VirtualBox

Ticket #19710: VBoxHardening.log

File VBoxHardening.log, 123.0 KB (added by RattleFire, 4 years ago)

log1

Line 
12878.3ce0: Log file opened: 6.1.12r139181 g_hStartupLog=000000000000029c g_uNtVerCombined=0xa047ba00
22878.3ce0: \SystemRoot\System32\ntdll.dll:
32878.3ce0: CreationTime: 2020-07-27T09:29:22.468662600Z
42878.3ce0: LastWriteTime: 2020-07-27T09:29:22.507631900Z
52878.3ce0: ChangeTime: 2020-07-28T06:10:52.472083500Z
62878.3ce0: FileAttributes: 0x20
72878.3ce0: Size: 0x1e8460
82878.3ce0: NT Headers: 0xd8
92878.3ce0: Timestamp: 0xb29ecf52
102878.3ce0: Machine: 0x8664 - amd64
112878.3ce0: Timestamp: 0xb29ecf52
122878.3ce0: Image Version: 10.0
132878.3ce0: SizeOfImage: 0x1f0000 (2031616)
142878.3ce0: Resource Dir: 0x17f000 LB 0x6f310
152878.3ce0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
162878.3ce0: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
172878.3ce0: ProductName: Microsoft® Windows® Operating System
182878.3ce0: ProductVersion: 10.0.18362.815
192878.3ce0: FileVersion: 10.0.18362.815 (WinBuild.160101.0800)
202878.3ce0: FileDescription: NT Layer DLL
212878.3ce0: \SystemRoot\System32\kernel32.dll:
222878.3ce0: CreationTime: 2020-07-27T09:28:50.277970100Z
232878.3ce0: LastWriteTime: 2020-07-27T09:28:50.294953700Z
242878.3ce0: ChangeTime: 2020-07-28T06:10:41.051213400Z
252878.3ce0: FileAttributes: 0x20
262878.3ce0: Size: 0xb0498
272878.3ce0: NT Headers: 0xe8
282878.3ce0: Timestamp: 0xce6bbd73
292878.3ce0: Machine: 0x8664 - amd64
302878.3ce0: Timestamp: 0xce6bbd73
312878.3ce0: Image Version: 10.0
322878.3ce0: SizeOfImage: 0xb2000 (729088)
332878.3ce0: Resource Dir: 0xb0000 LB 0x520
342878.3ce0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
352878.3ce0: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
362878.3ce0: ProductName: Microsoft® Windows® Operating System
372878.3ce0: ProductVersion: 10.0.18362.959
382878.3ce0: FileVersion: 10.0.18362.959 (WinBuild.160101.0800)
392878.3ce0: FileDescription: Windows NT BASE API Client DLL
402878.3ce0: \SystemRoot\System32\KernelBase.dll:
412878.3ce0: CreationTime: 2020-07-27T09:29:23.091189900Z
422878.3ce0: LastWriteTime: 2020-07-27T09:29:23.150058300Z
432878.3ce0: ChangeTime: 2020-07-28T06:10:50.315875600Z
442878.3ce0: FileAttributes: 0x20
452878.3ce0: Size: 0x2a4058
462878.3ce0: NT Headers: 0xf8
472878.3ce0: Timestamp: 0x7b90c1b5
482878.3ce0: Machine: 0x8664 - amd64
492878.3ce0: Timestamp: 0x7b90c1b5
502878.3ce0: Image Version: 10.0
512878.3ce0: SizeOfImage: 0x2a4000 (2768896)
522878.3ce0: Resource Dir: 0x27e000 LB 0x548
532878.3ce0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
542878.3ce0: [Raw version resource data: 0x27e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
552878.3ce0: ProductName: Microsoft® Windows® Operating System
562878.3ce0: ProductVersion: 10.0.18362.959
572878.3ce0: FileVersion: 10.0.18362.959 (WinBuild.160101.0800)
582878.3ce0: FileDescription: Windows NT BASE API Client DLL
592878.3ce0: \SystemRoot\System32\apisetschema.dll:
602878.3ce0: CreationTime: 2019-03-19T04:43:54.837151500Z
612878.3ce0: LastWriteTime: 2019-03-19T04:43:54.837151500Z
622878.3ce0: ChangeTime: 2020-07-27T09:30:52.160553000Z
632878.3ce0: FileAttributes: 0x20
642878.3ce0: Size: 0x1d028
652878.3ce0: NT Headers: 0xc8
662878.3ce0: Timestamp: 0xd6ced080
672878.3ce0: Machine: 0x8664 - amd64
682878.3ce0: Timestamp: 0xd6ced080
692878.3ce0: Image Version: 10.0
702878.3ce0: SizeOfImage: 0x1e000 (122880)
712878.3ce0: Resource Dir: 0x1d000 LB 0x408
722878.3ce0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
732878.3ce0: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
742878.3ce0: ProductName: Microsoft® Windows® Operating System
752878.3ce0: ProductVersion: 10.0.18362.1
762878.3ce0: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
772878.3ce0: FileDescription: ApiSet Schema DLL
782878.3ce0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
792878.3ce0: supR3HardenedWinFindAdversaries: 0x840
802878.3ce0: \SystemRoot\System32\drivers\klflt.sys:
812878.3ce0: CreationTime: 2020-03-06T08:53:28.856343500Z
822878.3ce0: LastWriteTime: 2020-03-12T20:48:02.000000000Z
832878.3ce0: ChangeTime: 2020-05-15T10:01:19.828084100Z
842878.3ce0: FileAttributes: 0x20
852878.3ce0: Size: 0x3f100
862878.3ce0: NT Headers: 0xf8
872878.3ce0: Timestamp: 0x5e6a66e9
882878.3ce0: Machine: 0x8664 - amd64
892878.3ce0: Timestamp: 0x5e6a66e9
902878.3ce0: Image Version: 6.1
912878.3ce0: SizeOfImage: 0x4d000 (315392)
922878.3ce0: Resource Dir: 0x4a000 LB 0x430
932878.3ce0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
942878.3ce0: [Raw version resource data: 0x4a060 LB 0x3d0, codepage 0x0 (reserved 0x0)]
952878.3ce0: ProductName: Coretech Delivery
962878.3ce0: ProductVersion: 30.289.132.0-e369c7d411
972878.3ce0: FileVersion: 30.289.132.0
982878.3ce0: FileDescription: Filter Core [fre_win7_x64]
992878.3ce0: \SystemRoot\System32\drivers\klif.sys:
1002878.3ce0: CreationTime: 2020-03-06T08:53:28.861361800Z
1012878.3ce0: LastWriteTime: 2020-03-12T20:48:04.000000000Z
1022878.3ce0: ChangeTime: 2020-05-15T10:01:19.795147700Z
1032878.3ce0: FileAttributes: 0x20
1042878.3ce0: Size: 0x12d500
1052878.3ce0: NT Headers: 0x100
1062878.3ce0: Timestamp: 0x5e6a6704
1072878.3ce0: Machine: 0x8664 - amd64
1082878.3ce0: Timestamp: 0x5e6a6704
1092878.3ce0: Image Version: 6.1
1102878.3ce0: SizeOfImage: 0x12f000 (1241088)
1112878.3ce0: Resource Dir: 0x125000 LB 0x3410
1122878.3ce0: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)]
1132878.3ce0: [Raw version resource data: 0x128028 LB 0x3e8, codepage 0x0 (reserved 0x0)]
1142878.3ce0: ProductName: Coretech Delivery
1152878.3ce0: ProductVersion: 30.289.132.0-e369c7d411
1162878.3ce0: FileVersion: 30.289.132.0
1172878.3ce0: FileDescription: Core System Interceptors [fre_win7_x64]
1182878.3ce0: \SystemRoot\System32\drivers\klim6.sys:
1192878.3ce0: CreationTime: 2019-01-28T00:49:40.000000000Z
1202878.3ce0: LastWriteTime: 2020-03-05T01:33:42.000000000Z
1212878.3ce0: ChangeTime: 2020-05-15T10:01:20.628593700Z
1222878.3ce0: FileAttributes: 0x20
1232878.3ce0: Size: 0x159f0
1242878.3ce0: NT Headers: 0xe0
1252878.3ce0: Timestamp: 0x8c875967
1262878.3ce0: Machine: 0x8664 - amd64
1272878.3ce0: Timestamp: 0x8c875967
1282878.3ce0: Image Version: 6.1
1292878.3ce0: SizeOfImage: 0x12000 (73728)
1302878.3ce0: Resource Dir: 0x10000 LB 0x448
1312878.3ce0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1322878.3ce0: [Raw version resource data: 0x10060 LB 0x3e4, codepage 0x0 (reserved 0x0)]
1332878.3ce0: ProductName: Coretech Delivery
1342878.3ce0: ProductVersion: 30.289.126.0-2a58c6003b
1352878.3ce0: FileVersion: 30.289.126.0
1362878.3ce0: FileDescription: Packet Network Filter [fre_win7_x64]
1372878.3ce0: \SystemRoot\System32\drivers\kneps.sys:
1382878.3ce0: CreationTime: 2019-04-29T04:50:14.000000000Z
1392878.3ce0: LastWriteTime: 2020-03-06T02:31:48.000000000Z
1402878.3ce0: ChangeTime: 2020-05-15T10:01:20.486058100Z
1412878.3ce0: FileAttributes: 0x20
1422878.3ce0: Size: 0x44300
1432878.3ce0: NT Headers: 0xf8
1442878.3ce0: Timestamp: 0x359fc650
1452878.3ce0: Machine: 0x8664 - amd64
1462878.3ce0: Timestamp: 0x359fc650
1472878.3ce0: Image Version: 6.1
1482878.3ce0: SizeOfImage: 0x44000 (278528)
1492878.3ce0: Resource Dir: 0x41000 LB 0x440
1502878.3ce0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1512878.3ce0: [Raw version resource data: 0x41060 LB 0x3dc, codepage 0x0 (reserved 0x0)]
1522878.3ce0: ProductName: Coretech Delivery
1532878.3ce0: ProductVersion: 30.289.126.0-2a58c6003b
1542878.3ce0: FileVersion: 30.289.126.0
1552878.3ce0: FileDescription: Network Processor [fre_win7_x64]
1562878.3ce0: \SystemRoot\System32\drivers\inspect.sys:
1572878.3ce0: CreationTime: 2019-10-22T10:41:08.000000000Z
1582878.3ce0: LastWriteTime: 2019-10-22T10:41:08.000000000Z
1592878.3ce0: ChangeTime: 2019-12-12T12:56:19.421137100Z
1602878.3ce0: FileAttributes: 0x20
1612878.3ce0: Size: 0x137c8
1622878.3ce0: NT Headers: 0xf8
1632878.3ce0: Timestamp: 0x5cfbc135
1642878.3ce0: Machine: 0x8664 - amd64
1652878.3ce0: Timestamp: 0x5cfbc135
1662878.3ce0: Image Version: 10.0
1672878.3ce0: SizeOfImage: 0x14000 (81920)
1682878.3ce0: Resource Dir: 0x12000 LB 0x690
1692878.3ce0: [Version info resource found at 0x50! (ID/Name: 0x1; SubID/SubName: 0x409)]
1702878.3ce0: [Raw version resource data: 0x12070 LB 0x2fc, codepage 0x0 (reserved 0x0)]
1712878.3ce0: ProductName: DOZOR Agent
1722878.3ce0: ProductVersion: 3.3.0.0
1732878.3ce0: FileVersion: 1.0.1.3
1742878.3ce0: FileDescription: Process Control Driver
1752878.3ce0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
1762878.3ce0: Calling main()
1772878.3ce0: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
1782878.3ce0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
1792878.3ce0: SUPR3HardenedMain: Respawn #1
1802878.3ce0: System32: \Device\HarddiskVolume4\Windows\System32
1812878.3ce0: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
1822878.3ce0: KnownDllPath: C:\WINDOWS\System32
1832878.3ce0: supR3HardenedWinInit: Performing a limited self purification...
1842878.3ce0: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
1852878.3ce0: *0000000000000000-000000000098ffff 0x0001/0x0000 0x0000000
1862878.3ce0: *0000000000990000-000000000099ffff 0x0004/0x0004 0x0040000
1872878.3ce0: *00000000009a0000-00000000009a3fff 0x0002/0x0002 0x0040000
1882878.3ce0: 00000000009a4000-00000000009a7fff 0x0000/0x0002 0x0040000
1892878.3ce0: 00000000009a8000-00000000009affff 0x0001/0x0000 0x0000000
1902878.3ce0: *00000000009b0000-00000000009cafff 0x0002/0x0002 0x0040000
1912878.3ce0: 00000000009cb000-00000000009cffff 0x0001/0x0000 0x0000000
1922878.3ce0: *00000000009d0000-00000000009d0fff 0x0020/0x0020 0x0020000 !!
1932878.3ce0: 00000000009d1000-00000000009dffff 0x0001/0x0000 0x0000000
1942878.3ce0: *00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000
1952878.3ce0: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000
1962878.3ce0: *00000000009f0000-00000000009f1fff 0x0004/0x0004 0x0020000
1972878.3ce0: 00000000009f2000-00000000009fffff 0x0001/0x0000 0x0000000
1982878.3ce0: *0000000000a00000-0000000000b6bfff 0x0000/0x0004 0x0020000
1992878.3ce0: 0000000000b6c000-0000000000b76fff 0x0004/0x0004 0x0020000
2002878.3ce0: 0000000000b77000-0000000000bfffff 0x0000/0x0004 0x0020000
2012878.3ce0: *0000000000c00000-0000000000cb0fff 0x0000/0x0004 0x0020000
2022878.3ce0: 0000000000cb1000-0000000000cb3fff 0x0104/0x0004 0x0020000
2032878.3ce0: 0000000000cb4000-0000000000cfffff 0x0004/0x0004 0x0020000
2042878.3ce0: *0000000000d00000-0000000000d01fff 0x0004/0x0004 0x0020000
2052878.3ce0: 0000000000d02000-0000000000d31fff 0x0000/0x0004 0x0020000
2062878.3ce0: 0000000000d32000-0000000000d4ffff 0x0001/0x0000 0x0000000
2072878.3ce0: *0000000000d50000-0000000000de0fff 0x0004/0x0004 0x0020000
2082878.3ce0: 0000000000de1000-0000000000de3fff 0x0000/0x0004 0x0020000
2092878.3ce0: 0000000000de4000-0000000000de8fff 0x0004/0x0004 0x0020000
2102878.3ce0: 0000000000de9000-0000000000debfff 0x0000/0x0004 0x0020000
2112878.3ce0: 0000000000dec000-0000000000dedfff 0x0004/0x0004 0x0020000
2122878.3ce0: 0000000000dee000-0000000000e05fff 0x0000/0x0004 0x0020000
2132878.3ce0: 0000000000e06000-0000000000e06fff 0x0004/0x0004 0x0020000
2142878.3ce0: 0000000000e07000-0000000000e4ffff 0x0000/0x0004 0x0020000
2152878.3ce0: *0000000000e50000-0000000000f16fff 0x0002/0x0002 0x0040000
2162878.3ce0: 0000000000f17000-0000000000f1ffff 0x0001/0x0000 0x0000000
2172878.3ce0: *0000000000f20000-000000000101afff 0x0000/0x0004 0x0020000
2182878.3ce0: 000000000101b000-000000000101dfff 0x0104/0x0004 0x0020000
2192878.3ce0: 000000000101e000-000000000101ffff 0x0004/0x0004 0x0020000
2202878.3ce0: *0000000001020000-000000000111afff 0x0000/0x0004 0x0020000
2212878.3ce0: 000000000111b000-000000000111dfff 0x0104/0x0004 0x0020000
2222878.3ce0: 000000000111e000-000000000111ffff 0x0004/0x0004 0x0020000
2232878.3ce0: *0000000001120000-000000000121afff 0x0000/0x0004 0x0020000
2242878.3ce0: 000000000121b000-000000000121dfff 0x0104/0x0004 0x0020000
2252878.3ce0: 000000000121e000-000000000121ffff 0x0004/0x0004 0x0020000
2262878.3ce0: *0000000001220000-0000000001233fff 0x0002/0x0002 0x0040000
2272878.3ce0: 0000000001234000-000000000141ffff 0x0000/0x0002 0x0040000
2282878.3ce0: *0000000001420000-00000000015a0fff 0x0002/0x0002 0x0040000
2292878.3ce0: 00000000015a1000-00000000015affff 0x0001/0x0000 0x0000000
2302878.3ce0: *00000000015b0000-0000000001650fff 0x0002/0x0002 0x0040000
2312878.3ce0: 0000000001651000-00000000029b0fff 0x0000/0x0002 0x0040000
2322878.3ce0: 00000000029b1000-00000000029bffff 0x0001/0x0000 0x0000000
2332878.3ce0: *00000000029c0000-00000000029c0fff 0x0004/0x0004 0x0020000
2342878.3ce0: 00000000029c1000-00000000029f1fff 0x0000/0x0004 0x0020000
2352878.3ce0: 00000000029f2000-00000000029fffff 0x0001/0x0000 0x0000000
2362878.3ce0: *0000000002a00000-0000000002a01fff 0x0004/0x0004 0x0020000
2372878.3ce0: 0000000002a02000-0000000002a31fff 0x0000/0x0004 0x0020000
2382878.3ce0: 0000000002a32000-0000000002a4ffff 0x0001/0x0000 0x0000000
2392878.3ce0: *0000000002a50000-0000000002a56fff 0x0004/0x0004 0x0020000
2402878.3ce0: 0000000002a57000-0000000002a5ffff 0x0000/0x0004 0x0020000
2412878.3ce0: *0000000002a60000-0000000003e60fff 0x0004/0x0004 0x0040000
2422878.3ce0: 0000000003e61000-0000000003e6ffff 0x0001/0x0000 0x0000000
2432878.3ce0: *0000000003e70000-0000000003f6bfff 0x0000/0x0004 0x0020000
2442878.3ce0: 0000000003f6c000-0000000003f6efff 0x0104/0x0004 0x0020000
2452878.3ce0: 0000000003f6f000-0000000003f6ffff 0x0004/0x0004 0x0020000
2462878.3ce0: 0000000003f70000-0000000003fcffff 0x0001/0x0000 0x0000000
2472878.3ce0: *0000000003fd0000-0000000003fdefff 0x0004/0x0004 0x0020000
2482878.3ce0: 0000000003fdf000-0000000003fdffff 0x0000/0x0004 0x0020000
2492878.3ce0: *0000000003fe0000-0000000003ffcfff 0x0004/0x0004 0x0020000
2502878.3ce0: 0000000003ffd000-00000000040dffff 0x0000/0x0004 0x0020000
2512878.3ce0: *00000000040e0000-00000000040e3fff 0x0004/0x0004 0x0020000
2522878.3ce0: 00000000040e4000-00000000040effff 0x0000/0x0004 0x0020000
2532878.3ce0: *00000000040f0000-0000000004426fff 0x0002/0x0002 0x0040000
2542878.3ce0: 0000000004427000-000000000442ffff 0x0001/0x0000 0x0000000
2552878.3ce0: *0000000004430000-0000000004620fff 0x0004/0x0004 0x0020000
2562878.3ce0: 0000000004621000-0000000004621fff 0x0000/0x0004 0x0020000
2572878.3ce0: 0000000004622000-000000007ffdffff 0x0001/0x0000 0x0000000
2582878.3ce0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2592878.3ce0: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
2602878.3ce0: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
2612878.3ce0: 000000007fff0000-00007ff42fedffff 0x0001/0x0000 0x0000000
2622878.3ce0: *00007ff42fee0000-00007ff42fee4fff 0x0002/0x0002 0x0040000
2632878.3ce0: 00007ff42fee5000-00007ff42ffdffff 0x0000/0x0002 0x0040000
2642878.3ce0: *00007ff42ffe0000-00007ff52fffffff 0x0000/0x0004 0x0020000
2652878.3ce0: *00007ff530000000-00007ff531ffffff 0x0000/0x0004 0x0020000
2662878.3ce0: 00007ff532000000-00007ff532000fff 0x0004/0x0004 0x0020000
2672878.3ce0: 00007ff532001000-00007ff53200ffff 0x0001/0x0000 0x0000000
2682878.3ce0: *00007ff532010000-00007ff532010fff 0x0002/0x0002 0x0040000
2692878.3ce0: 00007ff532011000-00007ff53201ffff 0x0001/0x0000 0x0000000
2702878.3ce0: *00007ff532020000-00007ff532042fff 0x0002/0x0002 0x0040000
2712878.3ce0: 00007ff532043000-00007ff6e910ffff 0x0001/0x0000 0x0000000
2722878.3ce0: *00007ff6e9110000-00007ff6e9110fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2732878.3ce0: 00007ff6e9111000-00007ff6e9186fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2742878.3ce0: 00007ff6e9187000-00007ff6e9187fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2752878.3ce0: 00007ff6e9188000-00007ff6e91cffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2762878.3ce0: 00007ff6e91d0000-00007ff6e91d2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2772878.3ce0: 00007ff6e91d3000-00007ff6e91d5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2782878.3ce0: 00007ff6e91d6000-00007ff6e91d8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2792878.3ce0: 00007ff6e91d9000-00007ff6e91d9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2802878.3ce0: 00007ff6e91da000-00007ff6e91dbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2812878.3ce0: 00007ff6e91dc000-00007ff6e91dcfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2822878.3ce0: 00007ff6e91dd000-00007ff6e9225fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2832878.3ce0: 00007ff6e9226000-00007fff6815ffff 0x0001/0x0000 0x0000000
2842878.3ce0: *00007fff68160000-00007fff68160fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\samcli.dll
2852878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68160000 LB 0x1000 (base 00007fff68160000) - 'samcli.dll'
2862878.3ce0: 00007fff68161000-00007fff6816efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\samcli.dll
2872878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68161000 LB 0xe000 (base 00007fff68160000) - 'samcli.dll'
2882878.3ce0: 00007fff6816f000-00007fff68172fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\samcli.dll
2892878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6816f000 LB 0x4000 (base 00007fff68160000) - 'samcli.dll'
2902878.3ce0: 00007fff68173000-00007fff68173fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\samcli.dll
2912878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68173000 LB 0x1000 (base 00007fff68160000) - 'samcli.dll'
2922878.3ce0: 00007fff68174000-00007fff68177fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\samcli.dll
2932878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68174000 LB 0x4000 (base 00007fff68160000) - 'samcli.dll'
2942878.3ce0: 00007fff68178000-00007fff6817ffff 0x0001/0x0000 0x0000000
2952878.3ce0: *00007fff68180000-00007fff68180fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
2962878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68180000 LB 0x1000 (base 00007fff68180000) - 'winmmbase.dll'
2972878.3ce0: 00007fff68181000-00007fff6819cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
2982878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68181000 LB 0x1c000 (base 00007fff68180000) - 'winmmbase.dll'
2992878.3ce0: 00007fff6819d000-00007fff681a5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
3002878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6819d000 LB 0x9000 (base 00007fff68180000) - 'winmmbase.dll'
3012878.3ce0: 00007fff681a6000-00007fff681a7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
3022878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681a6000 LB 0x2000 (base 00007fff68180000) - 'winmmbase.dll'
3032878.3ce0: 00007fff681a8000-00007fff681acfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
3042878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681a8000 LB 0x5000 (base 00007fff68180000) - 'winmmbase.dll'
3052878.3ce0: 00007fff681ad000-00007fff681affff 0x0001/0x0000 0x0000000
3062878.3ce0: *00007fff681b0000-00007fff681b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\mpr.dll
3072878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681b0000 LB 0x1000 (base 00007fff681b0000) - 'mpr.dll'
3082878.3ce0: 00007fff681b1000-00007fff681c0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\mpr.dll
3092878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681b1000 LB 0x10000 (base 00007fff681b0000) - 'mpr.dll'
3102878.3ce0: 00007fff681c1000-00007fff681c5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\mpr.dll
3112878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681c1000 LB 0x5000 (base 00007fff681b0000) - 'mpr.dll'
3122878.3ce0: 00007fff681c6000-00007fff681c6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\mpr.dll
3132878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681c6000 LB 0x1000 (base 00007fff681b0000) - 'mpr.dll'
3142878.3ce0: 00007fff681c7000-00007fff681cafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\mpr.dll
3152878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681c7000 LB 0x4000 (base 00007fff681b0000) - 'mpr.dll'
3162878.3ce0: 00007fff681cb000-00007fff681cffff 0x0001/0x0000 0x0000000
3172878.3ce0: *00007fff681d0000-00007fff681d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\netapi32.dll
3182878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681d0000 LB 0x1000 (base 00007fff681d0000) - 'netapi32.dll'
3192878.3ce0: 00007fff681d1000-00007fff681dafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\netapi32.dll
3202878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681d1000 LB 0xa000 (base 00007fff681d0000) - 'netapi32.dll'
3212878.3ce0: 00007fff681db000-00007fff681e1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\netapi32.dll
3222878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681db000 LB 0x7000 (base 00007fff681d0000) - 'netapi32.dll'
3232878.3ce0: 00007fff681e2000-00007fff681e2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\netapi32.dll
3242878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681e2000 LB 0x1000 (base 00007fff681d0000) - 'netapi32.dll'
3252878.3ce0: 00007fff681e3000-00007fff681e6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\netapi32.dll
3262878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681e3000 LB 0x4000 (base 00007fff681d0000) - 'netapi32.dll'
3272878.3ce0: 00007fff681e7000-00007fff681effff 0x0001/0x0000 0x0000000
3282878.3ce0: *00007fff681f0000-00007fff681f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msacm32.dll
3292878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681f0000 LB 0x1000 (base 00007fff681f0000) - 'msacm32.dll'
3302878.3ce0: 00007fff681f1000-00007fff68201fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msacm32.dll
3312878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff681f1000 LB 0x11000 (base 00007fff681f0000) - 'msacm32.dll'
3322878.3ce0: 00007fff68202000-00007fff68206fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msacm32.dll
3332878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68202000 LB 0x5000 (base 00007fff681f0000) - 'msacm32.dll'
3342878.3ce0: 00007fff68207000-00007fff68207fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msacm32.dll
3352878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68207000 LB 0x1000 (base 00007fff681f0000) - 'msacm32.dll'
3362878.3ce0: 00007fff68208000-00007fff6820bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msacm32.dll
3372878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68208000 LB 0x4000 (base 00007fff681f0000) - 'msacm32.dll'
3382878.3ce0: 00007fff6820c000-00007fff6821ffff 0x0001/0x0000 0x0000000
3392878.3ce0: *00007fff68220000-00007fff68220fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\version.dll
3402878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68220000 LB 0x1000 (base 00007fff68220000) - 'version.dll'
3412878.3ce0: 00007fff68221000-00007fff68223fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\version.dll
3422878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68221000 LB 0x3000 (base 00007fff68220000) - 'version.dll'
3432878.3ce0: 00007fff68224000-00007fff68225fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\version.dll
3442878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68224000 LB 0x2000 (base 00007fff68220000) - 'version.dll'
3452878.3ce0: 00007fff68226000-00007fff68226fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\version.dll
3462878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68226000 LB 0x1000 (base 00007fff68220000) - 'version.dll'
3472878.3ce0: 00007fff68227000-00007fff68229fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\version.dll
3482878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68227000 LB 0x3000 (base 00007fff68220000) - 'version.dll'
3492878.3ce0: 00007fff6822a000-00007fff68acffff 0x0001/0x0000 0x0000000
3502878.3ce0: *00007fff68ad0000-00007fff68ad0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\UMInterceptors_x64.dll
3512878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68ad0000 LB 0x1000 (base 00007fff68ad0000) - 'UMInterceptors_x64.dll'
3522878.3ce0: 00007fff68ad1000-00007fff68c39fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\UMInterceptors_x64.dll
3532878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68ad1000 LB 0x169000 (base 00007fff68ad0000) - 'UMInterceptors_x64.dll'
3542878.3ce0: 00007fff68c3a000-00007fff68cbefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\UMInterceptors_x64.dll
3552878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68c3a000 LB 0x85000 (base 00007fff68ad0000) - 'UMInterceptors_x64.dll'
3562878.3ce0: 00007fff68cbf000-00007fff68cc0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\UMInterceptors_x64.dll
3572878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68cbf000 LB 0x2000 (base 00007fff68ad0000) - 'UMInterceptors_x64.dll'
3582878.3ce0: 00007fff68cc1000-00007fff68cc3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\UMInterceptors_x64.dll
3592878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68cc1000 LB 0x3000 (base 00007fff68ad0000) - 'UMInterceptors_x64.dll'
3602878.3ce0: 00007fff68cc4000-00007fff68cc6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\UMInterceptors_x64.dll
3612878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68cc4000 LB 0x3000 (base 00007fff68ad0000) - 'UMInterceptors_x64.dll'
3622878.3ce0: 00007fff68cc7000-00007fff68cdcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\UMInterceptors_x64.dll
3632878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff68cc7000 LB 0x16000 (base 00007fff68ad0000) - 'UMInterceptors_x64.dll'
3642878.3ce0: 00007fff68cdd000-00007fff6bb3ffff 0x0001/0x0000 0x0000000
3652878.3ce0: *00007fff6bb40000-00007fff6bb40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
3662878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6bb40000 LB 0x1000 (base 00007fff6bb40000) - 'IPHLPAPI.DLL'
3672878.3ce0: 00007fff6bb41000-00007fff6bb69fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
3682878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6bb41000 LB 0x29000 (base 00007fff6bb40000) - 'IPHLPAPI.DLL'
3692878.3ce0: 00007fff6bb6a000-00007fff6bb73fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
3702878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6bb6a000 LB 0xa000 (base 00007fff6bb40000) - 'IPHLPAPI.DLL'
3712878.3ce0: 00007fff6bb74000-00007fff6bb74fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
3722878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6bb74000 LB 0x1000 (base 00007fff6bb40000) - 'IPHLPAPI.DLL'
3732878.3ce0: 00007fff6bb75000-00007fff6bb79fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
3742878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6bb75000 LB 0x5000 (base 00007fff6bb40000) - 'IPHLPAPI.DLL'
3752878.3ce0: 00007fff6bb7a000-00007fff6c61ffff 0x0001/0x0000 0x0000000
3762878.3ce0: *00007fff6c620000-00007fff6c620fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\umpdc.dll
3772878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c620000 LB 0x1000 (base 00007fff6c620000) - 'umpdc.dll'
3782878.3ce0: 00007fff6c621000-00007fff6c628fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\umpdc.dll
3792878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c621000 LB 0x8000 (base 00007fff6c620000) - 'umpdc.dll'
3802878.3ce0: 00007fff6c629000-00007fff6c62bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\umpdc.dll
3812878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c629000 LB 0x3000 (base 00007fff6c620000) - 'umpdc.dll'
3822878.3ce0: 00007fff6c62c000-00007fff6c62cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\umpdc.dll
3832878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c62c000 LB 0x1000 (base 00007fff6c620000) - 'umpdc.dll'
3842878.3ce0: 00007fff6c62d000-00007fff6c62ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\umpdc.dll
3852878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c62d000 LB 0x3000 (base 00007fff6c620000) - 'umpdc.dll'
3862878.3ce0: 00007fff6c630000-00007fff6c64ffff 0x0001/0x0000 0x0000000
3872878.3ce0: *00007fff6c650000-00007fff6c650fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
3882878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c650000 LB 0x1000 (base 00007fff6c650000) - 'kernel.appcore.dll'
3892878.3ce0: 00007fff6c651000-00007fff6c654fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
3902878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c651000 LB 0x4000 (base 00007fff6c650000) - 'kernel.appcore.dll'
3912878.3ce0: 00007fff6c655000-00007fff6c65bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
3922878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c655000 LB 0x7000 (base 00007fff6c650000) - 'kernel.appcore.dll'
3932878.3ce0: 00007fff6c65c000-00007fff6c65cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
3942878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c65c000 LB 0x1000 (base 00007fff6c650000) - 'kernel.appcore.dll'
3952878.3ce0: 00007fff6c65d000-00007fff6c660fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
3962878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c65d000 LB 0x4000 (base 00007fff6c650000) - 'kernel.appcore.dll'
3972878.3ce0: 00007fff6c661000-00007fff6c66ffff 0x0001/0x0000 0x0000000
3982878.3ce0: *00007fff6c670000-00007fff6c670fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\powrprof.dll
3992878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c670000 LB 0x1000 (base 00007fff6c670000) - 'powrprof.dll'
4002878.3ce0: 00007fff6c671000-00007fff6c681fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\powrprof.dll
4012878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c671000 LB 0x11000 (base 00007fff6c670000) - 'powrprof.dll'
4022878.3ce0: 00007fff6c682000-00007fff6c68bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\powrprof.dll
4032878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c682000 LB 0xa000 (base 00007fff6c670000) - 'powrprof.dll'
4042878.3ce0: 00007fff6c68c000-00007fff6c68cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\powrprof.dll
4052878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c68c000 LB 0x1000 (base 00007fff6c670000) - 'powrprof.dll'
4062878.3ce0: 00007fff6c68d000-00007fff6c6b9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\powrprof.dll
4072878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c68d000 LB 0x2d000 (base 00007fff6c670000) - 'powrprof.dll'
4082878.3ce0: 00007fff6c6ba000-00007fff6c6bffff 0x0001/0x0000 0x0000000
4092878.3ce0: *00007fff6c6c0000-00007fff6c6c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\profapi.dll
4102878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c6c0000 LB 0x1000 (base 00007fff6c6c0000) - 'profapi.dll'
4112878.3ce0: 00007fff6c6c1000-00007fff6c6d4fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\profapi.dll
4122878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c6c1000 LB 0x14000 (base 00007fff6c6c0000) - 'profapi.dll'
4132878.3ce0: 00007fff6c6d5000-00007fff6c6dcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\profapi.dll
4142878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c6d5000 LB 0x8000 (base 00007fff6c6c0000) - 'profapi.dll'
4152878.3ce0: 00007fff6c6dd000-00007fff6c6ddfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\profapi.dll
4162878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c6dd000 LB 0x1000 (base 00007fff6c6c0000) - 'profapi.dll'
4172878.3ce0: 00007fff6c6de000-00007fff6c6e2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\profapi.dll
4182878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c6de000 LB 0x5000 (base 00007fff6c6c0000) - 'profapi.dll'
4192878.3ce0: 00007fff6c6e3000-00007fff6c6effff 0x0001/0x0000 0x0000000
4202878.3ce0: *00007fff6c6f0000-00007fff6c6f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\win32u.dll
4212878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c6f0000 LB 0x1000 (base 00007fff6c6f0000) - 'win32u.dll'
4222878.3ce0: 00007fff6c6f1000-00007fff6c6fafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\win32u.dll
4232878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c6f1000 LB 0xa000 (base 00007fff6c6f0000) - 'win32u.dll'
4242878.3ce0: 00007fff6c6fb000-00007fff6c709fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\win32u.dll
4252878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c6fb000 LB 0xf000 (base 00007fff6c6f0000) - 'win32u.dll'
4262878.3ce0: 00007fff6c70a000-00007fff6c70afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\win32u.dll
4272878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c70a000 LB 0x1000 (base 00007fff6c6f0000) - 'win32u.dll'
4282878.3ce0: 00007fff6c70b000-00007fff6c710fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\win32u.dll
4292878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6c70b000 LB 0x6000 (base 00007fff6c6f0000) - 'win32u.dll'
4302878.3ce0: 00007fff6c711000-00007fff6c7cffff 0x0001/0x0000 0x0000000
4312878.3ce0: *00007fff6c7d0000-00007fff6c7d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
4322878.3ce0: 00007fff6c7d1000-00007fff6c8d5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
4332878.3ce0: 00007fff6c8d6000-00007fff6ca38fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
4342878.3ce0: 00007fff6ca39000-00007fff6ca3cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
4352878.3ce0: 00007fff6ca3d000-00007fff6ca3dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
4362878.3ce0: 00007fff6ca3e000-00007fff6ca73fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
4372878.3ce0: 00007fff6ca74000-00007fff6ca7ffff 0x0001/0x0000 0x0000000
4382878.3ce0: *00007fff6ca80000-00007fff6ca80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
4392878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ca80000 LB 0x1000 (base 00007fff6ca80000) - 'ucrtbase.dll'
4402878.3ce0: 00007fff6ca81000-00007fff6cb31fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
4412878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ca81000 LB 0xb1000 (base 00007fff6ca80000) - 'ucrtbase.dll'
4422878.3ce0: 00007fff6cb32000-00007fff6cb69fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
4432878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cb32000 LB 0x38000 (base 00007fff6ca80000) - 'ucrtbase.dll'
4442878.3ce0: 00007fff6cb6a000-00007fff6cb6cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
4452878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cb6a000 LB 0x3000 (base 00007fff6ca80000) - 'ucrtbase.dll'
4462878.3ce0: 00007fff6cb6d000-00007fff6cb79fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
4472878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cb6d000 LB 0xd000 (base 00007fff6ca80000) - 'ucrtbase.dll'
4482878.3ce0: 00007fff6cb7a000-00007fff6cb7ffff 0x0001/0x0000 0x0000000
4492878.3ce0: *00007fff6cb80000-00007fff6cb80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
4502878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cb80000 LB 0x1000 (base 00007fff6cb80000) - 'cfgmgr32.dll'
4512878.3ce0: 00007fff6cb81000-00007fff6cbb3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
4522878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cb81000 LB 0x33000 (base 00007fff6cb80000) - 'cfgmgr32.dll'
4532878.3ce0: 00007fff6cbb4000-00007fff6cbc1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
4542878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cbb4000 LB 0xe000 (base 00007fff6cb80000) - 'cfgmgr32.dll'
4552878.3ce0: 00007fff6cbc2000-00007fff6cbc2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
4562878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cbc2000 LB 0x1000 (base 00007fff6cb80000) - 'cfgmgr32.dll'
4572878.3ce0: 00007fff6cbc3000-00007fff6cbc3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
4582878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cbc3000 LB 0x1000 (base 00007fff6cb80000) - 'cfgmgr32.dll'
4592878.3ce0: 00007fff6cbc4000-00007fff6cbc9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
4602878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cbc4000 LB 0x6000 (base 00007fff6cb80000) - 'cfgmgr32.dll'
4612878.3ce0: 00007fff6cbca000-00007fff6cbcffff 0x0001/0x0000 0x0000000
4622878.3ce0: *00007fff6cbd0000-00007fff6cbd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
4632878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cbd0000 LB 0x1000 (base 00007fff6cbd0000) - 'bcryptprimitives.dll'
4642878.3ce0: 00007fff6cbd1000-00007fff6cc36fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
4652878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cbd1000 LB 0x66000 (base 00007fff6cbd0000) - 'bcryptprimitives.dll'
4662878.3ce0: 00007fff6cc37000-00007fff6cc49fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
4672878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cc37000 LB 0x13000 (base 00007fff6cbd0000) - 'bcryptprimitives.dll'
4682878.3ce0: 00007fff6cc4a000-00007fff6cc4afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
4692878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cc4a000 LB 0x1000 (base 00007fff6cbd0000) - 'bcryptprimitives.dll'
4702878.3ce0: 00007fff6cc4b000-00007fff6cc4ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
4712878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6cc4b000 LB 0x5000 (base 00007fff6cbd0000) - 'bcryptprimitives.dll'
4722878.3ce0: 00007fff6cc50000-00007fff6ccaffff 0x0001/0x0000 0x0000000
4732878.3ce0: *00007fff6ccb0000-00007fff6ccb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
4742878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccb0000 LB 0x1000 (base 00007fff6ccb0000) - 'cryptsp.dll'
4752878.3ce0: 00007fff6ccb1000-00007fff6ccbbfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
4762878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccb1000 LB 0xb000 (base 00007fff6ccb0000) - 'cryptsp.dll'
4772878.3ce0: 00007fff6ccbc000-00007fff6ccc1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
4782878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccbc000 LB 0x6000 (base 00007fff6ccb0000) - 'cryptsp.dll'
4792878.3ce0: 00007fff6ccc2000-00007fff6ccc2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
4802878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccc2000 LB 0x1000 (base 00007fff6ccb0000) - 'cryptsp.dll'
4812878.3ce0: 00007fff6ccc3000-00007fff6ccc6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
4822878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccc3000 LB 0x4000 (base 00007fff6ccb0000) - 'cryptsp.dll'
4832878.3ce0: 00007fff6ccc7000-00007fff6cccffff 0x0001/0x0000 0x0000000
4842878.3ce0: *00007fff6ccd0000-00007fff6ccd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
4852878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccd0000 LB 0x1000 (base 00007fff6ccd0000) - 'bcrypt.dll'
4862878.3ce0: 00007fff6ccd1000-00007fff6cce9fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
4872878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccd1000 LB 0x19000 (base 00007fff6ccd0000) - 'bcrypt.dll'
4882878.3ce0: 00007fff6ccea000-00007fff6cceffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
4892878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccea000 LB 0x6000 (base 00007fff6ccd0000) - 'bcrypt.dll'
4902878.3ce0: 00007fff6ccf0000-00007fff6ccf0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
4912878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccf0000 LB 0x1000 (base 00007fff6ccd0000) - 'bcrypt.dll'
4922878.3ce0: 00007fff6ccf1000-00007fff6ccf5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
4932878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ccf1000 LB 0x5000 (base 00007fff6ccd0000) - 'bcrypt.dll'
4942878.3ce0: 00007fff6ccf6000-00007fff6ce4ffff 0x0001/0x0000 0x0000000
4952878.3ce0: *00007fff6ce50000-00007fff6ce50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
4962878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ce50000 LB 0x1000 (base 00007fff6ce50000) - 'windows.storage.dll'
4972878.3ce0: 00007fff6ce51000-00007fff6d396fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
4982878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ce51000 LB 0x546000 (base 00007fff6ce50000) - 'windows.storage.dll'
4992878.3ce0: 00007fff6d397000-00007fff6d553fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
5002878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d397000 LB 0x1bd000 (base 00007fff6ce50000) - 'windows.storage.dll'
5012878.3ce0: 00007fff6d554000-00007fff6d560fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
5022878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d554000 LB 0xd000 (base 00007fff6ce50000) - 'windows.storage.dll'
5032878.3ce0: 00007fff6d561000-00007fff6d561fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
5042878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d561000 LB 0x1000 (base 00007fff6ce50000) - 'windows.storage.dll'
5052878.3ce0: 00007fff6d562000-00007fff6d5d1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\windows.storage.dll
5062878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d562000 LB 0x70000 (base 00007fff6ce50000) - 'windows.storage.dll'
5072878.3ce0: 00007fff6d5d2000-00007fff6d5dffff 0x0001/0x0000 0x0000000
5082878.3ce0: *00007fff6d5e0000-00007fff6d5e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
5092878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d5e0000 LB 0x1000 (base 00007fff6d5e0000) - 'gdi32full.dll'
5102878.3ce0: 00007fff6d5e1000-00007fff6d6b2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
5112878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d5e1000 LB 0xd2000 (base 00007fff6d5e0000) - 'gdi32full.dll'
5122878.3ce0: 00007fff6d6b3000-00007fff6d753fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
5132878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d6b3000 LB 0xa1000 (base 00007fff6d5e0000) - 'gdi32full.dll'
5142878.3ce0: 00007fff6d754000-00007fff6d757fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
5152878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d754000 LB 0x4000 (base 00007fff6d5e0000) - 'gdi32full.dll'
5162878.3ce0: 00007fff6d758000-00007fff6d758fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
5172878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d758000 LB 0x1000 (base 00007fff6d5e0000) - 'gdi32full.dll'
5182878.3ce0: 00007fff6d759000-00007fff6d775fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32full.dll
5192878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d759000 LB 0x1d000 (base 00007fff6d5e0000) - 'gdi32full.dll'
5202878.3ce0: 00007fff6d776000-00007fff6d77ffff 0x0001/0x0000 0x0000000
5212878.3ce0: *00007fff6d780000-00007fff6d780fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
5222878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d780000 LB 0x1000 (base 00007fff6d780000) - 'msvcp_win.dll'
5232878.3ce0: 00007fff6d781000-00007fff6d7d4fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
5242878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d781000 LB 0x54000 (base 00007fff6d780000) - 'msvcp_win.dll'
5252878.3ce0: 00007fff6d7d5000-00007fff6d811fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
5262878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d7d5000 LB 0x3d000 (base 00007fff6d780000) - 'msvcp_win.dll'
5272878.3ce0: 00007fff6d812000-00007fff6d812fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
5282878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d812000 LB 0x1000 (base 00007fff6d780000) - 'msvcp_win.dll'
5292878.3ce0: 00007fff6d813000-00007fff6d815fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
5302878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d813000 LB 0x3000 (base 00007fff6d780000) - 'msvcp_win.dll'
5312878.3ce0: 00007fff6d816000-00007fff6d81dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcp_win.dll
5322878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d816000 LB 0x8000 (base 00007fff6d780000) - 'msvcp_win.dll'
5332878.3ce0: 00007fff6d81e000-00007fff6d83ffff 0x0001/0x0000 0x0000000
5342878.3ce0: *00007fff6d840000-00007fff6d840fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\setupapi.dll
5352878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d840000 LB 0x1000 (base 00007fff6d840000) - 'setupapi.dll'
5362878.3ce0: 00007fff6d841000-00007fff6d918fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\setupapi.dll
5372878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d841000 LB 0xd8000 (base 00007fff6d840000) - 'setupapi.dll'
5382878.3ce0: 00007fff6d919000-00007fff6d953fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\setupapi.dll
5392878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d919000 LB 0x3b000 (base 00007fff6d840000) - 'setupapi.dll'
5402878.3ce0: 00007fff6d954000-00007fff6d955fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\setupapi.dll
5412878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d954000 LB 0x2000 (base 00007fff6d840000) - 'setupapi.dll'
5422878.3ce0: 00007fff6d956000-00007fff6dcaffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\setupapi.dll
5432878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6d956000 LB 0x35a000 (base 00007fff6d840000) - 'setupapi.dll'
5442878.3ce0: 00007fff6dcb0000-00007fff6dd9ffff 0x0001/0x0000 0x0000000
5452878.3ce0: *00007fff6dda0000-00007fff6dda0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
5462878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6dda0000 LB 0x1000 (base 00007fff6dda0000) - 'advapi32.dll'
5472878.3ce0: 00007fff6dda1000-00007fff6ddfffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
5482878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6dda1000 LB 0x5f000 (base 00007fff6dda0000) - 'advapi32.dll'
5492878.3ce0: 00007fff6de00000-00007fff6de34fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
5502878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6de00000 LB 0x35000 (base 00007fff6dda0000) - 'advapi32.dll'
5512878.3ce0: 00007fff6de35000-00007fff6de35fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
5522878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6de35000 LB 0x1000 (base 00007fff6dda0000) - 'advapi32.dll'
5532878.3ce0: 00007fff6de36000-00007fff6de36fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
5542878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6de36000 LB 0x1000 (base 00007fff6dda0000) - 'advapi32.dll'
5552878.3ce0: 00007fff6de37000-00007fff6de38fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
5562878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6de37000 LB 0x2000 (base 00007fff6dda0000) - 'advapi32.dll'
5572878.3ce0: 00007fff6de39000-00007fff6de39fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
5582878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6de39000 LB 0x1000 (base 00007fff6dda0000) - 'advapi32.dll'
5592878.3ce0: 00007fff6de3a000-00007fff6de42fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\advapi32.dll
5602878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6de3a000 LB 0x9000 (base 00007fff6dda0000) - 'advapi32.dll'
5612878.3ce0: 00007fff6de43000-00007fff6e10ffff 0x0001/0x0000 0x0000000
5622878.3ce0: *00007fff6e110000-00007fff6e110fff 0x0040/0x0040 0x0020000 !!
5632878.3ce0: 00007fff6e111000-00007fff6e11ffff 0x0001/0x0000 0x0000000
5642878.3ce0: *00007fff6e120000-00007fff6e120fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
5652878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e120000 LB 0x1000 (base 00007fff6e120000) - 'msvcrt.dll'
5662878.3ce0: 00007fff6e121000-00007fff6e195fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
5672878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e121000 LB 0x75000 (base 00007fff6e120000) - 'msvcrt.dll'
5682878.3ce0: 00007fff6e196000-00007fff6e1aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
5692878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e196000 LB 0x19000 (base 00007fff6e120000) - 'msvcrt.dll'
5702878.3ce0: 00007fff6e1af000-00007fff6e1b0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
5712878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e1af000 LB 0x2000 (base 00007fff6e120000) - 'msvcrt.dll'
5722878.3ce0: 00007fff6e1b1000-00007fff6e1b3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
5732878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e1b1000 LB 0x3000 (base 00007fff6e120000) - 'msvcrt.dll'
5742878.3ce0: 00007fff6e1b4000-00007fff6e1b5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
5752878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e1b4000 LB 0x2000 (base 00007fff6e120000) - 'msvcrt.dll'
5762878.3ce0: 00007fff6e1b6000-00007fff6e1b6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
5772878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e1b6000 LB 0x1000 (base 00007fff6e120000) - 'msvcrt.dll'
5782878.3ce0: 00007fff6e1b7000-00007fff6e1bdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
5792878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e1b7000 LB 0x7000 (base 00007fff6e120000) - 'msvcrt.dll'
5802878.3ce0: 00007fff6e1be000-00007fff6e1bffff 0x0001/0x0000 0x0000000
5812878.3ce0: *00007fff6e1c0000-00007fff6e1c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\SHCore.dll
5822878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e1c0000 LB 0x1000 (base 00007fff6e1c0000) - 'SHCore.dll'
5832878.3ce0: 00007fff6e1c1000-00007fff6e231fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\SHCore.dll
5842878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e1c1000 LB 0x71000 (base 00007fff6e1c0000) - 'SHCore.dll'
5852878.3ce0: 00007fff6e232000-00007fff6e257fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\SHCore.dll
5862878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e232000 LB 0x26000 (base 00007fff6e1c0000) - 'SHCore.dll'
5872878.3ce0: 00007fff6e258000-00007fff6e259fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\SHCore.dll
5882878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e258000 LB 0x2000 (base 00007fff6e1c0000) - 'SHCore.dll'
5892878.3ce0: 00007fff6e25a000-00007fff6e268fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\SHCore.dll
5902878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e25a000 LB 0xf000 (base 00007fff6e1c0000) - 'SHCore.dll'
5912878.3ce0: 00007fff6e269000-00007fff6e26ffff 0x0001/0x0000 0x0000000
5922878.3ce0: *00007fff6e270000-00007fff6e270fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\combase.dll
5932878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e270000 LB 0x1000 (base 00007fff6e270000) - 'combase.dll'
5942878.3ce0: 00007fff6e271000-00007fff6e48efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\combase.dll
5952878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e271000 LB 0x21e000 (base 00007fff6e270000) - 'combase.dll'
5962878.3ce0: 00007fff6e48f000-00007fff6e551fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\combase.dll
5972878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e48f000 LB 0xc3000 (base 00007fff6e270000) - 'combase.dll'
5982878.3ce0: 00007fff6e552000-00007fff6e557fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\combase.dll
5992878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e552000 LB 0x6000 (base 00007fff6e270000) - 'combase.dll'
6002878.3ce0: 00007fff6e558000-00007fff6e5a4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\combase.dll
6012878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e558000 LB 0x4d000 (base 00007fff6e270000) - 'combase.dll'
6022878.3ce0: 00007fff6e5a5000-00007fff6e5affff 0x0001/0x0000 0x0000000
6032878.3ce0: *00007fff6e5b0000-00007fff6e5b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32.dll
6042878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e5b0000 LB 0x1000 (base 00007fff6e5b0000) - 'gdi32.dll'
6052878.3ce0: 00007fff6e5b1000-00007fff6e5bcfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32.dll
6062878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e5b1000 LB 0xc000 (base 00007fff6e5b0000) - 'gdi32.dll'
6072878.3ce0: 00007fff6e5bd000-00007fff6e5cffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32.dll
6082878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e5bd000 LB 0x13000 (base 00007fff6e5b0000) - 'gdi32.dll'
6092878.3ce0: 00007fff6e5d0000-00007fff6e5d0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32.dll
6102878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e5d0000 LB 0x1000 (base 00007fff6e5b0000) - 'gdi32.dll'
6112878.3ce0: 00007fff6e5d1000-00007fff6e5d5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\gdi32.dll
6122878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e5d1000 LB 0x5000 (base 00007fff6e5b0000) - 'gdi32.dll'
6132878.3ce0: 00007fff6e5d6000-00007fff6e5dffff 0x0001/0x0000 0x0000000
6142878.3ce0: *00007fff6e5e0000-00007fff6e5e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
6152878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e5e0000 LB 0x1000 (base 00007fff6e5e0000) - 'ws2_32.dll'
6162878.3ce0: 00007fff6e5e1000-00007fff6e627fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
6172878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e5e1000 LB 0x47000 (base 00007fff6e5e0000) - 'ws2_32.dll'
6182878.3ce0: 00007fff6e628000-00007fff6e635fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
6192878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e628000 LB 0xe000 (base 00007fff6e5e0000) - 'ws2_32.dll'
6202878.3ce0: 00007fff6e636000-00007fff6e636fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
6212878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e636000 LB 0x1000 (base 00007fff6e5e0000) - 'ws2_32.dll'
6222878.3ce0: 00007fff6e637000-00007fff6e64efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
6232878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e637000 LB 0x18000 (base 00007fff6e5e0000) - 'ws2_32.dll'
6242878.3ce0: 00007fff6e64f000-00007fff6e64ffff 0x0001/0x0000 0x0000000
6252878.3ce0: *00007fff6e650000-00007fff6e650fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
6262878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e650000 LB 0x1000 (base 00007fff6e650000) - 'shlwapi.dll'
6272878.3ce0: 00007fff6e651000-00007fff6e67afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
6282878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e651000 LB 0x2a000 (base 00007fff6e650000) - 'shlwapi.dll'
6292878.3ce0: 00007fff6e67b000-00007fff6e69afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
6302878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e67b000 LB 0x20000 (base 00007fff6e650000) - 'shlwapi.dll'
6312878.3ce0: 00007fff6e69b000-00007fff6e69bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
6322878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e69b000 LB 0x1000 (base 00007fff6e650000) - 'shlwapi.dll'
6332878.3ce0: 00007fff6e69c000-00007fff6e6a1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
6342878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6e69c000 LB 0x6000 (base 00007fff6e650000) - 'shlwapi.dll'
6352878.3ce0: 00007fff6e6a2000-00007fff6e6affff 0x0001/0x0000 0x0000000
6362878.3ce0: *00007fff6e6b0000-00007fff6e6b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\user32.dll
6372878.3ce0: 00007fff6e6b1000-00007fff6e736fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\user32.dll
6382878.3ce0: 00007fff6e737000-00007fff6e756fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\user32.dll
6392878.3ce0: 00007fff6e757000-00007fff6e758fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\user32.dll
6402878.3ce0: 00007fff6e759000-00007fff6e843fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\user32.dll
6412878.3ce0: 00007fff6e844000-00007fff6e9fffff 0x0001/0x0000 0x0000000
6422878.3ce0: *00007fff6ea00000-00007fff6ea00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\psapi.dll
6432878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ea00000 LB 0x1000 (base 00007fff6ea00000) - 'psapi.dll'
6442878.3ce0: 00007fff6ea01000-00007fff6ea01fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\psapi.dll
6452878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ea01000 LB 0x1000 (base 00007fff6ea00000) - 'psapi.dll'
6462878.3ce0: 00007fff6ea02000-00007fff6ea03fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\psapi.dll
6472878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ea02000 LB 0x2000 (base 00007fff6ea00000) - 'psapi.dll'
6482878.3ce0: 00007fff6ea04000-00007fff6ea04fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\psapi.dll
6492878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ea04000 LB 0x1000 (base 00007fff6ea00000) - 'psapi.dll'
6502878.3ce0: 00007fff6ea05000-00007fff6ea07fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\psapi.dll
6512878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ea05000 LB 0x3000 (base 00007fff6ea00000) - 'psapi.dll'
6522878.3ce0: 00007fff6ea08000-00007fff6ea0ffff 0x0001/0x0000 0x0000000
6532878.3ce0: *00007fff6ea10000-00007fff6ea10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ole32.dll
6542878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ea10000 LB 0x1000 (base 00007fff6ea10000) - 'ole32.dll'
6552878.3ce0: 00007fff6ea11000-00007fff6eadafff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ole32.dll
6562878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ea11000 LB 0xca000 (base 00007fff6ea10000) - 'ole32.dll'
6572878.3ce0: 00007fff6eadb000-00007fff6eb37fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ole32.dll
6582878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6eadb000 LB 0x5d000 (base 00007fff6ea10000) - 'ole32.dll'
6592878.3ce0: 00007fff6eb38000-00007fff6eb39fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ole32.dll
6602878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6eb38000 LB 0x2000 (base 00007fff6ea10000) - 'ole32.dll'
6612878.3ce0: 00007fff6eb3a000-00007fff6eb66fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ole32.dll
6622878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6eb3a000 LB 0x2d000 (base 00007fff6ea10000) - 'ole32.dll'
6632878.3ce0: 00007fff6eb67000-00007fff6eb6ffff 0x0001/0x0000 0x0000000
6642878.3ce0: *00007fff6eb70000-00007fff6eb70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
6652878.3ce0: 00007fff6eb71000-00007fff6ebe5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
6662878.3ce0: 00007fff6ebe6000-00007fff6ec17fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
6672878.3ce0: 00007fff6ec18000-00007fff6ec18fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
6682878.3ce0: 00007fff6ec19000-00007fff6ec19fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
6692878.3ce0: 00007fff6ec1a000-00007fff6ec21fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
6702878.3ce0: 00007fff6ec22000-00007fff6ecaffff 0x0001/0x0000 0x0000000
6712878.3ce0: *00007fff6ecb0000-00007fff6ecb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shell32.dll
6722878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ecb0000 LB 0x1000 (base 00007fff6ecb0000) - 'shell32.dll'
6732878.3ce0: 00007fff6ecb1000-00007fff6f20dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shell32.dll
6742878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6ecb1000 LB 0x55d000 (base 00007fff6ecb0000) - 'shell32.dll'
6752878.3ce0: 00007fff6f20e000-00007fff6f327fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shell32.dll
6762878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f20e000 LB 0x11a000 (base 00007fff6ecb0000) - 'shell32.dll'
6772878.3ce0: 00007fff6f328000-00007fff6f32efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shell32.dll
6782878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f328000 LB 0x7000 (base 00007fff6ecb0000) - 'shell32.dll'
6792878.3ce0: 00007fff6f32f000-00007fff6f330fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shell32.dll
6802878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f32f000 LB 0x2000 (base 00007fff6ecb0000) - 'shell32.dll'
6812878.3ce0: 00007fff6f331000-00007fff6f395fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\shell32.dll
6822878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f331000 LB 0x65000 (base 00007fff6ecb0000) - 'shell32.dll'
6832878.3ce0: 00007fff6f396000-00007fff6f39ffff 0x0001/0x0000 0x0000000
6842878.3ce0: *00007fff6f3a0000-00007fff6f3a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
6852878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f3a0000 LB 0x1000 (base 00007fff6f3a0000) - 'sechost.dll'
6862878.3ce0: 00007fff6f3a1000-00007fff6f401fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
6872878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f3a1000 LB 0x61000 (base 00007fff6f3a0000) - 'sechost.dll'
6882878.3ce0: 00007fff6f402000-00007fff6f428fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
6892878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f402000 LB 0x27000 (base 00007fff6f3a0000) - 'sechost.dll'
6902878.3ce0: 00007fff6f429000-00007fff6f429fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
6912878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f429000 LB 0x1000 (base 00007fff6f3a0000) - 'sechost.dll'
6922878.3ce0: 00007fff6f42a000-00007fff6f42afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
6932878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f42a000 LB 0x1000 (base 00007fff6f3a0000) - 'sechost.dll'
6942878.3ce0: 00007fff6f42b000-00007fff6f42cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
6952878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f42b000 LB 0x2000 (base 00007fff6f3a0000) - 'sechost.dll'
6962878.3ce0: 00007fff6f42d000-00007fff6f436fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\sechost.dll
6972878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f42d000 LB 0xa000 (base 00007fff6f3a0000) - 'sechost.dll'
6982878.3ce0: 00007fff6f437000-00007fff6f44ffff 0x0001/0x0000 0x0000000
6992878.3ce0: *00007fff6f450000-00007fff6f450fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
7002878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f450000 LB 0x1000 (base 00007fff6f450000) - 'rpcrt4.dll'
7012878.3ce0: 00007fff6f451000-00007fff6f52dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
7022878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f451000 LB 0xdd000 (base 00007fff6f450000) - 'rpcrt4.dll'
7032878.3ce0: 00007fff6f52e000-00007fff6f558fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
7042878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f52e000 LB 0x2b000 (base 00007fff6f450000) - 'rpcrt4.dll'
7052878.3ce0: 00007fff6f559000-00007fff6f55afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
7062878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f559000 LB 0x2000 (base 00007fff6f450000) - 'rpcrt4.dll'
7072878.3ce0: 00007fff6f55b000-00007fff6f56ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
7082878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f55b000 LB 0x15000 (base 00007fff6f450000) - 'rpcrt4.dll'
7092878.3ce0: *00007fff6f570000-00007fff6f570fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
7102878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f570000 LB 0x1000 (base 00007fff6f570000) - 'oleaut32.dll'
7112878.3ce0: 00007fff6f571000-00007fff6f5fdfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
7122878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f571000 LB 0x8d000 (base 00007fff6f570000) - 'oleaut32.dll'
7132878.3ce0: 00007fff6f5fe000-00007fff6f623fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
7142878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f5fe000 LB 0x26000 (base 00007fff6f570000) - 'oleaut32.dll'
7152878.3ce0: 00007fff6f624000-00007fff6f626fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
7162878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f624000 LB 0x3000 (base 00007fff6f570000) - 'oleaut32.dll'
7172878.3ce0: 00007fff6f627000-00007fff6f634fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
7182878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f627000 LB 0xe000 (base 00007fff6f570000) - 'oleaut32.dll'
7192878.3ce0: 00007fff6f635000-00007fff6f69ffff 0x0001/0x0000 0x0000000
7202878.3ce0: *00007fff6f6a0000-00007fff6f6a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\imm32.dll
7212878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f6a0000 LB 0x1000 (base 00007fff6f6a0000) - 'imm32.dll'
7222878.3ce0: 00007fff6f6a1000-00007fff6f6bcfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\imm32.dll
7232878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f6a1000 LB 0x1c000 (base 00007fff6f6a0000) - 'imm32.dll'
7242878.3ce0: 00007fff6f6bd000-00007fff6f6c3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\imm32.dll
7252878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f6bd000 LB 0x7000 (base 00007fff6f6a0000) - 'imm32.dll'
7262878.3ce0: 00007fff6f6c4000-00007fff6f6c4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\imm32.dll
7272878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f6c4000 LB 0x1000 (base 00007fff6f6a0000) - 'imm32.dll'
7282878.3ce0: 00007fff6f6c5000-00007fff6f6cdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\imm32.dll
7292878.3ce0: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007fff6f6c5000 LB 0x9000 (base 00007fff6f6a0000) - 'imm32.dll'
7302878.3ce0: 00007fff6f6ce000-00007fff6f78ffff 0x0001/0x0000 0x0000000
7312878.3ce0: *00007fff6f790000-00007fff6f790fff 0x0040/0x0040 0x0020000 !!
7322878.3ce0: 00007fff6f791000-00007fff6f79ffff 0x0001/0x0000 0x0000000
7332878.3ce0: *00007fff6f7a0000-00007fff6f7a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
7342878.3ce0: 00007fff6f7a1000-00007fff6f8b7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
7352878.3ce0: 00007fff6f8b8000-00007fff6f8fefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
7362878.3ce0: 00007fff6f8ff000-00007fff6f8fffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
7372878.3ce0: 00007fff6f900000-00007fff6f901fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
7382878.3ce0: 00007fff6f902000-00007fff6f90afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
7392878.3ce0: 00007fff6f90b000-00007fff6f98ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
7402878.3ce0: 00007fff6f990000-00007ffffffeffff 0x0001/0x0000 0x0000000
7412878.3ce0: kernel32.dll: timestamp 0xce6bbd73 (rc=VINF_SUCCESS)
7422878.3ce0: user32.dll: timestamp 0xee4ef0d0 (rc=VINF_SUCCESS)
7432878.3ce0: kernelbase.dll: timestamp 0x7b90c1b5 (rc=VINF_SUCCESS)
7442878.3ce0: VirtualBoxVM.exe: timestamp 0x5f08d7bc (rc=VINF_SUCCESS)
7452878.3ce0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
7462878.3ce0: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
7472878.3ce0: ntdll.dll: Differences in section #1 (.text) between file and memory:
7482878.3ce0: 00007fff6f80a880 / 0x006a880: 40 != e9
7492878.3ce0: 00007fff6f80a881 / 0x006a881: 53 != 4f
7502878.3ce0: 00007fff6f80a882 / 0x006a882: 48 != 67
7512878.3ce0: 00007fff6f80a883 / 0x006a883: 83 != f8
7522878.3ce0: 00007fff6f80a884 / 0x006a884: ec != ff
7532878.3ce0: Restored 0x2000 bytes of original file content at 00007fff6f809000
7542878.3ce0: kernel32.dll: Differences in section #1 (.text) between file and memory:
7552878.3ce0: 00007fff6eb865d0 / 0x00165d0: 48 != e9
7562878.3ce0: 00007fff6eb865d1 / 0x00165d1: ff != 72
7572878.3ce0: 00007fff6eb865d2 / 0x00165d2: 25 != a3
7582878.3ce0: 00007fff6eb865d3 / 0x00165d3: f9 != c0
7592878.3ce0: 00007fff6eb865d4 / 0x00165d4: 17 != 00
7602878.3ce0: Restored 0x2000 bytes of original file content at 00007fff6eb85000
7612878.3ce0: kernel32.dll: Differences in section #1 (.text) between file and memory:
7622878.3ce0: 00007fff6eb8a1b0 / 0x001a1b0: 48 != e9
7632878.3ce0: 00007fff6eb8a1b1 / 0x001a1b1: ff != 92
7642878.3ce0: 00007fff6eb8a1b2 / 0x001a1b2: 25 != 6c
7652878.3ce0: 00007fff6eb8a1b3 / 0x001a1b3: 99 != c0
7662878.3ce0: 00007fff6eb8a1b4 / 0x001a1b4: dc != 00
7672878.3ce0: 00007fff6eb8ab30 / 0x001ab30: 4c != e9
7682878.3ce0: 00007fff6eb8ab31 / 0x001ab31: 8b != e0
7692878.3ce0: 00007fff6eb8ab32 / 0x001ab32: dc != 5d
7702878.3ce0: 00007fff6eb8ab33 / 0x001ab33: 49 != c0
7712878.3ce0: 00007fff6eb8ab34 / 0x001ab34: 89 != 00
7722878.3ce0: Restored 0x2000 bytes of original file content at 00007fff6eb89000
7732878.3ce0: kernel32.dll: Differences in section #1 (.text) between file and memory:
7742878.3ce0: 00007fff6eb8bd00 / 0x001bd00: 48 != e9
7752878.3ce0: 00007fff6eb8bd01 / 0x001bd01: ff != 02
7762878.3ce0: 00007fff6eb8bd02 / 0x001bd02: 25 != 51
7772878.3ce0: 00007fff6eb8bd03 / 0x001bd03: 59 != c0
7782878.3ce0: 00007fff6eb8bd04 / 0x001bd04: c1 != 00
7792878.3ce0: 00007fff6eb8be40 / 0x001be40: 4c != e9
7802878.3ce0: 00007fff6eb8be41 / 0x001be41: 8b != 10
7812878.3ce0: 00007fff6eb8be42 / 0x001be42: dc != 51
7822878.3ce0: 00007fff6eb8be43 / 0x001be43: 48 != c0
7832878.3ce0: 00007fff6eb8be44 / 0x001be44: 83 != 00
7842878.3ce0: 00007fff6eb8c250 / 0x001c250: 48 != e9
7852878.3ce0: 00007fff6eb8c251 / 0x001c251: ff != 72
7862878.3ce0: 00007fff6eb8c252 / 0x001c252: 25 != 46
7872878.3ce0: 00007fff6eb8c253 / 0x001c253: 91 != c0
7882878.3ce0: 00007fff6eb8c254 / 0x001c254: bf != 00
7892878.3ce0: Restored 0x2000 bytes of original file content at 00007fff6eb8b000
7902878.3ce0: kernel32.dll: Differences in section #1 (.text) between file and memory:
7912878.3ce0: 00007fff6eb8e4f0 / 0x001e4f0: 48 != e9
7922878.3ce0: 00007fff6eb8e4f1 / 0x001e4f1: ff != d2
7932878.3ce0: 00007fff6eb8e4f2 / 0x001e4f2: 25 != 29
7942878.3ce0: 00007fff6eb8e4f3 / 0x001e4f3: f9 != c0
7952878.3ce0: 00007fff6eb8e4f4 / 0x001e4f4: 99 != 00
7962878.3ce0: 00007fff6eb8e500 / 0x001e500: 48 != e9
7972878.3ce0: 00007fff6eb8e501 / 0x001e501: ff != 82
7982878.3ce0: 00007fff6eb8e502 / 0x001e502: 25 != 29
7992878.3ce0: 00007fff6eb8e503 / 0x001e503: 41 != c0
8002878.3ce0: 00007fff6eb8e504 / 0x001e504: 99 != 00
8012878.3ce0: 00007fff6eb8ea20 / 0x001ea20: 48 != e9
8022878.3ce0: 00007fff6eb8ea21 / 0x001ea21: ff != e2
8032878.3ce0: 00007fff6eb8ea22 / 0x001ea22: 25 != 21
8042878.3ce0: 00007fff6eb8ea23 / 0x001ea23: 81 != c0
8052878.3ce0: 00007fff6eb8ea24 / 0x001ea24: 92 != 00
8062878.3ce0: 00007fff6eb8eb60 / 0x001eb60: 48 != e9
8072878.3ce0: 00007fff6eb8eb61 / 0x001eb61: ff != a2
8082878.3ce0: 00007fff6eb8eb62 / 0x001eb62: 25 != 23
8092878.3ce0: 00007fff6eb8eb63 / 0x001eb63: 91 != c0
8102878.3ce0: 00007fff6eb8eb64 / 0x001eb64: 93 != 00
8112878.3ce0: 00007fff6eb8ee00 / 0x001ee00: 48 != e9
8122878.3ce0: 00007fff6eb8ee01 / 0x001ee01: 83 != d3
8132878.3ce0: 00007fff6eb8ee02 / 0x001ee02: ec != 1f
8142878.3ce0: 00007fff6eb8ee03 / 0x001ee03: 28 != c0
8152878.3ce0: 00007fff6eb8ee04 / 0x001ee04: ff != 00
8162878.3ce0: Restored 0x2000 bytes of original file content at 00007fff6eb8d000
8172878.3ce0: kernel32.dll: Differences in section #1 (.text) between file and memory:
8182878.3ce0: 00007fff6eb8f0a0 / 0x001f0a0: 48 != e9
8192878.3ce0: 00007fff6eb8f0a1 / 0x001f0a1: 83 != f0
8202878.3ce0: 00007fff6eb8f0a2 / 0x001f0a2: ec != 1a
8212878.3ce0: 00007fff6eb8f0a3 / 0x001f0a3: 38 != c0
8222878.3ce0: 00007fff6eb8f0a4 / 0x001f0a4: 45 != 00
8232878.3ce0: Restored 0x2000 bytes of original file content at 00007fff6eb8f000
8242878.3ce0: kernel32.dll: Differences in section #1 (.text) between file and memory:
8252878.3ce0: 00007fff6eb911b0 / 0x00211b0: 48 != e9
8262878.3ce0: 00007fff6eb911b1 / 0x00211b1: ff != 52
8272878.3ce0: 00007fff6eb911b2 / 0x00211b2: 25 != f9
8282878.3ce0: 00007fff6eb911b3 / 0x00211b3: e1 != bf
8292878.3ce0: 00007fff6eb911b4 / 0x00211b4: 6a != 00
8302878.3ce0: 00007fff6eb91550 / 0x0021550: 48 != e9
8312878.3ce0: 00007fff6eb91551 / 0x0021551: ff != 72
8322878.3ce0: 00007fff6eb91552 / 0x0021552: 25 != f2
8332878.3ce0: 00007fff6eb91553 / 0x0021553: 19 != bf
8342878.3ce0: 00007fff6eb91554 / 0x0021554: 67 != 00
8352878.3ce0: 00007fff6eb91e10 / 0x0021e10: ff != e9
8362878.3ce0: 00007fff6eb91e11 / 0x0021e11: 25 != f1
8372878.3ce0: 00007fff6eb91e12 / 0x0021e12: fa != ee
8382878.3ce0: 00007fff6eb91e13 / 0x0021e13: 5e != bf
8392878.3ce0: 00007fff6eb91e14 / 0x0021e14: 05 != 00
8402878.3ce0: 00007fff6eb92080 / 0x0022080: ff != e9
8412878.3ce0: 00007fff6eb92081 / 0x0022081: 25 != 01
8422878.3ce0: 00007fff6eb92082 / 0x0022082: 9a != ed
8432878.3ce0: 00007fff6eb92083 / 0x0022083: 59 != bf
8442878.3ce0: 00007fff6eb92084 / 0x0022084: 05 != 00
8452878.3ce0: 00007fff6eb92090 / 0x0022090: ff != e9
8462878.3ce0: 00007fff6eb92091 / 0x0022091: 25 != b1
8472878.3ce0: 00007fff6eb92092 / 0x0022092: 82 != ec
8482878.3ce0: 00007fff6eb92093 / 0x0022093: 59 != bf
8492878.3ce0: 00007fff6eb92094 / 0x0022094: 05 != 00
8502878.3ce0: 00007fff6eb920b0 / 0x00220b0: ff != e9
8512878.3ce0: 00007fff6eb920b1 / 0x00220b1: 25 != d1
8522878.3ce0: 00007fff6eb920b2 / 0x00220b2: d2 != e6
8532878.3ce0: 00007fff6eb920b3 / 0x00220b3: 59 != bf
8542878.3ce0: 00007fff6eb920b4 / 0x00220b4: 05 != 00
8552878.3ce0: 00007fff6eb920c0 / 0x00220c0: ff != e9
8562878.3ce0: 00007fff6eb920c1 / 0x00220c1: 25 != 81
8572878.3ce0: 00007fff6eb920c2 / 0x00220c2: 3a != e6
8582878.3ce0: 00007fff6eb920c3 / 0x00220c3: 59 != bf
8592878.3ce0: 00007fff6eb920c4 / 0x00220c4: 05 != 00
8602878.3ce0: 00007fff6eb92410 / 0x0022410: ff != e9
8612878.3ce0: 00007fff6eb92411 / 0x0022411: 25 != f1
8622878.3ce0: 00007fff6eb92412 / 0x0022412: 5a != e5
8632878.3ce0: 00007fff6eb92413 / 0x0022413: 57 != bf
8642878.3ce0: 00007fff6eb92414 / 0x0022414: 05 != 00
8652878.3ce0: 00007fff6eb92420 / 0x0022420: ff != e9
8662878.3ce0: 00007fff6eb92421 / 0x0022421: 25 != a1
8672878.3ce0: 00007fff6eb92422 / 0x0022422: 52 != e5
8682878.3ce0: 00007fff6eb92423 / 0x0022423: 57 != bf
8692878.3ce0: 00007fff6eb92424 / 0x0022424: 05 != 00
8702878.3ce0: 00007fff6eb92500 / 0x0022500: ff != e9
8712878.3ce0: 00007fff6eb92501 / 0x0022501: 25 != 41
8722878.3ce0: 00007fff6eb92502 / 0x0022502: b2 != e5
8732878.3ce0: 00007fff6eb92503 / 0x0022503: 56 != bf
8742878.3ce0: 00007fff6eb92504 / 0x0022504: 05 != 00
8752878.3ce0: 00007fff6eb92510 / 0x0022510: ff != e9
8762878.3ce0: 00007fff6eb92511 / 0x0022511: 25 != 71
8772878.3ce0: 00007fff6eb92512 / 0x0022512: aa != e4
8782878.3ce0: 00007fff6eb92513 / 0x0022513: 56 != bf
8792878.3ce0: 00007fff6eb92514 / 0x0022514: 05 != 00
8802878.3ce0: 00007fff6eb92700 / 0x0022700: ff != e9
8812878.3ce0: 00007fff6eb92701 / 0x0022701: 25 != 81
8822878.3ce0: 00007fff6eb92702 / 0x0022702: d2 != e5
8832878.3ce0: 00007fff6eb92703 / 0x0022703: 55 != bf
8842878.3ce0: 00007fff6eb92704 / 0x0022704: 05 != 00
8852878.3ce0: Restored 0x2000 bytes of original file content at 00007fff6eb91000
8862878.3ce0: kernel32.dll: Differences in section #1 (.text) between file and memory:
8872878.3ce0: 00007fff6eba57f0 / 0x00357f0: 48 != e9
8882878.3ce0: 00007fff6eba57f1 / 0x00357f1: ff != 12
8892878.3ce0: 00007fff6eba57f2 / 0x00357f2: 25 != b0
8902878.3ce0: 00007fff6eba57f3 / 0x00357f3: d9 != be
8912878.3ce0: 00007fff6eba57f4 / 0x00357f4: 24 != 00
8922878.3ce0: 00007fff6eba58f0 / 0x00358f0: 4c != e9
8932878.3ce0: 00007fff6eba58f1 / 0x00358f1: 8b != a0
8942878.3ce0: 00007fff6eba58f2 / 0x00358f2: dc != b6
8952878.3ce0: 00007fff6eba58f3 / 0x00358f3: 48 != be
8962878.3ce0: 00007fff6eba58f4 / 0x00358f4: 83 != 00
8972878.3ce0: 00007fff6eba6200 / 0x0036200: 48 != e9
8982878.3ce0: 00007fff6eba6201 / 0x0036201: ff != 82
8992878.3ce0: 00007fff6eba6202 / 0x0036202: 25 != a8
9002878.3ce0: 00007fff6eba6203 / 0x0036203: 89 != be
9012878.3ce0: 00007fff6eba6204 / 0x0036204: 1a != 00
9022878.3ce0: 00007fff6eba6850 / 0x0036850: 48 != e9
9032878.3ce0: 00007fff6eba6851 / 0x0036851: ff != f2
9042878.3ce0: 00007fff6eba6852 / 0x0036852: 25 != 9f
9052878.3ce0: 00007fff6eba6853 / 0x0036853: 49 != be
9062878.3ce0: 00007fff6eba6854 / 0x0036854: 14 != 00
9072878.3ce0: Restored 0x2000 bytes of original file content at 00007fff6eba5000
9082878.3ce0: kernel32.dll: Differences in section #1 (.text) between file and memory:
9092878.3ce0: 00007fff6ebc9e10 / 0x0059e10: 48 != e9
9102878.3ce0: 00007fff6ebc9e11 / 0x0059e11: 89 != be
9112878.3ce0: 00007fff6ebc9e12 / 0x0059e12: 5c != 6e
9122878.3ce0: 00007fff6ebc9e13 / 0x0059e13: 24 != bc
9132878.3ce0: 00007fff6ebc9e14 / 0x0059e14: 08 != 00
9142878.3ce0: 00007fff6ebc9ea0 / 0x0059ea0: 48 != e9
9152878.3ce0: 00007fff6ebc9ea1 / 0x0059ea1: 8b != b0
9162878.3ce0: 00007fff6ebc9ea2 / 0x0059ea2: c4 != 6d
9172878.3ce0: 00007fff6ebc9ea3 / 0x0059ea3: 48 != bc
9182878.3ce0: 00007fff6ebc9ea4 / 0x0059ea4: 89 != 00
9192878.3ce0: 00007fff6ebca840 / 0x005a840: 48 != e9
9202878.3ce0: 00007fff6ebca841 / 0x005a841: 8b != 50
9212878.3ce0: 00007fff6ebca842 / 0x005a842: c4 != 60
9222878.3ce0: 00007fff6ebca843 / 0x005a843: 48 != bc
9232878.3ce0: 00007fff6ebca844 / 0x005a844: 89 != 00
9242878.3ce0: Restored 0x2000 bytes of original file content at 00007fff6ebc9000
9252878.3ce0: kernel32.dll: Differences in section #1 (.text) between file and memory:
9262878.3ce0: 00007fff6ebcb5f0 / 0x005b5f0: 48 != e9
9272878.3ce0: 00007fff6ebcb5f1 / 0x005b5f1: 83 != e3
9282878.3ce0: 00007fff6ebcb5f2 / 0x005b5f2: ec != 55
9292878.3ce0: 00007fff6ebcb5f3 / 0x005b5f3: 38 != bc
9302878.3ce0: 00007fff6ebcb5f4 / 0x005b5f4: 48 != 00
9312878.3ce0: 00007fff6ebcb620 / 0x005b620: 48 != e9
9322878.3ce0: 00007fff6ebcb621 / 0x005b621: 83 != 33
9332878.3ce0: 00007fff6ebcb622 / 0x005b622: ec != 55
9342878.3ce0: 00007fff6ebcb623 / 0x005b623: 38 != bc
9352878.3ce0: 00007fff6ebcb624 / 0x005b624: 48 != 00
9362878.3ce0: 00007fff6ebcb720 / 0x005b720: 48 != e9
9372878.3ce0: 00007fff6ebcb721 / 0x005b721: 83 != b3
9382878.3ce0: 00007fff6ebcb722 / 0x005b722: ec != 53
9392878.3ce0: 00007fff6ebcb723 / 0x005b723: 38 != bc
9402878.3ce0: 00007fff6ebcb724 / 0x005b724: 48 != 00
9412878.3ce0: Restored 0x2000 bytes of original file content at 00007fff6ebcb000
9422878.3ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
9432878.3ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
9442878.3ce0: supHardNtVpGetImport: Failed to find symbol 0xffffffff / 'NtUserRegisterClassExWOW' in 'win32u.dll': Unknown Status -610 (0xfffffd9e)
9452878.3ce0: Error (rc=-5629):
9462878.3ce0: RTLdrGetBits failed on image user32.dll: Unknown Status -610 (0xfffffd9e)
9472878.3ce0: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> Unknown Status -5629 (0xffffea03), cFixes=10
9482878.3ce0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
9492878.3ce0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
9502878.3ce0: supR3HardNtEnableThreadCreationEx:
9512878.3ce0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff6f811770 pvNtTerminateThread=00007fff6f83cac0
9522878.3ce0: supR3HardenedWinDoReSpawn(1): New child 21c4.2ac4 [kernel32].
9532878.3ce0: supR3HardNtChildGatherData: PebBaseAddress=000000000066c000 cbPeb=0x388
9542878.3ce0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff6f7a0000 uNtDllChildAddr=00007fff6f7a0000
9552878.3ce0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff6f811770
9562878.3ce0: supR3HardenedWinSetupChildInit: Initial context:
957 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff6e9117900 rdx=000000000066c000
958 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
959 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
960 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
961 rip=00007fff6f80ce30 rsp=00000000008ff9a8 rbp=0000000000000000 ctxflags=0010001b
962 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
963 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
964 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
965 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
966 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
9672878.3ce0: supR3HardenedWinSetupChildInit: Start child.
9682878.3ce0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
9692878.3ce0: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 58 sleeps
9702878.3ce0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
9712878.3ce0: *0000000000000000-00000000004effff 0x0001/0x0000 0x0000000
9722878.3ce0: *00000000004f0000-000000000050ffff 0x0004/0x0004 0x0020000
9732878.3ce0: *0000000000510000-000000000052afff 0x0002/0x0002 0x0040000
9742878.3ce0: 000000000052b000-000000000052ffff 0x0001/0x0000 0x0000000
9752878.3ce0: *0000000000530000-0000000000530fff 0x0020/0x0020 0x0020000 !!
9762878.3ce0: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000000530000 (LB 0x1000, 0000000000530000 LB 0x1000)
9772878.3ce0: 0000000003ffd400/0000: 52 74 6c 43 72 65 61 74-65 55 73 65 72 54 68 72 RtlCreateUserThr
9780000000003ffd410/0010: 65 61 64 00 00 00 00 00-52 74 6c 45 78 69 74 55 ead.....RtlExitU
9790000000003ffd420/0020: 73 65 72 54 68 72 65 61-64 00 00 00 00 00 00 00 serThread.......
9800000000003ffd430/0030: 4e 74 44 65 6c 61 79 45-78 65 63 75 74 69 6f 6e NtDelayExecution
9810000000003ffd440/0040: 00 00 00 00 00 00 00 00-4e 74 43 72 65 61 74 65 ........NtCreate
9820000000003ffd450/0050: 46 69 6c 65 00 00 00 00-4e 74 44 65 76 69 63 65 File....NtDevice
9830000000003ffd460/0060: 49 6f 43 6f 6e 74 72 6f-6c 46 69 6c 65 00 00 00 IoControlFile...
9840000000003ffd470/0070: 4e 74 43 6c 6f 73 65 00-5c 00 44 00 65 00 76 00 NtClose.\.D.e.v.
9850000000003ffd480/0080: 69 00 63 00 65 00 5c 00-53 00 6f 00 6c 00 61 00 i.c.e.\.S.o.l.a.
9860000000003ffd490/0090: 72 00 44 00 72 00 69 00-76 00 65 00 72 00 4c 00 r.D.r.i.v.e.r.L.
9870000000003ffd4a0/00a0: 6f 00 67 00 00 00 00 00-48 89 5c 24 18 48 89 74 o.g.....H.\$.H.t
9880000000003ffd4b0/00b0: 24 20 55 57 41 54 41 56-41 57 48 8b ec 48 83 ec $ UWATAVAWH..H..
9890000000003ffd4c0/00c0: 30 48 8b 79 08 48 8d 15-64 ff ff ff 4c 8b 31 48 0H.y.H..d...L.1H
9900000000003ffd4d0/00d0: 8b f1 48 8b cf e8 3a 03-00 00 48 8d 5e 18 45 33 ..H...:...H.^.E3
9910000000003ffd4e0/00e0: e4 4c 8b f8 66 44 39 23-0f 84 92 00 00 00 bf 18 .L..fD9#........
9920000000003ffd4f0/00f0: 00 00 c0 41 0f b7 cc 66-44 89 65 f2 66 89 4d f0 ...A...fD.e.f.M.
9932878.3ce0: 0000000003ffd500/0000: 48 89 5d f8 66 44 39 23-74 11 66 ff c1 0f b7 c1 H.].fD9#t.f.....
9940000000003ffd510/0010: 66 89 4d f0 66 44 39 24-43 75 ef 66 03 c9 66 89 f.M.fD9$Cu.f..f.
9950000000003ffd520/0020: 4d f0 66 89 4d f2 eb 11-48 8d 55 30 48 c7 45 30 M.f.M...H.U0H.E0
9960000000003ffd530/0030: c0 bd f0 ff 33 c9 41 ff-d7 4c 8d 4d 38 33 d2 4c ....3.A..L.M83.L
9970000000003ffd540/0040: 8d 45 f0 33 c9 41 ff d6-3b c7 74 dc 85 c0 74 13 .E.3.A..;.t...t.
9980000000003ffd550/0050: 44 0f b7 4d f0 8b d0 4c-8b 45 f8 48 8b ce e8 51 D..M...L.E.H...Q
9990000000003ffd560/0060: 00 00 00 0f b7 45 f0 48-d1 e8 48 8d 1c 43 48 83 .....E.H..H..CH.
10000000000003ffd570/0070: c3 02 66 44 39 23 0f 85-77 ff ff ff 48 8b 7e 08 ..fD9#..w...H.~.
10010000000003ffd580/0080: 48 8d 15 91 fe ff ff 48-8b cf e8 85 02 00 00 33 H......H.......3
10020000000003ffd590/0090: c9 ff d0 48 8b 5c 24 70-33 c0 48 8b 74 24 78 48 ...H.\$p3.H.t$xH
10030000000003ffd5a0/00a0: 83 c4 30 41 5f 41 5e 41-5c 5f 5d c3 cc cc cc cc ..0A_A^A\_].....
10040000000003ffd5b0/00b0: cc cc cc cc 48 89 5c 24-10 48 89 74 24 18 55 57 ....H.\$.H.t$.UW
10050000000003ffd5c0/00c0: 41 54 41 56 41 57 48 8d-6c 24 c9 48 81 ec d0 00 ATAVAWH.l$.H....
10060000000003ffd5d0/00d0: 00 00 44 8b fa 48 8b f9-48 8b 49 08 48 8d 15 65 ..D..H..H.I.H..e
10070000000003ffd5e0/00e0: fe ff ff 41 8b f1 4d 8b-f0 e8 26 02 00 00 48 8b ...A..M...&...H.
10080000000003ffd5f0/00f0: 4f 08 48 8d 15 5f fe ff-ff 48 8b d8 e8 13 02 00 O.H.._...H......
10092878.3ce0: 0000000003ffd600/0000: 00 48 83 65 67 00 4c 8d-4d d7 48 83 65 07 00 4c .H.eg.L.M.H.e..L
10100000000003ffd610/0010: 8d 45 ff 83 65 17 00 48-8d 4d 67 4c 8b e0 c7 45 .E..e..H.MgL...E
10110000000003ffd620/0020: c7 2c 00 2e 00 48 8d 05-4c fe ff ff c7 45 ff 30 .,...H..L....E.0
10120000000003ffd630/0030: 00 00 00 48 89 45 cf 0f-57 c0 48 8d 45 c7 ba 00 ...H.E..W.H.E...
10130000000003ffd640/0040: 00 10 00 48 89 45 0f 33-c0 21 44 24 50 48 21 44 ...H.E.3.!D$PH!D
10140000000003ffd650/0050: 24 48 21 44 24 40 48 21-45 df c7 44 24 38 01 00 $H!D$@H!E..D$8..
10150000000003ffd660/0060: 00 00 c7 44 24 30 07 00-00 00 c7 44 24 28 80 00 ...D$0.....D$(..
10160000000003ffd670/0070: 00 00 48 21 44 24 20 f3-0f 7f 45 1f 48 89 45 d7 ..H!D$ ...E.H.E.
10170000000003ffd680/0080: ff d3 85 c0 75 68 83 64-24 48 00 b8 18 00 00 00 ....uh.d$H......
10180000000003ffd690/0090: 48 83 64 24 40 00 45 33-c9 48 8b 4d 67 45 33 c0 H.d$@.E3.H.MgE3.
10190000000003ffd6a0/00a0: 89 44 24 38 33 d2 89 45-e7 48 8d 45 e7 48 89 44 .D$83..E.H.E.H.D
10200000000003ffd6b0/00b0: 24 30 48 8d 45 d7 c7 44-24 28 00 38 22 00 48 89 $0H.E..D$(.8".H.
10210000000003ffd6c0/00c0: 44 24 20 c7 45 eb 01 00-00 00 44 89 7d ef 4c 89 D$ .E.....D.}.L.
10220000000003ffd6d0/00d0: 75 f3 89 75 fb 41 ff d4-48 8b 4f 08 48 8d 15 8d u..u.A..H.O.H...
10230000000003ffd6e0/00e0: fd ff ff e8 2c 01 00 00-48 8b 4d 67 ff d0 4c 8d ....,...H.Mg..L.
10240000000003ffd6f0/00f0: 9c 24 d0 00 00 00 49 8b-5b 38 49 8b 73 40 49 8b .$....I.[8I.s@I.
10252878.3ce0: 0000000003ffd700/0000: e3 41 5f 41 5e 41 5c 5f-5d c3 cc cc cc cc cc cc .A_A^A\_].......
10260000000003ffd710/0010: 48 89 5c 24 10 48 89 6c-24 18 48 89 74 24 20 57 H.\$.H.l$.H.t$ W
10270000000003ffd720/0020: 48 83 ec 60 48 8b 31 48-8d 59 18 48 8b f9 33 ed H..`H.1H.Y.H..3.
10280000000003ffd730/0030: eb 7b 0f b7 d5 66 89 6c-24 52 66 89 54 24 50 48 .{...f.l$Rf.T$PH
10290000000003ffd740/0040: 89 5c 24 58 66 39 2b 74-11 66 ff c2 0f b7 c2 66 .\$Xf9+t.f.....f
10300000000003ffd750/0050: 89 54 24 50 66 39 2c 43-75 ef 66 03 d2 f6 47 10 .T$Pf9,Cu.f...G.
10310000000003ffd760/0060: 01 66 89 54 24 50 66 89-54 24 52 75 47 4c 8d 4c .f.T$Pf.T$RuGL.L
10320000000003ffd770/0070: 24 70 33 d2 4c 8d 44 24-50 33 c9 ff d6 3d 18 00 $p3.L.D$P3...=..
10330000000003ffd780/0080: 00 c0 74 30 85 c0 74 15-44 0f b7 4c 24 50 8b d0 ..t0..t.D..L$P..
10340000000003ffd790/0090: 4c 8b 44 24 58 48 8b cf-e8 17 fe ff ff 0f b7 44 L.D$XH.........D
10350000000003ffd7a0/00a0: 24 50 48 d1 e8 48 8d 1c-43 48 83 c3 02 66 39 2b $PH..H..CH...f9+
10360000000003ffd7b0/00b0: 75 80 eb 48 48 8b 4f 08-48 8d 15 41 fc ff ff e8 u..HH.O.H..A....
10370000000003ffd7c0/00c0: 50 00 00 00 48 85 c0 74-33 48 89 6c 24 48 48 8d P...H..t3H.l$HH.
10380000000003ffd7d0/00d0: 0d d3 fc ff ff 48 89 6c-24 40 45 33 c9 48 89 7c .....H.l$@E3.H.|
10390000000003ffd7e0/00e0: 24 38 45 33 c0 48 89 4c-24 30 33 d2 48 89 6c 24 $8E3.H.L$03.H.l$
10400000000003ffd7f0/00f0: 28 48 83 c9 ff 48 89 6c-24 20 ff d0 4c 8d 5c 24 (H...H.l$ ..L.\$
10412878.3ce0: 0000000003ffd800/0000: 60 33 c0 49 8b 5b 18 49-8b 6b 20 49 8b 73 28 49 `3.I.[.I.k I.s(I
10420000000003ffd810/0010: 8b e3 5f c3 48 8b c4 48-89 58 08 48 89 68 10 48 .._.H..H.X.H.h.H
10430000000003ffd820/0020: 89 70 18 48 89 78 20 41-54 41 55 41 56 41 57 48 .p.H.x ATAUAVAWH
10440000000003ffd830/0030: 63 41 3c 4c 8b c9 48 03-c1 45 33 c0 b9 4c 01 00 cA<L..H..E3..L..
10450000000003ffd840/0040: 00 4c 8b fa 66 39 48 04-74 16 b9 64 86 00 00 66 .L..f9H.t..d...f
10460000000003ffd850/0050: 39 48 04 0f 85 b9 00 00-00 b9 88 00 00 00 eb 05 9H..............
10470000000003ffd860/0060: b9 78 00 00 00 44 39 44-01 04 0f 84 a2 00 00 00 .x...D9D........
10480000000003ffd870/0070: 44 39 04 01 0f 84 98 00-00 00 44 8b 1c 01 41 8b D9........D...A.
10490000000003ffd880/0080: f0 4d 03 d9 41 8b 6b 18-45 8b 63 20 ff cd 8b d5 .M..A.k.E.c ....
10500000000003ffd890/0090: 4d 03 e1 d1 ea 83 fd 02-72 73 41 8b 04 94 44 8b M.......rsA...D.
10510000000003ffd8a0/00a0: ea 41 8a 1f 4e 8d 14 08-84 db 74 22 49 8b ff 8a .A..N.....t"I...
10520000000003ffd8b0/00b0: c3 49 2b fa 41 0f be 0a-8a d8 0f be c0 2b c1 75 .I+.A........+.u
10530000000003ffd8c0/00c0: 0d 49 ff c2 42 8a 04 17-8a d8 84 c0 75 e6 41 0f .I..B.......u.A.
10540000000003ffd8d0/00d0: be 02 0f be cb 2b c8 79-05 8d 6a ff eb 07 85 c9 .....+.y..j.....
10550000000003ffd8e0/00e0: 7e 12 8d 72 01 8b d5 2b-d6 d1 ea 03 d6 41 3b d5 ~..r...+.....A;.
10560000000003ffd8f0/00f0: 75 a8 eb 19 41 8b 4b 24-49 03 c9 0f b7 14 51 41 u...A.K$I.....QA
10572878.3ce0: 0000000003ffd900/0000: 8b 4b 1c 49 03 c9 44 8b-04 91 4d 03 c1 49 8b c0 .K.I..D...M..I..
10580000000003ffd910/0010: eb 02 33 c0 48 8b 5c 24-28 48 8b 6c 24 30 48 8b ..3.H.\$(H.l$0H.
10590000000003ffd920/0020: 74 24 38 48 8b 7c 24 40-41 5f 41 5e 41 5d 41 5c t$8H.|$@A_A^A]A\
10600000000003ffd930/0030: c3 cc cc cc 01 1b 0c 00-1b 74 08 00 1b 64 07 00 .........t...d..
10610000000003ffd940/0040: 1b 54 06 00 1b 34 05 00-1b f0 19 e0 17 d0 15 c0 .T...4..........
10620000000003ffd950/0050: 01 19 0a 00 19 64 0f 00-19 34 0e 00 19 52 12 f0 .....d...4...R..
10630000000003ffd960/0060: 10 e0 0e c0 0c 70 0b 50-01 1e 0b 00 1e 64 22 00 .....p.P.....d".
10640000000003ffd970/0070: 1e 34 21 00 1e 01 1a 00-12 f0 10 e0 0e c0 0c 70 .4!............p
10650000000003ffd980/0080: 0b 50 00 00 01 14 08 00-14 64 11 00 14 54 10 00 .P.......d...T..
10660000000003ffd990/0090: 14 34 0f 00 14 b2 10 70-cc cc cc cc cc cc cc cc .4.....p........
10670000000003ffd9a0/00a0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
10680000000003ffd9b0/00b0: 00 00 00 00 00 00 00 00-55 00 4d 00 49 00 6e 00 ........U.M.I.n.
10690000000003ffd9c0/00c0: 74 00 65 00 72 00 63 00-65 00 70 00 74 00 6f 00 t.e.r.c.e.p.t.o.
10700000000003ffd9d0/00d0: 72 00 73 00 5f 00 78 00-36 00 34 00 2e 00 64 00 r.s._.x.6.4...d.
10710000000003ffd9e0/00e0: 6c 00 6c 00 00 00 00 00-00 00 00 00 00 00 00 00 l.l.............
10720000000003ffd9f0/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
10732878.3ce0: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000530000/0000000000530000 LB 0/0x1000]
10742878.3ce0: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000530000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00000000000001
10752878.3ce0: 0000000000531000-000000000053ffff 0x0001/0x0000 0x0000000
10762878.3ce0: *0000000000540000-0000000000543fff 0x0002/0x0002 0x0040000
10772878.3ce0: 0000000000544000-000000000054ffff 0x0001/0x0000 0x0000000
10782878.3ce0: *0000000000550000-0000000000551fff 0x0004/0x0004 0x0020000
10792878.3ce0: 0000000000552000-00000000005fffff 0x0001/0x0000 0x0000000
10802878.3ce0: *0000000000600000-000000000066bfff 0x0000/0x0004 0x0020000
10812878.3ce0: 000000000066c000-000000000066efff 0x0004/0x0004 0x0020000
10822878.3ce0: 000000000066f000-00000000007fffff 0x0000/0x0004 0x0020000
10832878.3ce0: *0000000000800000-00000000008fafff 0x0000/0x0004 0x0020000
10842878.3ce0: 00000000008fb000-00000000008fdfff 0x0104/0x0004 0x0020000
10852878.3ce0: 00000000008fe000-00000000008fffff 0x0004/0x0004 0x0020000
10862878.3ce0: 0000000000900000-000000007ffdffff 0x0001/0x0000 0x0000000
10872878.3ce0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
10882878.3ce0: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
10892878.3ce0: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
10902878.3ce0: 000000007fff0000-00007ff57f3dffff 0x0001/0x0000 0x0000000
10912878.3ce0: *00007ff57f3e0000-00007ff57f3e0fff 0x0002/0x0002 0x0040000
10922878.3ce0: 00007ff57f3e1000-00007ff57f3effff 0x0001/0x0000 0x0000000
10932878.3ce0: *00007ff57f3f0000-00007ff57f412fff 0x0002/0x0002 0x0040000
10942878.3ce0: 00007ff57f413000-00007ff6e910ffff 0x0001/0x0000 0x0000000
10952878.3ce0: *00007ff6e9110000-00007ff6e9110fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
10962878.3ce0: 00007ff6e9111000-00007ff6e9186fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
10972878.3ce0: 00007ff6e9187000-00007ff6e9187fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
10982878.3ce0: 00007ff6e9188000-00007ff6e91cffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
10992878.3ce0: 00007ff6e91d0000-00007ff6e91d0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
11002878.3ce0: 00007ff6e91d1000-00007ff6e91d1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
11012878.3ce0: 00007ff6e91d2000-00007ff6e91d6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
11022878.3ce0: 00007ff6e91d7000-00007ff6e91d7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
11032878.3ce0: 00007ff6e91d8000-00007ff6e91d8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
11042878.3ce0: 00007ff6e91d9000-00007ff6e91dcfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
11052878.3ce0: 00007ff6e91dd000-00007ff6e9225fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
11062878.3ce0: 00007ff6e9226000-00007fff6f79ffff 0x0001/0x0000 0x0000000
11072878.3ce0: *00007fff6f7a0000-00007fff6f7a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
11082878.3ce0: 00007fff6f7a1000-00007fff6f8b7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
11092878.3ce0: 00007fff6f8b8000-00007fff6f8fefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
11102878.3ce0: 00007fff6f8ff000-00007fff6f90afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
11112878.3ce0: 00007fff6f90b000-00007fff6f919fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
11122878.3ce0: 00007fff6f91a000-00007fff6f91afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
11132878.3ce0: 00007fff6f91b000-00007fff6f91dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
11142878.3ce0: 00007fff6f91e000-00007fff6f98ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
11152878.3ce0: 00007fff6f990000-00007ffffffeffff 0x0001/0x0000 0x0000000
11162878.3ce0: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x840
11172878.3ce0: supR3HardNtChildPurify: Startup delay kludge #1/1: 519 ms, 58 sleeps
11182878.3ce0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
11192878.3ce0: *0000000000000000-00000000004effff 0x0001/0x0000 0x0000000
11202878.3ce0: *00000000004f0000-000000000050ffff 0x0004/0x0004 0x0020000
11212878.3ce0: *0000000000510000-000000000052afff 0x0002/0x0002 0x0040000
11222878.3ce0: 000000000052b000-000000000053ffff 0x0001/0x0000 0x0000000
11232878.3ce0: *0000000000540000-0000000000543fff 0x0002/0x0002 0x0040000
11242878.3ce0: 0000000000544000-000000000054ffff 0x0001/0x0000 0x0000000
11252878.3ce0: *0000000000550000-0000000000551fff 0x0004/0x0004 0x0020000
11262878.3ce0: 0000000000552000-00000000005fffff 0x0001/0x0000 0x0000000
11272878.3ce0: *0000000000600000-000000000066bfff 0x0000/0x0004 0x0020000
11282878.3ce0: 000000000066c000-000000000066efff 0x0004/0x0004 0x0020000
11292878.3ce0: 000000000066f000-00000000007fffff 0x0000/0x0004 0x0020000
11302878.3ce0: *0000000000800000-00000000008fafff 0x0000/0x0004 0x0020000
11312878.3ce0: 00000000008fb000-00000000008fdfff 0x0104/0x0004 0x0020000
11322878.3ce0: 00000000008fe000-00000000008fffff 0x0004/0x0004 0x0020000
11332878.3ce0: 0000000000900000-000000007ffdffff 0x0001/0x0000 0x0000000
11342878.3ce0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
11352878.3ce0: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
11362878.3ce0: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
11372878.3ce0: 000000007fff0000-00007ff57f3dffff 0x0001/0x0000 0x0000000
11382878.3ce0: *00007ff57f3e0000-00007ff57f3e0fff 0x0002/0x0002 0x0040000
11392878.3ce0: 00007ff57f3e1000-00007ff57f3effff 0x0001/0x0000 0x0000000
11402878.3ce0: *00007ff57f3f0000-00007ff57f412fff 0x0002/0x0002 0x0040000
11412878.3ce0: 00007ff57f413000-00007ff6e910ffff 0x0001/0x0000 0x0000000
11422878.3ce0: *00007ff6e9110000-00007ff6e9110fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
11432878.3ce0: 00007ff6e9111000-00007ff6e9186fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
11442878.3ce0: 00007ff6e9187000-00007ff6e9187fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
11452878.3ce0: 00007ff6e9188000-00007ff6e91cffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
11462878.3ce0: 00007ff6e91d0000-00007ff6e91dcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
11472878.3ce0: 00007ff6e91dd000-00007ff6e9225fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
11482878.3ce0: 00007ff6e9226000-00007fff6f79ffff 0x0001/0x0000 0x0000000
11492878.3ce0: *00007fff6f7a0000-00007fff6f7a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
11502878.3ce0: 00007fff6f7a1000-00007fff6f8b7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
11512878.3ce0: 00007fff6f8b8000-00007fff6f8fefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
11522878.3ce0: 00007fff6f8ff000-00007fff6f902fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
11532878.3ce0: 00007fff6f903000-00007fff6f90afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
11542878.3ce0: 00007fff6f90b000-00007fff6f919fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
11552878.3ce0: 00007fff6f91a000-00007fff6f91afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
11562878.3ce0: 00007fff6f91b000-00007fff6f91dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
11572878.3ce0: 00007fff6f91e000-00007fff6f98ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
11582878.3ce0: 00007fff6f990000-00007ffffffeffff 0x0001/0x0000 0x0000000
11592878.3ce0: supR3HardNtChildPurify: Done after 1045 ms and 1 fixes (loop #1).
116021c4.2ac4: Log file opened: 6.1.12r139181 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00
116121c4.2ac4: supR3HardenedVmProcessInit: uNtDllAddr=00007fff6f7a0000 g_uNtVerCombined=0xa047ba00 (stack ~00000000008ff438)
116221c4.2ac4: ntdll.dll: timestamp 0xb29ecf52 (rc=VINF_SUCCESS)
116321c4.2ac4: New simple heap: #1 0000000000a00000 LB 0x400000 (for 2031616 allocation)
11642878.3ce0: supR3HardNtEnableThreadCreationEx:
116521c4.2ac4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
116621c4.2ac4: System32: \Device\HarddiskVolume4\Windows\System32
116721c4.2ac4: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
116821c4.2ac4: KnownDllPath: C:\WINDOWS\System32
116921c4.2ac4: supR3HardenedVmProcessInit: Opening vboxdrv stub...
117021c4.2ac4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
117121c4.2ac4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
117221c4.2ac4: Registered Dll notification callback with NTDLL.
117321c4.2ac4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
117421c4.2ac4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
117521c4.2ac4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
117621c4.2ac4: supR3HardenedDllNotificationCallback: load 00007fff6c7d0000 LB 0x002a4000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
117721c4.2ac4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
117821c4.2ac4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
117921c4.2ac4: supR3HardenedDllNotificationCallback: load 00007fff6eb70000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
118021c4.2ac4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
118121c4.2ac4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6eb70000 'C:\WINDOWS\System32\KERNEL32.DLL'
118221c4.2ac4: supR3HardenedDllNotificationCallback: load 00007ff6e9110000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
118321c4.2ac4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
118421c4.2ac4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
118521c4.2ac4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
118621c4.2ac4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff6f811770 pvNtTerminateThread=00007fff6f83cac0
11872878.3ce0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 66 ms.
118821c4.2ac4: \SystemRoot\System32\ntdll.dll:
118921c4.2ac4: CreationTime: 2020-07-27T09:29:22.468662600Z
119021c4.2ac4: LastWriteTime: 2020-07-27T09:29:22.507631900Z
119121c4.2ac4: ChangeTime: 2020-07-28T06:10:52.472083500Z
119221c4.2ac4: FileAttributes: 0x20
119321c4.2ac4: Size: 0x1e8460
119421c4.2ac4: NT Headers: 0xd8
119521c4.2ac4: Timestamp: 0xb29ecf52
119621c4.2ac4: Machine: 0x8664 - amd64
119721c4.2ac4: Timestamp: 0xb29ecf52
119821c4.2ac4: Image Version: 10.0
119921c4.2ac4: SizeOfImage: 0x1f0000 (2031616)
120021c4.2ac4: Resource Dir: 0x17f000 LB 0x6f310
120121c4.2ac4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
120221c4.2ac4: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
120321c4.2ac4: ProductName: Microsoft® Windows® Operating System
120421c4.2ac4: ProductVersion: 10.0.18362.815
120521c4.2ac4: FileVersion: 10.0.18362.815 (WinBuild.160101.0800)
120621c4.2ac4: FileDescription: NT Layer DLL
120721c4.2ac4: \SystemRoot\System32\kernel32.dll:
120821c4.2ac4: CreationTime: 2020-07-27T09:28:50.277970100Z
120921c4.2ac4: LastWriteTime: 2020-07-27T09:28:50.294953700Z
121021c4.2ac4: ChangeTime: 2020-07-28T06:10:41.051213400Z
121121c4.2ac4: FileAttributes: 0x20
121221c4.2ac4: Size: 0xb0498
121321c4.2ac4: NT Headers: 0xe8
121421c4.2ac4: Timestamp: 0xce6bbd73
121521c4.2ac4: Machine: 0x8664 - amd64
121621c4.2ac4: Timestamp: 0xce6bbd73
121721c4.2ac4: Image Version: 10.0
121821c4.2ac4: SizeOfImage: 0xb2000 (729088)
121921c4.2ac4: Resource Dir: 0xb0000 LB 0x520
122021c4.2ac4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
122121c4.2ac4: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
122221c4.2ac4: ProductName: Microsoft® Windows® Operating System
122321c4.2ac4: ProductVersion: 10.0.18362.959
122421c4.2ac4: FileVersion: 10.0.18362.959 (WinBuild.160101.0800)
122521c4.2ac4: FileDescription: Windows NT BASE API Client DLL
122621c4.2ac4: \SystemRoot\System32\KernelBase.dll:
122721c4.2ac4: CreationTime: 2020-07-27T09:29:23.091189900Z
122821c4.2ac4: LastWriteTime: 2020-07-27T09:29:23.150058300Z
122921c4.2ac4: ChangeTime: 2020-07-28T06:10:50.315875600Z
123021c4.2ac4: FileAttributes: 0x20
123121c4.2ac4: Size: 0x2a4058
123221c4.2ac4: NT Headers: 0xf8
123321c4.2ac4: Timestamp: 0x7b90c1b5
123421c4.2ac4: Machine: 0x8664 - amd64
123521c4.2ac4: Timestamp: 0x7b90c1b5
123621c4.2ac4: Image Version: 10.0
123721c4.2ac4: SizeOfImage: 0x2a4000 (2768896)
123821c4.2ac4: Resource Dir: 0x27e000 LB 0x548
123921c4.2ac4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
124021c4.2ac4: [Raw version resource data: 0x27e0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
124121c4.2ac4: ProductName: Microsoft® Windows® Operating System
124221c4.2ac4: ProductVersion: 10.0.18362.959
124321c4.2ac4: FileVersion: 10.0.18362.959 (WinBuild.160101.0800)
124421c4.2ac4: FileDescription: Windows NT BASE API Client DLL
124521c4.2ac4: \SystemRoot\System32\apisetschema.dll:
124621c4.2ac4: CreationTime: 2019-03-19T04:43:54.837151500Z
124721c4.2ac4: LastWriteTime: 2019-03-19T04:43:54.837151500Z
124821c4.2ac4: ChangeTime: 2020-07-27T09:30:52.160553000Z
124921c4.2ac4: FileAttributes: 0x20
125021c4.2ac4: Size: 0x1d028
125121c4.2ac4: NT Headers: 0xc8
125221c4.2ac4: Timestamp: 0xd6ced080
125321c4.2ac4: Machine: 0x8664 - amd64
125421c4.2ac4: Timestamp: 0xd6ced080
125521c4.2ac4: Image Version: 10.0
125621c4.2ac4: SizeOfImage: 0x1e000 (122880)
125721c4.2ac4: Resource Dir: 0x1d000 LB 0x408
125821c4.2ac4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
125921c4.2ac4: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
126021c4.2ac4: ProductName: Microsoft® Windows® Operating System
126121c4.2ac4: ProductVersion: 10.0.18362.1
126221c4.2ac4: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
126321c4.2ac4: FileDescription: ApiSet Schema DLL
126421c4.2ac4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
126521c4.2ac4: supR3HardenedWinFindAdversaries: 0x840
126621c4.2ac4: \SystemRoot\System32\drivers\klflt.sys:
126721c4.2ac4: CreationTime: 2020-03-06T08:53:28.856343500Z
126821c4.2ac4: LastWriteTime: 2020-03-12T20:48:02.000000000Z
126921c4.2ac4: ChangeTime: 2020-05-15T10:01:19.828084100Z
127021c4.2ac4: FileAttributes: 0x20
127121c4.2ac4: Size: 0x3f100
127221c4.2ac4: NT Headers: 0xf8
127321c4.2ac4: Timestamp: 0x5e6a66e9
127421c4.2ac4: Machine: 0x8664 - amd64
127521c4.2ac4: Timestamp: 0x5e6a66e9
127621c4.2ac4: Image Version: 6.1
127721c4.2ac4: SizeOfImage: 0x4d000 (315392)
127821c4.2ac4: Resource Dir: 0x4a000 LB 0x430
127921c4.2ac4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
128021c4.2ac4: [Raw version resource data: 0x4a060 LB 0x3d0, codepage 0x0 (reserved 0x0)]
128121c4.2ac4: ProductName: Coretech Delivery
128221c4.2ac4: ProductVersion: 30.289.132.0-e369c7d411
128321c4.2ac4: FileVersion: 30.289.132.0
128421c4.2ac4: FileDescription: Filter Core [fre_win7_x64]
128521c4.2ac4: \SystemRoot\System32\drivers\klif.sys:
128621c4.2ac4: CreationTime: 2020-03-06T08:53:28.861361800Z
128721c4.2ac4: LastWriteTime: 2020-03-12T20:48:04.000000000Z
128821c4.2ac4: ChangeTime: 2020-05-15T10:01:19.795147700Z
128921c4.2ac4: FileAttributes: 0x20
129021c4.2ac4: Size: 0x12d500
129121c4.2ac4: NT Headers: 0x100
129221c4.2ac4: Timestamp: 0x5e6a6704
129321c4.2ac4: Machine: 0x8664 - amd64
129421c4.2ac4: Timestamp: 0x5e6a6704
129521c4.2ac4: Image Version: 6.1
129621c4.2ac4: SizeOfImage: 0x12f000 (1241088)
129721c4.2ac4: Resource Dir: 0x125000 LB 0x3410
129821c4.2ac4: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)]
129921c4.2ac4: [Raw version resource data: 0x128028 LB 0x3e8, codepage 0x0 (reserved 0x0)]
130021c4.2ac4: ProductName: Coretech Delivery
130121c4.2ac4: ProductVersion: 30.289.132.0-e369c7d411
130221c4.2ac4: FileVersion: 30.289.132.0
130321c4.2ac4: FileDescription: Core System Interceptors [fre_win7_x64]
130421c4.2ac4: \SystemRoot\System32\drivers\klim6.sys:
130521c4.2ac4: CreationTime: 2019-01-28T00:49:40.000000000Z
130621c4.2ac4: LastWriteTime: 2020-03-05T01:33:42.000000000Z
130721c4.2ac4: ChangeTime: 2020-05-15T10:01:20.628593700Z
130821c4.2ac4: FileAttributes: 0x20
130921c4.2ac4: Size: 0x159f0
131021c4.2ac4: NT Headers: 0xe0
131121c4.2ac4: Timestamp: 0x8c875967
131221c4.2ac4: Machine: 0x8664 - amd64
131321c4.2ac4: Timestamp: 0x8c875967
131421c4.2ac4: Image Version: 6.1
131521c4.2ac4: SizeOfImage: 0x12000 (73728)
131621c4.2ac4: Resource Dir: 0x10000 LB 0x448
131721c4.2ac4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
131821c4.2ac4: [Raw version resource data: 0x10060 LB 0x3e4, codepage 0x0 (reserved 0x0)]
131921c4.2ac4: ProductName: Coretech Delivery
132021c4.2ac4: ProductVersion: 30.289.126.0-2a58c6003b
132121c4.2ac4: FileVersion: 30.289.126.0
132221c4.2ac4: FileDescription: Packet Network Filter [fre_win7_x64]
132321c4.2ac4: \SystemRoot\System32\drivers\kneps.sys:
132421c4.2ac4: CreationTime: 2019-04-29T04:50:14.000000000Z
132521c4.2ac4: LastWriteTime: 2020-03-06T02:31:48.000000000Z
132621c4.2ac4: ChangeTime: 2020-05-15T10:01:20.486058100Z
132721c4.2ac4: FileAttributes: 0x20
132821c4.2ac4: Size: 0x44300
132921c4.2ac4: NT Headers: 0xf8
133021c4.2ac4: Timestamp: 0x359fc650
133121c4.2ac4: Machine: 0x8664 - amd64
133221c4.2ac4: Timestamp: 0x359fc650
133321c4.2ac4: Image Version: 6.1
133421c4.2ac4: SizeOfImage: 0x44000 (278528)
133521c4.2ac4: Resource Dir: 0x41000 LB 0x440
133621c4.2ac4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
133721c4.2ac4: [Raw version resource data: 0x41060 LB 0x3dc, codepage 0x0 (reserved 0x0)]
133821c4.2ac4: ProductName: Coretech Delivery
133921c4.2ac4: ProductVersion: 30.289.126.0-2a58c6003b
134021c4.2ac4: FileVersion: 30.289.126.0
134121c4.2ac4: FileDescription: Network Processor [fre_win7_x64]
134221c4.2ac4: \SystemRoot\System32\drivers\inspect.sys:
134321c4.2ac4: CreationTime: 2019-10-22T10:41:08.000000000Z
134421c4.2ac4: LastWriteTime: 2019-10-22T10:41:08.000000000Z
134521c4.2ac4: ChangeTime: 2019-12-12T12:56:19.421137100Z
134621c4.2ac4: FileAttributes: 0x20
134721c4.2ac4: Size: 0x137c8
134821c4.2ac4: NT Headers: 0xf8
134921c4.2ac4: Timestamp: 0x5cfbc135
135021c4.2ac4: Machine: 0x8664 - amd64
135121c4.2ac4: Timestamp: 0x5cfbc135
135221c4.2ac4: Image Version: 10.0
135321c4.2ac4: SizeOfImage: 0x14000 (81920)
135421c4.2ac4: Resource Dir: 0x12000 LB 0x690
135521c4.2ac4: [Version info resource found at 0x50! (ID/Name: 0x1; SubID/SubName: 0x409)]
135621c4.2ac4: [Raw version resource data: 0x12070 LB 0x2fc, codepage 0x0 (reserved 0x0)]
135721c4.2ac4: ProductName: DOZOR Agent
135821c4.2ac4: ProductVersion: 3.3.0.0
135921c4.2ac4: FileVersion: 1.0.1.3
136021c4.2ac4: FileDescription: Process Control Driver
136121c4.2ac4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
136221c4.2ac4: Calling main()
136321c4.2ac4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
136421c4.2ac4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
136521c4.2ac4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
136621c4.2ac4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
136721c4.2ac4: SUPR3HardenedMain: Respawn #2
136821c4.2ac4: supR3HardNtEnableThreadCreationEx:
136921c4.2ac4: supR3HardenedDllNotificationCallback: load 00007fff6f450000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
137021c4.2ac4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
137121c4.2ac4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
137221c4.2ac4: supR3HardenedDllNotificationCallback: load 00007fff6f3a0000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
137321c4.2ac4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
137421c4.2ac4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
137521c4.2ac4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
137621c4.2ac4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
137721c4.2ac4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
137821c4.2ac4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
137921c4.2ac4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
138021c4.2ac4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
138121c4.2ac4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
138221c4.2ac4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
138321c4.2ac4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
138421c4.2ac4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
138521c4.2ac4: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
138621c4.2ac4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
138721c4.2ac4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
138821c4.2ac4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
138921c4.2ac4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
139021c4.2ac4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
139121c4.2ac4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
139221c4.2ac4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
139321c4.2ac4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
139421c4.2ac4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000:<flags> [calling]
139521c4.2ac4: supR3HardenedDllNotificationCallback: load 00007fff6e120000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
139621c4.2ac4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
139721c4.2ac4: supR3HardenedDllNotificationCallback: load 00007fff6dda0000 LB 0x000a3000 C:\WINDOWS\System32\ADVAPI32.DLL [fFlags=0x0]
139821c4.2ac4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
139921c4.2ac4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6dda0000 'C:\WINDOWS\System32\ADVAPI32.DLL'
140021c4.2ac4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
140121c4.2ac4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
140221c4.2ac4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
140321c4.2ac4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
140421c4.2ac4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6f7a0000 'C:\WINDOWS\System32\ntdll.dll'
140521c4.2ac4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff6f811770 pvNtTerminateThread=00007fff6f83cac0
140621c4.2ac4: supR3HardenedWinDoReSpawn(2): New child 28dc.3b80 [kernel32].
140721c4.2ac4: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
140821c4.2ac4: supR3HardNtChildGatherData: PebBaseAddress=00000000007ba000 cbPeb=0x388
140921c4.2ac4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff6f7a0000 uNtDllChildAddr=00007fff6f7a0000
141021c4.2ac4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff6f811770
141121c4.2ac4: supR3HardenedWinSetupChildInit: Initial context:
1412 rax=0000000000000000 rbx=0000000000000000 rcx=00007ff6e9117900 rdx=00000000007ba000
1413 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
1414 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
1415 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
1416 rip=00007fff6f80ce30 rsp=000000000057f898 rbp=0000000000000000 ctxflags=0010001b
1417 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
1418 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
1419 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
1420 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
1421 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
142221c4.2ac4: kernel32.dll: timestamp 0xce6bbd73 (rc=VINF_SUCCESS)
142321c4.2ac4: supR3HardenedWinSetupChildInit: Start child.
142421c4.2ac4: KiUserExceptionDispatcher: 0xc0000005 (0000000000000008, 0000000000530310) @ 0000000000530310 (flags=0x0)
1425 rax=0000000000530310 rbx=0000000000000002 rcx=00000000005305a0 rdx=0000000000000000
1426 rsi=00000000000007d0 rdi=0000000000000003 r8 =0000000000000000 r9 =00000000008f8290
1427 r10=0000000000000000 r11=0000000000000246 r12=0000000000000000 r13=00007ff6e91907f8
1428 r14=00000000067bd3b3 r15=000000007ffe000c P1=0000000080079b70 P2=0000000000000001
1429 rip=0000000000530310 rsp=00000000008f8288 rbp=00000000008f9160 ctxflags=0010005f
1430 cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b eflags=00010206 mxcrx=00001f80
1431 P3=0000000080079b78 P4=0000000000000001 P5=00000000000005e1 P6=0000000010017500
1432 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
1433 dr6=0000000000000000 dr7=0000000000000000 vcr=0000100000017c70 dcr=0000000180000000
1434 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
143521c4.2ac4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-kernel32-errorhandling-l1-1-0.dll) -> 0x0, fPresent=1
143621c4.2ac4: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-kernel32-errorhandling-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
143721c4.2ac4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fff6eb70000 'ext-ms-win-kernel32-errorhandling-l1-1-0.dll'
14382878.3ce0: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2394 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy