VBox Hardening log 6.1.26

1. 155664.1503cc: Log file opened: 6.1.26r145957 g_hStartupLog=000000000000023c g_uNtVerCombined=0xa04a6200
2. 155664.1503cc: \SystemRoot\System32\ntdll.dll:
3. 155664.1503cc: CreationTime: 2021-11-03T22:16:59.466908900Z
4. 155664.1503cc: LastWriteTime: 2021-11-03T22:16:59.501043100Z
5. 155664.1503cc: ChangeTime: 2021-11-18T07:05:53.317881400Z
6. 155664.1503cc: FileAttributes: 0x20
7. 155664.1503cc: Size: 0x1ee520
8. 155664.1503cc: NT Headers: 0xe8
9. 155664.1503cc: Timestamp: 0xa280d1d6
10. 155664.1503cc: Machine: 0x8664 - amd64
11. 155664.1503cc: Timestamp: 0xa280d1d6
12. 155664.1503cc: Image Version: 10.0
13. 155664.1503cc: SizeOfImage: 0x1f5000 (2052096)
14. 155664.1503cc: Resource Dir: 0x184000 LB 0x6fdc8
15. 155664.1503cc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16. 155664.1503cc: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17. 155664.1503cc: ProductName: Microsoft® Windows® Operating System
18. 155664.1503cc: ProductVersion: 10.0.19041.1288
19. 155664.1503cc: FileVersion: 10.0.19041.1288 (WinBuild.160101.0800)
20. 155664.1503cc: FileDescription: NT Layer DLL
21. 155664.1503cc: \SystemRoot\System32\kernel32.dll:
22. 155664.1503cc: CreationTime: 2021-09-23T07:20:09.442339800Z
23. 155664.1503cc: LastWriteTime: 2021-09-23T07:20:09.456000900Z
24. 155664.1503cc: ChangeTime: 2021-11-19T07:59:50.214442000Z
25. 155664.1503cc: FileAttributes: 0x20
26. 155664.1503cc: Size: 0xbc060
27. 155664.1503cc: NT Headers: 0xe8
28. 155664.1503cc: Timestamp: 0x871fae9
29. 155664.1503cc: Machine: 0x8664 - amd64
30. 155664.1503cc: Timestamp: 0x871fae9
31. 155664.1503cc: Image Version: 10.0
32. 155664.1503cc: SizeOfImage: 0xbe000 (778240)
33. 155664.1503cc: Resource Dir: 0xbc000 LB 0x520
34. 155664.1503cc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35. 155664.1503cc: [Raw version resource data: 0xbc0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36. 155664.1503cc: ProductName: Microsoft® Windows® Operating System
37. 155664.1503cc: ProductVersion: 10.0.19041.1202
38. 155664.1503cc: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
39. 155664.1503cc: FileDescription: Windows NT BASE API Client DLL
40. 155664.1503cc: \SystemRoot\System32\KernelBase.dll:
41. 155664.1503cc: CreationTime: 2021-09-23T07:20:40.554952300Z
42. 155664.1503cc: LastWriteTime: 2021-09-23T07:20:40.609156800Z
43. 155664.1503cc: ChangeTime: 2021-11-19T07:59:50.214442000Z
44. 155664.1503cc: FileAttributes: 0x20
45. 155664.1503cc: Size: 0x2c9da8
46. 155664.1503cc: NT Headers: 0xf0
47. 155664.1503cc: Timestamp: 0xc9db1934
48. 155664.1503cc: Machine: 0x8664 - amd64
49. 155664.1503cc: Timestamp: 0xc9db1934
50. 155664.1503cc: Image Version: 10.0
51. 155664.1503cc: SizeOfImage: 0x2c9000 (2920448)
52. 155664.1503cc: Resource Dir: 0x2a0000 LB 0x548
53. 155664.1503cc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54. 155664.1503cc: [Raw version resource data: 0x2a00b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
55. 155664.1503cc: ProductName: Microsoft® Windows® Operating System
56. 155664.1503cc: ProductVersion: 10.0.19041.1202
57. 155664.1503cc: FileVersion: 10.0.19041.1202 (WinBuild.160101.0800)
58. 155664.1503cc: FileDescription: Windows NT BASE API Client DLL
59. 155664.1503cc: \SystemRoot\System32\apisetschema.dll:
60. 155664.1503cc: CreationTime: 2019-12-07T09:08:13.518339400Z
61. 155664.1503cc: LastWriteTime: 2019-12-07T09:08:13.518339400Z
62. 155664.1503cc: ChangeTime: 2021-11-03T22:19:07.231909700Z
63. 155664.1503cc: FileAttributes: 0x20
64. 155664.1503cc: Size: 0x1f538
65. 155664.1503cc: NT Headers: 0xd0
66. 155664.1503cc: Timestamp: 0x31288ce0
67. 155664.1503cc: Machine: 0x8664 - amd64
68. 155664.1503cc: Timestamp: 0x31288ce0
69. 155664.1503cc: Image Version: 10.0
70. 155664.1503cc: SizeOfImage: 0x20000 (131072)
71. 155664.1503cc: Resource Dir: 0x1f000 LB 0x408
72. 155664.1503cc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73. 155664.1503cc: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
74. 155664.1503cc: ProductName: Microsoft® Windows® Operating System
75. 155664.1503cc: ProductVersion: 10.0.19041.1
76. 155664.1503cc: FileVersion: 10.0.19041.1 (WinBuild.160101.0800)
77. 155664.1503cc: FileDescription: ApiSet Schema DLL
78. 155664.1503cc: Found driver tmcomm (0x8)
79. 155664.1503cc: Found driver tmevtmgr (0x8)
80. 155664.1503cc: Found driver tmactmon (0x8)
81. 155664.1503cc: Found driver tmeevw (0x8)
82. 155664.1503cc: supR3HardenedWinFindAdversaries: 0x20018
83. 155664.1503cc: \SystemRoot\System32\drivers\tmcomm.sys:
84. 155664.1503cc: CreationTime: 2018-10-29T21:18:44.000000000Z
85. 155664.1503cc: LastWriteTime: 2021-05-10T16:30:42.000000000Z
86. 155664.1503cc: ChangeTime: 2021-11-12T23:09:13.515470100Z
87. 155664.1503cc: FileAttributes: 0x20
88. 155664.1503cc: Size: 0x67c90
89. 155664.1503cc: NT Headers: 0xf8
90. 155664.1503cc: Timestamp: 0x6090f15f
91. 155664.1503cc: Machine: 0x8664 - amd64
92. 155664.1503cc: Timestamp: 0x6090f15f
93. 155664.1503cc: Image Version: 10.0
94. 155664.1503cc: SizeOfImage: 0x69000 (430080)
95. 155664.1503cc: Resource Dir: 0x67000 LB 0x568
96. 155664.1503cc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
97. 155664.1503cc: [Raw version resource data: 0x67060 LB 0x508, codepage 0x0 (reserved 0x0)]
98. 155664.1503cc: ProductName: Trend Micro Eyes
99. 155664.1503cc: ProductVersion: 8.20
100. 155664.1503cc: FileVersion: 8.20.0.1044
101. 155664.1503cc: SpecialBuild: 1044
102. 155664.1503cc: PrivateBuild: Build 1044 - 05/04/2021
103. 155664.1503cc: FileDescription: TrendMicro Common Module
104. 155664.1503cc: \SystemRoot\System32\drivers\tmactmon.sys:
105. 155664.1503cc: CreationTime: 2021-10-27T18:23:39.020049500Z
106. 155664.1503cc: LastWriteTime: 2021-07-02T00:33:46.000000000Z
107. 155664.1503cc: ChangeTime: 2021-11-12T23:09:15.685097400Z
108. 155664.1503cc: FileAttributes: 0x20
109. 155664.1503cc: Size: 0x24cf8
110. 155664.1503cc: NT Headers: 0x108
111. 155664.1503cc: Timestamp: 0x60cb5587
112. 155664.1503cc: Machine: 0x8664 - amd64
113. 155664.1503cc: Timestamp: 0x60cb5587
114. 155664.1503cc: Image Version: 6.1
115. 155664.1503cc: SizeOfImage: 0x29000 (167936)
116. 155664.1503cc: Resource Dir: 0x27000 LB 0x5d0
117. 155664.1503cc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
118. 155664.1503cc: [Raw version resource data: 0x27060 LB 0x570, codepage 0x0 (reserved 0x0)]
119. 155664.1503cc: ProductName: Trend Micro AEGIS
120. 155664.1503cc: ProductVersion: 2.98
121. 155664.1503cc: FileVersion: 2.98.0.1668
122. 155664.1503cc: SpecialBuild: 1668
123. 155664.1503cc: PrivateBuild: Build 1668 - $(build_date)
124. 155664.1503cc: FileDescription: TrendMicro Activity Monitor Module
125. 155664.1503cc: \SystemRoot\System32\drivers\tmevtmgr.sys:
126. 155664.1503cc: CreationTime: 2021-10-27T18:23:39.024928800Z
127. 155664.1503cc: LastWriteTime: 2021-07-02T00:33:48.000000000Z
128. 155664.1503cc: ChangeTime: 2021-11-12T23:09:15.631417400Z
129. 155664.1503cc: FileAttributes: 0x20
130. 155664.1503cc: Size: 0x190f8
131. 155664.1503cc: NT Headers: 0x108
132. 155664.1503cc: Timestamp: 0x60cb5581
133. 155664.1503cc: Machine: 0x8664 - amd64
134. 155664.1503cc: Timestamp: 0x60cb5581
135. 155664.1503cc: Image Version: 6.1
136. 155664.1503cc: SizeOfImage: 0x1a000 (106496)
137. 155664.1503cc: Resource Dir: 0x18000 LB 0x5d0
138. 155664.1503cc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
139. 155664.1503cc: [Raw version resource data: 0x18060 LB 0x570, codepage 0x0 (reserved 0x0)]
140. 155664.1503cc: ProductName: Trend Micro AEGIS
141. 155664.1503cc: ProductVersion: 2.98
142. 155664.1503cc: FileVersion: 2.98.0.1668
143. 155664.1503cc: SpecialBuild: 1668
144. 155664.1503cc: PrivateBuild: Build 1668 - $(build_date)
145. 155664.1503cc: FileDescription: TrendMicro Event Management Module
146. 155664.1503cc: \SystemRoot\System32\drivers\tmebc64.sys:
147. 155664.1503cc: CreationTime: 2016-04-21T09:08:10.000000000Z
148. 155664.1503cc: LastWriteTime: 2019-04-22T16:09:50.000000000Z
149. 155664.1503cc: ChangeTime: 2021-11-12T23:09:12.048556600Z
150. 155664.1503cc: FileAttributes: 0x20
151. 155664.1503cc: Size: 0x12408
152. 155664.1503cc: NT Headers: 0xe8
153. 155664.1503cc: Timestamp: 0x5cb80c6d
154. 155664.1503cc: Machine: 0x8664 - amd64
155. 155664.1503cc: Timestamp: 0x5cb80c6d
156. 155664.1503cc: Image Version: 6.0
157. 155664.1503cc: SizeOfImage: 0x11000 (69632)
158. 155664.1503cc: Resource Dir: 0xf000 LB 0x5a0
159. 155664.1503cc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
160. 155664.1503cc: [Raw version resource data: 0xf060 LB 0x53c, codepage 0x0 (reserved 0x0)]
161. 155664.1503cc: ProductName: Trend Micro Early Boot Clean
162. 155664.1503cc: ProductVersion: 1.5
163. 155664.1503cc: FileVersion: 1.5.0.1045
164. 155664.1503cc: SpecialBuild: 1045
165. 155664.1503cc: PrivateBuild: Build 1045 - 4/18/2019
166. 155664.1503cc: FileDescription: Trend Micro early boot driver
167. 155664.1503cc: \SystemRoot\System32\drivers\tmeevw.sys:
168. 155664.1503cc: CreationTime: 2017-04-25T13:39:52.000000000Z
169. 155664.1503cc: LastWriteTime: 2021-09-03T05:40:22.000000000Z
170. 155664.1503cc: ChangeTime: 2021-11-12T23:09:15.903718900Z
171. 155664.1503cc: FileAttributes: 0x20
172. 155664.1503cc: Size: 0x25488
173. 155664.1503cc: NT Headers: 0xe8
174. 155664.1503cc: Timestamp: 0x5dba9302
175. 155664.1503cc: Machine: 0x8664 - amd64
176. 155664.1503cc: Timestamp: 0x5dba9302
177. 155664.1503cc: Image Version: 10.0
178. 155664.1503cc: SizeOfImage: 0x26000 (155648)
179. 155664.1503cc: Resource Dir: 0x1f000 LB 0x5318
180. 155664.1503cc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
181. 155664.1503cc: [Raw version resource data: 0x23e1c LB 0x4fc, codepage 0x4e4 (reserved 0x0)]
182. 155664.1503cc: ProductName: Trend Micro EagleEye 3.5
183. 155664.1503cc: ProductVersion: 3.5
184. 155664.1503cc: FileVersion: 3.5.0.1017
185. 155664.1503cc: SpecialBuild: 1017
186. 155664.1503cc: PrivateBuild: Build 1017 - 10/31/2019
187. 155664.1503cc: FileDescription: Trend Micro EagleEye Driver (VW) (amd64-fre)
188. 155664.1503cc: \SystemRoot\System32\drivers\sakfile.sys:
189. 155664.1503cc: CreationTime: 2021-10-21T12:00:06.983541800Z
190. 155664.1503cc: LastWriteTime: 2021-10-21T12:00:06.984037700Z
191. 155664.1503cc: ChangeTime: 2021-11-12T23:09:15.450859100Z
192. 155664.1503cc: FileAttributes: 0x20
193. 155664.1503cc: Size: 0x20af8
194. 155664.1503cc: NT Headers: 0xd8
195. 155664.1503cc: Timestamp: 0x6107a930
196. 155664.1503cc: Machine: 0x8664 - amd64
197. 155664.1503cc: Timestamp: 0x6107a930
198. 155664.1503cc: Image Version: 10.0
199. 155664.1503cc: SizeOfImage: 0x21000 (135168)
200. 155664.1503cc: Resource Dir: 0x1f000 LB 0x550
201. 155664.1503cc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
202. 155664.1503cc: [Raw version resource data: 0x1f060 LB 0x4ec, codepage 0x0 (reserved 0x0)]
203. 155664.1503cc: ProductName: OfficeScan - Data Protection (DLPE-SDK)
204. 155664.1503cc: ProductVersion: 6.2
205. 155664.1503cc: FileVersion: 6.2.0.5046
206. 155664.1503cc: SpecialBuild: 5046
207. 155664.1503cc: PrivateBuild: Build 5046 - None
208. 155664.1503cc: FileDescription: Trend Micro Data Loss Prevention Driver
209. 155664.1503cc: \SystemRoot\System32\drivers\PGDriver.sys:
210. 155664.1503cc: CreationTime: 2021-03-12T09:49:32.293810300Z
211. 155664.1503cc: LastWriteTime: 2020-11-25T10:15:18.000000000Z
212. 155664.1503cc: ChangeTime: 2021-11-12T23:09:12.388202500Z
213. 155664.1503cc: FileAttributes: 0x20
214. 155664.1503cc: Size: 0x21e60
215. 155664.1503cc: NT Headers: 0xe8
216. 155664.1503cc: Timestamp: 0x5fbe37bf
217. 155664.1503cc: Machine: 0x8664 - amd64
218. 155664.1503cc: Timestamp: 0x5fbe37bf
219. 155664.1503cc: Image Version: 10.0
220. 155664.1503cc: SizeOfImage: 0x25000 (151552)
221. 155664.1503cc: Resource Dir: 0x1f000 LB 0x4308
222. 155664.1503cc: [Version info resource found at 0x360! (ID/Name: 0x1; SubID/SubName: 0x409)]
223. 155664.1503cc: [Raw version resource data: 0x22f10 LB 0x3f8, codepage 0x0 (reserved 0x0)]
224. 155664.1503cc: ProductName: BeyondTrust Privilege Management
225. 155664.1503cc: ProductVersion: 2020.11.25.2
226. 155664.1503cc: FileVersion: 2020.11.25.2
227. 155664.1503cc: SpecialBuild: D
228. 155664.1503cc: FileDescription: BeyondTrust Privilege Management Driver
229. 155664.1503cc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox'
230. 155664.1503cc: Calling main()
231. 155664.1503cc: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
232. 155664.1503cc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox'
233. 155664.1503cc: SUPR3HardenedMain: Respawn #1
234. 155664.1503cc: System32: \Device\HarddiskVolume12\Windows\System32
235. 155664.1503cc: WinSxS: \Device\HarddiskVolume12\Windows\WinSxS
236. 155664.1503cc: KnownDllPath: C:\WINDOWS\System32
237. 155664.1503cc: supR3HardenedWinInit: Performing a limited self purification...
