_0x0000000000090000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_195", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 851967, "entry_point": 0, "filename": null, "id": "region_732", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:29.498", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000733-addr_0x0000000000110000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_196", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1376255, "entry_point": 0, "filename": null, "id": "region_733", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:01:29.498", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 11206656, "type": "region", "version": 1 }, "end_va": 11227135, "entry_point": 11212297, "filename": "\\Windows\\SysWOW64\\dllhost.exe", "id": "region_734", "name": "dllhost.exe", "norm_filename": "c:\\windows\\syswow64\\dllhost.exe", "region_type": "memory_mapped_file", "start_va": 11206656, "timestamp": "00:01:29.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 1993932800, "type": "region", "version": 1 }, "end_va": 1995673599, "entry_point": 1993932800, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_735", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1993932800, "timestamp": "00:01:29.499", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 1995898880, "type": "region", "version": 1 }, "end_va": 1997471743, "entry_point": 1995898880, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_736", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1995898880, "timestamp": "00:01:29.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_737", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:29.500", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000738-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_197", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_738", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:29.500", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000739-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_198", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_739", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:29.501", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000740-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_199", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_740", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:29.501", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_741", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:29.501", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000742-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_200", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_742", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:29.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_743", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:29.502", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000744-addr_0x0000000000150000-size_0x0000000000076000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_201", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 483328, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1859583, "entry_point": 0, "filename": null, "id": "region_744", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:01:29.502", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000745-addr_0x00000000003a0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_202", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 4325375, "entry_point": 0, "filename": null, "id": "region_745", "name": "private_0x00000000003a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3801088, "timestamp": "00:01:29.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1951006720, "type": "region", "version": 1 }, "end_va": 1951039487, "entry_point": 1951015160, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_746", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1951006720, "timestamp": "00:01:29.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1951072256, "type": "region", "version": 1 }, "end_va": 1951449087, "entry_point": 1951332248, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_747", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1951072256, "timestamp": "00:01:29.529", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1951465472, "type": "region", "version": 1 }, "end_va": 1951723519, "entry_point": 1951653496, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_748", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1951465472, "timestamp": "00:01:29.530", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000749-addr_0x0000000076b70000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_203", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1991704576, "type": "region", "version": 1 }, "end_va": 1992728575, "entry_point": 0, "filename": null, "id": "region_749", "name": "private_0x0000000076b70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1991704576, "timestamp": "00:01:29.530", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1992753152, "type": "region", "version": 1 }, "end_va": 1993928703, "entry_point": 0, "filename": null, "id": "region_750", "name": "private_0x0000000076c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 1992753152, "timestamp": "00:01:29.531", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_751", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:29.552", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2322431, "entry_point": 1900544, "filename": "\\Windows\\System32\\locale.nls", "id": "region_752", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1900544, "timestamp": "00:01:29.552", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000753-addr_0x00000000005f0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_204", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 6225920, "type": "region", "version": 1 }, "end_va": 7274495, "entry_point": 0, "filename": null, "id": "region_753", "name": "private_0x00000000005f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6225920, "timestamp": "00:01:29.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1985961983, "entry_point": 1985705080, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_754", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:01:29.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1986002944, "type": "region", "version": 1 }, "end_va": 1987117055, "entry_point": 1986081491, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_755", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1986002944, "timestamp": "00:01:29.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_756", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:29.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_757", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:29.555", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1957429248, "type": "region", "version": 1 }, "end_va": 1957478399, "entry_point": 1957433569, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_758", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1957429248, "timestamp": "00:01:29.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957494784, "type": "region", "version": 1 }, "end_va": 1957887999, "entry_point": 1957602227, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_759", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1957494784, "timestamp": "00:01:29.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1959395328, "type": "region", "version": 1 }, "end_va": 1960443903, "entry_point": 1959507693, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_760", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1959395328, "timestamp": "00:01:29.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1960443904, "type": "region", "version": 1 }, "end_va": 1960484863, "entry_point": 1960457888, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_761", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1960443904, "timestamp": "00:01:29.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1961361408, "type": "region", "version": 1 }, "end_va": 1961463807, "entry_point": 1961380213, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_762", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1961361408, "timestamp": "00:01:29.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1961492480, "type": "region", "version": 1 }, "end_va": 1962147839, "entry_point": 1961576933, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_763", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1961492480, "timestamp": "00:01:29.567", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1978531840, "type": "region", "version": 1 }, "end_va": 1979514879, "entry_point": 1978598761, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_764", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978531840, "timestamp": "00:01:29.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1983840256, "type": "region", "version": 1 }, "end_va": 1984430079, "entry_point": 1983931203, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_765", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1983840256, "timestamp": "00:01:29.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1985019904, "type": "region", "version": 1 }, "end_va": 1985662975, "entry_point": 1985232855, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_766", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1985019904, "timestamp": "00:01:29.569", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1987117056, "type": "region", "version": 1 }, "end_va": 1988542463, "entry_point": 1987426877, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_767", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1987117056, "timestamp": "00:01:29.570", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1990459392, "type": "region", "version": 1 }, "end_va": 1991163903, "entry_point": 1990501490, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_768", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1990459392, "timestamp": "00:01:29.570", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000769-addr_0x00000000005a0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_205", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 5898240, "type": "region", "version": 1 }, "end_va": 5963775, "entry_point": 0, "filename": null, "id": "region_769", "name": "private_0x00000000005a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5898240, "timestamp": "00:01:29.577", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7274496, "type": "region", "version": 1 }, "end_va": 8880127, "entry_point": 0, "filename": null, "id": "region_770", "name": "pagefile_0x00000000006f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7274496, "timestamp": "00:01:29.577", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958281215, "entry_point": 1957959055, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_771", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:01:29.577", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1960509440, "type": "region", "version": 1 }, "end_va": 1961345023, "entry_point": 1960515211, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_772", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1960509440, "timestamp": "00:01:29.577", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000773-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_206", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_773", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:29.583", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000774-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_207", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_774", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:29.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8912896, "type": "region", "version": 1 }, "end_va": 10489855, "entry_point": 0, "filename": null, "id": "region_775", "name": "pagefile_0x0000000000880000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8912896, "timestamp": "00:01:29.