VirtualBox

Ticket #19710: VBoxHardening.2.log

File VBoxHardening.2.log, 144.7 KB (added by RattleFire, 4 years ago)

background with interface

Line 
13e0c.2d34: Log file opened: 6.1.12r139181 g_hStartupLog=00000000000002a8 g_uNtVerCombined=0xa047ba00
23e0c.2d34: \SystemRoot\System32\ntdll.dll:
33e0c.2d34: CreationTime: 2020-07-27T09:29:22.468662600Z
43e0c.2d34: LastWriteTime: 2020-07-27T09:29:22.507631900Z
53e0c.2d34: ChangeTime: 2020-07-28T06:10:52.472083500Z
63e0c.2d34: FileAttributes: 0x20
73e0c.2d34: Size: 0x1e8460
83e0c.2d34: NT Headers: 0xd8
93e0c.2d34: Timestamp: 0xb29ecf52
103e0c.2d34: Machine: 0x8664 - amd64
113e0c.2d34: Timestamp: 0xb29ecf52
123e0c.2d34: Image Version: 10.0
133e0c.2d34: SizeOfImage: 0x1f0000 (2031616)
143e0c.2d34: Resource Dir: 0x17f000 LB 0x6f310
153e0c.2d34: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
163e0c.2d34: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
173e0c.2d34: ProductName: Microsoft® Windows® Operating System
183e0c.2d34: ProductVersion: 10.0.18362.815
193e0c.2d34: FileVersion: 10.0.18362.815 (WinBuild.160101.0800)
203e0c.2d34: FileDescription: NT Layer DLL
213e0c.2d34: \SystemRoot\System32\kernel32.dll:
223e0c.2d34: CreationTime: 2020-07-27T09:28:50.277970100Z
233e0c.2d34: LastWriteTime: 2020-07-27T09:28:50.294953700Z
243e0c.2d34: ChangeTime: 2020-07-28T06:10:41.051213400Z
253e0c.2d34: FileAttributes: 0x20
263e0c.2d34: Size: 0xb0498
273e0c.2d34: NT Headers: 0xe8
283e0c.2d34: Timestamp: 0xce6bbd73
293e0c.2d34: Machine: 0x8664 - amd64
303e0c.2d34: Timestamp: 0xce6bbd73
313e0c.2d34: Image Version: 10.0
323e0c.2d34: SizeOfImage: 0xb2000 (729088)
333e0c.2d34: Resource Dir: 0xb0000 LB 0x520
343e0c.2d34: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
353e0c.2d34: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
363e0c.2d34: ProductName: Microsoft® Windows® Operating System
373e0c.2d34: ProductVersion: 10.0.18362.959
383e0c.2d34: FileVersion: 10.0.18362.959 (WinBuild.160101.0800)
393e0c.2d34: FileDescription: Windows NT BASE API Client DLL
403e0c.2d34: \SystemRoot\System32\KernelBase.dll:
413e0c.2d34: CreationTime: 2020-07-27T09:29:23.091189900Z
423e0c.2d34: LastWriteTime: 2020-07-27T09:29:23.150058300Z
433e0c.2d34: ChangeTime: 2020-07-28T06:10:50.315875600Z
443e0c.2d34: FileAttributes: 0x20
453e0c.2d34: Size: 0x2a4058
463e0c.2d34: NT Headers: 0xf8
473e0c.2d34: Timestamp: 0x7b90c1b5
483e0c.2d34: Machine: 0x8664 - amd64
493e0c.2d34: Timestamp: 0x7b90c1b5
503e0c.2d34: Image Version: 10.0
513e0c.2d34: SizeOfImage: 0x2a4000 (2768896)
523e0c.2d34: Resource Dir: 0x27e000 LB 0x548
533e0c.2d34: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
543e0c.2d34: [Raw version resource data: 0x27e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
553e0c.2d34: ProductName: Microsoft® Windows® Operating System
563e0c.2d34: ProductVersion: 10.0.18362.959
573e0c.2d34: FileVersion: 10.0.18362.959 (WinBuild.160101.0800)
583e0c.2d34: FileDescription: Windows NT BASE API Client DLL
593e0c.2d34: \SystemRoot\System32\apisetschema.dll:
603e0c.2d34: CreationTime: 2019-03-19T04:43:54.837151500Z
613e0c.2d34: LastWriteTime: 2019-03-19T04:43:54.837151500Z
623e0c.2d34: ChangeTime: 2020-07-27T09:30:52.160553000Z
633e0c.2d34: FileAttributes: 0x20
643e0c.2d34: Size: 0x1d028
653e0c.2d34: NT Headers: 0xc8
663e0c.2d34: Timestamp: 0xd6ced080
673e0c.2d34: Machine: 0x8664 - amd64
683e0c.2d34: Timestamp: 0xd6ced080
693e0c.2d34: Image Version: 10.0
703e0c.2d34: SizeOfImage: 0x1e000 (122880)
713e0c.2d34: Resource Dir: 0x1d000 LB 0x408
723e0c.2d34: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
733e0c.2d34: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
743e0c.2d34: ProductName: Microsoft® Windows® Operating System
753e0c.2d34: ProductVersion: 10.0.18362.1
763e0c.2d34: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
773e0c.2d34: FileDescription: ApiSet Schema DLL
783e0c.2d34: NtOpenDirectoryObject failed on \Driver: 0xc0000022
793e0c.2d34: supR3HardenedWinFindAdversaries: 0x840
803e0c.2d34: \SystemRoot\System32\drivers\klflt.sys:
813e0c.2d34: CreationTime: 2020-03-06T08:53:28.856343500Z
823e0c.2d34: LastWriteTime: 2020-03-12T20:48:02.000000000Z
833e0c.2d34: ChangeTime: 2020-05-15T10:01:19.828084100Z
843e0c.2d34: FileAttributes: 0x20
853e0c.2d34: Size: 0x3f100
863e0c.2d34: NT Headers: 0xf8
873e0c.2d34: Timestamp: 0x5e6a66e9
883e0c.2d34: Machine: 0x8664 - amd64
893e0c.2d34: Timestamp: 0x5e6a66e9
903e0c.2d34: Image Version: 6.1
913e0c.2d34: SizeOfImage: 0x4d000 (315392)
923e0c.2d34: Resource Dir: 0x4a000 LB 0x430
933e0c.2d34: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
943e0c.2d34: [Raw version resource data: 0x4a060 LB 0x3d0, codepage 0x0 (reserved 0x0)]
953e0c.2d34: ProductName: Coretech Delivery
963e0c.2d34: ProductVersion: 30.289.132.0-e369c7d411
973e0c.2d34: FileVersion: 30.289.132.0
983e0c.2d34: FileDescription: Filter Core [fre_win7_x64]
993e0c.2d34: \SystemRoot\System32\drivers\klif.sys:
1003e0c.2d34: CreationTime: 2020-03-06T08:53:28.861361800Z
1013e0c.2d34: LastWriteTime: 2020-03-12T20:48:04.000000000Z
1023e0c.2d34: ChangeTime: 2020-05-15T10:01:19.795147700Z
1033e0c.2d34: FileAttributes: 0x20
1043e0c.2d34: Size: 0x12d500
1053e0c.2d34: NT Headers: 0x100
1063e0c.2d34: Timestamp: 0x5e6a6704
1073e0c.2d34: Machine: 0x8664 - amd64
1083e0c.2d34: Timestamp: 0x5e6a6704
1093e0c.2d34: Image Version: 6.1
1103e0c.2d34: SizeOfImage: 0x12f000 (1241088)
1113e0c.2d34: Resource Dir: 0x125000 LB 0x3410
1123e0c.2d34: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)]
1133e0c.2d34: [Raw version resource data: 0x128028 LB 0x3e8, codepage 0x0 (reserved 0x0)]
1143e0c.2d34: ProductName: Coretech Delivery
1153e0c.2d34: ProductVersion: 30.289.132.0-e369c7d411
1163e0c.2d34: FileVersion: 30.289.132.0
1173e0c.2d34: FileDescription: Core System Interceptors [fre_win7_x64]
1183e0c.2d34: \SystemRoot\System32\drivers\klim6.sys:
1193e0c.2d34: CreationTime: 2019-01-28T00:49:40.000000000Z
1203e0c.2d34: LastWriteTime: 2020-03-05T01:33:42.000000000Z
1213e0c.2d34: ChangeTime: 2020-05-15T10:01:20.628593700Z
1223e0c.2d34: FileAttributes: 0x20
1233e0c.2d34: Size: 0x159f0
1243e0c.2d34: NT Headers: 0xe0
1253e0c.2d34: Timestamp: 0x8c875967
1263e0c.2d34: Machine: 0x8664 - amd64
1273e0c.2d34: Timestamp: 0x8c875967
1283e0c.2d34: Image Version: 6.1
1293e0c.2d34: SizeOfImage: 0x12000 (73728)
1303e0c.2d34: Resource Dir: 0x10000 LB 0x448
1313e0c.2d34: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1323e0c.2d34: [Raw version resource data: 0x10060 LB 0x3e4, codepage 0x0 (reserved 0x0)]
1333e0c.2d34: ProductName: Coretech Delivery
1343e0c.2d34: ProductVersion: 30.289.126.0-2a58c6003b
1353e0c.2d34: FileVersion: 30.289.126.0
1363e0c.2d34: FileDescription: Packet Network Filter [fre_win7_x64]
1373e0c.2d34: \SystemRoot\System32\drivers\kneps.sys:
1383e0c.2d34: CreationTime: 2019-04-29T04:50:14.000000000Z
1393e0c.2d34: LastWriteTime: 2020-03-06T02:31:48.000000000Z
1403e0c.2d34: ChangeTime: 2020-05-15T10:01:20.486058100Z
1413e0c.2d34: FileAttributes: 0x20
1423e0c.2d34: Size: 0x44300
1433e0c.2d34: NT Headers: 0xf8
1443e0c.2d34: Timestamp: 0x359fc650
1453e0c.2d34: Machine: 0x8664 - amd64
1463e0c.2d34: Timestamp: 0x359fc650
1473e0c.2d34: Image Version: 6.1
1483e0c.2d34: SizeOfImage: 0x44000 (278528)
1493e0c.2d34: Resource Dir: 0x41000 LB 0x440
1503e0c.2d34: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1513e0c.2d34: [Raw version resource data: 0x41060 LB 0x3dc, codepage 0x0 (reserved 0x0)]
1523e0c.2d34: ProductName: Coretech Delivery
1533e0c.2d34: ProductVersion: 30.289.126.0-2a58c6003b
1543e0c.2d34: FileVersion: 30.289.126.0
1553e0c.2d34: FileDescription: Network Processor [fre_win7_x64]
1563e0c.2d34: \SystemRoot\System32\drivers\inspect.sys:
1573e0c.2d34: CreationTime: 2019-10-22T10:41:08.000000000Z
1583e0c.2d34: LastWriteTime: 2019-10-22T10:41:08.000000000Z
1593e0c.2d34: ChangeTime: 2019-12-12T12:56:19.421137100Z
1603e0c.2d34: FileAttributes: 0x20
1613e0c.2d34: Size: 0x137c8
1623e0c.2d34: NT Headers: 0xf8
1633e0c.2d34: Timestamp: 0x5cfbc135
1643e0c.2d34: Machine: 0x8664 - amd64
1653e0c.2d34: Timestamp: 0x5cfbc135
1663e0c.2d34: Image Version: 10.0
1673e0c.2d34: SizeOfImage: 0x14000 (81920)
1683e0c.2d34: Resource Dir: 0x12000 LB 0x690
1693e0c.2d34: [Version info resource found at 0x50! (ID/Name: 0x1; SubID/SubName: 0x409)]
1703e0c.2d34: [Raw version resource data: 0x12070 LB 0x2fc, codepage 0x0 (reserved 0x0)]
1713e0c.2d34: ProductName: DOZOR Agent
1723e0c.2d34: ProductVersion: 3.3.0.0
1733e0c.2d34: FileVersion: 1.0.1.3
1743e0c.2d34: FileDescription: Process Control Driver
1753e0c.2d34: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
1763e0c.2d34: Calling main()
1773e0c.2d34: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x3
1783e0c.2d34: supR3HardenedWinInitAppBin(0x3): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
1793e0c.2d34: System32: \Device\HarddiskVolume4\Windows\System32
1803e0c.2d34: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
1813e0c.2d34: KnownDllPath: C:\WINDOWS\System32
1823e0c.2d34: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1833e0c.2d34: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
1843e0c.2d34: supR3HardNtEnableThreadCreationEx:
1853e0c.2d34: bcrypt.dll loaded at 00007fff6ccd0000, BCryptOpenAlgorithmProvider at 00007fff6ccd4c70, preloading providers:
1863e0c.2d34: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000076c980)
1873e0c.2d34: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000076af80)
1883e0c.2d34: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000774030)
1893e0c.2d34: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000773490)
1903e0c.2d34: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000775290)
1913e0c.2d34: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000775590)
1923e0c.2d34: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000076fa10)
1933e0c.2d34: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000007f72e0)
1943e0c.2d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1953e0c.2d34: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000803300
1963e0c.2d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000803300
1973e0c.2d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F110B40CF67FEF4EFA84C23431B3B42233E381F
1983e0c.2d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-Package0416~31bf3856ad364e35~amd64~~10.0.18362.959.cat'; file='\SystemRoot\System32\ntdll.dll'
1993e0c.2d34: g_pfnWinVerifyTrust=00007fff6cc561f0
2003e0c.2d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #32 'msasn1.dll'.
2013e0c.2d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll) WinVerifyTrust
2023e0c.2d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
2033e0c.2d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2043e0c.2d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
2053e0c.2d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
2063e0c.2d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
2073e0c.2d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll) WinVerifyTrust
2083e0c.2d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
2093e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x55c4ef205ae3d700 Email=ssl@server.9tv.co.il, CN=archive.9tv.co.il
2103e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
2113e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x52f35a23ad43e700 Email=ssl@server.9tv.co.il, CN=www.archive.9tv.co.il
2123e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
2133e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
2143e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
2153e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
2163e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xdee05e72d2fce000 CN=spb2wks002.puls.local
2173e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
2183e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xbee9d764924fbb00 O=AO Kaspersky Lab, CN=Kaspersky Endpoint Security Personal Root Certificate
2193e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x996f072e2fa7ec00 CN=spb2wks002.puls.local
2203e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xd140ebc339a98a2f CN=WZTeam
2213e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x39c174e2854aa600 CN=TRASSIR
2223e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xf27194c5fa02d100 C=EN, CN=DigiCert SHA2 Extended Validation Server CA 2
2233e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
2243e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xf3bb4d7e894b420 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC TS Root Certificate Authority 2018
2253e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
2263e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
2273e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
2283e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xca58a05dd401ae00 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Time Stamp Root Certificate Authority 2014
2293e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
2303e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x50bb81640c01cb00 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
2313e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
2323e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
2333e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
2343e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
2353e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
2363e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
2373e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x9403a4b8727eb000 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
2383e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
2393e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
2403e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
2413e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
2423e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
2433e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
2443e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
2453e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
2463e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
2473e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
2483e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
2493e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
2503e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
2513e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
2523e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
2533e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
2543e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
2553e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
2563e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
2573e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
2583e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xcec3d46562b9be8e C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft ECC Product Root Certificate Authority 2018
2593e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
2603e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
2613e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x37c8415723cdb100 DC=local, DC=puls, CN=PULS-CA
2623e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xe207b6374ba7a700 DC=local, DC=puls, CN=puls-RDP1-CA
2633e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xea2fcc21464fba00 DC=local, DC=puls, CN=serv-p
2643e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x74d616fa7976c000 DC=local, DC=puls, CN=serv-p
2653e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x70d86403035daa00 DC=local, DC=puls, CN=PULS-SERV2-P-CA
2663e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x50b559415accb800 DC=local, DC=puls, CN=PULS-SERV2-P-CA
2673e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x5e9001153632c500 DC=local, DC=puls, CN=serv-p
2683e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x1622ad47ddeec900 DC=local, DC=puls, CN=serv-p
2693e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xfe1db9b6ec9e9000 DC=local, DC=puls, CN=PULS-CA
2703e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x627454ff6824be00 DC=local, DC=puls, CN=PULS-SERV2-P-CA
2713e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0x70d86403035daa00 DC=local, DC=puls, CN=PULS-SERV2-P-CA
2723e0c.2d34: supR3HardenedWinIsDesiredRootCA: Adding 0xe18c1732f20ab00 DC=local, DC=puls, CN=puls-V-PRINT-SRV-CA
2733e0c.2d34: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=64
2743e0c.2d34: SUPR3HardenedMain: Load Runtime...
2753e0c.2d34: SUPR3HardenedMain: Load TrustedMain...
2763e0c.2d34: SUPR3HardenedMain: Calling TrustedMain (00007fff1e4616c0)...