238. 155664.1503cc: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
239. 155664.1503cc: *0000000000000000-0000000000ecffff 0x0001/0x0000 0x0000000
240. 155664.1503cc: *0000000000ed0000-0000000000edffff 0x0004/0x0004 0x0040000
241. 155664.1503cc: *0000000000ee0000-0000000000ee0fff 0x0002/0x0002 0x0040000
242. 155664.1503cc: 0000000000ee1000-0000000000eeffff 0x0001/0x0000 0x0000000
243. 155664.1503cc: *0000000000ef0000-0000000000f0cfff 0x0002/0x0002 0x0040000
244. 155664.1503cc: 0000000000f0d000-0000000000f0ffff 0x0001/0x0000 0x0000000
245. 155664.1503cc: *0000000000f10000-0000000000f13fff 0x0002/0x0002 0x0040000
246. 155664.1503cc: 0000000000f14000-0000000000f1ffff 0x0001/0x0000 0x0000000
247. 155664.1503cc: *0000000000f20000-0000000000f21fff 0x0004/0x0004 0x0020000
248. 155664.1503cc: 0000000000f22000-0000000000f2ffff 0x0001/0x0000 0x0000000
249. 155664.1503cc: *0000000000f30000-0000000000f30fff 0x0004/0x0004 0x0020000
250. 155664.1503cc: 0000000000f31000-0000000000f3ffff 0x0001/0x0000 0x0000000
251. 155664.1503cc: *0000000000f40000-0000000000f41fff 0x0004/0x0004 0x0020000
252. 155664.1503cc: 0000000000f42000-0000000000fa1fff 0x0000/0x0004 0x0020000
253. 155664.1503cc: 0000000000fa2000-0000000000faffff 0x0001/0x0000 0x0000000
254. 155664.1503cc: *0000000000fb0000-0000000000fb0fff 0x0002/0x0002 0x0040000
255. 155664.1503cc: 0000000000fb1000-0000000000fbffff 0x0001/0x0000 0x0000000
256. 155664.1503cc: *0000000000fc0000-0000000000fc0fff 0x0002/0x0002 0x0040000
257. 155664.1503cc: 0000000000fc1000-0000000000fcffff 0x0001/0x0000 0x0000000
258. 155664.1503cc: *0000000000fd0000-0000000000fd0fff 0x0002/0x0002 0x0040000
259. 155664.1503cc: 0000000000fd1000-0000000000fdffff 0x0001/0x0000 0x0000000
260. 155664.1503cc: *0000000000fe0000-0000000000fe3fff 0x0002/0x0002 0x0040000
261. 155664.1503cc: 0000000000fe4000-0000000000fe7fff 0x0000/0x0002 0x0040000
262. 155664.1503cc: 0000000000fe8000-0000000000feffff 0x0001/0x0000 0x0000000
263. 155664.1503cc: *0000000000ff0000-0000000000ff0fff 0x0004/0x0004 0x0040000
264. 155664.1503cc: 0000000000ff1000-0000000000ffffff 0x0001/0x0000 0x0000000
265. 155664.1503cc: *0000000001000000-00000000010e1fff 0x0000/0x0004 0x0020000
266. 155664.1503cc: 00000000010e2000-00000000010e4fff 0x0004/0x0004 0x0020000
267. 155664.1503cc: 00000000010e5000-00000000011fffff 0x0000/0x0004 0x0020000
268. 155664.1503cc: *0000000001200000-00000000012b0fff 0x0000/0x0004 0x0020000
269. 155664.1503cc: 00000000012b1000-00000000012b3fff 0x0104/0x0004 0x0020000
270. 155664.1503cc: 00000000012b4000-00000000012fffff 0x0004/0x0004 0x0020000
271. 155664.1503cc: *0000000001300000-000000000134bfff 0x0004/0x0004 0x0020000
272. 155664.1503cc: 000000000134c000-00000000013fffff 0x0000/0x0004 0x0020000
273. 155664.1503cc: *0000000001400000-00000000014c8fff 0x0002/0x0002 0x0040000
274. 155664.1503cc: 00000000014c9000-00000000014cffff 0x0001/0x0000 0x0000000
275. 155664.1503cc: *00000000014d0000-0000000001518fff 0x0002/0x0002 0x0040000
276. 155664.1503cc: 0000000001519000-00000000016cffff 0x0000/0x0002 0x0040000
277. 155664.1503cc: *00000000016d0000-0000000001850fff 0x0002/0x0002 0x0040000
278. 155664.1503cc: 0000000001851000-000000000185ffff 0x0001/0x0000 0x0000000
279. 155664.1503cc: *0000000001860000-0000000001aa2fff 0x0002/0x0002 0x0040000
280. 155664.1503cc: 0000000001aa3000-0000000002c60fff 0x0000/0x0002 0x0040000
281. 155664.1503cc: 0000000002c61000-0000000002c6ffff 0x0001/0x0000 0x0000000
282. 155664.1503cc: *0000000002c70000-0000000002c70fff 0x0004/0x0004 0x0020000
283. 155664.1503cc: 0000000002c71000-0000000002cd1fff 0x0000/0x0004 0x0020000
284. 155664.1503cc: 0000000002cd2000-0000000002cfffff 0x0001/0x0000 0x0000000
285. 155664.1503cc: *0000000002d00000-0000000002d00fff 0x0004/0x0004 0x0020000
286. 155664.1503cc: 0000000002d01000-0000000002d0ffff 0x0001/0x0000 0x0000000
287. 155664.1503cc: *0000000002d10000-0000000002d10fff 0x0002/0x0004 0x0020000
288. 155664.1503cc: 0000000002d11000-0000000002d11fff 0x0020/0x0004 0x0020000 !!
289. 155664.1503cc: 0000000002d12000-0000000002d1ffff 0x0001/0x0000 0x0000000
290. 155664.1503cc: *0000000002d20000-0000000002d20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\umppc14211.dll
291. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000002d20000 LB 0x1000 (base 0000000002d20000) - 'umppc14211.dll'
292. 155664.1503cc: 0000000002d21000-0000000002d29fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\umppc14211.dll
293. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000002d21000 LB 0x9000 (base 0000000002d20000) - 'umppc14211.dll'
294. 155664.1503cc: 0000000002d2a000-0000000002d2dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\umppc14211.dll
295. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000002d2a000 LB 0x4000 (base 0000000002d20000) - 'umppc14211.dll'
296. 155664.1503cc: 0000000002d2e000-0000000002d2ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\umppc14211.dll
297. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000002d2e000 LB 0x2000 (base 0000000002d20000) - 'umppc14211.dll'
298. 155664.1503cc: 0000000002d30000-0000000002d30fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\umppc14211.dll
299. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000002d30000 LB 0x1000 (base 0000000002d20000) - 'umppc14211.dll'
300. 155664.1503cc: 0000000002d31000-0000000002d32fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\umppc14211.dll
301. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000002d31000 LB 0x2000 (base 0000000002d20000) - 'umppc14211.dll'
302. 155664.1503cc: 0000000002d33000-0000000002d3ffff 0x0001/0x0000 0x0000000
303. 155664.1503cc: *0000000002d40000-0000000002d40fff 0x0002/0x0002 0x0040000
304. 155664.1503cc: 0000000002d41000-0000000002d4ffff 0x0001/0x0000 0x0000000
305. 155664.1503cc: *0000000002d50000-0000000002d51fff 0x0004/0x0004 0x0020000
306. 155664.1503cc: 0000000002d52000-0000000002db1fff 0x0000/0x0004 0x0020000
307. 155664.1503cc: 0000000002db2000-0000000002ddffff 0x0001/0x0000 0x0000000
308. 155664.1503cc: *0000000002de0000-0000000002de1fff 0x0004/0x0004 0x0020000
309. 155664.1503cc: 0000000002de2000-0000000002deffff 0x0000/0x0004 0x0020000
310. 155664.1503cc: 0000000002df0000-0000000002e4ffff 0x0001/0x0000 0x0000000
311. 155664.1503cc: *0000000002e50000-0000000002e57fff 0x0004/0x0004 0x0020000
312. 155664.1503cc: 0000000002e58000-0000000002e5ffff 0x0000/0x0004 0x0020000
313. 155664.1503cc: *0000000002e60000-0000000003197fff 0x0002/0x0002 0x0040000
314. 155664.1503cc: 0000000003198000-000000000319ffff 0x0001/0x0000 0x0000000
315. 155664.1503cc: *00000000031a0000-00000000031c4fff 0x0004/0x0004 0x0020000
316. 155664.1503cc: 00000000031c5000-000000000329ffff 0x0000/0x0004 0x0020000
317. 155664.1503cc: 00000000032a0000-00000000032effff 0x0001/0x0000 0x0000000
318. 155664.1503cc: *00000000032f0000-00000000032fefff 0x0004/0x0004 0x0020000
319. 155664.1503cc: 00000000032ff000-00000000032fffff 0x0000/0x0004 0x0020000
320. 155664.1503cc: *0000000003300000-0000000003305fff 0x0000/0x0004 0x0020000
321. 155664.1503cc: 0000000003306000-00000000034fbfff 0x0004/0x0004 0x0020000
322. 155664.1503cc: 00000000034fc000-00000000034fcfff 0x0000/0x0004 0x0020000
323. 155664.1503cc: 00000000034fd000-000000007ffdffff 0x0001/0x0000 0x0000000
324. 155664.1503cc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
325. 155664.1503cc: 000000007ffe1000-000000007ffe7fff 0x0001/0x0000 0x0000000
326. 155664.1503cc: *000000007ffe8000-000000007ffe8fff 0x0002/0x0002 0x0020000
327. 155664.1503cc: 000000007ffe9000-000007fefff0ffff 0x0001/0x0000 0x0000000
328. 155664.1503cc: *000007fefff10000-000007fefff10fff 0x0004/0x0040 0x0020000
329. 155664.1503cc: 000007fefff11000-000007fefff1ffff 0x0001/0x0000 0x0000000
330. 155664.1503cc: *000007fefff20000-000007fefff20fff 0x0004/0x0040 0x0020000
331. 155664.1503cc: 000007fefff21000-000007fefff2ffff 0x0001/0x0000 0x0000000
332. 155664.1503cc: *000007fefff30000-000007fefff30fff 0x0004/0x0040 0x0020000
333. 155664.1503cc: 000007fefff31000-000007fefff3ffff 0x0001/0x0000 0x0000000
334. 155664.1503cc: *000007fefff40000-000007fefff40fff 0x0004/0x0040 0x0020000
335. 155664.1503cc: 000007fefff41000-000007fefff4ffff 0x0001/0x0000 0x0000000
336. 155664.1503cc: *000007fefff50000-000007fefff50fff 0x0004/0x0040 0x0020000
337. 155664.1503cc: 000007fefff51000-000007fefff5ffff 0x0001/0x0000 0x0000000
338. 155664.1503cc: *000007fefff60000-000007fefff60fff 0x0004/0x0040 0x0020000
339. 155664.1503cc: 000007fefff61000-000007fefff6ffff 0x0001/0x0000 0x0000000
340. 155664.1503cc: *000007fefff70000-000007fefff70fff 0x0004/0x0040 0x0020000
341. 155664.1503cc: 000007fefff71000-000007fefff7ffff 0x0001/0x0000 0x0000000
342. 155664.1503cc: *000007fefff80000-000007fefff80fff 0x0004/0x0040 0x0020000
343. 155664.1503cc: 000007fefff81000-000007fefff8ffff 0x0001/0x0000 0x0000000
344. 155664.1503cc: *000007fefff90000-000007fefff90fff 0x0004/0x0040 0x0020000
345. 155664.1503cc: 000007fefff91000-000007fefff9ffff 0x0001/0x0000 0x0000000
346. 155664.1503cc: *000007fefffa0000-000007fefffa0fff 0x0004/0x0040 0x0020000
347. 155664.1503cc: 000007fefffa1000-000007fefffaffff 0x0001/0x0000 0x0000000
348. 155664.1503cc: *000007fefffb0000-000007fefffb0fff 0x0004/0x0040 0x0020000
349. 155664.1503cc: 000007fefffb1000-000007fefffbffff 0x0001/0x0000 0x0000000
350. 155664.1503cc: *000007fefffc0000-000007fefffc0fff 0x0004/0x0040 0x0020000
351. 155664.1503cc: 000007fefffc1000-000007fefffcffff 0x0001/0x0000 0x0000000
352. 155664.1503cc: *000007fefffd0000-000007fefffd0fff 0x0004/0x0040 0x0020000
353. 155664.1503cc: 000007fefffd1000-000007fefffdffff 0x0001/0x0000 0x0000000
354. 155664.1503cc: *000007fefffe0000-000007fefffe0fff 0x0004/0x0040 0x0020000
355. 155664.1503cc: 000007fefffe1000-000007fefffeffff 0x0001/0x0000 0x0000000
356. 155664.1503cc: *000007feffff0000-000007feffff0fff 0x0004/0x0040 0x0020000
357. 155664.1503cc: 000007feffff1000-00007ff41039ffff 0x0001/0x0000 0x0000000
358. 155664.1503cc: *00007ff4103a0000-00007ff4103a4fff 0x0002/0x0002 0x0040000
359. 155664.1503cc: 00007ff4103a5000-00007ff41049ffff 0x0000/0x0002 0x0040000
360. 155664.1503cc: *00007ff4104a0000-00007ff5104bffff 0x0000/0x0004 0x0020000
361. 155664.1503cc: *00007ff5104c0000-00007ff5124bffff 0x0000/0x0004 0x0020000
362. 155664.1503cc: 00007ff5124c0000-00007ff5124c0fff 0x0004/0x0004 0x0020000
363. 155664.1503cc: 00007ff5124c1000-00007ff5124cffff 0x0001/0x0000 0x0000000
364. 155664.1503cc: *00007ff5124d0000-00007ff5124d0fff 0x0002/0x0002 0x0040000
365. 155664.1503cc: 00007ff5124d1000-00007ff5124dffff 0x0001/0x0000 0x0000000
366. 155664.1503cc: *00007ff5124e0000-00007ff512502fff 0x0002/0x0002 0x0040000
367. 155664.1503cc: 00007ff512503000-00007ff7a7adffff 0x0001/0x0000 0x0000000
368. 155664.1503cc: *00007ff7a7ae0000-00007ff7a7ae0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
369. 155664.1503cc: 00007ff7a7ae1000-00007ff7a7b57fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
370. 155664.1503cc: 00007ff7a7b58000-00007ff7a7b58fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
371. 155664.1503cc: 00007ff7a7b59000-00007ff7a7ba1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
372. 155664.1503cc: 00007ff7a7ba2000-00007ff7a7ba4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
373. 155664.1503cc: 00007ff7a7ba5000-00007ff7a7ba7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
374. 155664.1503cc: 00007ff7a7ba8000-00007ff7a7baafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
375. 155664.1503cc: 00007ff7a7bab000-00007ff7a7babfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
376. 155664.1503cc: 00007ff7a7bac000-00007ff7a7badfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
377. 155664.1503cc: 00007ff7a7bae000-00007ff7a7baefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
378. 155664.1503cc: 00007ff7a7baf000-00007ff7a7bf7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
379. 155664.1503cc: 00007ff7a7bf8000-00007ffb3127ffff 0x0001/0x0000 0x0000000
380. 155664.1503cc: *00007ffb31280000-00007ffb31280fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Windows Event Reporting\Core\EventReporting.ApplicationFilter.Monitor.Win64.dll
381. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb31280000 LB 0x1000 (base 00007ffb31280000) - 'EventReporting.ApplicationFilter.Monitor.Win64.dll'
382. 155664.1503cc: 00007ffb31281000-00007ffb3131bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Windows Event Reporting\Core\EventReporting.ApplicationFilter.Monitor.Win64.dll
383. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb31281000 LB 0x9b000 (base 00007ffb31280000) - 'EventReporting.ApplicationFilter.Monitor.Win64.dll'
384. 155664.1503cc: 00007ffb3131c000-00007ffb3133dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Windows Event Reporting\Core\EventReporting.ApplicationFilter.Monitor.Win64.dll
385. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb3131c000 LB 0x22000 (base 00007ffb31280000) - 'EventReporting.ApplicationFilter.Monitor.Win64.dll'
386. 155664.1503cc: 00007ffb3133e000-00007ffb3133efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Windows Event Reporting\Core\EventReporting.ApplicationFilter.Monitor.Win64.dll
387. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb3133e000 LB 0x1000 (base 00007ffb31280000) - 'EventReporting.ApplicationFilter.Monitor.Win64.dll'