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 11272192, "type": "region", "version": 1 }, "end_va": 32243711, "entry_point": 0, "filename": null, "id": "region_776", "name": "pagefile_0x0000000000ac0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11272192, "timestamp": "00:01:29.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1980563456, "type": "region", "version": 1 }, "end_va": 1981730815, "entry_point": 1980568970, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_777", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1980563456, "timestamp": "00:01:29.591", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1995702272, "type": "region", "version": 1 }, "end_va": 1995751423, "entry_point": 1995711374, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_778", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1995702272, "timestamp": "00:01:29.592", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1982791680, "type": "region", "version": 1 }, "end_va": 1983008767, "entry_point": 1982796893, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_779", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1982791680, "timestamp": "00:01:29.594", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1979514880, "type": "region", "version": 1 }, "end_va": 1979539455, "entry_point": 1979520898, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_780", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1979514880, "timestamp": "00:01:29.595", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 655360, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 3014655, "entry_point": 0, "filename": null, "id": "region_781", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:01:29.596", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1949958144, "type": "region", "version": 1 }, "end_va": 1950236671, "entry_point": 1950049273, "filename": "\\Windows\\SysWOW64\\dnsapi.dll", "id": "region_782", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1949958144, "timestamp": "00:01:29.599", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1441792, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 5767167, "entry_point": 0, "filename": null, "id": "region_783", "name": "private_0x0000000000420000", "norm_filename": null, "region_type": "private_memory", "start_va": 4325376, "timestamp": "00:01:29.600", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1959329792, "type": "region", "version": 1 }, "end_va": 1959350271, "entry_point": 1959334968, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_784", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1959329792, "timestamp": "00:01:29.601", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1962147840, "type": "region", "version": 1 }, "end_va": 1975033855, "entry_point": 1962677761, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_785", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1962147840, "timestamp": "00:01:29.603", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1980170240, "type": "region", "version": 1 }, "end_va": 1980526591, "entry_point": 1980275622, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_786", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1980170240, "timestamp": "00:01:29.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 360448, "start_va": 1949564928, "type": "region", "version": 1 }, "end_va": 1949925375, "entry_point": 1949569972, "filename": "\\Windows\\SysWOW64\\winhttp.dll", "id": "region_787", "name": "winhttp.dll", "norm_filename": "c:\\windows\\syswow64\\winhttp.dll", "region_type": "memory_mapped_file", "start_va": 1949564928, "timestamp": "00:01:29.607", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1949237248, "type": "region", "version": 1 }, "end_va": 1949560831, "entry_point": 1949242450, "filename": "\\Windows\\SysWOW64\\webio.dll", "id": "region_788", "name": "webio.dll", "norm_filename": "c:\\windows\\syswow64\\webio.dll", "region_type": "memory_mapped_file", "start_va": 1949237248, "timestamp": "00:01:29.608", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1638400, "start_va": 1947598848, "type": "region", "version": 1 }, "end_va": 1949237247, "entry_point": 1948241958, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\GdiPlus.dll", "id": "region_789", "name": "gdiplus.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\\gdiplus.dll", "region_type": "memory_mapped_file", "start_va": 1947598848, "timestamp": "00:01:29.613", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1947467776, "type": "region", "version": 1 }, "end_va": 1947537407, "entry_point": 1947472640, "filename": "\\Windows\\SysWOW64\\netapi32.dll", "id": "region_790", "name": "netapi32.dll", "norm_filename": "c:\\windows\\syswow64\\netapi32.dll", "region_type": "memory_mapped_file", "start_va": 1947467776, "timestamp": "00:01:29.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1952120832, "type": "region", "version": 1 }, "end_va": 1952157695, "entry_point": 1952126374, "filename": "\\Windows\\SysWOW64\\netutils.dll", "id": "region_791", "name": "netutils.dll", "norm_filename": "c:\\windows\\syswow64\\netutils.dll", "region_type": "memory_mapped_file", "start_va": 1952120832, "timestamp": "00:01:29.616", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1947336704, "type": "region", "version": 1 }, "end_va": 1947439103, "entry_point": 1947341593, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_792", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1947336704, "timestamp": "00:01:29.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1952251904, "type": "region", "version": 1 }, "end_va": 1952313343, "entry_point": 1952256673, "filename": "\\Windows\\SysWOW64\\wkscli.dll", "id": "region_793", "name": "wkscli.dll", "norm_filename": "c:\\windows\\syswow64\\wkscli.dll", "region_type": "memory_mapped_file", "start_va": 1952251904, "timestamp": "00:01:29.619", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 } ], "remarks": { "critical": [], "non_critical": [ { "comment": "The dump total size limit was reached during the analysis. Some memory dump may be missing in the reports. You can increase the limit in the configuration.", "id": 512, "type": "remark", "version": 1 } ], "type": "remarks", "version": 1 }, "sample_details": { "filename": "MYOB Supply Order.js", "id": 20109, "md5_hash": "a91f4575d5270ccb1257c5328bdadc3a", "sample_type": "jscript", "sha1_hash": "29b7ca174c735c54ea1e1aedbc98517e75f8cead", "sha256_hash": "24139566e338de0e3c54fba4668eab701caa9ee7c8853b2ab2e2746277c57857", "size": 7318, "type": "sample_details", "version": 1 }, "screenshots": [ { "screenshot_archive_path": "screenshots/screenshot_10200.png", "size": 63599, "thumbnail_archive_path": "screenshots/thumbnail_10200.png", "timestamp": "00:00:10.200", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_11994.png", "size": 50092, "thumbnail_archive_path": "screenshots/thumbnail_11994.png", "timestamp": "00:00:11.994", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_13035.png", "size": 57687, "thumbnail_archive_path": "screenshots/thumbnail_13035.png", "timestamp": "00:00:13.035", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_101559.png", "size": 54301, "thumbnail_archive_path": "screenshots/thumbnail_101559.png", "timestamp": "00:01:41.559", "type": "screenshot", "version": 1 } ], "type": "summary", "version": 1, "vm_and_analyzer_details": { "adobe_acrobat_reader_version": "not_installed", "analyzer_build_date": "2017-10-17 16:08", "analyzer_version": "2.2.0", "chrome_version": "58.0.3029.110", "firefox_version": "25.0", "flash_version": "10.3.183.75", "internet_explorer_version": "8.0.7601.17514", "java_version": "7.0.450", "microsoft_excel_version": "not_installed", "microsoft_office_version": "not_installed", "microsoft_power_point_version": "not_installed", "microsoft_project_version": "not_installed", "microsoft_publisher_version": "not_installed", "microsoft_visio_version": "not_installed", "microsoft_word_version": "not_installed", "silverlight_version": "not_installed", "type": "vm_and_analyzer_details", "version": 1, "vm_architecture": "x86_64-bit", "vm_kernel_version": "6.1.7601.17514_(3844dbb9-2017-4967-be7a-a4a2c20430fa)", "vm_name": null, "vm_os": "windows_7" }, "vti": { "type": "vti", "version": 1, "vti_built_in_rules_version": "2.6", "vti_rule_matches": [ { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "df7689e6-c49f-4a86-82e8-6809a406872a", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_1110", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"df7689e6-c49f-4a86-82e8-6809a406872a\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_detect_vm", "operation_desc": "Try to detect virtual machine", "ref_gfncalls": [ { "ref_id": "gfn_1457", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_detect_generic_vm_by_registry", "technique_desc": "Readout system information, commonly used to detect VMs via registry. (Value \"VendorIdentifier\" in key \"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\").", "technique_path": "built_in._anti_analysis._detect_vm.vmray_detect_generic_vm_by_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_system", "operation_desc": "Write into memory of another process", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory_system", "technique_desc": "\"c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\pst790mv.exe\" modifies memory of \"c:\\windows\\syswow64\\dllhost.exe\"", "technique_path": "built_in._injection._modify_memory_system.vmray_modify_memory_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_control_flow_system", "operation_desc": "Modify control flow of another process", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_control_flow_system", "technique_desc": "\"c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\pst790mv.exe\" alters context of \"c:\\windows\\syswow64\\dllhost.exe\"", "technique_path": "built_in._injection._modify_control_flow_system.vmray_modify_control_flow_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_check_external_ip", "operation_desc": "Check external IP address", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_check_external_ip", "technique_desc": "Check external IP by asking IP info service at \"httpbin.org/ip\".", "technique_path": "built_in._network._check_external_ip.vmray_check_external_ip", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_connect", "operation_desc": "Connect to remote host", "ref_gfncalls": [ { "ref_id": "gfn_1401", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_tcp_out_connection", "technique_desc": "Outgoing TCP connection to host \"192.99.181.10:443\".", "technique_path": "built_in._network._connect.vmray_tcp_out_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"https://moranaccountants-my.sharepoint.com/personal/lily_moranaccountants_com_au/_layouts/15/guestaccess.aspx?docid=03559bd7bd473450fab4c679cae4be913&authkey=AXWiRPNRVvwj9BsVKKyrAsc&e=259ca72ab9534857b5c3964310916b09\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"httpbin.org/ip\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\users\\5p5nrg~1\\appdata\\local\\temp\\pst790mv.exe\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_drop_pe_file", "operation_desc": "Drop PE file", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_drop_pe_file", "technique_desc": "Drop file \"c:\\programdata\\252e9d6f-46f0-4cf5-8686-f2a673c579a2\\af77746e-8a65-4302-8042-f6017918c669.dll\".", "technique_path": "built_in._pe._drop_pe_file.vmray_drop_pe_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_pe", "category_desc": "PE", "operation": "_execute_dropped_pe_file", "operation_desc": "Execute dropped PE file", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_execute_dropped_pe_file", "technique_desc": "Execute dropped file \"c:\\users\\5p5nrg~1\\appdata\\local\\temp\\pst790mv.exe\".", "technique_path": "built_in._pe._execute_dropped_pe_file.vmray_execute_dropped_pe_file", "type": "vti_rule_match", "version": 1 } ], "vti_rule_type": "Scripts", "vti_score": 100 }, "yara": { "apply_yara": true, "apply_yara_on_created_files": true, "apply_yara_on_modified_files": true, "apply_yara_on_pcap_file": true, "apply_yara_on_process_dumps": true, "apply_yara_on_sample_files": true, "match_count": 0, "matches": [], "ruleset_count": 7, "type": "yara", "version": 1 } }