2773204.4414: Log file opened: 6.1.12r139181 g_hStartupLog=00000000000002b0 g_uNtVerCombined=0xa047ba00
2783204.4414: \SystemRoot\System32\ntdll.dll:
2793204.4414: CreationTime: 2020-07-27T09:29:22.468662600Z
2803204.4414: LastWriteTime: 2020-07-27T09:29:22.507631900Z
2813204.4414: ChangeTime: 2020-07-28T06:10:52.472083500Z
2823204.4414: FileAttributes: 0x20
2833204.4414: Size: 0x1e8460
2843204.4414: NT Headers: 0xd8
2853204.4414: Timestamp: 0xb29ecf52
2863204.4414: Machine: 0x8664 - amd64
2873204.4414: Timestamp: 0xb29ecf52
2883204.4414: Image Version: 10.0
2893204.4414: SizeOfImage: 0x1f0000 (2031616)
2903204.4414: Resource Dir: 0x17f000 LB 0x6f310
2913204.4414: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
2923204.4414: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
2933204.4414: ProductName: Microsoft® Windows® Operating System
2943204.4414: ProductVersion: 10.0.18362.815
2953204.4414: FileVersion: 10.0.18362.815 (WinBuild.160101.0800)
2963204.4414: FileDescription: NT Layer DLL
2973204.4414: \SystemRoot\System32\kernel32.dll:
2983204.4414: CreationTime: 2020-07-27T09:28:50.277970100Z
2993204.4414: LastWriteTime: 2020-07-27T09:28:50.294953700Z
3003204.4414: ChangeTime: 2020-07-28T06:10:41.051213400Z
3013204.4414: FileAttributes: 0x20
3023204.4414: Size: 0xb0498
3033204.4414: NT Headers: 0xe8
3043204.4414: Timestamp: 0xce6bbd73
3053204.4414: Machine: 0x8664 - amd64
3063204.4414: Timestamp: 0xce6bbd73
3073204.4414: Image Version: 10.0
3083204.4414: SizeOfImage: 0xb2000 (729088)
3093204.4414: Resource Dir: 0xb0000 LB 0x520
3103204.4414: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3113204.4414: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3123204.4414: ProductName: Microsoft® Windows® Operating System
3133204.4414: ProductVersion: 10.0.18362.959
3143204.4414: FileVersion: 10.0.18362.959 (WinBuild.160101.0800)
3153204.4414: FileDescription: Windows NT BASE API Client DLL
3163204.4414: \SystemRoot\System32\KernelBase.dll:
3173204.4414: CreationTime: 2020-07-27T09:29:23.091189900Z
3183204.4414: LastWriteTime: 2020-07-27T09:29:23.150058300Z
3193204.4414: ChangeTime: 2020-07-28T06:10:50.315875600Z
3203204.4414: FileAttributes: 0x20
3213204.4414: Size: 0x2a4058
3223204.4414: NT Headers: 0xf8
3233204.4414: Timestamp: 0x7b90c1b5
3243204.4414: Machine: 0x8664 - amd64
3253204.4414: Timestamp: 0x7b90c1b5
3263204.4414: Image Version: 10.0
3273204.4414: SizeOfImage: 0x2a4000 (2768896)
3283204.4414: Resource Dir: 0x27e000 LB 0x548
3293204.4414: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3303204.4414: [Raw version resource data: 0x27e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
3313204.4414: ProductName: Microsoft® Windows® Operating System
3323204.4414: ProductVersion: 10.0.18362.959
3333204.4414: FileVersion: 10.0.18362.959 (WinBuild.160101.0800)
3343204.4414: FileDescription: Windows NT BASE API Client DLL
3353204.4414: \SystemRoot\System32\apisetschema.dll:
3363204.4414: CreationTime: 2019-03-19T04:43:54.837151500Z
3373204.4414: LastWriteTime: 2019-03-19T04:43:54.837151500Z
3383204.4414: ChangeTime: 2020-07-27T09:30:52.160553000Z
3393204.4414: FileAttributes: 0x20
3403204.4414: Size: 0x1d028
3413204.4414: NT Headers: 0xc8
3423204.4414: Timestamp: 0xd6ced080
3433204.4414: Machine: 0x8664 - amd64
3443204.4414: Timestamp: 0xd6ced080
3453204.4414: Image Version: 10.0
3463204.4414: SizeOfImage: 0x1e000 (122880)
3473204.4414: Resource Dir: 0x1d000 LB 0x408
3483204.4414: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3493204.4414: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
3503204.4414: ProductName: Microsoft® Windows® Operating System
3513204.4414: ProductVersion: 10.0.18362.1
3523204.4414: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
3533204.4414: FileDescription: ApiSet Schema DLL
3543204.4414: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3553204.4414: supR3HardenedWinFindAdversaries: 0x840
3563204.4414: \SystemRoot\System32\drivers\klflt.sys:
3573204.4414: CreationTime: 2020-03-06T08:53:28.856343500Z
3583204.4414: LastWriteTime: 2020-03-12T20:48:02.000000000Z
3593204.4414: ChangeTime: 2020-05-15T10:01:19.828084100Z
3603204.4414: FileAttributes: 0x20
3613204.4414: Size: 0x3f100
3623204.4414: NT Headers: 0xf8
3633204.4414: Timestamp: 0x5e6a66e9
3643204.4414: Machine: 0x8664 - amd64
3653204.4414: Timestamp: 0x5e6a66e9
3663204.4414: Image Version: 6.1
3673204.4414: SizeOfImage: 0x4d000 (315392)
3683204.4414: Resource Dir: 0x4a000 LB 0x430
3693204.4414: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3703204.4414: [Raw version resource data: 0x4a060 LB 0x3d0, codepage 0x0 (reserved 0x0)]
3713204.4414: ProductName: Coretech Delivery
3723204.4414: ProductVersion: 30.289.132.0-e369c7d411
3733204.4414: FileVersion: 30.289.132.0
3743204.4414: FileDescription: Filter Core [fre_win7_x64]
3753204.4414: \SystemRoot\System32\drivers\klif.sys:
3763204.4414: CreationTime: 2020-03-06T08:53:28.861361800Z
3773204.4414: LastWriteTime: 2020-03-12T20:48:04.000000000Z
3783204.4414: ChangeTime: 2020-05-15T10:01:19.795147700Z
3793204.4414: FileAttributes: 0x20
3803204.4414: Size: 0x12d500
3813204.4414: NT Headers: 0x100
3823204.4414: Timestamp: 0x5e6a6704
3833204.4414: Machine: 0x8664 - amd64
3843204.4414: Timestamp: 0x5e6a6704
3853204.4414: Image Version: 6.1
3863204.4414: SizeOfImage: 0x12f000 (1241088)
3873204.4414: Resource Dir: 0x125000 LB 0x3410
3883204.4414: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)]
3893204.4414: [Raw version resource data: 0x128028 LB 0x3e8, codepage 0x0 (reserved 0x0)]
3903204.4414: ProductName: Coretech Delivery
3913204.4414: ProductVersion: 30.289.132.0-e369c7d411
3923204.4414: FileVersion: 30.289.132.0
3933204.4414: FileDescription: Core System Interceptors [fre_win7_x64]
3943204.4414: \SystemRoot\System32\drivers\klim6.sys:
3953204.4414: CreationTime: 2019-01-28T00:49:40.000000000Z
3963204.4414: LastWriteTime: 2020-03-05T01:33:42.000000000Z
3973204.4414: ChangeTime: 2020-05-15T10:01:20.628593700Z
3983204.4414: FileAttributes: 0x20
3993204.4414: Size: 0x159f0
4003204.4414: NT Headers: 0xe0
4013204.4414: Timestamp: 0x8c875967
4023204.4414: Machine: 0x8664 - amd64
4033204.4414: Timestamp: 0x8c875967
4043204.4414: Image Version: 6.1
4053204.4414: SizeOfImage: 0x12000 (73728)
4063204.4414: Resource Dir: 0x10000 LB 0x448
4073204.4414: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4083204.4414: [Raw version resource data: 0x10060 LB 0x3e4, codepage 0x0 (reserved 0x0)]
4093204.4414: ProductName: Coretech Delivery
4103204.4414: ProductVersion: 30.289.126.0-2a58c6003b
4113204.4414: FileVersion: 30.289.126.0
4123204.4414: FileDescription: Packet Network Filter [fre_win7_x64]
4133204.4414: \SystemRoot\System32\drivers\kneps.sys:
4143204.4414: CreationTime: 2019-04-29T04:50:14.000000000Z
4153204.4414: LastWriteTime: 2020-03-06T02:31:48.000000000Z
4163204.4414: ChangeTime: 2020-05-15T10:01:20.486058100Z
4173204.4414: FileAttributes: 0x20
4183204.4414: Size: 0x44300
4193204.4414: NT Headers: 0xf8
4203204.4414: Timestamp: 0x359fc650
4213204.4414: Machine: 0x8664 - amd64
4223204.4414: Timestamp: 0x359fc650
4233204.4414: Image Version: 6.1
4243204.4414: SizeOfImage: 0x44000 (278528)
4253204.4414: Resource Dir: 0x41000 LB 0x440
4263204.4414: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4273204.4414: [Raw version resource data: 0x41060 LB 0x3dc, codepage 0x0 (reserved 0x0)]
4283204.4414: ProductName: Coretech Delivery
4293204.4414: ProductVersion: 30.289.126.0-2a58c6003b
4303204.4414: FileVersion: 30.289.126.0
4313204.4414: FileDescription: Network Processor [fre_win7_x64]
4323204.4414: \SystemRoot\System32\drivers\inspect.sys:
4333204.4414: CreationTime: 2019-10-22T10:41:08.000000000Z
4343204.4414: LastWriteTime: 2019-10-22T10:41:08.000000000Z
4353204.4414: ChangeTime: 2019-12-12T12:56:19.421137100Z
4363204.4414: FileAttributes: 0x20
4373204.4414: Size: 0x137c8
4383204.4414: NT Headers: 0xf8
4393204.4414: Timestamp: 0x5cfbc135
4403204.4414: Machine: 0x8664 - amd64
4413204.4414: Timestamp: 0x5cfbc135
4423204.4414: Image Version: 10.0
4433204.4414: SizeOfImage: 0x14000 (81920)
4443204.4414: Resource Dir: 0x12000 LB 0x690
4453204.4414: [Version info resource found at 0x50! (ID/Name: 0x1; SubID/SubName: 0x409)]
4463204.4414: [Raw version resource data: 0x12070 LB 0x2fc, codepage 0x0 (reserved 0x0)]
4473204.4414: ProductName: DOZOR Agent
4483204.4414: ProductVersion: 3.3.0.0
4493204.4414: FileVersion: 1.0.1.3
4503204.4414: FileDescription: Process Control Driver
4513204.4414: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
4523204.4414: Calling main()
4533204.4414: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
4543204.4414: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
4553204.4414: SUPR3HardenedMain: Respawn #1
4563204.4414: System32: \Device\HarddiskVolume4\Windows\System32
4573204.4414: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
4583204.4414: KnownDllPath: C:\WINDOWS\System32
4593204.4414: supR3HardenedWinInit: Performing a limited self purification...
4603204.4414: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
4613204.4414: *0000000000000000-0000000000d9ffff 0x0001/0x0000 0x0000000
4623204.4414: *0000000000da0000-0000000000daffff 0x0004/0x0004 0x0040000
4633204.4414: *0000000000db0000-0000000000db0fff 0x0004/0x0004 0x0020000
4643204.4414: 0000000000db1000-0000000000dbffff 0x0001/0x0000 0x0000000
4653204.4414: *0000000000dc0000-0000000000ddafff 0x0002/0x0002 0x0040000
4663204.4414: 0000000000ddb000-0000000000ddffff 0x0001/0x0000 0x0000000
4673204.4414: *0000000000de0000-0000000000de0fff 0x0020/0x0020 0x0020000 !!
4683204.4414: 0000000000de1000-0000000000deffff 0x0001/0x0000 0x0000000
4693204.4414: *0000000000df0000-0000000000df3fff 0x0002/0x0002 0x0040000
4703204.4414: 0000000000df4000-0000000000dfffff 0x0001/0x0000 0x0000000
4713204.4414: *0000000000e00000-0000000000f5afff 0x0000/0x0004 0x0020000
4723204.4414: 0000000000f5b000-0000000000f65fff 0x0004/0x0004 0x0020000
4733204.4414: 0000000000f66000-0000000000ffffff 0x0000/0x0004 0x0020000
4743204.4414: *0000000001000000-00000000010b0fff 0x0000/0x0004 0x0020000
4753204.4414: 00000000010b1000-00000000010b3fff 0x0104/0x0004 0x0020000
4763204.4414: 00000000010b4000-00000000010fffff 0x0004/0x0004 0x0020000
4773204.4414: *0000000001100000-0000000001101fff 0x0004/0x0004 0x0020000
4783204.4414: 0000000001102000-000000000110ffff 0x0001/0x0000 0x0000000
4793204.4414: *0000000001110000-0000000001111fff 0x0004/0x0004 0x0020000
4803204.4414: 0000000001112000-0000000001141fff 0x0000/0x0004 0x0020000
4813204.4414: 0000000001142000-000000000114ffff 0x0001/0x0000 0x0000000
4823204.4414: *0000000001150000-0000000001153fff 0x0002/0x0002 0x0040000
4833204.4414: 0000000001154000-0000000001157fff 0x0000/0x0002 0x0040000
4843204.4414: 0000000001158000-000000000115ffff 0x0001/0x0000 0x0000000
4853204.4414: *0000000001160000-0000000001160fff 0x0004/0x0004 0x0020000
4863204.4414: 0000000001161000-0000000001191fff 0x0000/0x0004 0x0020000
4873204.4414: 0000000001192000-000000000119ffff 0x0001/0x0000 0x0000000
4883204.4414: *00000000011a0000-0000000001219fff 0x0004/0x0004 0x0020000
4893204.4414: 000000000121a000-000000000121afff 0x0000/0x0004 0x0020000
4903204.4414: 000000000121b000-000000000122dfff 0x0004/0x0004 0x0020000
4913204.4414: 000000000122e000-0000000001230fff 0x0000/0x0004 0x0020000
4923204.4414: 0000000001231000-0000000001235fff 0x0004/0x0004 0x0020000
4933204.4414: 0000000001236000-0000000001238fff 0x0000/0x0004 0x0020000
4943204.4414: 0000000001239000-000000000123afff 0x0004/0x0004 0x0020000
4953204.4414: 000000000123b000-0000000001250fff 0x0000/0x0004 0x0020000
4963204.4414: 0000000001251000-0000000001251fff 0x0004/0x0004 0x0020000
4973204.4414: 0000000001252000-000000000129ffff 0x0000/0x0004 0x0020000
4983204.4414: *00000000012a0000-0000000001366fff 0x0002/0x0002 0x0040000
4993204.4414: 0000000001367000-000000000136ffff 0x0001/0x0000 0x0000000
5003204.4414: *0000000001370000-000000000146afff 0x0000/0x0004 0x0020000
5013204.4414: 000000000146b000-000000000146dfff 0x0104/0x0004 0x0020000
5023204.4414: 000000000146e000-000000000146ffff 0x0004/0x0004 0x0020000
5033204.4414: *0000000001470000-000000000156afff 0x0000/0x0004 0x0020000
5043204.4414: 000000000156b000-000000000156dfff 0x0104/0x0004 0x0020000
5053204.4414: 000000000156e000-000000000156ffff 0x0004/0x0004 0x0020000
5063204.4414: *0000000001570000-000000000166afff 0x0000/0x0004 0x0020000
5073204.4414: 000000000166b000-000000000166dfff 0x0104/0x0004 0x0020000
5083204.4414: 000000000166e000-000000000166ffff 0x0004/0x0004 0x0020000
5093204.4414: *0000000001670000-0000000001683fff 0x0002/0x0002 0x0040000
5103204.4414: 0000000001684000-000000000186ffff 0x0000/0x0002 0x0040000
5113204.4414: *0000000001870000-00000000019f0fff 0x0002/0x0002 0x0040000
5123204.4414: 00000000019f1000-00000000019fffff 0x0001/0x0000 0x0000000
5133204.4414: *0000000001a00000-0000000001aa0fff 0x0002/0x0002 0x0040000
5143204.4414: 0000000001aa1000-0000000002e00fff 0x0000/0x0002 0x0040000
5153204.4414: 0000000002e01000-0000000002e0ffff 0x0001/0x0000 0x0000000
5163204.4414: *0000000002e10000-0000000002f0bfff 0x0000/0x0004 0x0020000
5173204.4414: 0000000002f0c000-0000000002f0efff 0x0104/0x0004 0x0020000
5183204.4414: 0000000002f0f000-0000000002f0ffff 0x0004/0x0004 0x0020000
5193204.4414: *0000000002f10000-0000000002f11fff 0x0004/0x0004 0x0020000
5203204.4414: 0000000002f12000-0000000002f41fff 0x0000/0x0004 0x0020000
5213204.4414: 0000000002f42000-0000000002f7ffff 0x0001/0x0000 0x0000000
5223204.4414: *0000000002f80000-0000000002f83fff 0x0004/0x0004 0x0020000
5233204.4414: 0000000002f84000-0000000002f8ffff 0x0000/0x0004 0x0020000
5243204.4414: 0000000002f90000-0000000002f9ffff 0x0001/0x0000 0x0000000
5253204.4414: *0000000002fa0000-0000000002fa6fff 0x0004/0x0004 0x0020000
5263204.4414: 0000000002fa7000-0000000002faffff 0x0000/0x0004 0x0020000
5273204.4414: *0000000002fb0000-00000000043b0fff 0x0004/0x0004 0x0040000
5283204.4414: 00000000043b1000-00000000043bffff 0x0001/0x0000 0x0000000
5293204.4414: *00000000043c0000-00000000046f6fff 0x0002/0x0002 0x0040000
5303204.4414: 00000000046f7000-00000000046fffff 0x0001/0x0000 0x0000000
5313204.4414: *0000000004700000-000000000471cfff 0x0004/0x0004 0x0020000
5323204.4414: 000000000471d000-00000000047fffff 0x0000/0x0004 0x0020000
5333204.4414: 0000000004800000-0000000004acffff 0x0001/0x0000 0x0000000
5343204.4414: *0000000004ad0000-0000000004adefff 0x0004/0x0004 0x0020000
5353204.4414: 0000000004adf000-0000000004adffff 0x0000/0x0004 0x0020000
5363204.4414: *0000000004ae0000-0000000004ae9fff 0x0000/0x0004 0x0020000
5373204.4414: 0000000004aea000-0000000004cdafff 0x0004/0x0004 0x0020000
5383204.4414: 0000000004cdb000-0000000004cdbfff 0x0000/0x0004 0x0020000
5393204.4414: 0000000004cdc000-000000007ffdffff 0x0001/0x0000 0x0000000
5403204.4414: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
5413204.4414: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
5423204.4414: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
5433204.4414: 000000007fff0000-00007ff43b86ffff 0x0001/0x0000 0x0000000
5443204.4414: *00007ff43b870000-00007ff43b874fff 0x0002/0x0002 0x0040000
5453204.4414: 00007ff43b875000-00007ff43b96ffff 0x0000/0x0002 0x0040000
5463204.4414: *00007ff43b970000-00007ff53b98ffff 0x0000/0x0004 0x0020000
5473204.4414: *00007ff53b990000-00007ff53d98ffff 0x0000/0x0004 0x0020000
5483204.4414: 00007ff53d990000-00007ff53d990fff 0x0004/0x0004 0x0020000
5493204.4414: 00007ff53d991000-00007ff53d99ffff 0x0001/0x0000 0x0000000
5503204.4414: *00007ff53d9a0000-00007ff53d9a0fff 0x0002/0x0002 0x0040000
5513204.4414: 00007ff53d9a1000-00007ff53d9affff 0x0001/0x0000 0x0000000
5523204.4414: *00007ff53d9b0000-00007ff53d9d2fff 0x0002/0x0002 0x0040000