388. 155664.1503cc: 00007ffb3133f000-00007ffb31345fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Windows Event Reporting\Core\EventReporting.ApplicationFilter.Monitor.Win64.dll
389. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb3133f000 LB 0x7000 (base 00007ffb31280000) - 'EventReporting.ApplicationFilter.Monitor.Win64.dll'
390. 155664.1503cc: 00007ffb31346000-00007ffb31349fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Windows Event Reporting\Core\EventReporting.ApplicationFilter.Monitor.Win64.dll
391. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb31346000 LB 0x4000 (base 00007ffb31280000) - 'EventReporting.ApplicationFilter.Monitor.Win64.dll'
392. 155664.1503cc: 00007ffb3134a000-00007ffb31351fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Windows Event Reporting\Core\EventReporting.ApplicationFilter.Monitor.Win64.dll
393. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb3134a000 LB 0x8000 (base 00007ffb31280000) - 'EventReporting.ApplicationFilter.Monitor.Win64.dll'
394. 155664.1503cc: 00007ffb31352000-00007ffb31352fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Windows Event Reporting\Core\EventReporting.ApplicationFilter.Monitor.Win64.dll
395. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb31352000 LB 0x1000 (base 00007ffb31280000) - 'EventReporting.ApplicationFilter.Monitor.Win64.dll'
396. 155664.1503cc: 00007ffb31353000-00007ffb31354fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Windows Event Reporting\Core\EventReporting.ApplicationFilter.Monitor.Win64.dll
397. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb31353000 LB 0x2000 (base 00007ffb31280000) - 'EventReporting.ApplicationFilter.Monitor.Win64.dll'
398. 155664.1503cc: 00007ffb31355000-00007ffb4095ffff 0x0001/0x0000 0x0000000
399. 155664.1503cc: *00007ffb40960000-00007ffb4096ffff 0x0020/0x0040 0x0020000 !!
400. 155664.1503cc: 00007ffb40970000-00007ffb650dffff 0x0001/0x0000 0x0000000
401. 155664.1503cc: *00007ffb650e0000-00007ffb650e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\winspool.drv
402. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb650e0000 LB 0x1000 (base 00007ffb650e0000) - 'winspool.drv'
403. 155664.1503cc: 00007ffb650e1000-00007ffb65135fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\winspool.drv
404. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb650e1000 LB 0x55000 (base 00007ffb650e0000) - 'winspool.drv'
405. 155664.1503cc: 00007ffb65136000-00007ffb65155fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\winspool.drv
406. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb65136000 LB 0x20000 (base 00007ffb650e0000) - 'winspool.drv'
407. 155664.1503cc: 00007ffb65156000-00007ffb65157fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\winspool.drv
408. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb65156000 LB 0x2000 (base 00007ffb650e0000) - 'winspool.drv'
409. 155664.1503cc: 00007ffb65158000-00007ffb65174fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\winspool.drv
410. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb65158000 LB 0x1d000 (base 00007ffb650e0000) - 'winspool.drv'
411. 155664.1503cc: 00007ffb65175000-00007ffb6518ffff 0x0001/0x0000 0x0000000
412. 155664.1503cc: *00007ffb65190000-00007ffb65191fff 0x0020/0x0040 0x0020000 !!
413. 155664.1503cc: 00007ffb65192000-00007ffb65193fff 0x0004/0x0040 0x0020000
414. 155664.1503cc: 00007ffb65194000-00007ffb6519ffff 0x0001/0x0000 0x0000000
415. 155664.1503cc: *00007ffb651a0000-00007ffb651a0fff 0x0020/0x0040 0x0020000 !!
416. 155664.1503cc: 00007ffb651a1000-00007ffb651a1fff 0x0004/0x0040 0x0020000
417. 155664.1503cc: 00007ffb651a2000-00007ffb651a6fff 0x0000/0x0040 0x0020000
418. 155664.1503cc: 00007ffb651a7000-00007ffb651affff 0x0001/0x0000 0x0000000
419. 155664.1503cc: *00007ffb651b0000-00007ffb651b1fff 0x0020/0x0040 0x0020000 !!
420. 155664.1503cc: 00007ffb651b2000-00007ffb651b3fff 0x0004/0x0040 0x0020000
421. 155664.1503cc: 00007ffb651b4000-00007ffb651bffff 0x0001/0x0000 0x0000000
422. 155664.1503cc: *00007ffb651c0000-00007ffb651c0fff 0x0020/0x0040 0x0020000 !!
423. 155664.1503cc: 00007ffb651c1000-00007ffb651c1fff 0x0004/0x0040 0x0020000
424. 155664.1503cc: 00007ffb651c2000-00007ffb651c6fff 0x0000/0x0040 0x0020000
425. 155664.1503cc: 00007ffb651c7000-00007ffb651cffff 0x0001/0x0000 0x0000000
426. 155664.1503cc: *00007ffb651d0000-00007ffb651d1fff 0x0020/0x0040 0x0020000 !!
427. 155664.1503cc: 00007ffb651d2000-00007ffb651d3fff 0x0004/0x0040 0x0020000
428. 155664.1503cc: 00007ffb651d4000-00007ffb651dffff 0x0001/0x0000 0x0000000
429. 155664.1503cc: *00007ffb651e0000-00007ffb651e0fff 0x0020/0x0040 0x0020000 !!
430. 155664.1503cc: 00007ffb651e1000-00007ffb651e1fff 0x0004/0x0040 0x0020000
431. 155664.1503cc: 00007ffb651e2000-00007ffb651e6fff 0x0000/0x0040 0x0020000
432. 155664.1503cc: 00007ffb651e7000-00007ffb7252ffff 0x0001/0x0000 0x0000000
433. 155664.1503cc: *00007ffb72530000-00007ffb72530fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\apphelp.dll
434. 155664.1503cc: 00007ffb72531000-00007ffb7257efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\apphelp.dll
435. 155664.1503cc: 00007ffb7257f000-00007ffb725a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\apphelp.dll
436. 155664.1503cc: 00007ffb725a1000-00007ffb725a3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\apphelp.dll
437. 155664.1503cc: 00007ffb725a4000-00007ffb725bffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\apphelp.dll
438. 155664.1503cc: 00007ffb725c0000-00007ffb7f4cffff 0x0001/0x0000 0x0000000
439. 155664.1503cc: *00007ffb7f4d0000-00007ffb7f4d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ntmarta.dll
440. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb7f4d0000 LB 0x1000 (base 00007ffb7f4d0000) - 'ntmarta.dll'
441. 155664.1503cc: 00007ffb7f4d1000-00007ffb7f4f3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ntmarta.dll
442. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb7f4d1000 LB 0x23000 (base 00007ffb7f4d0000) - 'ntmarta.dll'
443. 155664.1503cc: 00007ffb7f4f4000-00007ffb7f4fbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ntmarta.dll
444. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb7f4f4000 LB 0x8000 (base 00007ffb7f4d0000) - 'ntmarta.dll'
445. 155664.1503cc: 00007ffb7f4fc000-00007ffb7f4fdfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ntmarta.dll
446. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb7f4fc000 LB 0x2000 (base 00007ffb7f4d0000) - 'ntmarta.dll'
447. 155664.1503cc: 00007ffb7f4fe000-00007ffb7f502fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ntmarta.dll
448. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb7f4fe000 LB 0x5000 (base 00007ffb7f4d0000) - 'ntmarta.dll'
449. 155664.1503cc: 00007ffb7f503000-00007ffb7f53ffff 0x0001/0x0000 0x0000000
450. 155664.1503cc: *00007ffb7f540000-00007ffb7f540fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Avecto\Privilege Guard Client\PGHook.dll
451. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb7f540000 LB 0x1000 (base 00007ffb7f540000) - 'PGHook.dll'
452. 155664.1503cc: 00007ffb7f541000-00007ffb7f5f9fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Avecto\Privilege Guard Client\PGHook.dll
453. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb7f541000 LB 0xb9000 (base 00007ffb7f540000) - 'PGHook.dll'
454. 155664.1503cc: 00007ffb7f5fa000-00007ffb7f642fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Avecto\Privilege Guard Client\PGHook.dll
455. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb7f5fa000 LB 0x49000 (base 00007ffb7f540000) - 'PGHook.dll'
456. 155664.1503cc: 00007ffb7f643000-00007ffb7f643fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Avecto\Privilege Guard Client\PGHook.dll
457. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb7f643000 LB 0x1000 (base 00007ffb7f540000) - 'PGHook.dll'
458. 155664.1503cc: 00007ffb7f644000-00007ffb7f645fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Avecto\Privilege Guard Client\PGHook.dll
459. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb7f644000 LB 0x2000 (base 00007ffb7f540000) - 'PGHook.dll'
460. 155664.1503cc: 00007ffb7f646000-00007ffb7f648fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Avecto\Privilege Guard Client\PGHook.dll
461. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb7f646000 LB 0x3000 (base 00007ffb7f540000) - 'PGHook.dll'
462. 155664.1503cc: 00007ffb7f649000-00007ffb7f64bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Avecto\Privilege Guard Client\PGHook.dll
463. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb7f649000 LB 0x3000 (base 00007ffb7f540000) - 'PGHook.dll'
464. 155664.1503cc: 00007ffb7f64c000-00007ffb7f64dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Avecto\Privilege Guard Client\PGHook.dll
465. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb7f64c000 LB 0x2000 (base 00007ffb7f540000) - 'PGHook.dll'
466. 155664.1503cc: 00007ffb7f64e000-00007ffb7f660fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Avecto\Privilege Guard Client\PGHook.dll
467. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb7f64e000 LB 0x13000 (base 00007ffb7f540000) - 'PGHook.dll'
468. 155664.1503cc: 00007ffb7f661000-00007ffb7f661fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Avecto\Privilege Guard Client\PGHook.dll
469. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb7f661000 LB 0x1000 (base 00007ffb7f540000) - 'PGHook.dll'
470. 155664.1503cc: 00007ffb7f662000-00007ffb7f666fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Avecto\Privilege Guard Client\PGHook.dll
471. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb7f662000 LB 0x5000 (base 00007ffb7f540000) - 'PGHook.dll'
472. 155664.1503cc: 00007ffb7f667000-00007ffb7f9cffff 0x0001/0x0000 0x0000000
473. 155664.1503cc: *00007ffb7f9d0000-00007ffb7f9d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\rsaenh.dll
474. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb7f9d0000 LB 0x1000 (base 00007ffb7f9d0000) - 'rsaenh.dll'
475. 155664.1503cc: 00007ffb7f9d1000-00007ffb7f9f3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\rsaenh.dll
476. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb7f9d1000 LB 0x23000 (base 00007ffb7f9d0000) - 'rsaenh.dll'
477. 155664.1503cc: 00007ffb7f9f4000-00007ffb7f9fbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\rsaenh.dll
478. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb7f9f4000 LB 0x8000 (base 00007ffb7f9d0000) - 'rsaenh.dll'
479. 155664.1503cc: 00007ffb7f9fc000-00007ffb7f9fcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\rsaenh.dll
480. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb7f9fc000 LB 0x1000 (base 00007ffb7f9d0000) - 'rsaenh.dll'
481. 155664.1503cc: 00007ffb7f9fd000-00007ffb7fa03fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\rsaenh.dll
482. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb7f9fd000 LB 0x7000 (base 00007ffb7f9d0000) - 'rsaenh.dll'
483. 155664.1503cc: 00007ffb7fa04000-00007ffb802affff 0x0001/0x0000 0x0000000
484. 155664.1503cc: *00007ffb802b0000-00007ffb802b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\cryptsp.dll
485. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb802b0000 LB 0x1000 (base 00007ffb802b0000) - 'cryptsp.dll'
486. 155664.1503cc: 00007ffb802b1000-00007ffb802bcfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\cryptsp.dll
487. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb802b1000 LB 0xc000 (base 00007ffb802b0000) - 'cryptsp.dll'
488. 155664.1503cc: 00007ffb802bd000-00007ffb802c2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\cryptsp.dll
489. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb802bd000 LB 0x6000 (base 00007ffb802b0000) - 'cryptsp.dll'
490. 155664.1503cc: 00007ffb802c3000-00007ffb802c3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\cryptsp.dll
491. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb802c3000 LB 0x1000 (base 00007ffb802b0000) - 'cryptsp.dll'
492. 155664.1503cc: 00007ffb802c4000-00007ffb802c7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\cryptsp.dll
493. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb802c4000 LB 0x4000 (base 00007ffb802b0000) - 'cryptsp.dll'
494. 155664.1503cc: 00007ffb802c8000-00007ffb802cffff 0x0001/0x0000 0x0000000
495. 155664.1503cc: *00007ffb802d0000-00007ffb802d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\cryptbase.dll
496. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb802d0000 LB 0x1000 (base 00007ffb802d0000) - 'cryptbase.dll'
497. 155664.1503cc: 00007ffb802d1000-00007ffb802d3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\cryptbase.dll
498. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb802d1000 LB 0x3000 (base 00007ffb802d0000) - 'cryptbase.dll'
499. 155664.1503cc: 00007ffb802d4000-00007ffb802d6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\cryptbase.dll
500. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb802d4000 LB 0x3000 (base 00007ffb802d0000) - 'cryptbase.dll'
501. 155664.1503cc: 00007ffb802d7000-00007ffb802d7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\cryptbase.dll
502. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb802d7000 LB 0x1000 (base 00007ffb802d0000) - 'cryptbase.dll'
503. 155664.1503cc: 00007ffb802d8000-00007ffb802dbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\cryptbase.dll
504. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb802d8000 LB 0x4000 (base 00007ffb802d0000) - 'cryptbase.dll'
505. 155664.1503cc: 00007ffb802dc000-00007ffb8090ffff 0x0001/0x0000 0x0000000
506. 155664.1503cc: *00007ffb80910000-00007ffb80910fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\bcrypt.dll
507. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb80910000 LB 0x1000 (base 00007ffb80910000) - 'bcrypt.dll'
508. 155664.1503cc: 00007ffb80911000-00007ffb8092afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\bcrypt.dll
509. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb80911000 LB 0x1a000 (base 00007ffb80910000) - 'bcrypt.dll'
510. 155664.1503cc: 00007ffb8092b000-00007ffb80930fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\bcrypt.dll
511. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb8092b000 LB 0x6000 (base 00007ffb80910000) - 'bcrypt.dll'
512. 155664.1503cc: 00007ffb80931000-00007ffb80931fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\bcrypt.dll
513. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb80931000 LB 0x1000 (base 00007ffb80910000) - 'bcrypt.dll'
514. 155664.1503cc: 00007ffb80932000-00007ffb80936fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\bcrypt.dll
515. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb80932000 LB 0x5000 (base 00007ffb80910000) - 'bcrypt.dll'
516. 155664.1503cc: 00007ffb80937000-00007ffb8093ffff 0x0001/0x0000 0x0000000
517. 155664.1503cc: *00007ffb80940000-00007ffb80940fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\win32u.dll
518. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb80940000 LB 0x1000 (base 00007ffb80940000) - 'win32u.dll'
519. 155664.1503cc: 00007ffb80941000-00007ffb8094bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\win32u.dll
520. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb80941000 LB 0xb000 (base 00007ffb80940000) - 'win32u.dll'
521. 155664.1503cc: 00007ffb8094c000-00007ffb8095afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\win32u.dll
522. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb8094c000 LB 0xf000 (base 00007ffb80940000) - 'win32u.dll'
523. 155664.1503cc: 00007ffb8095b000-00007ffb8095bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\win32u.dll
524. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb8095b000 LB 0x1000 (base 00007ffb80940000) - 'win32u.dll'
525. 155664.1503cc: 00007ffb8095c000-00007ffb80961fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\win32u.dll
526. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb8095c000 LB 0x6000 (base 00007ffb80940000) - 'win32u.dll'
527. 155664.1503cc: 00007ffb80962000-00007ffb8096ffff 0x0001/0x0000 0x0000000
528. 155664.1503cc: *00007ffb80970000-00007ffb80970fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\KernelBase.dll
529. 155664.1503cc: 00007ffb80971000-00007ffb80a82fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\KernelBase.dll
530. 155664.1503cc: 00007ffb80a83000-00007ffb80bfafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\KernelBase.dll
531. 155664.1503cc: 00007ffb80bfb000-00007ffb80bfefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\KernelBase.dll
532. 155664.1503cc: 00007ffb80bff000-00007ffb80bfffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\KernelBase.dll
533. 155664.1503cc: 00007ffb80c00000-00007ffb80c38fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\KernelBase.dll
534. 155664.1503cc: 00007ffb80c39000-00007ffb80c3ffff 0x0001/0x0000 0x0000000
535. 155664.1503cc: *00007ffb80c40000-00007ffb80c40fff 0x0020/0x0040 0x0020000 !!
536. 155664.1503cc: 00007ffb80c41000-00007ffb80c4afff 0x0000/0x0040 0x0020000
537. 155664.1503cc: 00007ffb80c4b000-00007ffb80c5ffff 0x0001/0x0000 0x0000000
538. 155664.1503cc: *00007ffb80c60000-00007ffb80c61fff 0x0020/0x0040 0x0020000 !!
539. 155664.1503cc: 00007ffb80c62000-00007ffb80c63fff 0x0004/0x0040 0x0020000
540. 155664.1503cc: 00007ffb80c64000-00007ffb80c6ffff 0x0001/0x0000 0x0000000
541. 155664.1503cc: *00007ffb80c70000-00007ffb80c70fff 0x0020/0x0040 0x0020000 !!
542. 155664.1503cc: 00007ffb80c71000-00007ffb80c71fff 0x0004/0x0040 0x0020000
543. 155664.1503cc: 00007ffb80c72000-00007ffb80d9ffff 0x0001/0x0000 0x0000000
544. 155664.1503cc: *00007ffb80da0000-00007ffb80da0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\bcryptprimitives.dll
545. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb80da0000 LB 0x1000 (base 00007ffb80da0000) - 'bcryptprimitives.dll'
546. 155664.1503cc: 00007ffb80da1000-00007ffb80e05fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\bcryptprimitives.dll
547. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb80da1000 LB 0x65000 (base 00007ffb80da0000) - 'bcryptprimitives.dll'
548. 155664.1503cc: 00007ffb80e06000-00007ffb80e1bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\bcryptprimitives.dll
549. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb80e06000 LB 0x16000 (base 00007ffb80da0000) - 'bcryptprimitives.dll'
550. 155664.1503cc: 00007ffb80e1c000-00007ffb80e1cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\bcryptprimitives.dll
551. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb80e1c000 LB 0x1000 (base 00007ffb80da0000) - 'bcryptprimitives.dll'
552. 155664.1503cc: 00007ffb80e1d000-00007ffb80e22fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\bcryptprimitives.dll
553. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb80e1d000 LB 0x6000 (base 00007ffb80da0000) - 'bcryptprimitives.dll'
554. 155664.1503cc: 00007ffb80e23000-00007ffb80e2ffff 0x0001/0x0000 0x0000000
555. 155664.1503cc: *00007ffb80e30000-00007ffb80e30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\msvcp_win.dll
556. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb80e30000 LB 0x1000 (base 00007ffb80e30000) - 'msvcp_win.dll'
557. 155664.1503cc: 00007ffb80e31000-00007ffb80e84fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\msvcp_win.dll
558. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb80e31000 LB 0x54000 (base 00007ffb80e30000) - 'msvcp_win.dll'
559. 155664.1503cc: 00007ffb80e85000-00007ffb80ec0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\msvcp_win.dll
560. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb80e85000 LB 0x3c000 (base 00007ffb80e30000) - 'msvcp_win.dll'
561. 155664.1503cc: 00007ffb80ec1000-00007ffb80ec1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\msvcp_win.dll
562. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb80ec1000 LB 0x1000 (base 00007ffb80e30000) - 'msvcp_win.dll'
563. 155664.1503cc: 00007ffb80ec2000-00007ffb80ec4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\msvcp_win.dll
564. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb80ec2000 LB 0x3000 (base 00007ffb80e30000) - 'msvcp_win.dll'
565. 155664.1503cc: 00007ffb80ec5000-00007ffb80eccfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\msvcp_win.dll
566. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb80ec5000 LB 0x8000 (base 00007ffb80e30000) - 'msvcp_win.dll'
567. 155664.1503cc: 00007ffb80ecd000-00007ffb80ecffff 0x0001/0x0000 0x0000000
568. 155664.1503cc: *00007ffb80ed0000-00007ffb80ed0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\gdi32full.dll
569. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb80ed0000 LB 0x1000 (base 00007ffb80ed0000) - 'gdi32full.dll'
570. 155664.1503cc: 00007ffb80ed1000-00007ffb80f6cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\gdi32full.dll
571. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb80ed1000 LB 0x9c000 (base 00007ffb80ed0000) - 'gdi32full.dll'
572. 155664.1503cc: 00007ffb80f6d000-00007ffb80fb9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\gdi32full.dll
573. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb80f6d000 LB 0x4d000 (base 00007ffb80ed0000) - 'gdi32full.dll'
574. 155664.1503cc: 00007ffb80fba000-00007ffb80fbdfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\gdi32full.dll
575. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb80fba000 LB 0x4000 (base 00007ffb80ed0000) - 'gdi32full.dll'
576. 155664.1503cc: 00007ffb80fbe000-00007ffb80fbefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\gdi32full.dll
577. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb80fbe000 LB 0x1000 (base 00007ffb80ed0000) - 'gdi32full.dll'
578. 155664.1503cc: 00007ffb80fbf000-00007ffb80fdafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\gdi32full.dll
579. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb80fbf000 LB 0x1c000 (base 00007ffb80ed0000) - 'gdi32full.dll'
580. 155664.1503cc: 00007ffb80fdb000-00007ffb8102ffff 0x0001/0x0000 0x0000000
581. 155664.1503cc: *00007ffb81030000-00007ffb81030fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ucrtbase.dll
582. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb81030000 LB 0x1000 (base 00007ffb81030000) - 'ucrtbase.dll'
583. 155664.1503cc: 00007ffb81031000-00007ffb810e4fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ucrtbase.dll
584. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb81031000 LB 0xb4000 (base 00007ffb81030000) - 'ucrtbase.dll'
585. 155664.1503cc: 00007ffb810e5000-00007ffb8111efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ucrtbase.dll
586. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb810e5000 LB 0x3a000 (base 00007ffb81030000) - 'ucrtbase.dll'
587. 155664.1503cc: 00007ffb8111f000-00007ffb81121fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ucrtbase.dll
588. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb8111f000 LB 0x3000 (base 00007ffb81030000) - 'ucrtbase.dll'
589. 155664.1503cc: 00007ffb81122000-00007ffb8112ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ucrtbase.dll
590. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb81122000 LB 0xe000 (base 00007ffb81030000) - 'ucrtbase.dll'
591. 155664.1503cc: 00007ffb81130000-00007ffb8123ffff 0x0001/0x0000 0x0000000
592. 155664.1503cc: *00007ffb81240000-00007ffb81240fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\sechost.dll
593. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb81240000 LB 0x1000 (base 00007ffb81240000) - 'sechost.dll'
594. 155664.1503cc: 00007ffb81241000-00007ffb812a5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\sechost.dll
595. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb81241000 LB 0x65000 (base 00007ffb81240000) - 'sechost.dll'
596. 155664.1503cc: 00007ffb812a6000-00007ffb812ccfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\sechost.dll
597. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb812a6000 LB 0x27000 (base 00007ffb81240000) - 'sechost.dll'
598. 155664.1503cc: 00007ffb812cd000-00007ffb812cdfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\sechost.dll
599. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb812cd000 LB 0x1000 (base 00007ffb81240000) - 'sechost.dll'
600. 155664.1503cc: 00007ffb812ce000-00007ffb812cefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\sechost.dll
601. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb812ce000 LB 0x1000 (base 00007ffb81240000) - 'sechost.dll'
602. 155664.1503cc: 00007ffb812cf000-00007ffb812d0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\sechost.dll
603. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb812cf000 LB 0x2000 (base 00007ffb81240000) - 'sechost.dll'
604. 155664.1503cc: 00007ffb812d1000-00007ffb812dafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\sechost.dll
605. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb812d1000 LB 0xa000 (base 00007ffb81240000) - 'sechost.dll'
606. 155664.1503cc: 00007ffb812db000-00007ffb8141ffff 0x0001/0x0000 0x0000000
607. 155664.1503cc: *00007ffb81420000-00007ffb81420fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\advapi32.dll
608. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb81420000 LB 0x1000 (base 00007ffb81420000) - 'advapi32.dll'
609. 155664.1503cc: 00007ffb81421000-00007ffb81487fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\advapi32.dll
610. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb81421000 LB 0x67000 (base 00007ffb81420000) - 'advapi32.dll'
611. 155664.1503cc: 00007ffb81488000-00007ffb814bdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\advapi32.dll
612. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb81488000 LB 0x36000 (base 00007ffb81420000) - 'advapi32.dll'
613. 155664.1503cc: 00007ffb814be000-00007ffb814befff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\advapi32.dll
614. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb814be000 LB 0x1000 (base 00007ffb81420000) - 'advapi32.dll'
615. 155664.1503cc: 00007ffb814bf000-00007ffb814bffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\advapi32.dll
616. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb814bf000 LB 0x1000 (base 00007ffb81420000) - 'advapi32.dll'
617. 155664.1503cc: 00007ffb814c0000-00007ffb814c1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\advapi32.dll
618. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb814c0000 LB 0x2000 (base 00007ffb81420000) - 'advapi32.dll'
619. 155664.1503cc: 00007ffb814c2000-00007ffb814c2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\advapi32.dll
620. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb814c2000 LB 0x1000 (base 00007ffb81420000) - 'advapi32.dll'
621. 155664.1503cc: 00007ffb814c3000-00007ffb814cbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\advapi32.dll
622. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb814c3000 LB 0x9000 (base 00007ffb81420000) - 'advapi32.dll'
623. 155664.1503cc: 00007ffb814cc000-00007ffb814dffff 0x0001/0x0000 0x0000000
624. 155664.1503cc: *00007ffb814e0000-00007ffb814e1fff 0x0020/0x0040 0x0020000 !!
625. 155664.1503cc: 00007ffb814e2000-00007ffb814e3fff 0x0004/0x0040 0x0020000
626. 155664.1503cc: 00007ffb814e4000-00007ffb814effff 0x0001/0x0000 0x0000000
627. 155664.1503cc: *00007ffb814f0000-00007ffb814f0fff 0x0020/0x0040 0x0020000 !!
628. 155664.1503cc: 00007ffb814f1000-00007ffb814f1fff 0x0004/0x0040 0x0020000
629. 155664.1503cc: 00007ffb814f2000-00007ffb814f8fff 0x0000/0x0040 0x0020000
630. 155664.1503cc: 00007ffb814f9000-00007ffb814fffff 0x0001/0x0000 0x0000000
631. 155664.1503cc: *00007ffb81500000-00007ffb81501fff 0x0020/0x0040 0x0020000 !!
632. 155664.1503cc: 00007ffb81502000-00007ffb81503fff 0x0004/0x0040 0x0020000
633. 155664.1503cc: 00007ffb81504000-00007ffb8150ffff 0x0001/0x0000 0x0000000
634. 155664.1503cc: *00007ffb81510000-00007ffb81510fff 0x0020/0x0040 0x0020000 !!
635. 155664.1503cc: 00007ffb81511000-00007ffb81511fff 0x0004/0x0040 0x0020000
636. 155664.1503cc: 00007ffb81512000-00007ffb81515fff 0x0000/0x0040 0x0020000
637. 155664.1503cc: 00007ffb81516000-00007ffb8161ffff 0x0001/0x0000 0x0000000
638. 155664.1503cc: *00007ffb81620000-00007ffb81620fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\imm32.dll
639. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb81620000 LB 0x1000 (base 00007ffb81620000) - 'imm32.dll'
640. 155664.1503cc: 00007ffb81621000-00007ffb8163efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\imm32.dll
641. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb81621000 LB 0x1e000 (base 00007ffb81620000) - 'imm32.dll'
642. 155664.1503cc: 00007ffb8163f000-00007ffb81645fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\imm32.dll
643. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb8163f000 LB 0x7000 (base 00007ffb81620000) - 'imm32.dll'
644. 155664.1503cc: 00007ffb81646000-00007ffb81646fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\imm32.dll
645. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb81646000 LB 0x1000 (base 00007ffb81620000) - 'imm32.dll'
646. 155664.1503cc: 00007ffb81647000-00007ffb8164ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\imm32.dll
647. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb81647000 LB 0x9000 (base 00007ffb81620000) - 'imm32.dll'
648. 155664.1503cc: 00007ffb81650000-00007ffb816fffff 0x0001/0x0000 0x0000000
649. 155664.1503cc: *00007ffb81700000-00007ffb81700fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\combase.dll
650. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb81700000 LB 0x1000 (base 00007ffb81700000) - 'combase.dll'
651. 155664.1503cc: 00007ffb81701000-00007ffb8193afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\combase.dll
652. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb81701000 LB 0x23a000 (base 00007ffb81700000) - 'combase.dll'
653. 155664.1503cc: 00007ffb8193b000-00007ffb81a00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\combase.dll
654. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb8193b000 LB 0xc6000 (base 00007ffb81700000) - 'combase.dll'
655. 155664.1503cc: 00007ffb81a01000-00007ffb81a06fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\combase.dll
656. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb81a01000 LB 0x6000 (base 00007ffb81700000) - 'combase.dll'
657. 155664.1503cc: 00007ffb81a07000-00007ffb81a54fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\combase.dll
658. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb81a07000 LB 0x4e000 (base 00007ffb81700000) - 'combase.dll'
659. 155664.1503cc: 00007ffb81a55000-00007ffb81c0ffff 0x0001/0x0000 0x0000000
660. 155664.1503cc: *00007ffb81c10000-00007ffb81c10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ole32.dll
661. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb81c10000 LB 0x1000 (base 00007ffb81c10000) - 'ole32.dll'
662. 155664.1503cc: 00007ffb81c11000-00007ffb81cdcfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ole32.dll
663. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb81c11000 LB 0xcc000 (base 00007ffb81c10000) - 'ole32.dll'
664. 155664.1503cc: 00007ffb81cdd000-00007ffb81d0efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ole32.dll
665. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb81cdd000 LB 0x32000 (base 00007ffb81c10000) - 'ole32.dll'
666. 155664.1503cc: 00007ffb81d0f000-00007ffb81d10fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ole32.dll
667. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb81d0f000 LB 0x2000 (base 00007ffb81c10000) - 'ole32.dll'
668. 155664.1503cc: 00007ffb81d11000-00007ffb81d11fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ole32.dll
669. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb81d11000 LB 0x1000 (base 00007ffb81c10000) - 'ole32.dll'
670. 155664.1503cc: 00007ffb81d12000-00007ffb81d39fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ole32.dll
671. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb81d12000 LB 0x28000 (base 00007ffb81c10000) - 'ole32.dll'
672. 155664.1503cc: 00007ffb81d3a000-00007ffb81d4ffff 0x0001/0x0000 0x0000000
673. 155664.1503cc: *00007ffb81d50000-00007ffb81d51fff 0x0020/0x0040 0x0020000 !!
674. 155664.1503cc: 00007ffb81d52000-00007ffb81d53fff 0x0004/0x0040 0x0020000
675. 155664.1503cc: 00007ffb81d54000-00007ffb81d5ffff 0x0001/0x0000 0x0000000
676. 155664.1503cc: *00007ffb81d60000-00007ffb81d60fff 0x0020/0x0040 0x0020000 !!
677. 155664.1503cc: 00007ffb81d61000-00007ffb81d61fff 0x0004/0x0040 0x0020000
678. 155664.1503cc: 00007ffb81d62000-00007ffb81d66fff 0x0000/0x0040 0x0020000
679. 155664.1503cc: 00007ffb81d67000-00007ffb81d6ffff 0x0001/0x0000 0x0000000
680. 155664.1503cc: *00007ffb81d70000-00007ffb81d71fff 0x0020/0x0040 0x0020000 !!
681. 155664.1503cc: 00007ffb81d72000-00007ffb81d73fff 0x0004/0x0040 0x0020000
682. 155664.1503cc: 00007ffb81d74000-00007ffb81d7ffff 0x0001/0x0000 0x0000000
683. 155664.1503cc: *00007ffb81d80000-00007ffb81d80fff 0x0020/0x0040 0x0020000 !!
684. 155664.1503cc: 00007ffb81d81000-00007ffb81d81fff 0x0004/0x0040 0x0020000
685. 155664.1503cc: 00007ffb81d82000-00007ffb81ebffff 0x0001/0x0000 0x0000000
686. 155664.1503cc: *00007ffb81ec0000-00007ffb81ec0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\user32.dll
687. 155664.1503cc: 00007ffb81ec1000-00007ffb81f51fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\user32.dll
688. 155664.1503cc: 00007ffb81f52000-00007ffb81f72fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\user32.dll
689. 155664.1503cc: 00007ffb81f73000-00007ffb81f74fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\user32.dll
690. 155664.1503cc: 00007ffb81f75000-00007ffb82060fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\user32.dll
691. 155664.1503cc: 00007ffb82061000-00007ffb8206ffff 0x0001/0x0000 0x0000000
692. 155664.1503cc: *00007ffb82070000-00007ffb82070fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\gdi32.dll
693. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb82070000 LB 0x1000 (base 00007ffb82070000) - 'gdi32.dll'
694. 155664.1503cc: 00007ffb82071000-00007ffb8207ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\gdi32.dll
695. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb82071000 LB 0xf000 (base 00007ffb82070000) - 'gdi32.dll'
696. 155664.1503cc: 00007ffb82080000-00007ffb82093fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\gdi32.dll
697. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb82080000 LB 0x14000 (base 00007ffb82070000) - 'gdi32.dll'
698. 155664.1503cc: 00007ffb82094000-00007ffb82094fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\gdi32.dll
699. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb82094000 LB 0x1000 (base 00007ffb82070000) - 'gdi32.dll'
700. 155664.1503cc: 00007ffb82095000-00007ffb8209afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\gdi32.dll
701. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb82095000 LB 0x6000 (base 00007ffb82070000) - 'gdi32.dll'
702. 155664.1503cc: 00007ffb8209b000-00007ffb820affff 0x0001/0x0000 0x0000000
703. 155664.1503cc: *00007ffb820b0000-00007ffb820b1fff 0x0020/0x0040 0x0020000 !!
704. 155664.1503cc: 00007ffb820b2000-00007ffb820b3fff 0x0004/0x0040 0x0020000
705. 155664.1503cc: 00007ffb820b4000-00007ffb820bffff 0x0001/0x0000 0x0000000
706. 155664.1503cc: *00007ffb820c0000-00007ffb820c0fff 0x0020/0x0040 0x0020000 !!
707. 155664.1503cc: 00007ffb820c1000-00007ffb820c1fff 0x0004/0x0040 0x0020000
708. 155664.1503cc: 00007ffb820c2000-00007ffb820cffff 0x0001/0x0000 0x0000000
709. 155664.1503cc: *00007ffb820d0000-00007ffb820d1fff 0x0020/0x0040 0x0020000 !!
710. 155664.1503cc: 00007ffb820d2000-00007ffb820d3fff 0x0004/0x0040 0x0020000
711. 155664.1503cc: 00007ffb820d4000-00007ffb820dffff 0x0001/0x0000 0x0000000
712. 155664.1503cc: *00007ffb820e0000-00007ffb820e0fff 0x0020/0x0040 0x0020000 !!
713. 155664.1503cc: 00007ffb820e1000-00007ffb820e1fff 0x0004/0x0040 0x0020000
714. 155664.1503cc: 00007ffb820e2000-00007ffb820ecfff 0x0000/0x0040 0x0020000
715. 155664.1503cc: 00007ffb820ed000-00007ffb8261ffff 0x0001/0x0000 0x0000000
716. 155664.1503cc: *00007ffb82620000-00007ffb82620fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\msvcrt.dll
717. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb82620000 LB 0x1000 (base 00007ffb82620000) - 'msvcrt.dll'
718. 155664.1503cc: 00007ffb82621000-00007ffb82695fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\msvcrt.dll
719. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb82621000 LB 0x75000 (base 00007ffb82620000) - 'msvcrt.dll'
720. 155664.1503cc: 00007ffb82696000-00007ffb826aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\msvcrt.dll
721. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb82696000 LB 0x19000 (base 00007ffb82620000) - 'msvcrt.dll'
722. 155664.1503cc: 00007ffb826af000-00007ffb826b0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\msvcrt.dll
723. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb826af000 LB 0x2000 (base 00007ffb82620000) - 'msvcrt.dll'
724. 155664.1503cc: 00007ffb826b1000-00007ffb826b3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\msvcrt.dll
725. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb826b1000 LB 0x3000 (base 00007ffb82620000) - 'msvcrt.dll'
726. 155664.1503cc: 00007ffb826b4000-00007ffb826b5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\msvcrt.dll
727. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb826b4000 LB 0x2000 (base 00007ffb82620000) - 'msvcrt.dll'
728. 155664.1503cc: 00007ffb826b6000-00007ffb826b6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\msvcrt.dll
729. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb826b6000 LB 0x1000 (base 00007ffb82620000) - 'msvcrt.dll'
730. 155664.1503cc: 00007ffb826b7000-00007ffb826bdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\msvcrt.dll
731. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb826b7000 LB 0x7000 (base 00007ffb82620000) - 'msvcrt.dll'
732. 155664.1503cc: 00007ffb826be000-00007ffb8271ffff 0x0001/0x0000 0x0000000
733. 155664.1503cc: *00007ffb82720000-00007ffb82720fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\kernel32.dll
734. 155664.1503cc: 00007ffb82721000-00007ffb8279ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\kernel32.dll
735. 155664.1503cc: 00007ffb827a0000-00007ffb827d2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\kernel32.dll
736. 155664.1503cc: 00007ffb827d3000-00007ffb827d3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\kernel32.dll
737. 155664.1503cc: 00007ffb827d4000-00007ffb827d4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\kernel32.dll
738. 155664.1503cc: 00007ffb827d5000-00007ffb827ddfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\kernel32.dll
739. 155664.1503cc: 00007ffb827de000-00007ffb827dffff 0x0001/0x0000 0x0000000
740. 155664.1503cc: *00007ffb827e0000-00007ffb827e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\rpcrt4.dll
741. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb827e0000 LB 0x1000 (base 00007ffb827e0000) - 'rpcrt4.dll'
742. 155664.1503cc: 00007ffb827e1000-00007ffb828c6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\rpcrt4.dll
743. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb827e1000 LB 0xe6000 (base 00007ffb827e0000) - 'rpcrt4.dll'
744. 155664.1503cc: 00007ffb828c7000-00007ffb828f2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\rpcrt4.dll
745. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb828c7000 LB 0x2c000 (base 00007ffb827e0000) - 'rpcrt4.dll'
746. 155664.1503cc: 00007ffb828f3000-00007ffb828f4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\rpcrt4.dll
747. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb828f3000 LB 0x2000 (base 00007ffb827e0000) - 'rpcrt4.dll'
748. 155664.1503cc: 00007ffb828f5000-00007ffb82909fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\rpcrt4.dll
749. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb828f5000 LB 0x15000 (base 00007ffb827e0000) - 'rpcrt4.dll'
750. 155664.1503cc: 00007ffb8290a000-00007ffb8291ffff 0x0001/0x0000 0x0000000
751. 155664.1503cc: *00007ffb82920000-00007ffb82921fff 0x0020/0x0040 0x0020000 !!
752. 155664.1503cc: 00007ffb82922000-00007ffb82923fff 0x0004/0x0040 0x0020000
753. 155664.1503cc: 00007ffb82924000-00007ffb8292ffff 0x0001/0x0000 0x0000000
754. 155664.1503cc: *00007ffb82930000-00007ffb82930fff 0x0020/0x0040 0x0020000 !!
755. 155664.1503cc: 00007ffb82931000-00007ffb82931fff 0x0004/0x0040 0x0020000
756. 155664.1503cc: 00007ffb82932000-00007ffb8293dfff 0x0000/0x0040 0x0020000
757. 155664.1503cc: 00007ffb8293e000-00007ffb8293ffff 0x0001/0x0000 0x0000000
758. 155664.1503cc: *00007ffb82940000-00007ffb82941fff 0x0020/0x0040 0x0020000 !!
759. 155664.1503cc: 00007ffb82942000-00007ffb82943fff 0x0004/0x0040 0x0020000
760. 155664.1503cc: 00007ffb82944000-00007ffb8294ffff 0x0001/0x0000 0x0000000
761. 155664.1503cc: *00007ffb82950000-00007ffb82950fff 0x0020/0x0040 0x0020000 !!
762. 155664.1503cc: 00007ffb82951000-00007ffb82951fff 0x0004/0x0040 0x0020000
763. 155664.1503cc: 00007ffb82952000-00007ffb8295dfff 0x0000/0x0040 0x0020000
764. 155664.1503cc: 00007ffb8295e000-00007ffb8295ffff 0x0001/0x0000 0x0000000
765. 155664.1503cc: *00007ffb82960000-00007ffb82961fff 0x0020/0x0040 0x0020000 !!
766. 155664.1503cc: 00007ffb82962000-00007ffb82963fff 0x0004/0x0040 0x0020000
767. 155664.1503cc: 00007ffb82964000-00007ffb8296ffff 0x0001/0x0000 0x0000000
768. 155664.1503cc: *00007ffb82970000-00007ffb82970fff 0x0020/0x0040 0x0020000 !!
769. 155664.1503cc: 00007ffb82971000-00007ffb82971fff 0x0004/0x0040 0x0020000
770. 155664.1503cc: 00007ffb82972000-00007ffb8297bfff 0x0000/0x0040 0x0020000
771. 155664.1503cc: 00007ffb8297c000-00007ffb8297ffff 0x0001/0x0000 0x0000000
772. 155664.1503cc: *00007ffb82980000-00007ffb82981fff 0x0020/0x0040 0x0020000 !!
773. 155664.1503cc: 00007ffb82982000-00007ffb82983fff 0x0004/0x0040 0x0020000
774. 155664.1503cc: 00007ffb82984000-00007ffb8298ffff 0x0001/0x0000 0x0000000
775. 155664.1503cc: *00007ffb82990000-00007ffb82990fff 0x0020/0x0040 0x0020000 !!
776. 155664.1503cc: 00007ffb82991000-00007ffb82991fff 0x0004/0x0040 0x0020000
777. 155664.1503cc: 00007ffb82992000-00007ffb8299efff 0x0000/0x0040 0x0020000
778. 155664.1503cc: 00007ffb8299f000-00007ffb829effff 0x0001/0x0000 0x0000000
779. 155664.1503cc: *00007ffb829f0000-00007ffb829f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\shell32.dll
780. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb829f0000 LB 0x1000 (base 00007ffb829f0000) - 'shell32.dll'
781. 155664.1503cc: 00007ffb829f1000-00007ffb82f76fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\shell32.dll
782. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb829f1000 LB 0x586000 (base 00007ffb829f0000) - 'shell32.dll'
783. 155664.1503cc: 00007ffb82f77000-00007ffb830befff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\shell32.dll
784. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb82f77000 LB 0x148000 (base 00007ffb829f0000) - 'shell32.dll'
785. 155664.1503cc: 00007ffb830bf000-00007ffb830c6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\shell32.dll
786. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb830bf000 LB 0x8000 (base 00007ffb829f0000) - 'shell32.dll'
787. 155664.1503cc: 00007ffb830c7000-00007ffb830c8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\shell32.dll
788. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb830c7000 LB 0x2000 (base 00007ffb829f0000) - 'shell32.dll'
789. 155664.1503cc: 00007ffb830c9000-00007ffb8312efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\shell32.dll
790. 155664.1503cc: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 00007ffb830c9000 LB 0x66000 (base 00007ffb829f0000) - 'shell32.dll'
791. 155664.1503cc: 00007ffb8312f000-00007ffb831effff 0x0001/0x0000 0x0000000
792. 155664.1503cc: *00007ffb831f0000-00007ffb831f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ntdll.dll
793. 155664.1503cc: 00007ffb831f1000-00007ffb8330bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ntdll.dll
794. 155664.1503cc: 00007ffb8330c000-00007ffb83353fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ntdll.dll
795. 155664.1503cc: 00007ffb83354000-00007ffb83354fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ntdll.dll
796. 155664.1503cc: 00007ffb83355000-00007ffb83356fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ntdll.dll
797. 155664.1503cc: 00007ffb83357000-00007ffb8335ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ntdll.dll
798. 155664.1503cc: 00007ffb83360000-00007ffb833e4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ntdll.dll
799. 155664.1503cc: 00007ffb833e5000-00007ffb833effff 0x0001/0x0000 0x0000000
800. 155664.1503cc: *00007ffb833f0000-00007ffb833f0fff 0x0020/0x0004 0x0020000 !!
801. 155664.1503cc: 00007ffb833f1000-00007ffb833f1fff 0x0004/0x0004 0x0020000
802. 155664.1503cc: 00007ffb833f2000-00007ffb8340ffff 0x0001/0x0000 0x0000000
803. 155664.1503cc: *00007ffb83410000-00007ffb83411fff 0x0020/0x0040 0x0020000 !!
804. 155664.1503cc: 00007ffb83412000-00007ffb83413fff 0x0004/0x0040 0x0020000
805. 155664.1503cc: 00007ffb83414000-00007ffb8341ffff 0x0001/0x0000 0x0000000
806. 155664.1503cc: *00007ffb83420000-00007ffb83420fff 0x0020/0x0040 0x0020000 !!
807. 155664.1503cc: 00007ffb83421000-00007ffb83421fff 0x0004/0x0040 0x0020000
808. 155664.1503cc: 00007ffb83422000-00007ffffffeffff 0x0001/0x0000 0x0000000
809. 155664.1503cc: kernel32.dll: timestamp 0x871fae9 (rc=VINF_SUCCESS)
810. 155664.1503cc: user32.dll: timestamp 0x32ff40c (rc=VINF_SUCCESS)
811. 155664.1503cc: kernelbase.dll: timestamp 0xc9db1934 (rc=VINF_SUCCESS)
812. 155664.1503cc: apphelp.dll: timestamp 0xdc01baa3 (rc=VINF_SUCCESS)
813. 155664.1503cc: VirtualBoxVM.exe: timestamp 0x61018314 (rc=VINF_SUCCESS)
814. 155664.1503cc: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
815. 155664.1503cc: '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
816. 155664.1503cc: '\Device\HarddiskVolume12\Windows\System32\ntdll.dll' has no imports
817. 155664.1503cc: ntdll.dll: Differences in section #1 (.text) between file and memory:
818. 155664.1503cc: 00007ffb83200380 / 0x0010380: 48 != e9
819. 155664.1503cc: 00007ffb83200381 / 0x0010381: 89 != 33
820. 155664.1503cc: 00007ffb83200382 / 0x0010382: 5c != 00
821. 155664.1503cc: 00007ffb83200383 / 0x0010383: 24 != 76
822. 155664.1503cc: 00007ffb83200384 / 0x0010384: 08 != bd
823. 155664.1503cc: Restored 0x2000 bytes of original file content at 00007ffb831ff000
824. 155664.1503cc: ntdll.dll: Differences in section #1 (.text) between file and memory:
825. 155664.1503cc: 00007ffb8328ce43 / 0x009ce43: b8 != e9
826. 155664.1503cc: 00007ffb8328ce44 / 0x009ce44: 07 != 7a
827. 155664.1503cc: 00007ffb8328ce45 / 0x009ce45: 00 != d1
828. 155664.1503cc: 00007ffb8328ce46 / 0x009ce46: 00 != 07
829. 155664.1503cc: 00007ffb8328cf03 / 0x009cf03: b8 != e9
830. 155664.1503cc: 00007ffb8328cf04 / 0x009cf04: 0d != be
831. 155664.1503cc: 00007ffb8328cf05 / 0x009cf05: 00 != d0
832. 155664.1503cc: 00007ffb8328cf06 / 0x009cf06: 00 != 07
833. 155664.1503cc: 00007ffb8328d063 / 0x009d063: b8 != e9
834. 155664.1503cc: 00007ffb8328d064 / 0x009d064: 18 != 64
835. 155664.1503cc: 00007ffb8328d065 / 0x009d065: 00 != cf
836. 155664.1503cc: 00007ffb8328d066 / 0x009d066: 00 != 07
837. 155664.1503cc: 00007ffb8328d0e3 / 0x009d0e3: b8 != e9
838. 155664.1503cc: 00007ffb8328d0e4 / 0x009d0e4: 1c != dd
839. 155664.1503cc: 00007ffb8328d0e5 / 0x009d0e5: 00 != ce
840. 155664.1503cc: 00007ffb8328d0e6 / 0x009d0e6: 00 != 07
841. 155664.1503cc: 00007ffb8328d203 / 0x009d203: b8 != e9
842. 155664.1503cc: 00007ffb8328d204 / 0x009d204: 25 != bf
843. 155664.1503cc: 00007ffb8328d205 / 0x009d205: 00 != cd
844. 155664.1503cc: 00007ffb8328d206 / 0x009d206: 00 != 07
845. 155664.1503cc: 00007ffb8328d240 / 0x009d240: 4c != e9
846. 155664.1503cc: 00007ffb8328d241 / 0x009d241: 8b != d3
847. 155664.1503cc: 00007ffb8328d242 / 0x009d242: d1 != 3a
848. 155664.1503cc: 00007ffb8328d243 / 0x009d243: b8 != 6d
849. 155664.1503cc: 00007ffb8328d244 / 0x009d244: 27 != bd
850. 155664.1503cc: 00007ffb8328d245 / 0x009d245: 00 != cc
851. 155664.1503cc: 00007ffb8328d246 / 0x009d246: 00 != cc
852. 155664.1503cc: 00007ffb8328d247 / 0x009d247: 00 != cc
853. 155664.1503cc: 00007ffb8328d263 / 0x009d263: b8 != e9
854. 155664.1503cc: 00007ffb8328d264 / 0x009d264: 28 != 6a
855. 155664.1503cc: 00007ffb8328d265 / 0x009d265: 00 != cd
856. 155664.1503cc: 00007ffb8328d266 / 0x009d266: 00 != 07
857. 155664.1503cc: 00007ffb8328d2a3 / 0x009d2a3: b8 != e9
858. 155664.1503cc: 00007ffb8328d2a4 / 0x009d2a4: 2a != 29
859. 155664.1503cc: 00007ffb8328d2a5 / 0x009d2a5: 00 != cd
860. 155664.1503cc: 00007ffb8328d2a6 / 0x009d2a6: 00 != 07
861. 155664.1503cc: 00007ffb8328d3c0 / 0x009d3c0: 4c != e9
862. 155664.1503cc: 00007ffb8328d3c1 / 0x009d3c1: 8b != 93
863. 155664.1503cc: 00007ffb8328d3c2 / 0x009d3c2: d1 != 38
864. 155664.1503cc: 00007ffb8328d3c3 / 0x009d3c3: b8 != 6d
865. 155664.1503cc: 00007ffb8328d3c4 / 0x009d3c4: 33 != bd
866. 155664.1503cc: 00007ffb8328d3c5 / 0x009d3c5: 00 != cc
867. 155664.1503cc: 00007ffb8328d3c6 / 0x009d3c6: 00 != cc
868. 155664.1503cc: 00007ffb8328d3c7 / 0x009d3c7: 00 != cc
869. 155664.1503cc: 00007ffb8328d4a3 / 0x009d4a3: b8 != e9
870. 155664.1503cc: 00007ffb8328d4a4 / 0x009d4a4: 3a != 21
871. 155664.1503cc: 00007ffb8328d4a5 / 0x009d4a5: 00 != cb
872. 155664.1503cc: 00007ffb8328d4a6 / 0x009d4a6: 00 != 07
873. 155664.1503cc: 00007ffb8328d543 / 0x009d543: b8 != e9
874. 155664.1503cc: 00007ffb8328d544 / 0x009d544: 3f != 82
875. 155664.1503cc: 00007ffb8328d545 / 0x009d545: 00 != ca
876. 155664.1503cc: 00007ffb8328d546 / 0x009d546: 00 != 07
877. 155664.1503cc: 00007ffb8328d603 / 0x009d603: b8 != e9
878. 155664.1503cc: 00007ffb8328d604 / 0x009d604: 45 != bc
879. 155664.1503cc: 00007ffb8328d605 / 0x009d605: 00 != c9
880. 155664.1503cc: 00007ffb8328d606 / 0x009d606: 00 != 07
881. 155664.1503cc: 00007ffb8328d763 / 0x009d763: b8 != e9
882. 155664.1503cc: 00007ffb8328d764 / 0x009d764: 50 != 63
883. 155664.1503cc: 00007ffb8328d765 / 0x009d765: 00 != c8
884. 155664.1503cc: 00007ffb8328d766 / 0x009d766: 00 != 07
885. 155664.1503cc: 00007ffb8328d7a3 / 0x009d7a3: b8 != e9
886. 155664.1503cc: 00007ffb8328d7a4 / 0x009d7a4: 52 != 25
887. 155664.1503cc: 00007ffb8328d7a5 / 0x009d7a5: 00 != c8
888. 155664.1503cc: 00007ffb8328d7a6 / 0x009d7a6: 00 != 07
889. 155664.1503cc: 00007ffb8328d800 / 0x009d800: 4c != e9
890. 155664.1503cc: 00007ffb8328d801 / 0x009d801: 8b != f3
891. 155664.1503cc: 00007ffb8328d802 / 0x009d802: d1 != 33
892. 155664.1503cc: 00007ffb8328d803 / 0x009d803: b8 != 6d
893. 155664.1503cc: 00007ffb8328d804 / 0x009d804: 55 != bd
894. 155664.1503cc: 00007ffb8328d805 / 0x009d805: 00 != cc
895. 155664.1503cc: 00007ffb8328d806 / 0x009d806: 00 != cc
896. 155664.1503cc: 00007ffb8328d807 / 0x009d807: 00 != cc
897. 155664.1503cc: 00007ffb8328dc13 / 0x009dc13: b8 != e9
898. 155664.1503cc: 00007ffb8328dc14 / 0x009dc14: 76 != a8
899. 155664.1503cc: 00007ffb8328dc15 / 0x009dc15: 00 != c3
900. 155664.1503cc: 00007ffb8328dc16 / 0x009dc16: 00 != 07
901. 155664.1503cc: 00007ffb8328e3b3 / 0x009e3b3: b8 != e9
902. 155664.1503cc: 00007ffb8328e3b4 / 0x009e3b4: b3 != 06
903. 155664.1503cc: 00007ffb8328e3b5 / 0x009e3b5: 00 != bc
904. 155664.1503cc: 00007ffb8328e3b6 / 0x009e3b6: 00 != 07
905. 155664.1503cc: 00007ffb8328e570 / 0x009e570: 4c != e9
906. 155664.1503cc: 00007ffb8328e571 / 0x009e571: 8b != c3
907. 155664.1503cc: 00007ffb8328e572 / 0x009e572: d1 != 1c
908. 155664.1503cc: 00007ffb8328e573 / 0x009e573: b8 != 6d
909. 155664.1503cc: 00007ffb8328e574 / 0x009e574: c1 != bd
910. 155664.1503cc: 00007ffb8328e575 / 0x009e575: 00 != cc
911. 155664.1503cc: 00007ffb8328e576 / 0x009e576: 00 != cc
912. 155664.1503cc: 00007ffb8328e577 / 0x009e577: 00 != cc
913. 155664.1503cc: 00007ffb8328e790 / 0x009e790: 4c != e9
914. 155664.1503cc: 00007ffb8328e791 / 0x009e791: 8b != 23
915. 155664.1503cc: 00007ffb8328e792 / 0x009e792: d1 != 25
916. 155664.1503cc: 00007ffb8328e793 / 0x009e793: b8 != 6d
917. 155664.1503cc: 00007ffb8328e794 / 0x009e794: d2 != bd
918. 155664.1503cc: 00007ffb8328e795 / 0x009e795: 00 != cc
919. 155664.1503cc: 00007ffb8328e796 / 0x009e796: 00 != cc
920. 155664.1503cc: 00007ffb8328e797 / 0x009e797: 00 != cc
921. 155664.1503cc: Restored 0x2000 bytes of original file content at 00007ffb8328cb0e
922. 155664.1503cc: ntdll.dll: Differences in section #1 (.text) between file and memory:
923. 155664.1503cc: 00007ffb8328eb93 / 0x009eb93: b8 != e9
924. 155664.1503cc: 00007ffb8328eb94 / 0x009eb94: f2 != 38
925. 155664.1503cc: 00007ffb8328eb95 / 0x009eb95: 00 != b4
926. 155664.1503cc: 00007ffb8328eb96 / 0x009eb96: 00 != 07
927. 155664.1503cc: 00007ffb8328efd3 / 0x009efd3: b8 != e9
928. 155664.1503cc: 00007ffb8328efd4 / 0x009efd4: 14 != e7
929. 155664.1503cc: 00007ffb8328efd5 / 0x009efd5: 01 != af
930. 155664.1503cc: 00007ffb8328efd6 / 0x009efd6: 00 != 07
931. 155664.1503cc: 00007ffb8328f9f3 / 0x009f9f3: b8 != e9
932. 155664.1503cc: 00007ffb8328f9f4 / 0x009f9f4: 65 != cb
933. 155664.1503cc: 00007ffb8328f9f5 / 0x009f9f5: 01 != a5
934. 155664.1503cc: 00007ffb8328f9f6 / 0x009f9f6: 00 != 07
935. 155664.1503cc: 00007ffb8328feb3 / 0x009feb3: b8 != e9
936. 155664.1503cc: 00007ffb8328feb4 / 0x009feb4: 8b != 17
937. 155664.1503cc: 00007ffb8328feb5 / 0x009feb5: 01 != a1
938. 155664.1503cc: 00007ffb8328feb6 / 0x009feb6: 00 != 07
939. 155664.1503cc: 00007ffb83290230 / 0x00a0230: 4c != e9
940. 155664.1503cc: 00007ffb83290231 / 0x00a0231: 8b != 43
941. 155664.1503cc: 00007ffb83290232 / 0x00a0232: d1 != 0b
942. 155664.1503cc: 00007ffb83290233 / 0x00a0233: b8 != 6d
943. 155664.1503cc: 00007ffb83290234 / 0x00a0234: a7 != bd
944. 155664.1503cc: 00007ffb83290235 / 0x00a0235: 01 != cc
945. 155664.1503cc: 00007ffb83290236 / 0x00a0236: 00 != cc
946. 155664.1503cc: 00007ffb83290237 / 0x00a0237: 00 != cc
947. 155664.1503cc: 00007ffb832904d3 / 0x00a04d3: b8 != e9
948. 155664.1503cc: 00007ffb832904d4 / 0x00a04d4: bc != f6
949. 155664.1503cc: 00007ffb832904d5 / 0x00a04d5: 01 != 9a
950. 155664.1503cc: 00007ffb832904d6 / 0x00a04d6: 00 != 07
951. 155664.1503cc: 00007ffb832906d3 / 0x00a06d3: b8 != e9
952. 155664.1503cc: 00007ffb832906d4 / 0x00a06d4: cc != f0
953. 155664.1503cc: 00007ffb832906d5 / 0x00a06d5: 01 != 98
954. 155664.1503cc: 00007ffb832906d6 / 0x00a06d6: 00 != 07
955. 155664.1503cc: Restored 0x1f62 bytes of original file content at 00007ffb8328eb0e
956. 155664.1503cc: ntdll.dll: Differences in section #1 (.text) between file and memory:
957. 155664.1503cc: 00007ffb83309fbe / 0x0119fbe: 00 != 51
958. 155664.1503cc: 00007ffb83309fbf / 0x0119fbf: 00 != 51
959. 155664.1503cc: 00007ffb83309fc0 / 0x0119fc0: 00 != 51
960. 155664.1503cc: 00007ffb83309fc1 / 0x0119fc1: 00 != 51
961. 155664.1503cc: 00007ffb83309fc2 / 0x0119fc2: 00 != 51
962. 155664.1503cc: 00007ffb83309fc3 / 0x0119fc3: 00 != 51
963. 155664.1503cc: 00007ffb83309fc4 / 0x0119fc4: 00 != 51
964. 155664.1503cc: 00007ffb83309fc5 / 0x0119fc5: 00 != 51
965. 155664.1503cc: 00007ffb83309fc6 / 0x0119fc6: 00 != 51
966. 155664.1503cc: 00007ffb83309fc7 / 0x0119fc7: 00 != 51
967. 155664.1503cc: 00007ffb83309fc8 / 0x0119fc8: 00 != 51
968. 155664.1503cc: 00007ffb83309fc9 / 0x0119fc9: 00 != 51
969. 155664.1503cc: 00007ffb83309fca / 0x0119fca: 00 != 51
970. 155664.1503cc: 00007ffb83309fcb / 0x0119fcb: 00 != 51
971. 155664.1503cc: 00007ffb83309fcc / 0x0119fcc: 00 != 51
972. 155664.1503cc: 00007ffb83309fcd / 0x0119fcd: 00 != 51
973. 155664.1503cc: 00007ffb83309fce / 0x0119fce: 00 != 51
974. 155664.1503cc: 00007ffb83309fcf / 0x0119fcf: 00 != 51
975. 155664.1503cc: 00007ffb83309fd0 / 0x0119fd0: 00 != 51
976. 155664.1503cc: 00007ffb83309fd1 / 0x0119fd1: 00 != 51
977. 155664.1503cc: 00007ffb83309fd2 / 0x0119fd2: 00 != ff
978. 155664.1503cc: 00007ffb83309fd3 / 0x0119fd3: 00 != 25
979. 155664.1503cc: 00007ffb83309fd9 / 0x0119fd9: 00 != 89
980. 155664.1503cc: 00007ffb83309fda / 0x0119fda: 00 != d2
981. 155664.1503cc: 00007ffb83309fdb / 0x0119fdb: 00 != 02
982. 155664.1503cc: Restored 0xe2 bytes of original file content at 00007ffb83309f1e
983. 155664.1503cc: kernel32.dll: Differences in section #1 (.text) between file and memory:
984. 155664.1503cc: 00007ffb8273c760 / 0x001c760: 4c != e9
985. 155664.1503cc: 00007ffb8273c761 / 0x001c761: 8b != 95
986. 155664.1503cc: 00007ffb8273c762 / 0x001c762: dc != 48
987. 155664.1503cc: 00007ffb8273c763 / 0x001c763: 48 != 1f
988. 155664.1503cc: 00007ffb8273c764 / 0x001c764: 83 != 00
989. 155664.1503cc: 00007ffb8273cb60 / 0x001cb60: 4c != e9
990. 155664.1503cc: 00007ffb8273cb61 / 0x001cb61: 8b != 95
991. 155664.1503cc: 00007ffb8273cb62 / 0x001cb62: dc != 44
992. 155664.1503cc: 00007ffb8273cb63 / 0x001cb63: 48 != 21
993. 155664.1503cc: 00007ffb8273cb64 / 0x001cb64: 83 != 00
994. 155664.1503cc: Restored 0x2000 bytes of original file content at 00007ffb8273b000
995. 155664.1503cc: kernel32.dll: Differences in section #1 (.text) between file and memory:
996. 155664.1503cc: 00007ffb8273dac0 / 0x001dac0: 4c != e9
997. 155664.1503cc: 00007ffb8273dac1 / 0x001dac1: 8b != 35
998. 155664.1503cc: 00007ffb8273dac2 / 0x001dac2: dc != 35
999. 155664.1503cc: 00007ffb8273dac3 / 0x001dac3: 48 != 25
1000. 155664.1503cc: 00007ffb8273dac4 / 0x001dac4: 83 != 00
1001. 155664.1503cc: Restored 0x2000 bytes of original file content at 00007ffb8273d000
1002. 155664.1503cc: kernel32.dll: Differences in section #1 (.text) between file and memory:
1003. 155664.1503cc: 00007ffb8275a9a0 / 0x003a9a0: 4c != e9
1004. 155664.1503cc: 00007ffb8275a9a1 / 0x003a9a1: 8b != 55
1005. 155664.1503cc: 00007ffb8275a9a2 / 0x003a9a2: dc != 66
1006. 155664.1503cc: 00007ffb8275a9a3 / 0x003a9a3: 48 != 21
1007. 155664.1503cc: 00007ffb8275a9a4 / 0x003a9a4: 83 != 00
1008. 155664.1503cc: Restored 0x2000 bytes of original file content at 00007ffb82759000
1009. 155664.1503cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
1010. 155664.1503cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'gdi32.dll'.
1011. 155664.1503cc: supHardNtVpGetImport: Failed to find symbol 0xffffffff / 'NtUserTestForInteractiveUser' in 'win32u.dll': Unknown Status -610 (0xfffffd9e)
1012. 155664.1503cc: Error (rc=-5629):
1013. 155664.1503cc: RTLdrGetBits failed on image user32.dll: Unknown Status -610 (0xfffffd9e)
1014. 155664.1503cc: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> Unknown Status -5629 (0xffffea03), cFixes=7
1015. 155664.1503cc: \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
1016. 155664.1503cc: '\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1017. 155664.1503cc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
1018. 155664.1503cc: supR3HardNtEnableThreadCreationEx:
1019. 155664.1503cc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb83264b00 pvNtTerminateThread=00007ffb8328d7c0
1020. 155664.1503cc: supR3HardenedWinDoReSpawn(1): New child 4884.6e1a0 [kernel32].
1021. 155664.1503cc: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
1022. 155664.1503cc: supR3HardNtChildGatherData: PebBaseAddress=00000000005c8000 cbPeb=0x388
1023. 155664.1503cc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb831f0000 uNtDllChildAddr=00007ffb831f0000
1024. 155664.1503cc: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb83264b00
1025. 155664.1503cc: supR3HardenedWinSetupChildInit: Initial context:
1026. rax=0000000000000000 rbx=0000000000000000 rcx=00007ff7a7ae7900 rdx=00000000005c8000
1027. rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
1028. r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
1029. r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
1030. rip=00007ffb83242630 rsp=00000000003df7f8 rbp=0000000000000000 ctxflags=0010001b
1031. cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
1032. P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
1033. dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
1034. dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
1035. lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
1036. 155664.1503cc: supR3HardenedWinSetupChildInit: Start child.
1037. 155664.1503cc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
1038. 155664.1503cc: supR3HardNtChildPurify: Startup delay kludge #1/0: 521 ms, 60 sleeps
1039. 155664.1503cc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1040. 155664.1503cc: *0000000000000000-000000000029ffff 0x0001/0x0000 0x0000000
1041. 155664.1503cc: *00000000002a0000-00000000002bffff 0x0004/0x0004 0x0020000
1042. 155664.1503cc: *00000000002c0000-00000000002dcfff 0x0002/0x0002 0x0040000
1043. 155664.1503cc: 00000000002dd000-00000000002dffff 0x0001/0x0000 0x0000000
1044. 155664.1503cc: *00000000002e0000-00000000003dafff 0x0000/0x0004 0x0020000
1045. 155664.1503cc: 00000000003db000-00000000003ddfff 0x0104/0x0004 0x0020000
1046. 155664.1503cc: 00000000003de000-00000000003dffff 0x0004/0x0004 0x0020000
1047. 155664.1503cc: *00000000003e0000-00000000003e3fff 0x0002/0x0002 0x0040000
1048. 155664.1503cc: 00000000003e4000-00000000003effff 0x0001/0x0000 0x0000000
1049. 155664.1503cc: *00000000003f0000-00000000003f1fff 0x0004/0x0004 0x0020000
1050. 155664.1503cc: 00000000003f2000-00000000003fffff 0x0001/0x0000 0x0000000
1051. 155664.1503cc: *0000000000400000-00000000005c7fff 0x0000/0x0004 0x0020000
1052. 155664.1503cc: 00000000005c8000-00000000005cafff 0x0004/0x0004 0x0020000
1053. 155664.1503cc: 00000000005cb000-00000000005fffff 0x0000/0x0004 0x0020000
1054. 155664.1503cc: *0000000000600000-0000000000600fff 0x0004/0x0004 0x0020000
1055. 155664.1503cc: 0000000000601000-000000007ffdffff 0x0001/0x0000 0x0000000
1056. 155664.1503cc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1057. 155664.1503cc: 000000007ffe1000-000000007ffe7fff 0x0001/0x0000 0x0000000
1058. 155664.1503cc: *000000007ffe8000-000000007ffe8fff 0x0002/0x0002 0x0020000
1059. 155664.1503cc: 000000007ffe9000-00007ff569abffff 0x0001/0x0000 0x0000000
1060. 155664.1503cc: *00007ff569ac0000-00007ff569ac0fff 0x0002/0x0002 0x0040000
1061. 155664.1503cc: 00007ff569ac1000-00007ff569acffff 0x0001/0x0000 0x0000000
1062. 155664.1503cc: *00007ff569ad0000-00007ff569af2fff 0x0002/0x0002 0x0040000
1063. 155664.1503cc: 00007ff569af3000-00007ff7a7adffff 0x0001/0x0000 0x0000000
1064. 155664.1503cc: *00007ff7a7ae0000-00007ff7a7ae0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1065. 155664.1503cc: 00007ff7a7ae1000-00007ff7a7b57fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1066. 155664.1503cc: 00007ff7a7b58000-00007ff7a7b58fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1067. 155664.1503cc: 00007ff7a7b59000-00007ff7a7ba1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1068. 155664.1503cc: 00007ff7a7ba2000-00007ff7a7ba2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1069. 155664.1503cc: 00007ff7a7ba3000-00007ff7a7ba3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1070. 155664.1503cc: 00007ff7a7ba4000-00007ff7a7ba8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1071. 155664.1503cc: 00007ff7a7ba9000-00007ff7a7ba9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1072. 155664.1503cc: 00007ff7a7baa000-00007ff7a7baafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1073. 155664.1503cc: 00007ff7a7bab000-00007ff7a7baefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1074. 155664.1503cc: 00007ff7a7baf000-00007ff7a7bf7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1075. 155664.1503cc: 00007ff7a7bf8000-00007ffb831effff 0x0001/0x0000 0x0000000
1076. 155664.1503cc: *00007ffb831f0000-00007ffb831f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ntdll.dll
1077. 155664.1503cc: 00007ffb831f1000-00007ffb8330bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ntdll.dll
1078. 155664.1503cc: 00007ffb8330c000-00007ffb83353fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ntdll.dll
1079. 155664.1503cc: 00007ffb83354000-00007ffb8335ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ntdll.dll
1080. 155664.1503cc: 00007ffb83360000-00007ffb8336efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ntdll.dll
1081. 155664.1503cc: 00007ffb8336f000-00007ffb8336ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ntdll.dll
1082. 155664.1503cc: 00007ffb83370000-00007ffb83372fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ntdll.dll
1083. 155664.1503cc: 00007ffb83373000-00007ffb833e4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume12\Windows\System32\ntdll.dll
1084. 155664.1503cc: 00007ffb833e5000-00007ffb833effff 0x0001/0x0000 0x0000000
1085. 155664.1503cc: *00007ffb833f0000-00007ffb833f0fff 0x0020/0x0004 0x0020000 !!
1086. 155664.1503cc: supHardNtVpFreeOrReplacePrivateExecMemory: Replacing exec mem at 00007ffb833f0000 (LB 0x2000, 00007ffb833f0000 LB 0x1000)
1087. 155664.1503cc: 00000000031f1550/0000: 48 b8 50 05 29 83 fb 7f-00 00 50 51 52 41 50 41 H.P.).....PQRAPA
1088. 00000000031f1560/0010: 51 48 83 ec 28 48 b9 00-00 3f 83 fb 7f 00 00 48 QH..(H...?.....H
1089. 00000000031f1570/0020: ba 8c 02 3f 83 fb 7f 00-00 ff e2 6d 63 49 4c 00 ...?.......mcIL.
1090. 00000000031f1580/0030: 00 00 00 00 00 00 00 50-05 29 83 fb 7f 00 00 4c .......P.).....L
1091. 00000000031f1590/0040: 8b d1 b8 c0 c0 00 c2 00-00 00 00 00 54 00 3f 83 ............T.?.
1092. 00000000031f15a0/0050: fb 7f 00 00 43 00 3a 00-5c 00 50 00 72 00 6f 00 ....C.:.\.P.r.o.
1093. 00000000031f15b0/0060: 67 00 72 00 61 00 6d 00-20 00 46 00 69 00 6c 00 g.r.a.m. .F.i.l.
1094. 00000000031f15c0/0070: 65 00 73 00 5c 00 57 00-69 00 6e 00 64 00 6f 00 e.s.\.W.i.n.d.o.
1095. 00000000031f15d0/0080: 77 00 73 00 20 00 45 00-76 00 65 00 6e 00 74 00 w.s. .E.v.e.n.t.
1096. 00000000031f15e0/0090: 20 00 52 00 65 00 70 00-6f 00 72 00 74 00 69 00 .R.e.p.o.r.t.i.
1097. 00000000031f15f0/00a0: 6e 00 67 00 5c 00 43 00-6f 00 72 00 65 00 5c 00 n.g.\.C.o.r.e.\.
1098. 00000000031f1600/00b0: 45 00 76 00 65 00 6e 00-74 00 52 00 65 00 70 00 E.v.e.n.t.R.e.p.
1099. 00000000031f1610/00c0: 6f 00 72 00 74 00 69 00-6e 00 67 00 2e 00 41 00 o.r.t.i.n.g...A.
1100. 00000000031f1620/00d0: 70 00 70 00 6c 00 69 00-63 00 61 00 74 00 69 00 p.p.l.i.c.a.t.i.
1101. 00000000031f1630/00e0: 6f 00 6e 00 46 00 69 00-6c 00 74 00 65 00 72 00 o.n.F.i.l.t.e.r.
1102. 00000000031f1640/00f0: 2e 00 4d 00 6f 00 6e 00-69 00 74 00 6f 00 72 00 ..M.o.n.i.t.o.r.
1103. 155664.1503cc: 00000000031f1650/0000: 2e 00 57 00 69 00 6e 00-36 00 34 00 2e 00 64 00 ..W.i.n.6.4...d.
1104. 00000000031f1660/0010: 6c 00 6c 00 00 00 00 00-00 00 00 00 00 00 00 00 l.l.............
1105. 00000000031f1670/0020: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
1106. **************** **** <ditto x 12>
1107. 00000000031f1740/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
1108. 155664.1503cc: 00000000031f1750/0000: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
1109. **************** **** <ditto x 4>
1110. 00000000031f17a0/0050: 00 00 00 00 00 00 00 00-00 00 00 00 60 d7 28 83 ............`.(.
1111. 00000000031f17b0/0060: fb 7f 00 00 10 6a 20 83-fb 7f 00 00 60 d0 28 83 .....j .....`.(.
1112. 00000000031f17c0/0070: fb 7f 00 00 20 d1 28 83-fb 7f 00 00 20 d4 28 83 .... .(..... .(.
1113. 00000000031f17d0/0080: fb 7f 00 00 e0 d3 28 83-fb 7f 00 00 83 b9 00 10 ......(.........
1114. 00000000031f17e0/0090: 00 00 00 74 2b 48 83 c4-28 41 59 41 58 5a 59 58 ...t+H..(AYAXZYX
1115. 00000000031f17f0/00a0: 4c 8b d1 b8 c0 01 00 00-f6 04 25 08 03 fe 7f 01 L.........%.....
1116. 00000000031f1800/00b0: 75 03 0f 05 c3 cd 2e c3-0f 1f 84 00 00 00 00 00 u...............
1117. 00000000031f1810/00c0: 4c 8b dc 53 55 56 57 41-56 41 57 48 83 ec 58 65 L..SUVWAVAWH..Xe
1118. 00000000031f1820/00d0: 48 8b 04 25 30 00 00 00-33 ff 49 83 ce ff 8b 70 H..%0...3.I....p
1119. 00000000031f1830/00e0: 40 8b 68 48 48 8b 81 7c-02 00 00 48 85 c0 48 8b @.hHH..|...H..H.
1120. 00000000031f1840/00f0: d9 44 8d 7f 05 0f 84 0d-01 00 00 41 21 7b 08 4d .D.........A!{.M
1121. 155664.1503cc: 00000000031f1850/0000: 8d 4b 08 45 33 c0 33 d2-41 8b cf ff d0 8b 84 24 .K.E3.3.A......$
1122. 00000000031f1860/0010: 90 00 00 00 85 c0 0f 84-ec 00 00 00 48 21 bc 24 ............H!.$
1123. 00000000031f1870/0020: a8 00 00 00 8d 0c 00 4c-8d 8c 24 a0 00 00 00 48 .......L..$....H
1124. 00000000031f1880/0030: 89 8c 24 a0 00 00 00 48-8d 94 24 a8 00 00 00 45 ..$....H..$....E
1125. 00000000031f1890/0040: 33 c0 49 8b ce c7 44 24-28 04 00 00 00 c7 44 24 3.I...D$(.....D$
1126. 00000000031f18a0/0050: 20 00 10 00 00 ff 93 6c-02 00 00 85 c0 0f 85 a5 ......l........
1127. 00000000031f18b0/0060: 00 00 00 44 8b 84 24 a0-00 00 00 48 8b 94 24 a8 ...D..$....H..$.
1128. 00000000031f18c0/0070: 00 00 00 45 33 c9 41 8b-cf ff 93 7c 02 00 00 85 ...E3.A....|....
1129. 00000000031f18d0/0080: c0 75 1f 48 8b 8c 24 a8-00 00 00 eb 09 39 39 74 .u.H..$......99t
1130. 00000000031f18e0/0090: 11 8b 01 48 03 c8 48 39-71 50 75 f1 8b b9 30 01 ...H..H9qPu...0.
1131. 00000000031f18f0/00a0: 00 00 48 83 a4 24 a0 00-00 00 00 4c 8d 84 24 a0 ..H..$.....L..$.
1132. 00000000031f1900/00b0: 00 00 00 48 8d 94 24 a8-00 00 00 41 b9 00 80 00 ...H..$....A....
1133. 00000000031f1910/00c0: 00 49 8b ce ff 93 74 02-00 00 85 ff 74 3a 3b fd .I....t.....t:;.
1134. 00000000031f1920/00d0: 74 36 be 01 00 00 00 48-8b 4b 37 8a 43 3f 38 01 t6.....H.K7.C?8.
1135. 00000000031f1930/00e0: 75 08 8b 43 40 39 41 01-74 1e 48 8d 54 24 40 33 u..C@9A.t.H.T$@3
1136. 00000000031f1940/00f0: c9 48 c7 44 24 40 60 79-fe ff ff 93 84 02 00 00 .H.D$@`y........
1137. 155664.1503cc: 00000000031f1950/0000: 83 c6 01 83 fe 64 7c cf-48 8b 4b 37 8a 43 3f 38 .....d|.H.K7.C?8
1138. 00000000031f1960/0010: 01 75 0c 8b 43 40 39 41-01 0f 84 a0 00 00 00 48 .u..C@9A.......H
1139. 00000000031f1970/0020: 8d 84 24 98 00 00 00 48-89 4c 24 38 4c 8d 44 24 ..$....H.L$8L.D$
1140. 00000000031f1980/0030: 30 48 8d 54 24 38 41 b9-40 00 00 00 49 8b ce 48 0H.T$8A.@...I..H
1141. 00000000031f1990/0040: 89 44 24 20 4c 89 7c 24-30 ff 93 5c 02 00 00 85 .D$ L.|$0..\....
1142. 00000000031f19a0/0050: c0 75 3e 8b 43 3f 48 8b-53 37 4c 8d 44 24 30 89 .u>.C?H.S7L.D$0.
1143. 00000000031f19b0/0060: 02 8a 43 43 49 8b ce 88-42 04 44 8b 8c 24 98 00 ..CCI...B.D..$..
1144. 00000000031f19c0/0070: 00 00 48 8d 84 24 98 00-00 00 48 8d 54 24 38 48 ..H..$....H.T$8H
1145. 00000000031f19d0/0080: 89 44 24 20 4c 89 7c 24-30 ff 93 5c 02 00 00 eb .D$ L.|$0..\....
1146. 00000000031f19e0/0090: 0a c7 83 00 10 00 00 01-00 00 00 85 ff 74 04 3b .............t.;
1147. 00000000031f19f0/00a0: fd 75 1c 4c 8d 43 44 4c-8d 4c 24 30 33 d2 33 c9 .u.L.CDL.L$03.3.
1148. 00000000031f1a00/00b0: ff 93 64 02 00 00 48 8b-5b 2f 48 85 db 75 e4 48 ..d...H.[/H..u.H
1149. 00000000031f1a10/00c0: 83 c4 58 41 5f 41 5e 5f-5e 5d 5b 48 83 c4 28 41 ..XA_A^_^][H..(A
1150. 00000000031f1a20/00d0: 59 41 58 5a 59 c3 00 00-00 00 00 00 00 00 00 00 YAXZY...........
1151. 00000000031f1a30/00e0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
1152. 00000000031f1a40/00f0: 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
1153. 155664.1503cc: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ffb833f0000/00007ffb833f0000 LB 0/0x2000]
1154. 155664.1503cc: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ffb833f0000 LB 0x47cc00000 s=0x10000 ap=0x0 rp=0x00000000000001
1155. 155664.1503cc: Error (rc=-5673):
1156. 155664.1503cc: NtAllocateVirtualMemory (00007ffb833f0000 LB 0x2000) failed with rcNt=0xc0000018 allocating replacement memory for working around buggy protection software. See VBoxStartup.log for more details
1157. 155664.1503cc: Error (rc=-5645):
1158. 155664.1503cc: Too many virtual memory regions.
1159.  
1160. 155664.1503cc: Error (rc=-5673):
1161. 155664.1503cc: supHardenedWinVerifyProcess failed with Unknown Status -5673 (0xffffe9d7): NtAllocateVirtualMemory (00007ffb833f0000 LB 0x2000) failed with rcNt=0xc0000018 allocating replacement memory for working around buggy protection software. See VBoxStartup.log for more details
1162. [rc=-5645] Too many virtual memory regions.
1163. 155664.1503cc: Error -5673 in supR3HardNtChildPurify! (enmWhat=5)
1164. 155664.1503cc: supHardenedWinVerifyProcess failed with Unknown Status -5673 (0xffffe9d7): NtAllocateVirtualMemory (00007ffb833f0000 LB 0x2000) failed with rcNt=0xc0000018 allocating replacement memory for working around buggy protection software. See VBoxStartup.log for more details
1165. [rc=-5645] Too many virtual memory regions.
1166. 155664.1503cc: supR3HardNtEnableThreadCreationEx:
1167.