5533204.4414: 00007ff53d9d3000-00007ff62c2effff 0x0001/0x0000 0x0000000
5543204.4414: *00007ff62c2f0000-00007ff62c2f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5553204.4414: 00007ff62c2f1000-00007ff62c366fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5563204.4414: 00007ff62c367000-00007ff62c367fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5573204.4414: 00007ff62c368000-00007ff62c3affff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5583204.4414: 00007ff62c3b0000-00007ff62c3b2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5593204.4414: 00007ff62c3b3000-00007ff62c3b5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5603204.4414: 00007ff62c3b6000-00007ff62c3b8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5613204.4414: 00007ff62c3b9000-00007ff62c3b9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5623204.4414: 00007ff62c3ba000-00007ff62c3bbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5633204.4414: 00007ff62c3bc000-00007ff62c3bcfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5643204.4414: 00007ff62c3bd000-00007ff62c405fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
5653204.4414: 00007ff62c406000-00007fff6815ffff 0x0001/0x0000 0x0000000
5663204.4414: *00007fff68160000-00007fff68160fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\samcli.dll
5673204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68160000 LB 0x1000 (base 00007fff68160000) - 'samcli.dll'
5683204.4414: 00007fff68161000-00007fff6816efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\samcli.dll
5693204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68161000 LB 0xe000 (base 00007fff68160000) - 'samcli.dll'
5703204.4414: 00007fff6816f000-00007fff68172fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\samcli.dll
5713204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6816f000 LB 0x4000 (base 00007fff68160000) - 'samcli.dll'
5723204.4414: 00007fff68173000-00007fff68173fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\samcli.dll
5733204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68173000 LB 0x1000 (base 00007fff68160000) - 'samcli.dll'
5743204.4414: 00007fff68174000-00007fff68177fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\samcli.dll
5753204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68174000 LB 0x4000 (base 00007fff68160000) - 'samcli.dll'
5763204.4414: 00007fff68178000-00007fff6817ffff 0x0001/0x0000 0x0000000
5773204.4414: *00007fff68180000-00007fff68180fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
5783204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68180000 LB 0x1000 (base 00007fff68180000) - 'winmmbase.dll'
5793204.4414: 00007fff68181000-00007fff6819cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
5803204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68181000 LB 0x1c000 (base 00007fff68180000) - 'winmmbase.dll'
5813204.4414: 00007fff6819d000-00007fff681a5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
5823204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6819d000 LB 0x9000 (base 00007fff68180000) - 'winmmbase.dll'
5833204.4414: 00007fff681a6000-00007fff681a7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
5843204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681a6000 LB 0x2000 (base 00007fff68180000) - 'winmmbase.dll'
5853204.4414: 00007fff681a8000-00007fff681acfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
5863204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681a8000 LB 0x5000 (base 00007fff68180000) - 'winmmbase.dll'
5873204.4414: 00007fff681ad000-00007fff681affff 0x0001/0x0000 0x0000000
5883204.4414: *00007fff681b0000-00007fff681b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\mpr.dll
5893204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681b0000 LB 0x1000 (base 00007fff681b0000) - 'mpr.dll'
5903204.4414: 00007fff681b1000-00007fff681c0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\mpr.dll
5913204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681b1000 LB 0x10000 (base 00007fff681b0000) - 'mpr.dll'
5923204.4414: 00007fff681c1000-00007fff681c5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\mpr.dll
5933204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681c1000 LB 0x5000 (base 00007fff681b0000) - 'mpr.dll'
5943204.4414: 00007fff681c6000-00007fff681c6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\mpr.dll
5953204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681c6000 LB 0x1000 (base 00007fff681b0000) - 'mpr.dll'
5963204.4414: 00007fff681c7000-00007fff681cafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\mpr.dll
5973204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681c7000 LB 0x4000 (base 00007fff681b0000) - 'mpr.dll'
5983204.4414: 00007fff681cb000-00007fff681cffff 0x0001/0x0000 0x0000000
5993204.4414: *00007fff681d0000-00007fff681d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\netapi32.dll
6003204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681d0000 LB 0x1000 (base 00007fff681d0000) - 'netapi32.dll'
6013204.4414: 00007fff681d1000-00007fff681dafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\netapi32.dll
6023204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681d1000 LB 0xa000 (base 00007fff681d0000) - 'netapi32.dll'
6033204.4414: 00007fff681db000-00007fff681e1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\netapi32.dll
6043204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681db000 LB 0x7000 (base 00007fff681d0000) - 'netapi32.dll'
6053204.4414: 00007fff681e2000-00007fff681e2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\netapi32.dll
6063204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681e2000 LB 0x1000 (base 00007fff681d0000) - 'netapi32.dll'
6073204.4414: 00007fff681e3000-00007fff681e6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\netapi32.dll
6083204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681e3000 LB 0x4000 (base 00007fff681d0000) - 'netapi32.dll'
6093204.4414: 00007fff681e7000-00007fff681effff 0x0001/0x0000 0x0000000
6103204.4414: *00007fff681f0000-00007fff681f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msacm32.dll
6113204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681f0000 LB 0x1000 (base 00007fff681f0000) - 'msacm32.dll'
6123204.4414: 00007fff681f1000-00007fff68201fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msacm32.dll
6133204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681f1000 LB 0x11000 (base 00007fff681f0000) - 'msacm32.dll'
6143204.4414: 00007fff68202000-00007fff68206fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msacm32.dll
6153204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68202000 LB 0x5000 (base 00007fff681f0000) - 'msacm32.dll'
6163204.4414: 00007fff68207000-00007fff68207fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msacm32.dll
6173204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68207000 LB 0x1000 (base 00007fff681f0000) - 'msacm32.dll'
6183204.4414: 00007fff68208000-00007fff6820bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msacm32.dll
6193204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68208000 LB 0x4000 (base 00007fff681f0000) - 'msacm32.dll'
6203204.4414: 00007fff6820c000-00007fff6821ffff 0x0001/0x0000 0x0000000
6213204.4414: *00007fff68220000-00007fff68220fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\version.dll
6223204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68220000 LB 0x1000 (base 00007fff68220000) - 'version.dll'
6233204.4414: 00007fff68221000-00007fff68223fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\version.dll
6243204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68221000 LB 0x3000 (base 00007fff68220000) - 'version.dll'
6253204.4414: 00007fff68224000-00007fff68225fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\version.dll
6263204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68224000 LB 0x2000 (base 00007fff68220000) - 'version.dll'
6273204.4414: 00007fff68226000-00007fff68226fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\version.dll
6283204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68226000 LB 0x1000 (base 00007fff68220000) - 'version.dll'
6293204.4414: 00007fff68227000-00007fff68229fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\version.dll
6303204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68227000 LB 0x3000 (base 00007fff68220000) - 'version.dll'
6313204.4414: 00007fff6822a000-00007fff68acffff 0x0001/0x0000 0x0000000
6323204.4414: *00007fff68ad0000-00007fff68ad0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\UMInterceptors_x64.dll
6333204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68ad0000 LB 0x1000 (base 00007fff68ad0000) - 'UMInterceptors_x64.dll'
6343204.4414: 00007fff68ad1000-00007fff68c39fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\UMInterceptors_x64.dll
6353204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68ad1000 LB 0x169000 (base 00007fff68ad0000) - 'UMInterceptors_x64.dll'
6363204.4414: 00007fff68c3a000-00007fff68cbefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\UMInterceptors_x64.dll
6373204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68c3a000 LB 0x85000 (base 00007fff68ad0000) - 'UMInterceptors_x64.dll'
6383204.4414: 00007fff68cbf000-00007fff68cc0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\UMInterceptors_x64.dll
6393204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68cbf000 LB 0x2000 (base 00007fff68ad0000) - 'UMInterceptors_x64.dll'
6403204.4414: 00007fff68cc1000-00007fff68cc3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\UMInterceptors_x64.dll
6413204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68cc1000 LB 0x3000 (base 00007fff68ad0000) - 'UMInterceptors_x64.dll'
6423204.4414: 00007fff68cc4000-00007fff68cc6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\UMInterceptors_x64.dll
6433204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68cc4000 LB 0x3000 (base 00007fff68ad0000) - 'UMInterceptors_x64.dll'
6443204.4414: 00007fff68cc7000-00007fff68cdcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\UMInterceptors_x64.dll
6453204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68cc7000 LB 0x16000 (base 00007fff68ad0000) - 'UMInterceptors_x64.dll'
6463204.4414: 00007fff68cdd000-00007fff6bb3ffff 0x0001/0x0000 0x0000000
6473204.4414: *00007fff6bb40000-00007fff6bb40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
6483204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6bb40000 LB 0x1000 (base 00007fff6bb40000) - 'IPHLPAPI.DLL'
6493204.4414: 00007fff6bb41000-00007fff6bb69fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
6503204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6bb41000 LB 0x29000 (base 00007fff6bb40000) - 'IPHLPAPI.DLL'
6513204.4414: 00007fff6bb6a000-00007fff6bb73fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
6523204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6bb6a000 LB 0xa000 (base 00007fff6bb40000) - 'IPHLPAPI.DLL'
6533204.4414: 00007fff6bb74000-00007fff6bb74fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
6543204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6bb74000 LB 0x1000 (base 00007fff6bb40000) - 'IPHLPAPI.DLL'
6553204.4414: 00007fff6bb75000-00007fff6bb79fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
6563204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6bb75000 LB 0x5000 (base 00007fff6bb40000) - 'IPHLPAPI.DLL'
6573204.4414: 00007fff6bb7a000-00007fff6c61ffff 0x0001/0x0000 0x0000000
6583204.4414: *00007fff6c620000-00007fff6c620fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\umpdc.dll
6593204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c620000 LB 0x1000 (base 00007fff6c620000) - 'umpdc.dll'
6603204.4414: 00007fff6c621000-00007fff6c628fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\umpdc.dll
6613204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c621000 LB 0x8000 (base 00007fff6c620000) - 'umpdc.dll'
6623204.4414: 00007fff6c629000-00007fff6c62bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\umpdc.dll
6633204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c629000 LB 0x3000 (base 00007fff6c620000) - 'umpdc.dll'
6643204.4414: 00007fff6c62c000-00007fff6c62cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\umpdc.dll
6653204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c62c000 LB 0x1000 (base 00007fff6c620000) - 'umpdc.dll'
6663204.4414: 00007fff6c62d000-00007fff6c62ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\umpdc.dll
6673204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c62d000 LB 0x3000 (base 00007fff6c620000) - 'umpdc.dll'
6683204.4414: 00007fff6c630000-00007fff6c64ffff 0x0001/0x0000 0x0000000
6693204.4414: *00007fff6c650000-00007fff6c650fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
6703204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c650000 LB 0x1000 (base 00007fff6c650000) - 'kernel.appcore.dll'
6713204.4414: 00007fff6c651000-00007fff6c654fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
6723204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c651000 LB 0x4000 (base 00007fff6c650000) - 'kernel.appcore.dll'
6733204.4414: 00007fff6c655000-00007fff6c65bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
6743204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c655000 LB 0x7000 (base 00007fff6c650000) - 'kernel.appcore.dll'
6753204.4414: 00007fff6c65c000-00007fff6c65cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
6763204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c65c000 LB 0x1000 (base 00007fff6c650000) - 'kernel.appcore.dll'
6773204.4414: 00007fff6c65d000-00007fff6c660fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
6783204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c65d000 LB 0x4000 (base 00007fff6c650000) - 'kernel.appcore.dll'
6793204.4414: 00007fff6c661000-00007fff6c66ffff 0x0001/0x0000 0x0000000
6803204.4414: *00007fff6c670000-00007fff6c670fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\powrprof.dll
6813204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c670000 LB 0x1000 (base 00007fff6c670000) - 'powrprof.dll'
6823204.4414: 00007fff6c671000-00007fff6c681fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\powrprof.dll
6833204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c671000 LB 0x11000 (base 00007fff6c670000) - 'powrprof.dll'
6843204.4414: 00007fff6c682000-00007fff6c68bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\powrprof.dll
6853204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c682000 LB 0xa000 (base 00007fff6c670000) - 'powrprof.dll'
6863204.4414: 00007fff6c68c000-00007fff6c68cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\powrprof.dll
6873204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c68c000 LB 0x1000 (base 00007fff6c670000) - 'powrprof.dll'
6883204.4414: 00007fff6c68d000-00007fff6c6b9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\powrprof.dll
6893204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c68d000 LB 0x2d000 (base 00007fff6c670000) - 'powrprof.dll'
6903204.4414: 00007fff6c6ba000-00007fff6c6bffff 0x0001/0x0000 0x0000000
6913204.4414: *00007fff6c6c0000-00007fff6c6c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\profapi.dll
6923204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c6c0000 LB 0x1000 (base 00007fff6c6c0000) - 'profapi.dll'
6933204.4414: 00007fff6c6c1000-00007fff6c6d4fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\profapi.dll
6943204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c6c1000 LB 0x14000 (base 00007fff6c6c0000) - 'profapi.dll'
6953204.4414: 00007fff6c6d5000-00007fff6c6dcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\profapi.dll
6963204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c6d5000 LB 0x8000 (base 00007fff6c6c0000) - 'profapi.dll'
6973204.4414: 00007fff6c6dd000-00007fff6c6ddfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\profapi.dll
6983204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c6dd000 LB 0x1000 (base 00007fff6c6c0000) - 'profapi.dll'
6993204.4414: 00007fff6c6de000-00007fff6c6e2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\profapi.dll
7003204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c6de000 LB 0x5000 (base 00007fff6c6c0000) - 'profapi.dll'
7013204.4414: 00007fff6c6e3000-00007fff6c6effff 0x0001/0x0000 0x0000000
7023204.4414: *00007fff6c6f0000-00007fff6c6f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\win32u.dll
7033204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c6f0000 LB 0x1000 (base 00007fff6c6f0000) - 'win32u.dll'
7043204.4414: 00007fff6c6f1000-00007fff6c6fafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\win32u.dll
7053204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c6f1000 LB 0xa000 (base 00007fff6c6f0000) - 'win32u.dll'
7063204.4414: 00007fff6c6fb000-00007fff6c709fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\win32u.dll
7073204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c6fb000 LB 0xf000 (base 00007fff6c6f0000) - 'win32u.dll'
7083204.4414: 00007fff6c70a000-00007fff6c70afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\win32u.dll
7093204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c70a000 LB 0x1000 (base 00007fff6c6f0000) - 'win32u.dll'
7103204.4414: 00007fff6c70b000-00007fff6c710fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\win32u.dll
7113204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c70b000 LB 0x6000 (base 00007fff6c6f0000) - 'win32u.dll'
7123204.4414: 00007fff6c711000-00007fff6c7cffff 0x0001/0x0000 0x0000000
7133204.4414: *00007fff6c7d0000-00007fff6c7d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
7143204.4414: 00007fff6c7d1000-00007fff6c8d5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
7153204.4414: 00007fff6c8d6000-00007fff6ca38fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
7163204.4414: 00007fff6ca39000-00007fff6ca3cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
7173204.4414: 00007fff6ca3d000-00007fff6ca3dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
7183204.4414: 00007fff6ca3e000-00007fff6ca73fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
7193204.4414: 00007fff6ca74000-00007fff6ca7ffff 0x0001/0x0000 0x0000000
7203204.4414: *00007fff6ca80000-00007fff6ca80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
7213204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ca80000 LB 0x1000 (base 00007fff6ca80000) - 'ucrtbase.dll'
7223204.4414: 00007fff6ca81000-00007fff6cb31fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
7233204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ca81000 LB 0xb1000 (base 00007fff6ca80000) - 'ucrtbase.dll'
7243204.4414: 00007fff6cb32000-00007fff6cb69fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
7253204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cb32000 LB 0x38000 (base 00007fff6ca80000) - 'ucrtbase.dll'
7263204.4414: 00007fff6cb6a000-00007fff6cb6cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
7273204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cb6a000 LB 0x3000 (base 00007fff6ca80000) - 'ucrtbase.dll'
7283204.4414: 00007fff6cb6d000-00007fff6cb79fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
7293204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cb6d000 LB 0xd000 (base 00007fff6ca80000) - 'ucrtbase.dll'
7303204.4414: 00007fff6cb7a000-00007fff6cb7ffff 0x0001/0x0000 0x0000000
7313204.4414: *00007fff6cb80000-00007fff6cb80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
7323204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cb80000 LB 0x1000 (base 00007fff6cb80000) - 'cfgmgr32.dll'
7333204.4414: 00007fff6cb81000-00007fff6cbb3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
7343204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cb81000 LB 0x33000 (base 00007fff6cb80000) - 'cfgmgr32.dll'
7353204.4414: 00007fff6cbb4000-00007fff6cbc1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
7363204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cbb4000 LB 0xe000 (base 00007fff6cb80000) - 'cfgmgr32.dll'
7373204.4414: 00007fff6cbc2000-00007fff6cbc2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
7383204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cbc2000 LB 0x1000 (base 00007fff6cb80000) - 'cfgmgr32.dll'
7393204.4414: 00007fff6cbc3000-00007fff6cbc3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
7403204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cbc3000 LB 0x1000 (base 00007fff6cb80000) - 'cfgmgr32.dll'
7413204.4414: 00007fff6cbc4000-00007fff6cbc9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
7423204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cbc4000 LB 0x6000 (base 00007fff6cb80000) - 'cfgmgr32.dll'
7433204.4414: 00007fff6cbca000-00007fff6cbcffff 0x0001/0x0000 0x0000000
7443204.4414: *00007fff6cbd0000-00007fff6cbd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
7453204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cbd0000 LB 0x1000 (base 00007fff6cbd0000) - 'bcryptprimitives.dll'
7463204.4414: 00007fff6cbd1000-00007fff6cc36fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
7473204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cbd1000 LB 0x66000 (base 00007fff6cbd0000) - 'bcryptprimitives.dll'
7483204.4414: 00007fff6cc37000-00007fff6cc49fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
7493204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cc37000 LB 0x13000 (base 00007fff6cbd0000) - 'bcryptprimitives.dll'
7503204.4414: 00007fff6cc4a000-00007fff6cc4afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
7513204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cc4a000 LB 0x1000 (base 00007fff6cbd0000) - 'bcryptprimitives.dll'
7523204.4414: 00007fff6cc4b000-00007fff6cc4ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
7533204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cc4b000 LB 0x5000 (base 00007fff6cbd0000) - 'bcryptprimitives.dll'
7543204.4414: 00007fff6cc50000-00007fff6ccaffff 0x0001/0x0000 0x0000000
7553204.4414: *00007fff6ccb0000-00007fff6ccb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
7563204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccb0000 LB 0x1000 (base 00007fff6ccb0000) - 'cryptsp.dll'
7573204.4414: 00007fff6ccb1000-00007fff6ccbbfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
7583204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccb1000 LB 0xb000 (base 00007fff6ccb0000) - 'cryptsp.dll'
7593204.4414: 00007fff6ccbc000-00007fff6ccc1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
7603204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccbc000 LB 0x6000 (base 00007fff6ccb0000) - 'cryptsp.dll'
7613204.4414: 00007fff6ccc2000-00007fff6ccc2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
7623204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccc2000 LB 0x1000 (base 00007fff6ccb0000) - 'cryptsp.dll'
7633204.4414: 00007fff6ccc3000-00007fff6ccc6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
7643204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccc3000 LB 0x4000 (base 00007fff6ccb0000) - 'cryptsp.dll'
7653204.4414: 00007fff6ccc7000-00007fff6cccffff 0x0001/0x0000 0x0000000
7663204.4414: *00007fff6ccd0000-00007fff6ccd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
7673204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccd0000 LB 0x1000 (base 00007fff6ccd0000) - 'bcrypt.dll'
7683204.4414: 00007fff6ccd1000-00007fff6cce9fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
7693204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccd1000 LB 0x19000 (base 00007fff6ccd0000) - 'bcrypt.dll'
7703204.4414: 00007fff6ccea000-00007fff6cceffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
7713204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccea000 LB 0x6000 (base 00007fff6ccd0000) - 'bcrypt.dll'
7723204.4414: 00007fff6ccf0000-00007fff6ccf0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
7733204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccf0000 LB 0x1000 (base 00007fff6ccd0000) - 'bcrypt.dll'
7743204.4414: 00007fff6ccf1000-00007fff6ccf5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
7753204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccf1000 LB 0x5000 (base 00007fff6ccd0000) - 'bcrypt.dll'
7763204.4414: 00007fff6ccf6000-00007fff6ce4ffff 0x0001/0x0000 0x0000000
7773204.4414: *00007fff6ce50000-00007fff6ce50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
7783204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ce50000 LB 0x1000 (base 00007fff6ce50000) - 'windows.storage.dll'
7793204.4414: 00007fff6ce51000-00007fff6d396fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
7803204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ce51000 LB 0x546000 (base 00007fff6ce50000) - 'windows.storage.dll'
7813204.4414: 00007fff6d397000-00007fff6d553fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
7823204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d397000 LB 0x1bd000 (base 00007fff6ce50000) - 'windows.storage.dll'
7833204.4414: 00007fff6d554000-00007fff6d560fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
7843204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d554000 LB 0xd000 (base 00007fff6ce50000) - 'windows.storage.dll'
7853204.4414: 00007fff6d561000-00007fff6d561fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
7863204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d561000 LB 0x1000 (base 00007fff6ce50000) - 'windows.storage.dll'
7873204.4414: 00007fff6d562000-00007fff6d5d1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
7883204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d562000 LB 0x70000 (base 00007fff6ce50000) - 'windows.storage.dll'
7893204.4414: 00007fff6d5d2000-00007fff6d5dffff 0x0001/0x0000 0x0000000
7903204.4414: *00007fff6d5e0000-00007fff6d5e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
7913204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d5e0000 LB 0x1000 (base 00007fff6d5e0000) - 'gdi32full.dll'
7923204.4414: 00007fff6d5e1000-00007fff6d6b2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
7933204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d5e1000 LB 0xd2000 (base 00007fff6d5e0000) - 'gdi32full.dll'
7943204.4414: 00007fff6d6b3000-00007fff6d753fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
7953204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d6b3000 LB 0xa1000 (base 00007fff6d5e0000) - 'gdi32full.dll'
7963204.4414: 00007fff6d754000-00007fff6d757fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
7973204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d754000 LB 0x4000 (base 00007fff6d5e0000) - 'gdi32full.dll'
7983204.4414: 00007fff6d758000-00007fff6d758fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
7993204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d758000 LB 0x1000 (base 00007fff6d5e0000) - 'gdi32full.dll'
8003204.4414: 00007fff6d759000-00007fff6d775fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
8013204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d759000 LB 0x1d000 (base 00007fff6d5e0000) - 'gdi32full.dll'
8023204.4414: 00007fff6d776000-00007fff6d77ffff 0x0001/0x0000 0x0000000
8033204.4414: *00007fff6d780000-00007fff6d780fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
8043204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d780000 LB 0x1000 (base 00007fff6d780000) - 'msvcp_win.dll'
8053204.4414: 00007fff6d781000-00007fff6d7d4fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
8063204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d781000 LB 0x54000 (base 00007fff6d780000) - 'msvcp_win.dll'
8073204.4414: 00007fff6d7d5000-00007fff6d811fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
8083204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d7d5000 LB 0x3d000 (base 00007fff6d780000) - 'msvcp_win.dll'
8093204.4414: 00007fff6d812000-00007fff6d812fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
8103204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d812000 LB 0x1000 (base 00007fff6d780000) - 'msvcp_win.dll'
8113204.4414: 00007fff6d813000-00007fff6d815fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
8123204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d813000 LB 0x3000 (base 00007fff6d780000) - 'msvcp_win.dll'
8133204.4414: 00007fff6d816000-00007fff6d81dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
8143204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d816000 LB 0x8000 (base 00007fff6d780000) - 'msvcp_win.dll'
8153204.4414: 00007fff6d81e000-00007fff6d83ffff 0x0001/0x0000 0x0000000
8163204.4414: *00007fff6d840000-00007fff6d840fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\setupapi.dll
8173204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d840000 LB 0x1000 (base 00007fff6d840000) - 'setupapi.dll'
8183204.4414: 00007fff6d841000-00007fff6d918fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\setupapi.dll
8193204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d841000 LB 0xd8000 (base 00007fff6d840000) - 'setupapi.dll'
8203204.4414: 00007fff6d919000-00007fff6d953fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\setupapi.dll
8213204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d919000 LB 0x3b000 (base 00007fff6d840000) - 'setupapi.dll'
8223204.4414: 00007fff6d954000-00007fff6d955fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\setupapi.dll
8233204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d954000 LB 0x2000 (base 00007fff6d840000) - 'setupapi.dll'
8243204.4414: 00007fff6d956000-00007fff6dcaffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\setupapi.dll
8253204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d956000 LB 0x35a000 (base 00007fff6d840000) - 'setupapi.dll'
8263204.4414: 00007fff6dcb0000-00007fff6dd9ffff 0x0001/0x0000 0x0000000
8273204.4414: *00007fff6dda0000-00007fff6dda0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
8283204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6dda0000 LB 0x1000 (base 00007fff6dda0000) - 'advapi32.dll'
8293204.4414: 00007fff6dda1000-00007fff6ddfffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
8303204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6dda1000 LB 0x5f000 (base 00007fff6dda0000) - 'advapi32.dll'
8313204.4414: 00007fff6de00000-00007fff6de34fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
8323204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6de00000 LB 0x35000 (base 00007fff6dda0000) - 'advapi32.dll'
8333204.4414: 00007fff6de35000-00007fff6de35fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
8343204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6de35000 LB 0x1000 (base 00007fff6dda0000) - 'advapi32.dll'
8353204.4414: 00007fff6de36000-00007fff6de36fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
8363204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6de36000 LB 0x1000 (base 00007fff6dda0000) - 'advapi32.dll'
8373204.4414: 00007fff6de37000-00007fff6de38fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
8383204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6de37000 LB 0x2000 (base 00007fff6dda0000) - 'advapi32.dll'
8393204.4414: 00007fff6de39000-00007fff6de39fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
8403204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6de39000 LB 0x1000 (base 00007fff6dda0000) - 'advapi32.dll'
8413204.4414: 00007fff6de3a000-00007fff6de42fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
8423204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6de3a000 LB 0x9000 (base 00007fff6dda0000) - 'advapi32.dll'
8433204.4414: 00007fff6de43000-00007fff6e10ffff 0x0001/0x0000 0x0000000
8443204.4414: *00007fff6e110000-00007fff6e110fff 0x0040/0x0040 0x0020000 !!
8453204.4414: 00007fff6e111000-00007fff6e11ffff 0x0001/0x0000 0x0000000
8463204.4414: *00007fff6e120000-00007fff6e120fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
8473204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e120000 LB 0x1000 (base 00007fff6e120000) - 'msvcrt.dll'
8483204.4414: 00007fff6e121000-00007fff6e195fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
8493204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e121000 LB 0x75000 (base 00007fff6e120000) - 'msvcrt.dll'
8503204.4414: 00007fff6e196000-00007fff6e1aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
8513204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e196000 LB 0x19000 (base 00007fff6e120000) - 'msvcrt.dll'
8523204.4414: 00007fff6e1af000-00007fff6e1b0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
8533204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e1af000 LB 0x2000 (base 00007fff6e120000) - 'msvcrt.dll'
8543204.4414: 00007fff6e1b1000-00007fff6e1b3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
8553204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e1b1000 LB 0x3000 (base 00007fff6e120000) - 'msvcrt.dll'
8563204.4414: 00007fff6e1b4000-00007fff6e1b5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
8573204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e1b4000 LB 0x2000 (base 00007fff6e120000) - 'msvcrt.dll'
8583204.4414: 00007fff6e1b6000-00007fff6e1b6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
8593204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e1b6000 LB 0x1000 (base 00007fff6e120000) - 'msvcrt.dll'
8603204.4414: 00007fff6e1b7000-00007fff6e1bdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
8613204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e1b7000 LB 0x7000 (base 00007fff6e120000) - 'msvcrt.dll'
8623204.4414: 00007fff6e1be000-00007fff6e1bffff 0x0001/0x0000 0x0000000
8633204.4414: *00007fff6e1c0000-00007fff6e1c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\SHCore.dll
8643204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e1c0000 LB 0x1000 (base 00007fff6e1c0000) - 'SHCore.dll'
8653204.4414: 00007fff6e1c1000-00007fff6e231fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\SHCore.dll
8663204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e1c1000 LB 0x71000 (base 00007fff6e1c0000) - 'SHCore.dll'
8673204.4414: 00007fff6e232000-00007fff6e257fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\SHCore.dll
8683204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e232000 LB 0x26000 (base 00007fff6e1c0000) - 'SHCore.dll'
8693204.4414: 00007fff6e258000-00007fff6e259fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\SHCore.dll
8703204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e258000 LB 0x2000 (base 00007fff6e1c0000) - 'SHCore.dll'
8713204.4414: 00007fff6e25a000-00007fff6e268fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\SHCore.dll
8723204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e25a000 LB 0xf000 (base 00007fff6e1c0000) - 'SHCore.dll'
8733204.4414: 00007fff6e269000-00007fff6e26ffff 0x0001/0x0000 0x0000000
8743204.4414: *00007fff6e270000-00007fff6e270fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\combase.dll
8753204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e270000 LB 0x1000 (base 00007fff6e270000) - 'combase.dll'
8763204.4414: 00007fff6e271000-00007fff6e48efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\combase.dll
8773204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e271000 LB 0x21e000 (base 00007fff6e270000) - 'combase.dll'
8783204.4414: 00007fff6e48f000-00007fff6e551fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\combase.dll
8793204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e48f000 LB 0xc3000 (base 00007fff6e270000) - 'combase.dll'
8803204.4414: 00007fff6e552000-00007fff6e557fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\combase.dll
8813204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e552000 LB 0x6000 (base 00007fff6e270000) - 'combase.dll'
8823204.4414: 00007fff6e558000-00007fff6e5a4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\combase.dll
8833204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e558000 LB 0x4d000 (base 00007fff6e270000) - 'combase.dll'
8843204.4414: 00007fff6e5a5000-00007fff6e5affff 0x0001/0x0000 0x0000000
8853204.4414: *00007fff6e5b0000-00007fff6e5b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32.dll
8863204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e5b0000 LB 0x1000 (base 00007fff6e5b0000) - 'gdi32.dll'
8873204.4414: 00007fff6e5b1000-00007fff6e5bcfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32.dll
8883204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e5b1000 LB 0xc000 (base 00007fff6e5b0000) - 'gdi32.dll'
8893204.4414: 00007fff6e5bd000-00007fff6e5cffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32.dll
8903204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e5bd000 LB 0x13000 (base 00007fff6e5b0000) - 'gdi32.dll'
8913204.4414: 00007fff6e5d0000-00007fff6e5d0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32.dll
8923204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e5d0000 LB 0x1000 (base 00007fff6e5b0000) - 'gdi32.dll'
8933204.4414: 00007fff6e5d1000-00007fff6e5d5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32.dll
8943204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e5d1000 LB 0x5000 (base 00007fff6e5b0000) - 'gdi32.dll'
8953204.4414: 00007fff6e5d6000-00007fff6e5dffff 0x0001/0x0000 0x0000000
8963204.4414: *00007fff6e5e0000-00007fff6e5e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
8973204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e5e0000 LB 0x1000 (base 00007fff6e5e0000) - 'ws2_32.dll'
8983204.4414: 00007fff6e5e1000-00007fff6e627fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
8993204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e5e1000 LB 0x47000 (base 00007fff6e5e0000) - 'ws2_32.dll'
9003204.4414: 00007fff6e628000-00007fff6e635fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
9013204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e628000 LB 0xe000 (base 00007fff6e5e0000) - 'ws2_32.dll'
9023204.4414: 00007fff6e636000-00007fff6e636fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
9033204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e636000 LB 0x1000 (base 00007fff6e5e0000) - 'ws2_32.dll'
9043204.4414: 00007fff6e637000-00007fff6e64efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
9053204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e637000 LB 0x18000 (base 00007fff6e5e0000) - 'ws2_32.dll'
9063204.4414: 00007fff6e64f000-00007fff6e64ffff 0x0001/0x0000 0x0000000
9073204.4414: *00007fff6e650000-00007fff6e650fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
9083204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e650000 LB 0x1000 (base 00007fff6e650000) - 'shlwapi.dll'
9093204.4414: 00007fff6e651000-00007fff6e67afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
9103204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e651000 LB 0x2a000 (base 00007fff6e650000) - 'shlwapi.dll'
9113204.4414: 00007fff6e67b000-00007fff6e69afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
9123204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e67b000 LB 0x20000 (base 00007fff6e650000) - 'shlwapi.dll'
9133204.4414: 00007fff6e69b000-00007fff6e69bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
9143204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e69b000 LB 0x1000 (base 00007fff6e650000) - 'shlwapi.dll'
9153204.4414: 00007fff6e69c000-00007fff6e6a1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
9163204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e69c000 LB 0x6000 (base 00007fff6e650000) - 'shlwapi.dll'
9173204.4414: 00007fff6e6a2000-00007fff6e6affff 0x0001/0x0000 0x0000000
9183204.4414: *00007fff6e6b0000-00007fff6e6b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\user32.dll
9193204.4414: 00007fff6e6b1000-00007fff6e736fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\user32.dll
9203204.4414: 00007fff6e737000-00007fff6e756fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\user32.dll
9213204.4414: 00007fff6e757000-00007fff6e758fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\user32.dll
9223204.4414: 00007fff6e759000-00007fff6e843fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\user32.dll
9233204.4414: 00007fff6e844000-00007fff6e9fffff 0x0001/0x0000 0x0000000
9243204.4414: *00007fff6ea00000-00007fff6ea00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\psapi.dll
9253204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ea00000 LB 0x1000 (base 00007fff6ea00000) - 'psapi.dll'
9263204.4414: 00007fff6ea01000-00007fff6ea01fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\psapi.dll
9273204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ea01000 LB 0x1000 (base 00007fff6ea00000) - 'psapi.dll'
9283204.4414: 00007fff6ea02000-00007fff6ea03fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\psapi.dll
9293204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ea02000 LB 0x2000 (base 00007fff6ea00000) - 'psapi.dll'
9303204.4414: 00007fff6ea04000-00007fff6ea04fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\psapi.dll
9313204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ea04000 LB 0x1000 (base 00007fff6ea00000) - 'psapi.dll'
9323204.4414: 00007fff6ea05000-00007fff6ea07fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\psapi.dll
9333204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ea05000 LB 0x3000 (base 00007fff6ea00000) - 'psapi.dll'
9343204.4414: 00007fff6ea08000-00007fff6ea0ffff 0x0001/0x0000 0x0000000
9353204.4414: *00007fff6ea10000-00007fff6ea10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ole32.dll
9363204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ea10000 LB 0x1000 (base 00007fff6ea10000) - 'ole32.dll'
9373204.4414: 00007fff6ea11000-00007fff6eadafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ole32.dll
9383204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ea11000 LB 0xca000 (base 00007fff6ea10000) - 'ole32.dll'
9393204.4414: 00007fff6eadb000-00007fff6eb37fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ole32.dll
9403204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6eadb000 LB 0x5d000 (base 00007fff6ea10000) - 'ole32.dll'
9413204.4414: 00007fff6eb38000-00007fff6eb39fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ole32.dll
9423204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6eb38000 LB 0x2000 (base 00007fff6ea10000) - 'ole32.dll'
9433204.4414: 00007fff6eb3a000-00007fff6eb66fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ole32.dll
9443204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6eb3a000 LB 0x2d000 (base 00007fff6ea10000) - 'ole32.dll'
9453204.4414: 00007fff6eb67000-00007fff6eb6ffff 0x0001/0x0000 0x0000000
9463204.4414: *00007fff6eb70000-00007fff6eb70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
9473204.4414: 00007fff6eb71000-00007fff6ebe5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
9483204.4414: 00007fff6ebe6000-00007fff6ec17fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
9493204.4414: 00007fff6ec18000-00007fff6ec18fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
9503204.4414: 00007fff6ec19000-00007fff6ec19fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
9513204.4414: 00007fff6ec1a000-00007fff6ec21fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
9523204.4414: 00007fff6ec22000-00007fff6ecaffff 0x0001/0x0000 0x0000000
9533204.4414: *00007fff6ecb0000-00007fff6ecb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shell32.dll
9543204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ecb0000 LB 0x1000 (base 00007fff6ecb0000) - 'shell32.dll'
9553204.4414: 00007fff6ecb1000-00007fff6f20dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shell32.dll
9563204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ecb1000 LB 0x55d000 (base 00007fff6ecb0000) - 'shell32.dll'
9573204.4414: 00007fff6f20e000-00007fff6f327fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shell32.dll
9583204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f20e000 LB 0x11a000 (base 00007fff6ecb0000) - 'shell32.dll'
9593204.4414: 00007fff6f328000-00007fff6f32efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shell32.dll
9603204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f328000 LB 0x7000 (base 00007fff6ecb0000) - 'shell32.dll'
9613204.4414: 00007fff6f32f000-00007fff6f330fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shell32.dll
9623204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f32f000 LB 0x2000 (base 00007fff6ecb0000) - 'shell32.dll'
9633204.4414: 00007fff6f331000-00007fff6f395fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shell32.dll
9643204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f331000 LB 0x65000 (base 00007fff6ecb0000) - 'shell32.dll'
9653204.4414: 00007fff6f396000-00007fff6f39ffff 0x0001/0x0000 0x0000000
9663204.4414: *00007fff6f3a0000-00007fff6f3a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
9673204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f3a0000 LB 0x1000 (base 00007fff6f3a0000) - 'sechost.dll'
9683204.4414: 00007fff6f3a1000-00007fff6f401fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
9693204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f3a1000 LB 0x61000 (base 00007fff6f3a0000) - 'sechost.dll'
9703204.4414: 00007fff6f402000-00007fff6f428fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
9713204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f402000 LB 0x27000 (base 00007fff6f3a0000) - 'sechost.dll'
9723204.4414: 00007fff6f429000-00007fff6f429fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
9733204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f429000 LB 0x1000 (base 00007fff6f3a0000) - 'sechost.dll'
9743204.4414: 00007fff6f42a000-00007fff6f42afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
9753204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f42a000 LB 0x1000 (base 00007fff6f3a0000) - 'sechost.dll'
9763204.4414: 00007fff6f42b000-00007fff6f42cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
9773204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f42b000 LB 0x2000 (base 00007fff6f3a0000) - 'sechost.dll'
9783204.4414: 00007fff6f42d000-00007fff6f436fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
9793204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f42d000 LB 0xa000 (base 00007fff6f3a0000) - 'sechost.dll'
9803204.4414: 00007fff6f437000-00007fff6f44ffff 0x0001/0x0000 0x0000000
9813204.4414: *00007fff6f450000-00007fff6f450fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
9823204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f450000 LB 0x1000 (base 00007fff6f450000) - 'rpcrt4.dll'
9833204.4414: 00007fff6f451000-00007fff6f52dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
9843204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f451000 LB 0xdd000 (base 00007fff6f450000) - 'rpcrt4.dll'
9853204.4414: 00007fff6f52e000-00007fff6f558fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
9863204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f52e000 LB 0x2b000 (base 00007fff6f450000) - 'rpcrt4.dll'
9873204.4414: 00007fff6f559000-00007fff6f55afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
9883204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f559000 LB 0x2000 (base 00007fff6f450000) - 'rpcrt4.dll'
9893204.4414: 00007fff6f55b000-00007fff6f56ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
9903204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f55b000 LB 0x15000 (base 00007fff6f450000) - 'rpcrt4.dll'
9913204.4414: *00007fff6f570000-00007fff6f570fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
9923204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f570000 LB 0x1000 (base 00007fff6f570000) - 'oleaut32.dll'
9933204.4414: 00007fff6f571000-00007fff6f5fdfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
9943204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f571000 LB 0x8d000 (base 00007fff6f570000) - 'oleaut32.dll'
9953204.4414: 00007fff6f5fe000-00007fff6f623fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
9963204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f5fe000 LB 0x26000 (base 00007fff6f570000) - 'oleaut32.dll'
9973204.4414: 00007fff6f624000-00007fff6f626fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
9983204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f624000 LB 0x3000 (base 00007fff6f570000) - 'oleaut32.dll'
9993204.4414: 00007fff6f627000-00007fff6f634fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
10003204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f627000 LB 0xe000 (base 00007fff6f570000) - 'oleaut32.dll'
10013204.4414: 00007fff6f635000-00007fff6f69ffff 0x0001/0x0000 0x0000000
10023204.4414: *00007fff6f6a0000-00007fff6f6a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\imm32.dll
10033204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f6a0000 LB 0x1000 (base 00007fff6f6a0000) - 'imm32.dll'
10043204.4414: 00007fff6f6a1000-00007fff6f6bcfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\imm32.dll
10053204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f6a1000 LB 0x1c000 (base 00007fff6f6a0000) - 'imm32.dll'
10063204.4414: 00007fff6f6bd000-00007fff6f6c3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\imm32.dll
10073204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f6bd000 LB 0x7000 (base 00007fff6f6a0000) - 'imm32.dll'
10083204.4414: 00007fff6f6c4000-00007fff6f6c4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\imm32.dll
10093204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f6c4000 LB 0x1000 (base 00007fff6f6a0000) - 'imm32.dll'
10103204.4414: 00007fff6f6c5000-00007fff6f6cdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\imm32.dll
10113204.4414: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f6c5000 LB 0x9000 (base 00007fff6f6a0000) - 'imm32.dll'
10123204.4414: 00007fff6f6ce000-00007fff6f78ffff 0x0001/0x0000 0x0000000
10133204.4414: *00007fff6f790000-00007fff6f790fff 0x0040/0x0040 0x0020000 !!
10143204.4414: 00007fff6f791000-00007fff6f79ffff 0x0001/0x0000 0x0000000
10153204.4414: *00007fff6f7a0000-00007fff6f7a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
10163204.4414: 00007fff6f7a1000-00007fff6f8b7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
10173204.4414: 00007fff6f8b8000-00007fff6f8fefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
10183204.4414: 00007fff6f8ff000-00007fff6f8fffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
10193204.4414: 00007fff6f900000-00007fff6f901fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
10203204.4414: 00007fff6f902000-00007fff6f90afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
10213204.4414: 00007fff6f90b000-00007fff6f98ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
10223204.4414: 00007fff6f990000-00007ffffffeffff 0x0001/0x0000 0x0000000
10233204.4414: kernel32.dll: timestamp 0xce6bbd73 (rc=VINF_SUCCESS)
10243204.4414: user32.dll: timestamp 0xee4ef0d0 (rc=VINF_SUCCESS)
10253204.4414: kernelbase.dll: timestamp 0x7b90c1b5 (rc=VINF_SUCCESS)
10263204.4414: VBoxHeadless.exe: timestamp 0x5f08d7bc (rc=VINF_SUCCESS)
10273204.4414: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
10283204.4414: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
10293204.4414: ntdll.dll: Differences in section #1 (.text) between file and memory:
10303204.4414: 00007fff6f80a880 / 0x006a880: 40 != e9
10313204.4414: 00007fff6f80a881 / 0x006a881: 53 != 4f
10323204.4414: 00007fff6f80a882 / 0x006a882: 48 != 67
10333204.4414: 00007fff6f80a883 / 0x006a883: 83 != f8
10343204.4414: 00007fff6f80a884 / 0x006a884: ec != ff
10353204.4414: Restored 0x2000 bytes of original file content at 00007fff6f809000
10363204.4414: kernel32.dll: Differences in section #1 (.text) between file and memory:
10373204.4414: 00007fff6eb865d0 / 0x00165d0: 48 != e9
10383204.4414: 00007fff6eb865d1 / 0x00165d1: ff != 72
10393204.4414: 00007fff6eb865d2 / 0x00165d2: 25 != a3
10403204.4414: 00007fff6eb865d3 / 0x00165d3: f9 != c0
10413204.4414: 00007fff6eb865d4 / 0x00165d4: 17 != 00
10423204.4414: Restored 0x2000 bytes of original file content at 00007fff6eb85000
10433204.4414: kernel32.dll: Differences in section #1 (.text) between file and memory:
10443204.4414: 00007fff6eb8a1b0 / 0x001a1b0: 48 != e9
10453204.4414: 00007fff6eb8a1b1 / 0x001a1b1: ff != 92
10463204.4414: 00007fff6eb8a1b2 / 0x001a1b2: 25 != 6c
10473204.4414: 00007fff6eb8a1b3 / 0x001a1b3: 99 != c0
10483204.4414: 00007fff6eb8a1b4 / 0x001a1b4: dc != 00
10493204.4414: 00007fff6eb8ab30 / 0x001ab30: 4c != e9
10503204.4414: 00007fff6eb8ab31 / 0x001ab31: 8b != e0
10513204.4414: 00007fff6eb8ab32 / 0x001ab32: dc != 5d
10523204.4414: 00007fff6eb8ab33 / 0x001ab33: 49 != c0
10533204.4414: 00007fff6eb8ab34 / 0x001ab34: 89 != 00
10543204.4414: Restored 0x2000 bytes of original file content at 00007fff6eb89000
10553204.4414: kernel32.dll: Differences in section #1 (.text) between file and memory:
10563204.4414: 00007fff6eb8bd00 / 0x001bd00: 48 != e9
10573204.4414: 00007fff6eb8bd01 / 0x001bd01: ff != 02
10583204.4414: 00007fff6eb8bd02 / 0x001bd02: 25 != 51
10593204.4414: 00007fff6eb8bd03 / 0x001bd03: 59 != c0
10603204.4414: 00007fff6eb8bd04 / 0x001bd04: c1 != 00
10613204.4414: 00007fff6eb8be40 / 0x001be40: 4c != e9
10623204.4414: 00007fff6eb8be41 / 0x001be41: 8b != 10
10633204.4414: 00007fff6eb8be42 / 0x001be42: dc != 51
10643204.4414: 00007fff6eb8be43 / 0x001be43: 48 != c0
10653204.4414: 00007fff6eb8be44 / 0x001be44: 83 != 00
10663204.4414: 00007fff6eb8c250 / 0x001c250: 48 != e9
10673204.4414: 00007fff6eb8c251 / 0x001c251: ff != 72
10683204.4414: 00007fff6eb8c252 / 0x001c252: 25 != 46
10693204.4414: 00007fff6eb8c253 / 0x001c253: 91 != c0
10703204.4414: 00007fff6eb8c254 / 0x001c254: bf != 00
10713204.4414: Restored 0x2000 bytes of original file content at 00007fff6eb8b000
10723204.4414: kernel32.dll: Differences in section #1 (.text) between file and memory:
10733204.4414: 00007fff6eb8e4f0 / 0x001e4f0: 48 != e9
10743204.4414: 00007fff6eb8e4f1 / 0x001e4f1: ff != d2
10753204.4414: 00007fff6eb8e4f2 / 0x001e4f2: 25 != 29
10763204.4414: 00007fff6eb8e4f3 / 0x001e4f3: f9 != c0
10773204.4414: 00007fff6eb8e4f4 / 0x001e4f4: 99 != 00
10783204.4414: 00007fff6eb8e500 / 0x001e500: 48 != e9
10793204.4414: 00007fff6eb8e501 / 0x001e501: ff != 82
10803204.4414: 00007fff6eb8e502 / 0x001e502: 25 != 29
10813204.4414: 00007fff6eb8e503 / 0x001e503: 41 != c0
10823204.4414: 00007fff6eb8e504 / 0x001e504: 99 != 00
10833204.4414: 00007fff6eb8ea20 / 0x001ea20: 48 != e9
10843204.4414: 00007fff6eb8ea21 / 0x001ea21: ff != e2
10853204.4414: 00007fff6eb8ea22 / 0x001ea22: 25 != 21
10863204.4414: 00007fff6eb8ea23 / 0x001ea23: 81 != c0
10873204.4414: 00007fff6eb8ea24 / 0x001ea24: 92 != 00
10883204.4414: 00007fff6eb8eb60 / 0x001eb60: 48 != e9
10893204.4414: 00007fff6eb8eb61 / 0x001eb61: ff != a2
10903204.4414: 00007fff6eb8eb62 / 0x001eb62: 25 != 23
10913204.4414: 00007fff6eb8eb63 / 0x001eb63: 91 != c0
10923204.4414: 00007fff6eb8eb64 / 0x001eb64: 93 != 00
10933204.4414: 00007fff6eb8ee00 / 0x001ee00: 48 != e9
10943204.4414: 00007fff6eb8ee01 / 0x001ee01: 83 != d3
10953204.4414: 00007fff6eb8ee02 / 0x001ee02: ec != 1f
10963204.4414: 00007fff6eb8ee03 / 0x001ee03: 28 != c0
10973204.4414: 00007fff6eb8ee04 / 0x001ee04: ff != 00
10983204.4414: Restored 0x2000 bytes of original file content at 00007fff6eb8d000
10993204.4414: kernel32.dll: Differences in section #1 (.text) between file and memory:
11003204.4414: 00007fff6eb8f0a0 / 0x001f0a0: 48 != e9
11013204.4414: 00007fff6eb8f0a1 / 0x001f0a1: 83 != f0
11023204.4414: 00007fff6eb8f0a2 / 0x001f0a2: ec != 1a
11033204.4414: 00007fff6eb8f0a3 / 0x001f0a3: 38 != c0
11043204.4414: 00007fff6eb8f0a4 / 0x001f0a4: 45 != 00
11053204.4414: Restored 0x2000 bytes of original file content at 00007fff6eb8f000
11063204.4414: kernel32.dll: Differences in section #1 (.text) between file and memory:
11073204.4414: 00007fff6eb911b0 / 0x00211b0: 48 != e9
11083204.4414: 00007fff6eb911b1 / 0x00211b1: ff != 52
11093204.4414: 00007fff6eb911b2 / 0x00211b2: 25 != f9
11103204.4414: 00007fff6eb911b3 / 0x00211b3: e1 != bf
11113204.4414: 00007fff6eb911b4 / 0x00211b4: 6a != 00
11123204.4414: 00007fff6eb91550 / 0x0021550: 48 != e9
11133204.4414: 00007fff6eb91551 / 0x0021551: ff != 72
11143204.4414: 00007fff6eb91552 / 0x0021552: 25 != f2
11153204.4414: 00007fff6eb91553 / 0x0021553: 19 != bf
11163204.4414: 00007fff6eb91554 / 0x0021554: 67 != 00
11173204.4414: 00007fff6eb91e10 / 0x0021e10: ff != e9
11183204.4414: 00007fff6eb91e11 / 0x0021e11: 25 != f1
11193204.4414: 00007fff6eb91e12 / 0x0021e12: fa != ee
11203204.4414: 00007fff6eb91e13 / 0x0021e13: 5e != bf
11213204.4414: 00007fff6eb91e14 / 0x0021e14: 05 != 00
11223204.4414: 00007fff6eb92080 / 0x0022080: ff != e9
11233204.4414: 00007fff6eb92081 / 0x0022081: 25 != 01
11243204.4414: 00007fff6eb92082 / 0x0022082: 9a != ed
11253204.4414: 00007fff6eb92083 / 0x0022083: 59 != bf
11263204.4414: 00007fff6eb92084 / 0x0022084: 05 != 00
11273204.4414: 00007fff6eb92090 / 0x0022090: ff != e9
11283204.4414: 00007fff6eb92091 / 0x0022091: 25 != b1
11293204.4414: 00007fff6eb92092 / 0x0022092: 82 != ec
11303204.4414: 00007fff6eb92093 / 0x0022093: 59 != bf
11313204.4414: 00007fff6eb92094 / 0x0022094: 05 != 00
11323204.4414: 00007fff6eb920b0 / 0x00220b0: ff != e9
11333204.4414: 00007fff6eb920b1 / 0x00220b1: 25 != d1
11343204.4414: 00007fff6eb920b2 / 0x00220b2: d2 != e6
11353204.4414: 00007fff6eb920b3 / 0x00220b3: 59 != bf
11363204.4414: 00007fff6eb920b4 / 0x00220b4: 05 != 00
11373204.4414: 00007fff6eb920c0 / 0x00220c0: ff != e9
11383204.4414: 00007fff6eb920c1 / 0x00220c1: 25 != 81
11393204.4414: 00007fff6eb920c2 / 0x00220c2: 3a != e6
11403204.4414: 00007fff6eb920c3 / 0x00220c3: 59 != bf
11413204.4414: 00007fff6eb920c4 / 0x00220c4: 05 != 00
11423204.4414: 00007fff6eb92410 / 0x0022410: ff != e9
11433204.4414: 00007fff6eb92411 / 0x0022411: 25 != f1
11443204.4414: 00007fff6eb92412 / 0x0022412: 5a != e5
11453204.4414: 00007fff6eb92413 / 0x0022413: 57 != bf
11463204.4414: 00007fff6eb92414 / 0x0022414: 05 != 00
11473204.4414: 00007fff6eb92420 / 0x0022420: ff != e9
11483204.4414: 00007fff6eb92421 / 0x0022421: 25 != a1
11493204.4414: 00007fff6eb92422 / 0x0022422: 52 != e5
11503204.4414: 00007fff6eb92423 / 0x0022423: 57 != bf
11513204.4414: 00007fff6eb92424 / 0x0022424: 05 != 00
11523204.4414: 00007fff6eb92500 / 0x0022500: ff != e9
11533204.4414: 00007fff6eb92501 / 0x0022501: 25 != 41
11543204.4414: 00007fff6eb92502 / 0x0022502: b2 != e5
11553204.4414: 00007fff6eb92503 / 0x0022503: 56 != bf
11563204.4414: 00007fff6eb92504 / 0x0022504: 05 != 00
11573204.4414: 00007fff6eb92510 / 0x0022510: ff != e9
11583204.4414: 00007fff6eb92511 / 0x0022511: 25 != 71
11593204.4414: 00007fff6eb92512 / 0x0022512: aa != e4
11603204.4414: 00007fff6eb92513 / 0x0022513: 56 != bf
11613204.4414: 00007fff6eb92514 / 0x0022514: 05 != 00
11623204.4414: 00007fff6eb92700 / 0x0022700: ff != e9
11633204.4414: 00007fff6eb92701 / 0x0022701: 25 != 81
11643204.4414: 00007fff6eb92702 / 0x0022702: d2 != e5
11653204.4414: 00007fff6eb92703 / 0x0022703: 55 != bf
11663204.4414: 00007fff6eb92704 / 0x0022704: 05 != 00
11673204.4414: Restored 0x2000 bytes of original file content at 00007fff6eb91000
11683204.4414: kernel32.dll: Differences in section #1 (.text) between file and memory:
11693204.4414: 00007fff6eba57f0 / 0x00357f0: 48 != e9
11703204.4414: 00007fff6eba57f1 / 0x00357f1: ff != 12
11713204.4414: 00007fff6eba57f2 / 0x00357f2: 25 != b0
11723204.4414: 00007fff6eba57f3 / 0x00357f3: d9 != be
11733204.4414: 00007fff6eba57f4 / 0x00357f4: 24 != 00
11743204.4414: 00007fff6eba58f0 / 0x00358f0: 4c != e9
11753204.4414: 00007fff6eba58f1 / 0x00358f1: 8b != a0
11763204.4414: 00007fff6eba58f2 / 0x00358f2: dc != b6
11773204.4414: 00007fff6eba58f3 / 0x00358f3: 48 != be
11783204.4414: 00007fff6eba58f4 / 0x00358f4: 83 != 00
11793204.4414: 00007fff6eba6200 / 0x0036200: 48 != e9
11803204.4414: 00007fff6eba6201 / 0x0036201: ff != 82
11813204.4414: 00007fff6eba6202 / 0x0036202: 25 != a8
11823204.4414: 00007fff6eba6203 / 0x0036203: 89 != be
11833204.4414: 00007fff6eba6204 / 0x0036204: 1a != 00
11843204.4414: 00007fff6eba6850 / 0x0036850: 48 != e9
11853204.4414: 00007fff6eba6851 / 0x0036851: ff != f2
11863204.4414: 00007fff6eba6852 / 0x0036852: 25 != 9f
11873204.4414: 00007fff6eba6853 / 0x0036853: 49 != be
11883204.4414: 00007fff6eba6854 / 0x0036854: 14 != 00
11893204.4414: Restored 0x2000 bytes of original file content at 00007fff6eba5000
11903204.4414: kernel32.dll: Differences in section #1 (.text) between file and memory:
11913204.4414: 00007fff6ebc9e10 / 0x0059e10: 48 != e9
11923204.4414: 00007fff6ebc9e11 / 0x0059e11: 89 != be
11933204.4414: 00007fff6ebc9e12 / 0x0059e12: 5c != 6e
11943204.4414: 00007fff6ebc9e13 / 0x0059e13: 24 != bc
11953204.4414: 00007fff6ebc9e14 / 0x0059e14: 08 != 00
11963204.4414: 00007fff6ebc9ea0 / 0x0059ea0: 48 != e9
11973204.4414: 00007fff6ebc9ea1 / 0x0059ea1: 8b != b0
11983204.4414: 00007fff6ebc9ea2 / 0x0059ea2: c4 != 6d
11993204.4414: 00007fff6ebc9ea3 / 0x0059ea3: 48 != bc
12003204.4414: 00007fff6ebc9ea4 / 0x0059ea4: 89 != 00
12013204.4414: 00007fff6ebca840 / 0x005a840: 48 != e9
12023204.4414: 00007fff6ebca841 / 0x005a841: 8b != 50
12033204.4414: 00007fff6ebca842 / 0x005a842: c4 != 60
12043204.4414: 00007fff6ebca843 / 0x005a843: 48 != bc
12053204.4414: 00007fff6ebca844 / 0x005a844: 89 != 00
12063204.4414: Restored 0x2000 bytes of original file content at 00007fff6ebc9000
12073204.4414: kernel32.dll: Differences in section #1 (.text) between file and memory:
12083204.4414: 00007fff6ebcb5f0 / 0x005b5f0: 48 != e9
12093204.4414: 00007fff6ebcb5f1 / 0x005b5f1: 83 != e3
12103204.4414: 00007fff6ebcb5f2 / 0x005b5f2: ec != 55
12113204.4414: 00007fff6ebcb5f3 / 0x005b5f3: 38 != bc
12123204.4414: 00007fff6ebcb5f4 / 0x005b5f4: 48 != 00
12133204.4414: 00007fff6ebcb620 / 0x005b620: 48 != e9
12143204.4414: 00007fff6ebcb621 / 0x005b621: 83 != 33
12153204.4414: 00007fff6ebcb622 / 0x005b622: ec != 55
12163204.4414: 00007fff6ebcb623 / 0x005b623: 38 != bc
12173204.4414: 00007fff6ebcb624 / 0x005b624: 48 != 00
12183204.4414: 00007fff6ebcb720 / 0x005b720: 48 != e9
12193204.4414: 00007fff6ebcb721 / 0x005b721: 83 != b3
12203204.4414: 00007fff6ebcb722 / 0x005b722: ec != 53
12213204.4414: 00007fff6ebcb723 / 0x005b723: 38 != bc
12223204.4414: 00007fff6ebcb724 / 0x005b724: 48 != 00
12233204.4414: Restored 0x2000 bytes of original file content at 00007fff6ebcb000
12243204.4414: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
12253204.4414: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
12263204.4414: supHardNtVpGetImport: Failed to find symbol 0xffffffff / 'NtUserRegisterClassExWOW' in 'win32u.dll': Unknown Status -610 (0xfffffd9e)
12273204.4414: Error (rc=-5629):
12283204.4414: RTLdrGetBits failed on image user32.dll: Unknown Status -610 (0xfffffd9e)
12293204.4414: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> Unknown Status -5629 (0xffffea03), cFixes=10
12303204.4414: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
12313204.4414: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
12323204.4414: supR3HardNtEnableThreadCreationEx:
12333204.4414: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff6f811770 pvNtTerminateThread=00007fff6f83cac0
12343204.4414: supR3HardenedWinDoReSpawn(1): New child 2b28.a14 [kernel32].
12353204.4414: supR3HardNtChildGatherData: PebBaseAddress=0000000000a54000 cbPeb=0x388
12363204.4414: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff6f7a0000 uNtDllChildAddr=00007fff6f7a0000
12373204.4414: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff6f811770
12383204.4414: supR3HardenedWinSetupChildInit: Initial context:
1239 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff62c2f7740 rdx=0000000000a54000
1240 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
1241 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
1242 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
1243 rip=00007fff6f80ce30 rsp=00000000009bffb8 rbp=0000000000000000 ctxflags=0010001b
1244 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
1245 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
1246 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
1247 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
1248 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
12493204.4414: supR3HardenedWinSetupChildInit: Start child.
12503204.4414: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
12513204.4414: supR3HardNtChildPurify: Startup delay kludge #1/0: 517 ms, 58 sleeps
12523204.4414: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
12533204.4414: *0000000000000000-000000000087ffff 0x0001/0x0000 0x0000000
12543204.4414: *0000000000880000-000000000089ffff 0x0004/0x0004 0x0020000
12553204.4414: *00000000008a0000-00000000008bafff 0x0002/0x0002 0x0040000
12563204.4414: 00000000008bb000-00000000008bffff 0x0001/0x0000 0x0000000
12573204.4414: *00000000008c0000-00000000009bafff 0x0000/0x0004 0x0020000
12583204.4414: 00000000009bb000-00000000009bdfff 0x0104/0x0004 0x0020000
12593204.4414: 00000000009be000-00000000009bffff 0x0004/0x0004 0x0020000
12603204.4414: *00000000009c0000-00000000009c0fff 0x0020/0x0020 0x0020000 !!
12613204.4414: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00000000009c0000 (LB 0x1000, 00000000009c0000 LB 0x1000)
12623204.4414: 0000000004745b80/0000: 52 74 6c 43 72 65 61 74-65 55 73 65 72 54 68 72 RtlCreateUserThr
12630000000004745b90/0010: 65 61 64 00 00 00 00 00-52 74 6c 45 78 69 74 55 ead.....RtlExitU
12640000000004745ba0/0020: 73 65 72 54 68 72 65 61-64 00 00 00 00 00 00 00 serThread.......
12650000000004745bb0/0030: 4e 74 44 65 6c 61 79 45-78 65 63 75 74 69 6f 6e NtDelayExecution
12660000000004745bc0/0040: 00 00 00 00 00 00 00 00-4e 74 43 72 65 61 74 65 ........NtCreate
12670000000004745bd0/0050: 46 69 6c 65 00 00 00 00-4e 74 44 65 76 69 63 65 File....NtDevice
12680000000004745be0/0060: 49 6f 43 6f 6e 74 72 6f-6c 46 69 6c 65 00 00 00 IoControlFile...
12690000000004745bf0/0070: 4e 74 43 6c 6f 73 65 00-5c 00 44 00 65 00 76 00 NtClose.\.D.e.v.
12700000000004745c00/0080: 69 00 63 00 65 00 5c 00-53 00 6f 00 6c 00 61 00 i.c.e.\.S.o.l.a.
12710000000004745c10/0090: 72 00 44 00 72 00 69 00-76 00 65 00 72 00 4c 00 r.D.r.i.v.e.r.L.
12720000000004745c20/00a0: 6f 00 67 00 00 00 00 00-48 89 5c 24 18 48 89 74 o.g.....H.\$.H.t
12730000000004745c30/00b0: 24 20 55 57 41 54 41 56-41 57 48 8b ec 48 83 ec $ UWATAVAWH..H..
12740000000004745c40/00c0: 30 48 8b 79 08 48 8d 15-64 ff ff ff 4c 8b 31 48 0H.y.H..d...L.1H
12750000000004745c50/00d0: 8b f1 48 8b cf e8 3a 03-00 00 48 8d 5e 18 45 33 ..H...:...H.^.E3
12760000000004745c60/00e0: e4 4c 8b f8 66 44 39 23-0f 84 92 00 00 00 bf 18 .L..fD9#........
12770000000004745c70/00f0: 00 00 c0 41 0f b7 cc 66-44 89 65 f2 66 89 4d f0 ...A...fD.e.f.M.
12783204.4414: 0000000004745c80/0000: 48 89 5d f8 66 44 39 23-74 11 66 ff c1 0f b7 c1 H.].fD9#t.f.....
12790000000004745c90/0010: 66 89 4d f0 66 44 39 24-43 75 ef 66 03 c9 66 89 f.M.fD9$Cu.f..f.
12800000000004745ca0/0020: 4d f0 66 89 4d f2 eb 11-48 8d 55 30 48 c7 45 30 M.f.M...H.U0H.E0
12810000000004745cb0/0030: c0 bd f0 ff 33 c9 41 ff-d7 4c 8d 4d 38 33 d2 4c ....3.A..L.M83.L
12820000000004745cc0/0040: 8d 45 f0 33 c9 41 ff d6-3b c7 74 dc 85 c0 74 13 .E.3.A..;.t...t.
12830000000004745cd0/0050: 44 0f b7 4d f0 8b d0 4c-8b 45 f8 48 8b ce e8 51 D..M...L.E.H...Q
12840000000004745ce0/0060: 00 00 00 0f b7 45 f0 48-d1 e8 48 8d 1c 43 48 83 .....E.H..H..CH.
12850000000004745cf0/0070: c3 02 66 44 39 23 0f 85-77 ff ff ff 48 8b 7e 08 ..fD9#..w...H.~.
12860000000004745d00/0080: 48 8d 15 91 fe ff ff 48-8b cf e8 85 02 00 00 33 H......H.......3
12870000000004745d10/0090: c9 ff d0 48 8b 5c 24 70-33 c0 48 8b 74 24 78 48 ...H.\$p3.H.t$xH
12880000000004745d20/00a0: 83 c4 30 41 5f 41 5e 41-5c 5f 5d c3 cc cc cc cc ..0A_A^A\_].....
12890000000004745d30/00b0: cc cc cc cc 48 89 5c 24-10 48 89 74 24 18 55 57 ....H.\$.H.t$.UW
12900000000004745d40/00c0: 41 54 41 56 41 57 48 8d-6c 24 c9 48 81 ec d0 00 ATAVAWH.l$.H....
12910000000004745d50/00d0: 00 00 44 8b fa 48 8b f9-48 8b 49 08 48 8d 15 65 ..D..H..H.I.H..e
12920000000004745d60/00e0: fe ff ff 41 8b f1 4d 8b-f0 e8 26 02 00 00 48 8b ...A..M...&...H.
12930000000004745d70/00f0: 4f 08 48 8d 15 5f fe ff-ff 48 8b d8 e8 13 02 00 O.H.._...H......
12943204.4414: 0000000004745d80/0000: 00 48 83 65 67 00 4c 8d-4d d7 48 83 65 07 00 4c .H.eg.L.M.H.e..L
12950000000004745d90/0010: 8d 45 ff 83 65 17 00 48-8d 4d 67 4c 8b e0 c7 45 .E..e..H.MgL...E
12960000000004745da0/0020: c7 2c 00 2e 00 48 8d 05-4c fe ff ff c7 45 ff 30 .,...H..L....E.0
12970000000004745db0/0030: 00 00 00 48 89 45 cf 0f-57 c0 48 8d 45 c7 ba 00 ...H.E..W.H.E...
12980000000004745dc0/0040: 00 10 00 48 89 45 0f 33-c0 21 44 24 50 48 21 44 ...H.E.3.!D$PH!D
12990000000004745dd0/0050: 24 48 21 44 24 40 48 21-45 df c7 44 24 38 01 00 $H!D$@H!E..D$8..
13000000000004745de0/0060: 00 00 c7 44 24 30 07 00-00 00 c7 44 24 28 80 00 ...D$0.....D$(..
13010000000004745df0/0070: 00 00 48 21 44 24 20 f3-0f 7f 45 1f 48 89 45 d7 ..H!D$ ...E.H.E.
13020000000004745e00/0080: ff d3 85 c0 75 68 83 64-24 48 00 b8 18 00 00 00 ....uh.d$H......
13030000000004745e10/0090: 48 83 64 24 40 00 45 33-c9 48 8b 4d 67 45 33 c0 H.d$@.E3.H.MgE3.
13040000000004745e20/00a0: 89 44 24 38 33 d2 89 45-e7 48 8d 45 e7 48 89 44 .D$83..E.H.E.H.D
13050000000004745e30/00b0: 24 30 48 8d 45 d7 c7 44-24 28 00 38 22 00 48 89 $0H.E..D$(.8".H.
13060000000004745e40/00c0: 44 24 20 c7 45 eb 01 00-00 00 44 89 7d ef 4c 89 D$ .E.....D.}.L.
13070000000004745e50/00d0: 75 f3 89 75 fb 41 ff d4-48 8b 4f 08 48 8d 15 8d u..u.A..H.O.H...
13080000000004745e60/00e0: fd ff ff e8 2c 01 00 00-48 8b 4d 67 ff d0 4c 8d ....,...H.Mg..L.
13090000000004745e70/00f0: 9c 24 d0 00 00 00 49 8b-5b 38 49 8b 73 40 49 8b .$....I.[8I.s@I.
13103204.4414: 0000000004745e80/0000: e3 41 5f 41 5e 41 5c 5f-5d c3 cc cc cc cc cc cc .A_A^A\_].......
13110000000004745e90/0010: 48 89 5c 24 10 48 89 6c-24 18 48 89 74 24 20 57 H.\$.H.l$.H.t$ W
13120000000004745ea0/0020: 48 83 ec 60 48 8b 31 48-8d 59 18 48 8b f9 33 ed H..`H.1H.Y.H..3.
13130000000004745eb0/0030: eb 7b 0f b7 d5 66 89 6c-24 52 66 89 54 24 50 48 .{...f.l$Rf.T$PH
13140000000004745ec0/0040: 89 5c 24 58 66 39 2b 74-11 66 ff c2 0f b7 c2 66 .\$Xf9+t.f.....f
13150000000004745ed0/0050: 89 54 24 50 66 39 2c 43-75 ef 66 03 d2 f6 47 10 .T$Pf9,Cu.f...G.
13160000000004745ee0/0060: 01 66 89 54 24 50 66 89-54 24 52 75 47 4c 8d 4c .f.T$Pf.T$RuGL.L
13170000000004745ef0/0070: 24 70 33 d2 4c 8d 44 24-50 33 c9 ff d6 3d 18 00 $p3.L.D$P3...=..
13180000000004745f00/0080: 00 c0 74 30 85 c0 74 15-44 0f b7 4c 24 50 8b d0 ..t0..t.D..L$P..
13190000000004745f10/0090: 4c 8b 44 24 58 48 8b cf-e8 17 fe ff ff 0f b7 44 L.D$XH.........D
13200000000004745f20/00a0: 24 50 48 d1 e8 48 8d 1c-43 48 83 c3 02 66 39 2b $PH..H..CH...f9+
13210000000004745f30/00b0: 75 80 eb 48 48 8b 4f 08-48 8d 15 41 fc ff ff e8 u..HH.O.H..A....
13220000000004745f40/00c0: 50 00 00 00 48 85 c0 74-33 48 89 6c 24 48 48 8d P...H..t3H.l$HH.
13230000000004745f50/00d0: 0d d3 fc ff ff 48 89 6c-24 40 45 33 c9 48 89 7c .....H.l$@E3.H.|
13240000000004745f60/00e0: 24 38 45 33 c0 48 89 4c-24 30 33 d2 48 89 6c 24 $8E3.H.L$03.H.l$
13250000000004745f70/00f0: 28 48 83 c9 ff 48 89 6c-24 20 ff d0 4c 8d 5c 24 (H...H.l$ ..L.\$
13263204.4414: 0000000004745f80/0000: 60 33 c0 49 8b 5b 18 49-8b 6b 20 49 8b 73 28 49 `3.I.[.I.k I.s(I
13270000000004745f90/0010: 8b e3 5f c3 48 8b c4 48-89 58 08 48 89 68 10 48 .._.H..H.X.H.h.H
13280000000004745fa0/0020: 89 70 18 48 89 78 20 41-54 41 55 41 56 41 57 48 .p.H.x ATAUAVAWH
13290000000004745fb0/0030: 63 41 3c 4c 8b c9 48 03-c1 45 33 c0 b9 4c 01 00 cA<L..H..E3..L..
13300000000004745fc0/0040: 00 4c 8b fa 66 39 48 04-74 16 b9 64 86 00 00 66 .L..f9H.t..d...f
13310000000004745fd0/0050: 39 48 04 0f 85 b9 00 00-00 b9 88 00 00 00 eb 05 9H..............
13320000000004745fe0/0060: b9 78 00 00 00 44 39 44-01 04 0f 84 a2 00 00 00 .x...D9D........
13330000000004745ff0/0070: 44 39 04 01 0f 84 98 00-00 00 44 8b 1c 01 41 8b D9........D...A.
13340000000004746000/0080: f0 4d 03 d9 41 8b 6b 18-45 8b 63 20 ff cd 8b d5 .M..A.k.E.c ....
13350000000004746010/0090: 4d 03 e1 d1 ea 83 fd 02-72 73 41 8b 04 94 44 8b M.......rsA...D.
13360000000004746020/00a0: ea 41 8a 1f 4e 8d 14 08-84 db 74 22 49 8b ff 8a .A..N.....t"I...
13370000000004746030/00b0: c3 49 2b fa 41 0f be 0a-8a d8 0f be c0 2b c1 75 .I+.A........+.u
13380000000004746040/00c0: 0d 49 ff c2 42 8a 04 17-8a d8 84 c0 75 e6 41 0f .I..B.......u.A.
13390000000004746050/00d0: be 02 0f be cb 2b c8 79-05 8d 6a ff eb 07 85 c9 .....+.y..j.....
13400000000004746060/00e0: 7e 12 8d 72 01 8b d5 2b-d6 d1 ea 03 d6 41 3b d5 ~..r...+.....A;.
13410000000004746070/00f0: 75 a8 eb 19 41 8b 4b 24-49 03 c9 0f b7 14 51 41 u...A.K$I.....QA
13423204.4414: 0000000004746080/0000: 8b 4b 1c 49 03 c9 44 8b-04 91 4d 03 c1 49 8b c0 .K.I..D...M..I..
13430000000004746090/0010: eb 02 33 c0 48 8b 5c 24-28 48 8b 6c 24 30 48 8b ..3.H.\$(H.l$0H.
134400000000047460a0/0020: 74 24 38 48 8b 7c 24 40-41 5f 41 5e 41 5d 41 5c t$8H.|$@A_A^A]A\
134500000000047460b0/0030: c3 cc cc cc 01 1b 0c 00-1b 74 08 00 1b 64 07 00 .........t...d..
134600000000047460c0/0040: 1b 54 06 00 1b 34 05 00-1b f0 19 e0 17 d0 15 c0 .T...4..........
134700000000047460d0/0050: 01 19 0a 00 19 64 0f 00-19 34 0e 00 19 52 12 f0 .....d...4...R..
134800000000047460e0/0060: 10 e0 0e c0 0c 70 0b 50-01 1e 0b 00 1e 64 22 00 .....p.P.....d".
134900000000047460f0/0070: 1e 34 21 00 1e 01 1a 00-12 f0 10 e0 0e c0 0c 70 .4!............p
13500000000004746100/0080: 0b 50 00 00 01 14 08 00-14 64 11 00 14 54 10 00 .P.......d...T..
13510000000004746110/0090: 14 34 0f 00 14 b2 10 70-cc cc cc cc cc cc cc cc .4.....p........
13520000000004746120/00a0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13530000000004746130/00b0: 00 00 00 00 00 00 00 00-55 00 4d 00 49 00 6e 00 ........U.M.I.n.
13540000000004746140/00c0: 74 00 65 00 72 00 63 00-65 00 70 00 74 00 6f 00 t.e.r.c.e.p.t.o.
13550000000004746150/00d0: 72 00 73 00 5f 00 78 00-36 00 34 00 2e 00 64 00 r.s._.x.6.4...d.
13560000000004746160/00e0: 6c 00 6c 00 00 00 00 00-00 00 00 00 00 00 00 00 l.l.............
13570000000004746170/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13583204.4414: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00000000009c0000/00000000009c0000 LB 0/0x1000]
13593204.4414: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00000000009c0000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
13603204.4414: 00000000009c1000-00000000009cffff 0x0001/0x0000 0x0000000
13613204.4414: *00000000009d0000-00000000009d3fff 0x0002/0x0002 0x0040000
13623204.4414: 00000000009d4000-00000000009dffff 0x0001/0x0000 0x0000000
13633204.4414: *00000000009e0000-00000000009e1fff 0x0004/0x0004 0x0020000
13643204.4414: 00000000009e2000-00000000009fffff 0x0001/0x0000 0x0000000
13653204.4414: *0000000000a00000-0000000000a53fff 0x0000/0x0004 0x0020000
13663204.4414: 0000000000a54000-0000000000a56fff 0x0004/0x0004 0x0020000
13673204.4414: 0000000000a57000-0000000000bfffff 0x0000/0x0004 0x0020000
13683204.4414: 0000000000c00000-000000007ffdffff 0x0001/0x0000 0x0000000
13693204.4414: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
13703204.4414: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
13713204.4414: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
13723204.4414: 000000007fff0000-00007ff58267ffff 0x0001/0x0000 0x0000000
13733204.4414: *00007ff582680000-00007ff582680fff 0x0002/0x0002 0x0040000
13743204.4414: 00007ff582681000-00007ff58268ffff 0x0001/0x0000 0x0000000
13753204.4414: *00007ff582690000-00007ff5826b2fff 0x0002/0x0002 0x0040000
13763204.4414: 00007ff5826b3000-00007ff62c2effff 0x0001/0x0000 0x0000000
13773204.4414: *00007ff62c2f0000-00007ff62c2f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
13783204.4414: 00007ff62c2f1000-00007ff62c366fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
13793204.4414: 00007ff62c367000-00007ff62c367fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
13803204.4414: 00007ff62c368000-00007ff62c3affff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
13813204.4414: 00007ff62c3b0000-00007ff62c3b0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
13823204.4414: 00007ff62c3b1000-00007ff62c3b1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
13833204.4414: 00007ff62c3b2000-00007ff62c3b6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
13843204.4414: 00007ff62c3b7000-00007ff62c3b7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
13853204.4414: 00007ff62c3b8000-00007ff62c3b8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
13863204.4414: 00007ff62c3b9000-00007ff62c3bcfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
13873204.4414: 00007ff62c3bd000-00007ff62c405fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
13883204.4414: 00007ff62c406000-00007fff6f79ffff 0x0001/0x0000 0x0000000
13893204.4414: *00007fff6f7a0000-00007fff6f7a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
13903204.4414: 00007fff6f7a1000-00007fff6f8b7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
13913204.4414: 00007fff6f8b8000-00007fff6f8fefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
13923204.4414: 00007fff6f8ff000-00007fff6f90afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
13933204.4414: 00007fff6f90b000-00007fff6f919fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
13943204.4414: 00007fff6f91a000-00007fff6f91afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
13953204.4414: 00007fff6f91b000-00007fff6f91dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
13963204.4414: 00007fff6f91e000-00007fff6f98ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
13973204.4414: 00007fff6f990000-00007ffffffeffff 0x0001/0x0000 0x0000000
13983204.4414: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x840
13993204.4414: supR3HardNtChildPurify: Startup delay kludge #1/1: 517 ms, 58 sleeps
14003204.4414: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
14013204.4414: *0000000000000000-000000000087ffff 0x0001/0x0000 0x0000000
14023204.4414: *0000000000880000-000000000089ffff 0x0004/0x0004 0x0020000
14033204.4414: *00000000008a0000-00000000008bafff 0x0002/0x0002 0x0040000
14043204.4414: 00000000008bb000-00000000008bffff 0x0001/0x0000 0x0000000
14053204.4414: *00000000008c0000-00000000009bafff 0x0000/0x0004 0x0020000
14063204.4414: 00000000009bb000-00000000009bdfff 0x0104/0x0004 0x0020000
14073204.4414: 00000000009be000-00000000009bffff 0x0004/0x0004 0x0020000
14083204.4414: 00000000009c0000-00000000009cffff 0x0001/0x0000 0x0000000
14093204.4414: *00000000009d0000-00000000009d3fff 0x0002/0x0002 0x0040000
14103204.4414: 00000000009d4000-00000000009dffff 0x0001/0x0000 0x0000000
14113204.4414: *00000000009e0000-00000000009e1fff 0x0004/0x0004 0x0020000
14123204.4414: 00000000009e2000-00000000009fffff 0x0001/0x0000 0x0000000
14133204.4414: *0000000000a00000-0000000000a53fff 0x0000/0x0004 0x0020000
14143204.4414: 0000000000a54000-0000000000a56fff 0x0004/0x0004 0x0020000
14153204.4414: 0000000000a57000-0000000000bfffff 0x0000/0x0004 0x0020000
14163204.4414: 0000000000c00000-000000007ffdffff 0x0001/0x0000 0x0000000
14173204.4414: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
14183204.4414: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
14193204.4414: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
14203204.4414: 000000007fff0000-00007ff58267ffff 0x0001/0x0000 0x0000000
14213204.4414: *00007ff582680000-00007ff582680fff 0x0002/0x0002 0x0040000
14223204.4414: 00007ff582681000-00007ff58268ffff 0x0001/0x0000 0x0000000
14233204.4414: *00007ff582690000-00007ff5826b2fff 0x0002/0x0002 0x0040000
14243204.4414: 00007ff5826b3000-00007ff62c2effff 0x0001/0x0000 0x0000000
14253204.4414: *00007ff62c2f0000-00007ff62c2f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
14263204.4414: 00007ff62c2f1000-00007ff62c366fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
14273204.4414: 00007ff62c367000-00007ff62c367fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
14283204.4414: 00007ff62c368000-00007ff62c3affff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
14293204.4414: 00007ff62c3b0000-00007ff62c3bcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
14303204.4414: 00007ff62c3bd000-00007ff62c405fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
14313204.4414: 00007ff62c406000-00007fff6f79ffff 0x0001/0x0000 0x0000000
14323204.4414: *00007fff6f7a0000-00007fff6f7a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14333204.4414: 00007fff6f7a1000-00007fff6f8b7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14343204.4414: 00007fff6f8b8000-00007fff6f8fefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14353204.4414: 00007fff6f8ff000-00007fff6f902fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14363204.4414: 00007fff6f903000-00007fff6f90afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14373204.4414: 00007fff6f90b000-00007fff6f919fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14383204.4414: 00007fff6f91a000-00007fff6f91afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14393204.4414: 00007fff6f91b000-00007fff6f91dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14403204.4414: 00007fff6f91e000-00007fff6f98ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14413204.4414: 00007fff6f990000-00007ffffffeffff 0x0001/0x0000 0x0000000
14423204.4414: supR3HardNtChildPurify: Done after 1045 ms and 1 fixes (loop #1).
14432b28.a14: Log file opened: 6.1.12r139181 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa047ba00
14442b28.a14: supR3HardenedVmProcessInit: uNtDllAddr=00007fff6f7a0000 g_uNtVerCombined=0xa047ba00 (stack ~00000000009bfa48)
14452b28.a14: ntdll.dll: timestamp 0xb29ecf52 (rc=VINF_SUCCESS)
14462b28.a14: New simple heap: #1 0000000000d00000 LB 0x400000 (for 2031616 allocation)
14473204.4414: supR3HardNtEnableThreadCreationEx:
14482b28.a14: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
14492b28.a14: System32: \Device\HarddiskVolume4\Windows\System32
14502b28.a14: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
14512b28.a14: KnownDllPath: C:\WINDOWS\System32
14522b28.a14: supR3HardenedVmProcessInit: Opening vboxdrv stub...
14532b28.a14: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
14542b28.a14: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
14552b28.a14: Registered Dll notification callback with NTDLL.
14562b28.a14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
14572b28.a14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
14582b28.a14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
14592b28.a14: supR3HardenedDllNotificationCallback: load 00007fff6c7d0000 LB 0x002a4000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
14602b28.a14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
14612b28.a14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
14622b28.a14: supR3HardenedDllNotificationCallback: load 00007fff6eb70000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
14632b28.a14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
14642b28.a14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6eb70000 'C:\WINDOWS\System32\KERNEL32.DLL'
14652b28.a14: supR3HardenedDllNotificationCallback: load 00007ff62c2f0000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
14662b28.a14: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
14672b28.a14: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
14682b28.a14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
14692b28.a14: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff6f811770 pvNtTerminateThread=00007fff6f83cac0
14703204.4414: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 66 ms.
14712b28.a14: \SystemRoot\System32\ntdll.dll:
14722b28.a14: CreationTime: 2020-07-27T09:29:22.468662600Z
14732b28.a14: LastWriteTime: 2020-07-27T09:29:22.507631900Z
14742b28.a14: ChangeTime: 2020-07-28T06:10:52.472083500Z
14752b28.a14: FileAttributes: 0x20
14762b28.a14: Size: 0x1e8460
14772b28.a14: NT Headers: 0xd8
14782b28.a14: Timestamp: 0xb29ecf52
14792b28.a14: Machine: 0x8664 - amd64
14802b28.a14: Timestamp: 0xb29ecf52
14812b28.a14: Image Version: 10.0
14822b28.a14: SizeOfImage: 0x1f0000 (2031616)
14832b28.a14: Resource Dir: 0x17f000 LB 0x6f310
14842b28.a14: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
14852b28.a14: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
14862b28.a14: ProductName: Microsoft® Windows® Operating System
14872b28.a14: ProductVersion: 10.0.18362.815
14882b28.a14: FileVersion: 10.0.18362.815 (WinBuild.160101.0800)
14892b28.a14: FileDescription: NT Layer DLL
14902b28.a14: \SystemRoot\System32\kernel32.dll:
14912b28.a14: CreationTime: 2020-07-27T09:28:50.277970100Z
14922b28.a14: LastWriteTime: 2020-07-27T09:28:50.294953700Z
14932b28.a14: ChangeTime: 2020-07-28T06:10:41.051213400Z
14942b28.a14: FileAttributes: 0x20
14952b28.a14: Size: 0xb0498
14962b28.a14: NT Headers: 0xe8
14972b28.a14: Timestamp: 0xce6bbd73
14982b28.a14: Machine: 0x8664 - amd64
14992b28.a14: Timestamp: 0xce6bbd73
15002b28.a14: Image Version: 10.0
15012b28.a14: SizeOfImage: 0xb2000 (729088)
15022b28.a14: Resource Dir: 0xb0000 LB 0x520
15032b28.a14: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
15042b28.a14: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
15052b28.a14: ProductName: Microsoft® Windows® Operating System
15062b28.a14: ProductVersion: 10.0.18362.959
15072b28.a14: FileVersion: 10.0.18362.959 (WinBuild.160101.0800)
15082b28.a14: FileDescription: Windows NT BASE API Client DLL
15092b28.a14: \SystemRoot\System32\KernelBase.dll:
15102b28.a14: CreationTime: 2020-07-27T09:29:23.091189900Z
15112b28.a14: LastWriteTime: 2020-07-27T09:29:23.150058300Z
15122b28.a14: ChangeTime: 2020-07-28T06:10:50.315875600Z
15132b28.a14: FileAttributes: 0x20
15142b28.a14: Size: 0x2a4058
15152b28.a14: NT Headers: 0xf8
15162b28.a14: Timestamp: 0x7b90c1b5
15172b28.a14: Machine: 0x8664 - amd64
15182b28.a14: Timestamp: 0x7b90c1b5
15192b28.a14: Image Version: 10.0
15202b28.a14: SizeOfImage: 0x2a4000 (2768896)
15212b28.a14: Resource Dir: 0x27e000 LB 0x548
15222b28.a14: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
15232b28.a14: [Raw version resource data: 0x27e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
15242b28.a14: ProductName: Microsoft® Windows® Operating System
15252b28.a14: ProductVersion: 10.0.18362.959
15262b28.a14: FileVersion: 10.0.18362.959 (WinBuild.160101.0800)
15272b28.a14: FileDescription: Windows NT BASE API Client DLL
15282b28.a14: \SystemRoot\System32\apisetschema.dll:
15292b28.a14: CreationTime: 2019-03-19T04:43:54.837151500Z
15302b28.a14: LastWriteTime: 2019-03-19T04:43:54.837151500Z
15312b28.a14: ChangeTime: 2020-07-27T09:30:52.160553000Z
15322b28.a14: FileAttributes: 0x20
15332b28.a14: Size: 0x1d028
15342b28.a14: NT Headers: 0xc8
15352b28.a14: Timestamp: 0xd6ced080
15362b28.a14: Machine: 0x8664 - amd64
15372b28.a14: Timestamp: 0xd6ced080
15382b28.a14: Image Version: 10.0
15392b28.a14: SizeOfImage: 0x1e000 (122880)
15402b28.a14: Resource Dir: 0x1d000 LB 0x408
15412b28.a14: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
15422b28.a14: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
15432b28.a14: ProductName: Microsoft® Windows® Operating System
15442b28.a14: ProductVersion: 10.0.18362.1
15452b28.a14: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
15462b28.a14: FileDescription: ApiSet Schema DLL
15472b28.a14: NtOpenDirectoryObject failed on \Driver: 0xc0000022
15482b28.a14: supR3HardenedWinFindAdversaries: 0x840
15492b28.a14: \SystemRoot\System32\drivers\klflt.sys:
15502b28.a14: CreationTime: 2020-03-06T08:53:28.856343500Z
15512b28.a14: LastWriteTime: 2020-03-12T20:48:02.000000000Z
15522b28.a14: ChangeTime: 2020-05-15T10:01:19.828084100Z
15532b28.a14: FileAttributes: 0x20
15542b28.a14: Size: 0x3f100
15552b28.a14: NT Headers: 0xf8
15562b28.a14: Timestamp: 0x5e6a66e9
15572b28.a14: Machine: 0x8664 - amd64
15582b28.a14: Timestamp: 0x5e6a66e9
15592b28.a14: Image Version: 6.1
15602b28.a14: SizeOfImage: 0x4d000 (315392)
15612b28.a14: Resource Dir: 0x4a000 LB 0x430
15622b28.a14: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
15632b28.a14: [Raw version resource data: 0x4a060 LB 0x3d0, codepage 0x0 (reserved 0x0)]
15642b28.a14: ProductName: Coretech Delivery
15652b28.a14: ProductVersion: 30.289.132.0-e369c7d411
15662b28.a14: FileVersion: 30.289.132.0
15672b28.a14: FileDescription: Filter Core [fre_win7_x64]
15682b28.a14: \SystemRoot\System32\drivers\klif.sys:
15692b28.a14: CreationTime: 2020-03-06T08:53:28.861361800Z
15702b28.a14: LastWriteTime: 2020-03-12T20:48:04.000000000Z
15712b28.a14: ChangeTime: 2020-05-15T10:01:19.795147700Z
15722b28.a14: FileAttributes: 0x20
15732b28.a14: Size: 0x12d500
15742b28.a14: NT Headers: 0x100
15752b28.a14: Timestamp: 0x5e6a6704
15762b28.a14: Machine: 0x8664 - amd64
15772b28.a14: Timestamp: 0x5e6a6704
15782b28.a14: Image Version: 6.1
15792b28.a14: SizeOfImage: 0x12f000 (1241088)
15802b28.a14: Resource Dir: 0x125000 LB 0x3410
15812b28.a14: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)]
15822b28.a14: [Raw version resource data: 0x128028 LB 0x3e8, codepage 0x0 (reserved 0x0)]
15832b28.a14: ProductName: Coretech Delivery
15842b28.a14: ProductVersion: 30.289.132.0-e369c7d411
15852b28.a14: FileVersion: 30.289.132.0
15862b28.a14: FileDescription: Core System Interceptors [fre_win7_x64]
15872b28.a14: \SystemRoot\System32\drivers\klim6.sys:
15882b28.a14: CreationTime: 2019-01-28T00:49:40.000000000Z
15892b28.a14: LastWriteTime: 2020-03-05T01:33:42.000000000Z
15902b28.a14: ChangeTime: 2020-05-15T10:01:20.628593700Z
15912b28.a14: FileAttributes: 0x20
15922b28.a14: Size: 0x159f0
15932b28.a14: NT Headers: 0xe0
15942b28.a14: Timestamp: 0x8c875967
15952b28.a14: Machine: 0x8664 - amd64
15962b28.a14: Timestamp: 0x8c875967
15972b28.a14: Image Version: 6.1
15982b28.a14: SizeOfImage: 0x12000 (73728)
15992b28.a14: Resource Dir: 0x10000 LB 0x448
16002b28.a14: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
16012b28.a14: [Raw version resource data: 0x10060 LB 0x3e4, codepage 0x0 (reserved 0x0)]
16022b28.a14: ProductName: Coretech Delivery
16032b28.a14: ProductVersion: 30.289.126.0-2a58c6003b
16042b28.a14: FileVersion: 30.289.126.0
16052b28.a14: FileDescription: Packet Network Filter [fre_win7_x64]
16062b28.a14: \SystemRoot\System32\drivers\kneps.sys:
16072b28.a14: CreationTime: 2019-04-29T04:50:14.000000000Z
16082b28.a14: LastWriteTime: 2020-03-06T02:31:48.000000000Z
16092b28.a14: ChangeTime: 2020-05-15T10:01:20.486058100Z
16102b28.a14: FileAttributes: 0x20
16112b28.a14: Size: 0x44300
16122b28.a14: NT Headers: 0xf8
16132b28.a14: Timestamp: 0x359fc650
16142b28.a14: Machine: 0x8664 - amd64
16152b28.a14: Timestamp: 0x359fc650
16162b28.a14: Image Version: 6.1
16172b28.a14: SizeOfImage: 0x44000 (278528)
16182b28.a14: Resource Dir: 0x41000 LB 0x440
16192b28.a14: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
16202b28.a14: [Raw version resource data: 0x41060 LB 0x3dc, codepage 0x0 (reserved 0x0)]
16212b28.a14: ProductName: Coretech Delivery
16222b28.a14: ProductVersion: 30.289.126.0-2a58c6003b
16232b28.a14: FileVersion: 30.289.126.0
16242b28.a14: FileDescription: Network Processor [fre_win7_x64]
16252b28.a14: \SystemRoot\System32\drivers\inspect.sys:
16262b28.a14: CreationTime: 2019-10-22T10:41:08.000000000Z
16272b28.a14: LastWriteTime: 2019-10-22T10:41:08.000000000Z
16282b28.a14: ChangeTime: 2019-12-12T12:56:19.421137100Z
16292b28.a14: FileAttributes: 0x20
16302b28.a14: Size: 0x137c8
16312b28.a14: NT Headers: 0xf8
16322b28.a14: Timestamp: 0x5cfbc135
16332b28.a14: Machine: 0x8664 - amd64
16342b28.a14: Timestamp: 0x5cfbc135
16352b28.a14: Image Version: 10.0
16362b28.a14: SizeOfImage: 0x14000 (81920)
16372b28.a14: Resource Dir: 0x12000 LB 0x690
16382b28.a14: [Version info resource found at 0x50! (ID/Name: 0x1; SubID/SubName: 0x409)]
16392b28.a14: [Raw version resource data: 0x12070 LB 0x2fc, codepage 0x0 (reserved 0x0)]
16402b28.a14: ProductName: DOZOR Agent
16412b28.a14: ProductVersion: 3.3.0.0
16422b28.a14: FileVersion: 1.0.1.3
16432b28.a14: FileDescription: Process Control Driver
16442b28.a14: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
16452b28.a14: Calling main()
16462b28.a14: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
16472b28.a14: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
16482b28.a14: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
16492b28.a14: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
16502b28.a14: SUPR3HardenedMain: Respawn #2
16512b28.a14: supR3HardNtEnableThreadCreationEx:
16522b28.a14: supR3HardenedDllNotificationCallback: load 00007fff6f450000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
16532b28.a14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
16542b28.a14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
16552b28.a14: supR3HardenedDllNotificationCallback: load 00007fff6f3a0000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
16562b28.a14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
16572b28.a14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
16582b28.a14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
16592b28.a14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16602b28.a14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
16612b28.a14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
16622b28.a14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
16632b28.a14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
16642b28.a14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16652b28.a14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16662b28.a14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
16672b28.a14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
16682b28.a14: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
16692b28.a14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
16702b28.a14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16712b28.a14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16722b28.a14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
16732b28.a14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
16742b28.a14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16752b28.a14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16762b28.a14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
16772b28.a14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000:<flags> [calling]
16782b28.a14: supR3HardenedDllNotificationCallback: load 00007fff6e120000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
16792b28.a14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
16802b28.a14: supR3HardenedDllNotificationCallback: load 00007fff6dda0000 LB 0x000a3000 C:\WINDOWS\System32\ADVAPI32.DLL [fFlags=0x0]
16812b28.a14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
16822b28.a14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6dda0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
16832b28.a14: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
16842b28.a14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
16852b28.a14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
16862b28.a14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
16872b28.a14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6f7a0000 'C:\WINDOWS\System32\ntdll.dll'
16882b28.a14: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff6f811770 pvNtTerminateThread=00007fff6f83cac0
16892b28.a14: supR3HardenedWinDoReSpawn(2): New child 738.117c [kernel32].
16902b28.a14: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
16912b28.a14: supR3HardNtChildGatherData: PebBaseAddress=0000000000a97000 cbPeb=0x388
16922b28.a14: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff6f7a0000 uNtDllChildAddr=00007fff6f7a0000
16932b28.a14: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff6f811770
16942b28.a14: supR3HardenedWinSetupChildInit: Initial context:
1695 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff62c2f7740 rdx=0000000000a97000
1696 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
1697 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
1698 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
1699 rip=00007fff6f80ce30 rsp=00000000009ef8d8 rbp=0000000000000000 ctxflags=0010001b
1700 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
1701 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
1702 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
1703 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
1704 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
17052b28.a14: kernel32.dll: timestamp 0xce6bbd73 (rc=VINF_SUCCESS)
17062b28.a14: supR3HardenedWinSetupChildInit: Start child.
17072b28.a14: KiUserExceptionDispatcher: 0xc0000005 (0000000000000008, 00000000009c0310) @ 00000000009c0310 (flags=0x0)
1708 rax=00000000009c0310 rbx=0000000000000002 rcx=00000000009c05a0 rdx=0000000000000000
1709 rsi=00000000000007d0 rdi=0000000000000003 r8 =0000000000000000 r9 =00000000009b88d0
1710 r10=0000000000000000 r11=0000000000000246 r12=0000000000000000 r13=00007ff62c3707b8
1711 r14=00000000068b3e7c r15=000000007ffe000c P1=0000000080079b70 P2=0000000000000001
1712 rip=00000000009c0310 rsp=00000000009b88c8 rbp=00000000009b97a0 ctxflags=0010005f
1713 cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b eflags=00010202 mxcrx=00001f80
1714 P3=0000000080079b78 P4=0000000000000001 P5=00000000000005e1 P6=0000000010017500
1715 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
1716 dr6=0000000000000000 dr7=0000000000000000 vcr=0000100000017c70 dcr=0000000180000000
1717 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
17182b28.a14: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-kernel32-errorhandling-l1-1-0.dll) -> 0x0, fPresent=1
17192b28.a14: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-kernel32-errorhandling-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
17202b28.a14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6eb70000 'ext-ms-win-kernel32-errorhandling-l1-1-0.dll'
17213204.4414: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 3219 ms, the end);
17223e0c.2d34: Terminating the normal way: rcExit=0

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy