From 2eb04827becae82b449c9576876521ec777f88d7 Mon Sep 17 00:00:00 2001 From: nganhkhoa Date: Sun, 23 Feb 2020 03:33:45 +0700 Subject: [PATCH] add simple valid pool chunk check --- KMDF Driver2/Driver.cpp | 87 ++++-- KMDF Driver2/Driver.h | 7 +- sample_scan.txt | 662 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 735 insertions(+), 21 deletions(-) create mode 100644 sample_scan.txt diff --git a/KMDF Driver2/Driver.cpp b/KMDF Driver2/Driver.cpp index a086836..16f75cb 100644 --- a/KMDF Driver2/Driver.cpp +++ b/KMDF Driver2/Driver.cpp @@ -1,6 +1,7 @@ #include #include #include +#include #include "sioctl.h" #include "Driver.h" @@ -21,6 +22,19 @@ extern "C" DRIVER_UNLOAD UnloadRoutine; #define CHUNK_SIZE 16 // 64 bit // #define PAGE_SIZE 4096 // 4KB +// offset to get from PDB file +ULONG64 eprocessNameOffset = 0; +ULONG64 eprocessLinkOffset = 0; +ULONG64 listBLinkOffset = 0; +ULONG64 processHeadOffset = 0; +ULONG64 miStateOffset = 0; +ULONG64 hardwareOffset = 0; +ULONG64 systemNodeOffset = 0; +ULONG64 firstVaOffset = 0; +ULONG64 lastVaOffset = 0; +ULONG64 largePageTableOffset = 0; +ULONG64 largePageSizeOffset = 0; + NTSTATUS DriverEntry( _In_ PDRIVER_OBJECT DriverObject, @@ -69,18 +83,9 @@ DriverEntry( // https://en.wikipedia.org/wiki/Windows_10_version_history VERSION_BY_POOL windowsVersionByPool = WINDOWS_NOT_SUPPORTED; - // TODO: automatically get from parsed PDB file - ULONG64 eprocessNameOffset = 0; - ULONG64 eprocessLinkOffset = 0; - ULONG64 listBLinkOffset = 0; - ULONG64 processHeadOffset = 0; - ULONG64 miStateOffset = 0; - ULONG64 hardwareOffset = 0; - ULONG64 systemNodeOffset = 0; - ULONG64 firstVaOffset = 0; - ULONG64 lastVaOffset = 0; - // setup offset + // TODO: Move this to front-end for portable update + // TODO: automatically get from parsed PDB file if (windowsVersionInfo.dwBuildNumber == 17134 || windowsVersionInfo.dwBuildNumber == 17763) { DbgPrint("[NAK] :: [ ] Detected windows : 2018\n"); windowsVersionByPool = WINDOWS_2018; @@ -105,6 +110,8 @@ DriverEntry( systemNodeOffset = 0x20; firstVaOffset = 0x60; lastVaOffset = 0x68; + largePageTableOffset = 0xc17ed8; + largePageSizeOffset = 0xc17ed0; } if (windowsVersionByPool == WINDOWS_NOT_SUPPORTED) { @@ -138,12 +145,18 @@ DriverEntry( // TODO: Exception????? PVOID eprocess = (PVOID)IoGetCurrentProcess(); - DbgPrint("[NAK] :: [ ] eprocess : 0x%p, [%15s]\n", eprocess, (char*)((ULONG64)eprocess + eprocessNameOffset)); + DbgPrint("[NAK] :: [ ] System eprocess : 0x%p, [%15s]\n", eprocess, (char*)((ULONG64)eprocess + eprocessNameOffset)); PVOID processHead = (PVOID)(*(ULONG64*)((ULONG64)eprocess + eprocessLinkOffset + listBLinkOffset)); DbgPrint("[NAK] :: [ ] PsActiveProcessHead : 0x%p\n", processHead); PVOID ntosbase = (PVOID)((ULONG64)processHead - processHeadOffset); DbgPrint("[NAK] :: [ ] ntoskrnl.exe : 0x%p\n", ntosbase); + DbgPrint("[NAK] :: [ ] Scan the PsActiveProcessHead linked-list\n"); + while (*(ULONG64*)((ULONG64)eprocess + eprocessLinkOffset) != (ULONG64)processHead) { + eprocess = (PVOID)(*(ULONG64*)((ULONG64)eprocess + eprocessLinkOffset) - eprocessLinkOffset); + DbgPrint("[NAK] :: [ ] eprocess : 0x%p, [%15s]\n", eprocess, (char*)((ULONG64)eprocess + eprocessNameOffset)); + } + // TODO: Check if ntosbase is a PE, and the name is ntoskrnl.exe // https://stackoverflow.com/a/4316804 // https://stackoverflow.com/a/47898643 @@ -174,6 +187,15 @@ DriverEntry( * +0x068 NonPagedPoolLastVa : 0xfffff580`00000000 Void * +0x070 SystemNodeInformation : 0xffffe58f`9283b050 _MI_SYSTEM_NODE_INFORMATION * + * The big page pool is denoted by two variables `PoolBigPageTable.Va` and `PoolBigPageTableSize` + * It seems that this big page is inside NonPagedPool range + * + * PoolBigPageTable is an array with PoolBigPageTableSize elements, where + * each elements has: + * Va -> Address of the allocation + * Key -> Pool tag + * NumberOfBytes -> Size + * **/ PVOID miState = (PVOID)((ULONG64)ntosbase + miStateOffset); @@ -182,7 +204,14 @@ DriverEntry( ULONG64 nonPagedPoolStart = 0; ULONG64 nonPagedPoolEnd = 0; + PVOID largePageTableArray = 0; + ULONG64 largePageTableSize = 0; + largePageTableArray = (PVOID)((ULONG64)ntosbase + largePageTableOffset); + largePageTableSize = *(ULONG64*)((ULONG64)ntosbase + largePageSizeOffset); + + + // TODO: Move this to front-end for portable update // use defined formula by windows build number to get those two values switch (windowsVersionByPool) { case WINDOWS_2020_FASTRING: @@ -199,8 +228,11 @@ DriverEntry( DbgPrint("[NAK] :: [+] nonPagedPoolStart : 0x%llx\n", nonPagedPoolStart); DbgPrint("[NAK] :: [+] nonPagedPoolEnd : 0x%llx\n", nonPagedPoolEnd); + DbgPrint("[NAK] :: [+] large page address : 0x%p\n", largePageTableArray); + DbgPrint("[NAK] :: [+] large page size : 0x%llx\n", largePageTableSize); - scan(nonPagedPoolStart, nonPagedPoolEnd); + scanNormalPool(nonPagedPoolStart, nonPagedPoolEnd); + scanLargePool(largePageTableArray, largePageTableSize); return returnStatus; } @@ -254,13 +286,18 @@ validTag(PPOOL_HEADER p) { } bool -checkValidPool(PPOOL_HEADER /* p */) { +validPool(PPOOL_HEADER p) { // https://subs.emis.de/LNI/Proceedings/Proceedings97/GI-Proceedings-97-9.pdf // long long int offsetInPage = (long long int)p->addr % PAGE_SIZE; // OffsetInPage = addr % pagesize // (offsetInPage % CHUNK_SIZE == 0) && // rule 1 // (p->blockSize > 0) && // rule 2 // (p->blockSize * CHUNK_SIZE + offsetInPage == PAGE_SIZE) && // rule 3 // (p->prevBlockSize * CHUNK_SIZE <= offsetInPage) // rule 5 + if ((p->blockSize * CHUNK_SIZE)< 0xb00 + 0x10 || // eprocess size + pool_header size + // p->poolType % 2 != 0 || // pool tag must be even number aka nonpaged + p->poolType != 2 // force to search for nonpaged pool only aka poolType == 2 + ) + return false; return true; } @@ -271,12 +308,12 @@ printChunkInfo(PPOOL_HEADER p) { DbgPrint("[NAK] :: [|] \tPoolIndex : 0x%x\n", p->poolIndex); DbgPrint("[NAK] :: [|] \tBlockSize : 0x%x\n", p->blockSize * CHUNK_SIZE); DbgPrint("[NAK] :: [|] \tPoolType : 0x%x\n", p->poolType); - DbgPrint("[NAK] :: [|] \tPoolTag : 0x%lx [%c%c%c%c]\n", p->tag, p->tag, p->tag >> 8, p->tag >> 16, p->tag >> 24); + DbgPrint("[NAK] :: [|] \tPoolTag : 0x%lx [%4s]\n", p->tag, p->tag); DbgPrint("[NAK] :: [+] ==== PoolEnd 0x%p ====\n", p->addr); } VOID -scan(ULONG64 nonPagedPoolStart, ULONG64 nonPagedPoolEnd) { +scanNormalPool(ULONG64 nonPagedPoolStart, ULONG64 nonPagedPoolEnd) { DbgPrint("[NAK] :: [+] Scanning\n"); /* @@ -295,6 +332,8 @@ scan(ULONG64 nonPagedPoolStart, ULONG64 nonPagedPoolEnd) { **/ POOL_HEADER p; + PVOID eprocess; + char eprocess_name[16] = {0}; // eprocess name is 15 bytes + 1 null const ULONG64 headerSize = 0x10; PVOID currentAddr = (PVOID)(nonPagedPoolStart); while (true) { @@ -327,6 +366,7 @@ scan(ULONG64 nonPagedPoolStart, ULONG64 nonPagedPoolEnd) { if (p.tag == 0) continue; if (!validTag(&p)) continue; + if (!validPool(&p)) continue; if (p.tag != 'Proc' && p.tag != 'corP') continue; @@ -334,10 +374,19 @@ scan(ULONG64 nonPagedPoolStart, ULONG64 nonPagedPoolEnd) { // TODO: Parse data as _EPROCESS // The first Proc found seems to be the EPROCESS from IoGetCurrentProcess // But it was offset 0x40 - printChunkInfo(&p); - DbgPrint("[NAK] :: [+] HEY EPROCESS POOL CHUNK"); - break; + // printChunkInfo(&p); + // eprocess = (PVOID)((ULONG64)p.addr + 0x40); + // RtlStringCbCopyNA(eprocess_name, 16, (char*)((ULONG64)eprocess + eprocessNameOffset), 15); + // DbgPrint("[NAK] :: [ ] eprocess offset 0x40 : 0x%p, [%s]\n", eprocess, eprocess_name); + eprocess = (PVOID)((ULONG64)p.addr + 0x80); + RtlStringCbCopyNA(eprocess_name, 16, (char*)((ULONG64)eprocess + eprocessNameOffset), 15); + DbgPrint("[NAK] :: [ ] eprocess offset 0x80 : 0x%p, [%s]\n", eprocess, eprocess_name); } DbgPrint("[NAK] :: [+] Finish scanning"); } + +VOID +scanLargePool(PVOID /* largePageTableArray */, ULONG64 /* largePageTableSize */) { + DbgPrint("[NAK] :: [-] Scan large pool not supported yet"); +} diff --git a/KMDF Driver2/Driver.h b/KMDF Driver2/Driver.h index 619b019..35d889f 100644 --- a/KMDF Driver2/Driver.h +++ b/KMDF Driver2/Driver.h @@ -28,12 +28,15 @@ bool validTag(PPOOL_HEADER p); bool -checkValidPool(PPOOL_HEADER p); +validPool(PPOOL_HEADER p); VOID printChunkInfo(PPOOL_HEADER p); VOID -scan(ULONG64 nonPagedPoolStart, ULONG64 nonPagedPoolEnd); +scanNormalPool(ULONG64 nonPagedPoolStart, ULONG64 nonPagedPoolEnd); + +VOID +scanLargePool(PVOID largePageTableArray, ULONG64 largePageTableSize); #endif diff --git a/sample_scan.txt b/sample_scan.txt new file mode 100644 index 0000000..6162abc --- /dev/null +++ b/sample_scan.txt @@ -0,0 +1,662 @@ +00000007 2.44968486 [NAK] :: [ ] Hello from Kernel, setup a few things +00000008 2.44975328 [NAK] :: [+] Setup completed, GO GO GO !!!! +00000009 2.44980168 [NAK] :: [ ] Windows version : 10.0.19564 +00000010 2.44980717 [NAK] :: [ ] Detected windows : 2020 Fast Ring +00000011 2.44981456 [NAK] :: [ ] System eprocess : 0xFFFFDB0CC8CB5040, [ System] +00000012 2.44984531 [NAK] :: [ ] PsActiveProcessHead : 0xFFFFF8031601F970 +00000013 2.44985104 [NAK] :: [ ] ntoskrnl.exe : 0xFFFFF80315400000 +00000014 2.44985557 [NAK] :: [ ] Scan the PsActiveProcessHead linked-list +00000015 2.44986176 [NAK] :: [ ] eprocess : 0xFFFFDB0CC8DE7080, [ Secure System] +00000016 2.44996500 [NAK] :: [ ] eprocess : 0xFFFFDB0CC8D36080, [ Registry] +00000017 2.44997287 [NAK] :: [ ] eprocess : 0xFFFFDB0CD1AA3040, [ smss.exe] +00000018 2.44998288 [NAK] :: [ ] eprocess : 0xFFFFDB0CD1C6D0C0, [ smss.exe] +00000019 2.44999051 [NAK] :: [ ] eprocess : 0xFFFFDB0CD1C60140, [ csrss.exe] +00000020 2.44999647 [NAK] :: [ ] eprocess : 0xFFFFDB0CD3A53080, [ smss.exe] +00000021 2.45000243 [NAK] :: [ ] eprocess : 0xFFFFDB0CD3A54080, [ wininit.exe] +00000022 2.45000839 [NAK] :: [ ] eprocess : 0xFFFFDB0CD3A52140, [ csrss.exe] +00000023 2.45001388 [NAK] :: [ ] eprocess : 0xFFFFDB0CD3AAB080, [ services.exe] +00000024 2.45001888 [NAK] :: [ ] eprocess : 0xFFFFDB0CD3ACB080, [ LsaIso.exe] +00000025 2.45002389 [NAK] :: [ ] eprocess : 0xFFFFDB0CD3AC9080, [ lsass.exe] +00000026 2.45002913 [NAK] :: [ ] eprocess : 0xFFFFDB0CD3BD8080, [ svchost.exe] +00000027 2.45003533 [NAK] :: [ ] eprocess : 0xFFFFDB0CD3C430C0, [ fontdrvhost.ex] +00000028 2.45004129 [NAK] :: [ ] eprocess : 0xFFFFDB0CD3C2F080, [ WUDFHost.exe] +00000029 2.45004702 [NAK] :: [ ] eprocess : 0xFFFFDB0CD3CD1240, [ svchost.exe] +00000030 2.45005274 [NAK] :: [ ] eprocess : 0xFFFFDB0CD3D10080, [ svchost.exe] +00000031 2.45005846 [NAK] :: [ ] eprocess : 0xFFFFDB0CD3D84080, [ winlogon.exe] +00000032 2.45009232 [NAK] :: [ ] eprocess : 0xFFFFDB0CD3E27080, [ fontdrvhost.ex] +00000033 2.45009780 [NAK] :: [ ] eprocess : 0xFFFFDB0CD3E5C080, [ dwm.exe] +00000034 2.45010328 [NAK] :: [ ] eprocess : 0xFFFFDB0CD3F210C0, [ svchost.exe] +00000035 2.45010829 [NAK] :: [ ] eprocess : 0xFFFFDB0CD3F25080, [ svchost.exe] +00000036 2.45011401 [NAK] :: [ ] eprocess : 0xFFFFDB0CD3F42080, [ svchost.exe] +00000037 2.45018148 [NAK] :: [ ] eprocess : 0xFFFFDB0CD3F44080, [ svchost.exe] +00000038 2.45018888 [NAK] :: [ ] eprocess : 0xFFFFDB0CD3F4F080, [ svchost.exe] +00000039 2.45023370 [NAK] :: [ ] eprocess : 0xFFFFDB0CD3F54080, [ svchost.exe] +00000040 2.45023942 [NAK] :: [ ] eprocess : 0xFFFFDB0CD3F6E0C0, [ svchost.exe] +00000041 2.45024443 [NAK] :: [ ] eprocess : 0xFFFFDB0CD3F74080, [ svchost.exe] +00000042 2.45024967 [NAK] :: [ ] eprocess : 0xFFFFDB0CD560C080, [ svchost.exe] +00000043 2.45025444 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5611080, [ svchost.exe] +00000044 2.45025969 [NAK] :: [ ] eprocess : 0xFFFFDB0CD564A080, [ svchost.exe] +00000045 2.45026469 [NAK] :: [ ] eprocess : 0xFFFFDB0CD566F080, [ svchost.exe] +00000046 2.45026994 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5671080, [ svchost.exe] +00000047 2.45027471 [NAK] :: [ ] eprocess : 0xFFFFDB0CD56B9080, [ svchost.exe] +00000048 2.45027971 [NAK] :: [ ] eprocess : 0xFFFFDB0CD56B7080, [ svchost.exe] +00000049 2.45028472 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5757080, [ svchost.exe] +00000050 2.45028973 [NAK] :: [ ] eprocess : 0xFFFFDB0CD57970C0, [ svchost.exe] +00000051 2.45029521 [NAK] :: [ ] eprocess : 0xFFFFDB0CD579D080, [ svchost.exe] +00000052 2.45029998 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5868080, [ svchost.exe] +00000053 2.45030522 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5887080, [ svchost.exe] +00000054 2.45031071 [NAK] :: [ ] eprocess : 0xFFFFDB0CD588E080, [ dasHost.exe] +00000055 2.45033646 [NAK] :: [ ] eprocess : 0xFFFFDB0CD589C080, [ svchost.exe] +00000056 2.45034194 [NAK] :: [ ] eprocess : 0xFFFFDB0CD58F0080, [ svchost.exe] +00000057 2.45034766 [NAK] :: [ ] eprocess : 0xFFFFDB0CD59450C0, [ svchost.exe] +00000058 2.45035267 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5962080, [ svchost.exe] +00000059 2.45036316 [NAK] :: [ ] eprocess : 0xFFFFDB0CD59A90C0, [ svchost.exe] +00000060 2.45036960 [NAK] :: [ ] eprocess : 0xFFFFDB0CD59B8080, [ vmms.exe] +00000061 2.45037484 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5A250C0, [ svchost.exe] +00000062 2.45038009 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5A31080, [ svchost.exe] +00000063 2.45038509 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5B29080, [ svchost.exe] +00000064 2.45039034 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5B350C0, [ svchost.exe] +00000065 2.45039558 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5B43080, [ svchost.exe] +00000066 2.45040083 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5B42080, [ NVDisplay.Cont] +00000067 2.45040607 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5BBF080, [ svchost.exe] +00000068 2.45041108 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5BE8080, [ svchost.exe] +00000069 2.45041656 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5B65080, [ svchost.exe] +00000070 2.45042205 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5C2F0C0, [ svchost.exe] +00000071 2.45042729 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5C4E080, [ igfxCUIService] +00000072 2.45043230 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5C51040, [ MemCompression] +00000073 2.45043731 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5CCA0C0, [ svchost.exe] +00000074 2.45044231 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5CCE080, [ svchost.exe] +00000075 2.45044923 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5CD2080, [ svchost.exe] +00000076 2.45045567 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5D840C0, [ svchost.exe] +00000077 2.45046210 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5DBB080, [ NVDisplay.Cont] +00000078 2.45046687 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5DE90C0, [ svchost.exe] +00000079 2.45047331 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5E4A080, [ svchost.exe] +00000080 2.45047832 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5E670C0, [ svchost.exe] +00000081 2.45048451 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5EB5080, [ svchost.exe] +00000082 2.45048952 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5DE7080, [ svchost.exe] +00000083 2.45049477 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5EEB080, [ svchost.exe] +00000084 2.45049953 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5EEA080, [ svchost.exe] +00000085 2.45050478 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5F07080, [ svchost.exe] +00000086 2.45051026 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5FE9080, [ svchost.exe] +00000087 2.45051551 [NAK] :: [ ] eprocess : 0xFFFFDB0CD606D080, [ svchost.exe] +00000088 2.45052052 [NAK] :: [ ] eprocess : 0xFFFFDB0CD6167080, [ svchost.exe] +00000089 2.45052552 [NAK] :: [ ] eprocess : 0xFFFFDB0CD6164080, [ svchost.exe] +00000090 2.45053577 [NAK] :: [ ] eprocess : 0xFFFFDB0CD616B080, [ svchost.exe] +00000091 2.45054245 [NAK] :: [ ] eprocess : 0xFFFFDB0CD61B40C0, [ spoolsv.exe] +00000092 2.45054793 [NAK] :: [ ] eprocess : 0xFFFFDB0CD621B080, [ svchost.exe] +00000093 2.45055389 [NAK] :: [ ] eprocess : 0xFFFFDB0CD6253080, [ svchost.exe] +00000094 2.45055985 [NAK] :: [ ] eprocess : 0xFFFFDB0CD62AE080, [ armsvc.exe] +00000095 2.45056605 [NAK] :: [ ] eprocess : 0xFFFFDB0CD62CB0C0, [ AdobeUpdateSer] +00000096 2.45057201 [NAK] :: [ ] eprocess : 0xFFFFDB0CD62DF080, [ AGMService.exe] +00000097 2.45057750 [NAK] :: [ ] eprocess : 0xFFFFDB0CD62E7080, [ OfficeClickToR] +00000098 2.45058799 [NAK] :: [ ] eprocess : 0xFFFFDB0CD62E8080, [ com.docker.ser] +00000099 2.45059443 [NAK] :: [ ] eprocess : 0xFFFFDB0CD62E6080, [ IntelCpHDCPSvc] +00000100 2.45060039 [NAK] :: [ ] eprocess : 0xFFFFDB0CD63C80C0, [ svchost.exe] +00000101 2.45060635 [NAK] :: [ ] eprocess : 0xFFFFDB0CD63DF080, [ CxAudMsg64.exe] +00000102 2.45061231 [NAK] :: [ ] eprocess : 0xFFFFDB0CD63E2080, [ CxUtilSvc.exe] +00000103 2.45061851 [NAK] :: [ ] eprocess : 0xFFFFDB0CD6452080, [ DbxSvc.exe] +00000104 2.45062470 [NAK] :: [ ] eprocess : 0xFFFFDB0CD6456080, [ svchost.exe] +00000105 2.45063090 [NAK] :: [ ] eprocess : 0xFFFFDB0CD64E10C0, [ wlanext.exe] +00000106 2.45063686 [NAK] :: [ ] eprocess : 0xFFFFDB0CD64EE080, [ ibtsiva.exe] +00000107 2.45064282 [NAK] :: [ ] eprocess : 0xFFFFDB0CD65020C0, [ esif_uf.exe] +00000108 2.45064950 [NAK] :: [ ] eprocess : 0xFFFFDB0CD64EC080, [ EvtEng.exe] +00000109 2.45065570 [NAK] :: [ ] eprocess : 0xFFFFDB0CD6503080, [ FMService64.ex] +00000110 2.45066190 [NAK] :: [ ] eprocess : 0xFFFFDB0CD6522080, [ svchost.exe] +00000111 2.45066810 [NAK] :: [ ] eprocess : 0xFFFFDB0CD652A080, [ conhost.exe] +00000112 2.45070338 [NAK] :: [ ] eprocess : 0xFFFFDB0CD652B080, [ LegacyCsLoader] +00000113 2.45070910 [NAK] :: [ ] eprocess : 0xFFFFDB0CD6540080, [ svchost.exe] +00000114 2.45071411 [NAK] :: [ ] eprocess : 0xFFFFDB0CD6543080, [ IntelTechnolog] +00000115 2.45071912 [NAK] :: [ ] eprocess : 0xFFFFDB0CD3D9B080, [ IpOverUsbSvc.e] +00000116 2.45072436 [NAK] :: [ ] eprocess : 0xFFFFDB0CD659A080, [ NvTelemetryCon] +00000117 2.45072961 [NAK] :: [ ] eprocess : 0xFFFFDB0CD663F080, [ PnkBstrA.exe] +00000118 2.45078611 [NAK] :: [ ] eprocess : 0xFFFFDB0CD668B080, [ svchost.exe] +00000119 2.45079350 [NAK] :: [ ] eprocess : 0xFFFFDB0CD646F080, [ RtkAudUService] +00000120 2.45079875 [NAK] :: [ ] eprocess : 0xFFFFDB0CD6691080, [ RemoteServerWi] +00000121 2.45080400 [NAK] :: [ ] eprocess : 0xFFFFDB0CD6690080, [ SmartByteNetwo] +00000122 2.45080924 [NAK] :: [ ] eprocess : 0xFFFFDB0CD67970C0, [ svchost.exe] +00000123 2.45081472 [NAK] :: [ ] eprocess : 0xFFFFDB0CD6795080, [ svchost.exe] +00000124 2.45081997 [NAK] :: [ ] eprocess : 0xFFFFDB0CD679D080, [ SynTPEnhServic] +00000125 2.45083952 [NAK] :: [ ] eprocess : 0xFFFFDB0CD67C4080, [ sqlwriter.exe] +00000126 2.45084524 [NAK] :: [ ] eprocess : 0xFFFFDB0CD67C5080, [ ThunderboltSer] +00000127 2.45085025 [NAK] :: [ ] eprocess : 0xFFFFDB0CD685C080, [ TeamViewer_Ser] +00000128 2.45085549 [NAK] :: [ ] eprocess : 0xFFFFDB0CD68C60C0, [ svchost.exe] +00000129 2.45086122 [NAK] :: [ ] eprocess : 0xFFFFDB0CD68CE080, [ TrueColorALS.e] +00000130 2.45086622 [NAK] :: [ ] eprocess : 0xFFFFDB0CD68CF080, [ WmiPrvSE.exe] +00000131 2.45087171 [NAK] :: [ ] eprocess : 0xFFFFDB0CD691E080, [ vmware-authd.e] +00000132 2.45087647 [NAK] :: [ ] eprocess : 0xFFFFDB0CD690D080, [ vmnetdhcp.exe] +00000133 2.45088124 [NAK] :: [ ] eprocess : 0xFFFFDB0CD6910080, [ WmiPrvSE.exe] +00000134 2.45088649 [NAK] :: [ ] eprocess : 0xFFFFDB0CD6940080, [ vmware-usbarbi] +00000135 2.45089149 [NAK] :: [ ] eprocess : 0xFFFFDB0CD6947080, [ vmnat.exe] +00000136 2.45089650 [NAK] :: [ ] eprocess : 0xFFFFDB0CD69A00C0, [ WDDriveService] +00000137 2.45090151 [NAK] :: [ ] eprocess : 0xFFFFDB0CD69A5080, [ ZeroConfigServ] +00000138 2.45090675 [NAK] :: [ ] eprocess : 0xFFFFDB0CD69A3080, [ MsMpEng.exe] +00000139 2.45091200 [NAK] :: [ ] eprocess : 0xFFFFDB0CD6944080, [ svchost.exe] +00000140 2.45091677 [NAK] :: [ ] eprocess : 0xFFFFDB0CD69C9080, [ svchost.exe] +00000141 2.45092320 [NAK] :: [ ] eprocess : 0xFFFFDB0CD6A06080, [ unsecapp.exe] +00000142 2.45093346 [NAK] :: [ ] eprocess : 0xFFFFDB0CD6A71080, [ IntelCpHeciSvc] +00000143 2.45093966 [NAK] :: [ ] eprocess : 0xFFFFDB0CD6CCF080, [ svchost.exe] +00000144 2.45094514 [NAK] :: [ ] eprocess : 0xFFFFDB0CD6D6B080, [ igfxext.exe] +00000145 2.45095086 [NAK] :: [ ] eprocess : 0xFFFFDB0CD701C080, [ svchost.exe] +00000146 2.45095682 [NAK] :: [ ] eprocess : 0xFFFFDB0CC8D99080, [ svchost.exe] +00000147 2.45096517 [NAK] :: [ ] eprocess : 0xFFFFDB0CD71B0080, [ svchost.exe] +00000148 2.45100307 [NAK] :: [ ] eprocess : 0xFFFFDB0CD71D40C0, [ svchost.exe] +00000149 2.45100832 [NAK] :: [ ] eprocess : 0xFFFFDB0CD7296080, [ vmware-hostd.e] +00000150 2.45106411 [NAK] :: [ ] eprocess : 0xFFFFDB0CD7ADE080, [ svchost.exe] +00000151 2.45107079 [NAK] :: [ ] eprocess : 0xFFFFDB0CD74EB080, [ svchost.exe] +00000152 2.45107603 [NAK] :: [ ] eprocess : 0xFFFFDB0CD7BF6080, [ dllhost.exe] +00000153 2.45108151 [NAK] :: [ ] eprocess : 0xFFFFDB0CD79ED080, [ vmcompute.exe] +00000154 2.45109081 [NAK] :: [ ] eprocess : 0xFFFFDB0CD7FE6080, [ NisSrv.exe] +00000155 2.45109725 [NAK] :: [ ] eprocess : 0xFFFFDB0CE401A240, [ dptf_helper.ex] +00000156 2.45110250 [NAK] :: [ ] eprocess : 0xFFFFDB0CD606C080, [ SynTPEnh.exe] +00000157 2.45110726 [NAK] :: [ ] eprocess : 0xFFFFDB0CE417F080, [ svchost.exe] +00000158 2.45111251 [NAK] :: [ ] eprocess : 0xFFFFDB0CE4190080, [ SynTPEnh.exe] +00000159 2.45111728 [NAK] :: [ ] eprocess : 0xFFFFDB0CE41E0080, [ svchost.exe] +00000160 2.45112205 [NAK] :: [ ] eprocess : 0xFFFFDB0CE41E7200, [ sihost.exe] +00000161 2.45112705 [NAK] :: [ ] eprocess : 0xFFFFDB0CE429E080, [ svchost.exe] +00000162 2.45113230 [NAK] :: [ ] eprocess : 0xFFFFDB0CE42A1080, [ GoogleUpdate.e] +00000163 2.45113730 [NAK] :: [ ] eprocess : 0xFFFFDB0CE42A2080, [ svchost.exe] +00000164 2.45114326 [NAK] :: [ ] eprocess : 0xFFFFDB0CE42A3080, [ PresentationFo] +00000165 2.45114899 [NAK] :: [ ] eprocess : 0xFFFFDB0CE42A60C0, [ taskhostw.exe] +00000166 2.45115423 [NAK] :: [ ] eprocess : 0xFFFFDB0CE42A4080, [ DropboxUpdate.] +00000167 2.45115948 [NAK] :: [ ] eprocess : 0xFFFFDB0CE42A8080, [ svchost.exe] +00000168 2.45116448 [NAK] :: [ ] eprocess : 0xFFFFDB0CE4170080, [ svchost.exe] +00000169 2.45116925 [NAK] :: [ ] eprocess : 0xFFFFDB0CE43E3200, [ ctfmon.exe] +00000170 2.45117450 [NAK] :: [ ] eprocess : 0xFFFFDB0CE44130C0, [ SynTPHelper.ex] +00000171 2.45117998 [NAK] :: [ ] eprocess : 0xFFFFDB0CE43E00C0, [ svchost.exe] +00000172 2.45118690 [NAK] :: [ ] eprocess : 0xFFFFDB0CE45E2080, [ svchost.exe] +00000173 2.45119190 [NAK] :: [ ] eprocess : 0xFFFFDB0CE4659080, [ ChsIME.exe] +00000174 2.45119858 [NAK] :: [ ] eprocess : 0xFFFFDB0CE4663080, [ cmd.exe] +00000175 2.45120525 [NAK] :: [ ] eprocess : 0xFFFFDB0CE4688080, [ userinit.exe] +00000176 2.45121121 [NAK] :: [ ] eprocess : 0xFFFFDB0CE43F9080, [ explorer.exe] +00000177 2.45122242 [NAK] :: [ ] eprocess : 0xFFFFDB0CE47460C0, [ igfxEM.exe] +00000178 2.45122814 [NAK] :: [ ] eprocess : 0xFFFFDB0CE4784140, [ svchost.exe] +00000179 2.45123363 [NAK] :: [ ] eprocess : 0xFFFFDB0CE48C5080, [ SearchIndexer.] +00000180 2.45123911 [NAK] :: [ ] eprocess : 0xFFFFDB0CE4AAB080, [ svchost.exe] +00000181 2.45124412 [NAK] :: [ ] eprocess : 0xFFFFDB0CD7E60080, [ StartMenuExper] +00000182 2.45124960 [NAK] :: [ ] eprocess : 0xFFFFDB0CE4BE1080, [ RuntimeBroker.] +00000183 2.45125484 [NAK] :: [ ] eprocess : 0xFFFFDB0CE4DB90C0, [ RuntimeBroker.] +00000184 2.45126009 [NAK] :: [ ] eprocess : 0xFFFFDB0CE4EFC080, [ YourPhone.exe] +00000185 2.45126510 [NAK] :: [ ] eprocess : 0xFFFFDB0CE60CE240, [ SkypeBackgroun] +00000186 2.45127034 [NAK] :: [ ] eprocess : 0xFFFFDB0CE60F5080, [ SkypeApp.exe] +00000187 2.45127559 [NAK] :: [ ] eprocess : 0xFFFFDB0CE611A140, [ RtkAudUService] +00000188 2.45128155 [NAK] :: [ ] eprocess : 0xFFFFDB0CE4C240C0, [ TextInputHost.] +00000189 2.45128727 [NAK] :: [ ] eprocess : 0xFFFFDB0CE6122080, [ svchost.exe] +00000190 2.45129251 [NAK] :: [ ] eprocess : 0xFFFFDB0CE61540C0, [ RuntimeBroker.] +00000191 2.45129871 [NAK] :: [ ] eprocess : 0xFFFFDB0CE4F860C0, [ RuntimeBroker.] +00000192 2.45130372 [NAK] :: [ ] eprocess : 0xFFFFDB0CE61780C0, [ SettingSyncHos] +00000193 2.45130992 [NAK] :: [ ] eprocess : 0xFFFFDB0CE7603080, [ ShellExperienc] +00000194 2.45131564 [NAK] :: [ ] eprocess : 0xFFFFDB0CE636B080, [ RuntimeBroker.] +00000195 2.45132089 [NAK] :: [ ] eprocess : 0xFFFFDB0CE7662080, [ GoogleCrashHan] +00000196 2.45132637 [NAK] :: [ ] eprocess : 0xFFFFDB0CE40F5080, [ GoogleCrashHan] +00000197 2.45133638 [NAK] :: [ ] eprocess : 0xFFFFDB0CE752D240, [ SecurityHealth] +00000198 2.45134282 [NAK] :: [ ] eprocess : 0xFFFFDB0CE75B80C0, [ SecurityHealth] +00000199 2.45134878 [NAK] :: [ ] eprocess : 0xFFFFDB0CE4E240C0, [ IAStorIconLaun] +00000200 2.45135474 [NAK] :: [ ] eprocess : 0xFFFFDB0CE760B180, [ CAudioFilterAg] +00000201 2.45136070 [NAK] :: [ ] eprocess : 0xFFFFDB0CE4D65080, [ sacpl.exe] +00000202 2.45136642 [NAK] :: [ ] eprocess : 0xFFFFDB0CE63DE080, [ chrome.exe] +00000203 2.45137191 [NAK] :: [ ] eprocess : 0xFFFFDB0CE600B080, [ chrome.exe] +00000204 2.45137811 [NAK] :: [ ] eprocess : 0xFFFFDB0CE7731080, [ Docker Desktop] +00000205 2.45138407 [NAK] :: [ ] eprocess : 0xFFFFDB0CE74D90C0, [ chrome.exe] +00000206 2.45139003 [NAK] :: [ ] eprocess : 0xFFFFDB0CE77240C0, [ SmartAudio3.ex] +00000207 2.45139718 [NAK] :: [ ] eprocess : 0xFFFFDB0CE77460C0, [ chrome.exe] +00000208 2.45140362 [NAK] :: [ ] eprocess : 0xFFFFDB0CE77790C0, [ chrome.exe] +00000209 2.45141029 [NAK] :: [ ] eprocess : 0xFFFFDB0CE4D130C0, [ RemoteServerWi] +00000210 2.45141625 [NAK] :: [ ] eprocess : 0xFFFFDB0CE74DB080, [ runonce.exe] +00000211 2.45142269 [NAK] :: [ ] eprocess : 0xFFFFDB0CE770B080, [ SearchApp.exe] +00000212 2.45142937 [NAK] :: [ ] eprocess : 0xFFFFDB0CE7770080, [ chrome.exe] +00000213 2.45146275 [NAK] :: [ ] eprocess : 0xFFFFDB0CE7705080, [ chrome.exe] +00000214 2.45146966 [NAK] :: [ ] eprocess : 0xFFFFDB0CE775B080, [ chrome.exe] +00000215 2.45147491 [NAK] :: [ ] eprocess : 0xFFFFDB0CE7710080, [ chrome.exe] +00000216 2.45147991 [NAK] :: [ ] eprocess : 0xFFFFDB0CE774E080, [ chrome.exe] +00000217 2.45148921 [NAK] :: [ ] eprocess : 0xFFFFDB0CE7720080, [ chrome.exe] +00000218 2.45154881 [NAK] :: [ ] eprocess : 0xFFFFDB0CE63B0080, [ chrome.exe] +00000219 2.45155478 [NAK] :: [ ] eprocess : 0xFFFFDB0CE775E080, [ chrome.exe] +00000220 2.45156050 [NAK] :: [ ] eprocess : 0xFFFFDB0CE4DD8080, [ chrome.exe] +00000221 2.45156598 [NAK] :: [ ] eprocess : 0xFFFFDB0CE4D14080, [ chrome.exe] +00000222 2.45157194 [NAK] :: [ ] eprocess : 0xFFFFDB0CE65870C0, [ chrome.exe] +00000223 2.45157766 [NAK] :: [ ] eprocess : 0xFFFFDB0CE663B080, [ chrome.exe] +00000224 2.45158339 [NAK] :: [ ] eprocess : 0xFFFFDB0CE6577080, [ chrome.exe] +00000225 2.45159316 [NAK] :: [ ] eprocess : 0xFFFFDB0CE6579080, [ chrome.exe] +00000226 2.45160127 [NAK] :: [ ] eprocess : 0xFFFFDB0CE66C8080, [ chrome.exe] +00000227 2.45160675 [NAK] :: [ ] eprocess : 0xFFFFDB0CE66CA0C0, [ chrome.exe] +00000228 2.45161200 [NAK] :: [ ] eprocess : 0xFFFFDB0CE678A0C0, [ Dropbox.exe] +00000229 2.45161724 [NAK] :: [ ] eprocess : 0xFFFFDB0CE6775080, [ chrome.exe] +00000230 2.45162249 [NAK] :: [ ] eprocess : 0xFFFFDB0CE69130C0, [ vmware-tray.ex] +00000231 2.45162797 [NAK] :: [ ] eprocess : 0xFFFFDB0CE691D200, [ Dropbox.exe] +00000232 2.45163345 [NAK] :: [ ] eprocess : 0xFFFFDB0CE6385080, [ Dropbox.exe] +00000233 2.45163870 [NAK] :: [ ] eprocess : 0xFFFFDB0CE694D080, [ Dropbox.exe] +00000234 2.45164394 [NAK] :: [ ] eprocess : 0xFFFFDB0CE698A080, [ ioc.exe] +00000235 2.45164895 [NAK] :: [ ] eprocess : 0xFFFFDB0CE6CCA080, [ aesm_service.e] +00000236 2.45165420 [NAK] :: [ ] eprocess : 0xFFFFDB0CE48240C0, [ svchost.exe] +00000237 2.45165992 [NAK] :: [ ] eprocess : 0xFFFFDB0CE70E90C0, [ DDVRulesProces] +00000238 2.45166469 [NAK] :: [ ] eprocess : 0xFFFFDB0CE6921080, [ DSAPI.exe] +00000239 2.45166969 [NAK] :: [ ] eprocess : 0xFFFFDB0CE4FF1080, [ svchost.exe] +00000240 2.45167518 [NAK] :: [ ] eprocess : 0xFFFFDB0CE76D3080, [ IAStorIcon.exe] +00000241 2.45167994 [NAK] :: [ ] eprocess : 0xFFFFDB0CE62CE080, [ ServiceShell.e] +00000242 2.45168519 [NAK] :: [ ] eprocess : 0xFFFFDB0CE7A8B080, [ QtWebEnginePro] +00000243 2.45172191 [NAK] :: [ ] eprocess : 0xFFFFDB0CE60C3080, [ QtWebEnginePro] +00000244 2.45172691 [NAK] :: [ ] eprocess : 0xFFFFDB0CE79750C0, [ dllhost.exe] +00000245 2.45178127 [NAK] :: [ ] eprocess : 0xFFFFDB0CE6B94080, [ msdtc.exe] +00000246 2.45178795 [NAK] :: [ ] eprocess : 0xFFFFDB0CE7E15080, [ DolbyDAX2API.e] +00000247 2.45179391 [NAK] :: [ ] eprocess : 0xFFFFDB0CE80E3080, [ IAStorDataMgrS] +00000248 2.45184469 [NAK] :: [ ] eprocess : 0xFFFFDB0CE8170080, [ jhi_service.ex] +00000249 2.45185089 [NAK] :: [ ] eprocess : 0xFFFFDB0CE816E080, [ LMS.exe] +00000250 2.45185637 [NAK] :: [ ] eprocess : 0xFFFFDB0CE80800C0, [ SgrmBroker.exe] +00000251 2.45186234 [NAK] :: [ ] eprocess : 0xFFFFDB0CE8255080, [ SupportAssistA] +00000252 2.45186830 [NAK] :: [ ] eprocess : 0xFFFFDB0CE83240C0, [ DDVDataCollect] +00000253 2.45187449 [NAK] :: [ ] eprocess : 0xFFFFDB0CE81760C0, [ DDVCollectorSv] +00000254 2.45187998 [NAK] :: [ ] eprocess : 0xFFFFDB0CE833E080, [ com.docker.bac] +00000255 2.45188618 [NAK] :: [ ] eprocess : 0xFFFFDB0CE824A080, [ conhost.exe] +00000256 2.45189214 [NAK] :: [ ] eprocess : 0xFFFFDB0CE78DF080, [ Docker.Watchgu] +00000257 2.45189881 [NAK] :: [ ] eprocess : 0xFFFFDB0CE7984080, [ conhost.exe] +00000258 2.45190525 [NAK] :: [ ] eprocess : 0xFFFFDB0CE6C620C0, [ nvapiw.exe] +00000259 2.45194554 [NAK] :: [ ] eprocess : 0xFFFFDB0CE84B9080, [ svchost.exe] +00000260 2.45195246 [NAK] :: [ ] eprocess : 0xFFFFDB0CE87C5080, [ nvapiw.exe] +00000261 2.45195770 [NAK] :: [ ] eprocess : 0xFFFFDB0CE8AA50C0, [ vpnkit-bridge.] +00000262 2.45196295 [NAK] :: [ ] eprocess : 0xFFFFDB0CE8B020C0, [ conhost.exe] +00000263 2.45196819 [NAK] :: [ ] eprocess : 0xFFFFDB0CE89940C0, [ chrome.exe] +00000264 2.45197368 [NAK] :: [ ] eprocess : 0xFFFFDB0CE8CAD0C0, [ vpnkit.exe] +00000265 2.45197892 [NAK] :: [ ] eprocess : 0xFFFFDB0CE4D240C0, [ Docker.Watchgu] +00000266 2.45198512 [NAK] :: [ ] eprocess : 0xFFFFDB0CE8C95080, [ conhost.exe] +00000267 2.45199060 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5EB0080, [ conhost.exe] +00000268 2.45199704 [NAK] :: [ ] eprocess : 0xFFFFDB0CD5C57080, [ vmwp.exe] +00000269 2.45200205 [NAK] :: [ ] eprocess : 0xFFFFDB0CD61D50C0, [ vmmem] +00000270 2.45200777 [NAK] :: [ ] eprocess : 0xFFFFDB0CD7973080, [ svchost.exe] +00000271 2.45201302 [NAK] :: [ ] eprocess : 0xFFFFDB0CE8FEA0C0, [ HxTsr.exe] +00000272 2.45201802 [NAK] :: [ ] eprocess : 0xFFFFDB0CEB3EE080, [ AcrobatNotific] +00000273 2.45202327 [NAK] :: [ ] eprocess : 0xFFFFDB0CE8BC1240, [ com.docker.pro] +00000274 2.45202851 [NAK] :: [ ] eprocess : 0xFFFFDB0CEB3CE240, [ Docker.Watchgu] +00000275 2.45203400 [NAK] :: [ ] eprocess : 0xFFFFDB0CE90241C0, [ conhost.exe] +00000276 2.45204043 [NAK] :: [ ] eprocess : 0xFFFFDB0CEB3CC0C0, [ conhost.exe] +00000277 2.45204568 [NAK] :: [ ] eprocess : 0xFFFFDB0CE906E080, [ chrome.exe] +00000278 2.45205069 [NAK] :: [ ] eprocess : 0xFFFFDB0CE9130280, [ RuntimeBroker.] +00000279 2.45205593 [NAK] :: [ ] eprocess : 0xFFFFDB0CE9123240, [ chrome.exe] +00000280 2.45206451 [NAK] :: [ ] eprocess : 0xFFFFDB0CE9129080, [ explorer.exe] +00000281 2.45206928 [NAK] :: [ ] eprocess : 0xFFFFDB0CE4188080, [ MsMpEngCP.exe] +00000282 2.45207453 [NAK] :: [ ] eprocess : 0xFFFFDB0CE9E11080, [ dllhost.exe] +00000283 2.45208168 [NAK] :: [ ] eprocess : 0xFFFFDB0CE8CEE080, [ chrome.exe] +00000284 2.45208979 [NAK] :: [ ] eprocess : 0xFFFFDB0CE9076100, [ chrome.exe] +00000285 2.45209575 [NAK] :: [ ] eprocess : 0xFFFFDB0CEAB9E0C0, [ RuntimeBroker.] +00000286 2.45210171 [NAK] :: [ ] eprocess : 0xFFFFDB0CEA7020C0, [ svchost.exe] +00000287 2.45210838 [NAK] :: [ ] eprocess : 0xFFFFDB0CEA6920C0, [ Microsoft.Phot] +00000288 2.45211363 [NAK] :: [ ] eprocess : 0xFFFFDB0CEA7350C0, [ RuntimeBroker.] +00000289 2.45212007 [NAK] :: [ ] eprocess : 0xFFFFDB0CEADD0080, [ svchost.exe] +00000290 2.45212650 [NAK] :: [ ] eprocess : 0xFFFFDB0CEA7DC240, [ chrome.exe] +00000291 2.45213270 [NAK] :: [ ] eprocess : 0xFFFFDB0CE4B7E080, [ cmd.exe] +00000292 2.45213914 [NAK] :: [ ] eprocess : 0xFFFFDB0CE7E530C0, [ YourPhoneServe] +00000293 2.45215058 [NAK] :: [ ] eprocess : 0xFFFFDB0CE9079100, [ chrome.exe] +00000294 2.45215774 [NAK] :: [ ] eprocess : 0xFFFFDB0CEB8680C0, [ nvapiw.exe] +00000295 2.45216274 [NAK] :: [ ] eprocess : 0xFFFFDB0CEBABD0C0, [ chrome.exe] +00000296 2.45216846 [NAK] :: [ ] eprocess : 0xFFFFDB0CED79A0C0, [ chrome.exe] +00000297 2.45217371 [NAK] :: [ ] eprocess : 0xFFFFDB0CE4B54100, [ chrome.exe] +00000298 2.45217919 [NAK] :: [ ] eprocess : 0xFFFFDB0CEB6020C0, [ chrome.exe] +00000299 2.45218492 [NAK] :: [ ] eprocess : 0xFFFFDB0CED7560C0, [ HxTsr.exe] +00000300 2.45219040 [NAK] :: [ ] eprocess : 0xFFFFDB0CECFE6240, [ svchost.exe] +00000301 2.45219612 [NAK] :: [ ] eprocess : 0xFFFFDB0CEB0C5140, [ chrome.exe] +00000302 2.45220160 [NAK] :: [ ] eprocess : 0xFFFFDB0CEB5350C0, [ chrome.exe] +00000303 2.45220757 [NAK] :: [ ] eprocess : 0xFFFFDB0CEBA460C0, [ chrome.exe] +00000304 2.45221806 [NAK] :: [ ] eprocess : 0xFFFFDB0CED740240, [ audiodg.exe] +00000305 2.45222545 [NAK] :: [ ] eprocess : 0xFFFFDB0CEC9CE0C0, [ svchost.exe] +00000306 2.45223069 [NAK] :: [ ] eprocess : 0xFFFFDB0CEB0B80C0, [ Dbgview.exe] +00000307 2.45224094 [NAK] :: [ ] eprocess : 0xFFFFDB0CECBAD0C0, [ chrome.exe] +00000308 2.45224690 [NAK] :: [ ] eprocess : 0xFFFFDB0CEBC8A0C0, [ chrome.exe] +00000309 2.45225263 [NAK] :: [ ] eprocess : 0xFFFFDB0CF01A7180, [ goneovim.exe] +00000310 2.45225763 [NAK] :: [ ] eprocess : 0xFFFFDB0CEB4860C0, [ nvim.exe] +00000311 2.45226288 [NAK] :: [ ] eprocess : 0xFFFFDB0CE80E50C0, [ conhost.exe] +00000312 2.45226884 [NAK] :: [ ] eprocess : 0xFFFFDB0CED8790C0, [ nvim.exe] +00000313 2.45227480 [NAK] :: [ ] eprocess : 0xFFFFDB0CE91250C0, [ conhost.exe] +00000314 2.45228028 [NAK] :: [ ] eprocess : 0xFFFFDB0CEAC350C0, [ python.exe] +00000315 2.45228624 [NAK] :: [ ] eprocess : 0xFFFFDB0CECFCA0C0, [ conhost.exe] +00000316 2.45229316 [NAK] :: [ ] eprocess : 0xFFFFDB0CEA3770C0, [ languageclient] +00000317 2.45229888 [NAK] :: [ ] eprocess : 0xFFFFDB0CECD670C0, [ conhost.exe] +00000318 2.45230412 [NAK] :: [ ] eprocess : 0xFFFFDB0CEBB130C0, [ python.exe] +00000319 2.45230961 [NAK] :: [ ] eprocess : 0xFFFFDB0CEBB460C0, [ conhost.exe] +00000320 2.45231557 [NAK] :: [ ] eprocess : 0xFFFFDB0CEB4DB0C0, [ python.exe] +00000321 2.45232153 [NAK] :: [ ] eprocess : 0xFFFFDB0CED3130C0, [ python.exe] +00000322 2.45232725 [NAK] :: [ ] eprocess : 0xFFFFDB0CEB9CE0C0, [ python.exe] +00000323 2.45233750 [NAK] :: [ ] eprocess : 0xFFFFDB0CEF8680C0, [ python.exe] +00000324 2.45234370 [NAK] :: [ ] eprocess : 0xFFFFDB0CEBB07080, [ cmd.exe] +00000325 2.45234871 [NAK] :: [ ] eprocess : 0xFFFFDB0CE8BF8080, [ conhost.exe] +00000326 2.45235419 [NAK] :: [ ] eprocess : 0xFFFFDB0CEB25C080, [ MSBuild.exe] +00000327 2.45235968 [NAK] :: [ ] eprocess : 0xFFFFDB0CE8E9A0C0, [ Tracker.exe] +00000328 2.45236444 [NAK] :: [ ] eprocess : 0xFFFFDB0CEBB16080, [ link.exe] +00000329 2.45236969 [NAK] :: [ ] eprocess : 0xFFFFDB0CE8BFA080, [ mspdbsrv.exe] +00000330 2.45237541 [NAK] :: [ ] eprocess : 0xFFFFDB0CECE950C0, [ SearchApp.exe] +00000331 2.45238090 [NAK] :: [ ] eprocess : 0xFFFFDB0CED2A50C0, [ WmiApSrv.exe] +00000332 2.45238590 [NAK] :: [ ] eprocess : 0xFFFFDB0CED7890C0, [ parse_pdb_for_] +00000333 2.45239091 [NAK] :: [ ] nt!MiState : 0xFFFFF8031604F200 +00000334 2.45239520 [NAK] :: [ ] &systemNonPageInfo : 0xFFFF908180016010 +00000335 2.45239949 [NAK] :: [ ] &NonPagedPoolFirstVa : 0xFFFF908180016070 +00000336 2.45240402 [NAK] :: [ ] &NonPagedPoolLastVa : 0xFFFF908180016078 +00000337 2.45240879 [NAK] :: [+] nonPagedPoolStart : 0xffffdb0000000000 +00000338 2.45241356 [NAK] :: [+] nonPagedPoolEnd : 0xffffeb0000000000 +00000339 2.45241809 [NAK] :: [+] large page address : 0xFFFFF80316017ED8 +00000340 2.45242143 [NAK] :: [+] large page size : 0x10000 +00000341 2.45242405 [NAK] :: [+] Scanning +00000342 2.63246703 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CC8CB5080, [h…ËÖ ÛÿÿÍ] +00000343 2.63351870 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CC8D36090, [] +00000344 2.63428450 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CC8D99080, [svchost.exe] +00000345 2.63490915 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CC8DE70C0, [`vÞÈ Ûÿÿ] +00000346 2.87199759 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD1AA3080, [heªÑ Ûÿÿ]] +00000347 2.87527966 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD1C60140, [csrss.exe] +00000348 2.87539291 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD1C6D0C0, [smss.exe] +00000349 2.91730165 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD3A52140, [csrss.exe] +00000350 2.91731024 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD3A53080, [smss.exe] +00000351 2.91731691 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD3A54080, [wininit.exe] +00000352 2.91772556 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD3AAB080, [services.exe] +00000353 2.91788101 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD3AC9080, [lsass.exe] +00000354 2.91789341 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD3ACB080, [LsaIso.exe] +00000355 2.91916966 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD3BD8080, [svchost.exe] +00000356 2.91957378 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD3C2F080, [WUDFHost.exe] +00000357 2.91967535 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD3C430C0, [fontdrvhost.ex] +00000358 2.92035127 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD3CD1250, [] +00000359 2.92065287 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD3D10080, [svchost.exe] +00000360 2.92119598 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD3D84080, [winlogon.exe] +00000361 2.92130995 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD3D9B080, [IpOverUsbSvc.e] +00000362 2.92196655 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD3E27080, [fontdrvhost.ex] +00000363 2.92222476 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD3E5C080, [dwm.exe] +00000364 2.92318130 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD3F210C0, [svchost.exe] +00000365 2.92320132 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD3F25080, [svchost.exe] +00000366 2.92332840 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD3F42080, [svchost.exe] +00000367 2.92333937 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD3F44080, [svchost.exe] +00000368 2.92338872 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD3F4F080, [svchost.exe] +00000369 2.92341232 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD3F54080, [svchost.exe] +00000370 2.92352891 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD3F6E0C0, [svchost.exe] +00000371 2.92355919 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD3F74080, [svchost.exe] +00000372 2.94584513 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD560C080, [svchost.exe] +00000373 2.94587302 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5611080, [svchost.exe] +00000374 2.94614220 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD564A080, [svchost.exe] +00000375 2.94631362 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD566F080, [svchost.exe] +00000376 2.94632435 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5671080, [svchost.exe] +00000377 2.94663954 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD56B7080, [svchost.exe] +00000378 2.94665051 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD56B9080, [svchost.exe] +00000379 2.94742322 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5757080, [svchost.exe] +00000380 2.94771171 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD57970C0, [svchost.exe] +00000381 2.94774199 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD579D080, [svchost.exe] +00000382 2.94871163 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5868080, [svchost.exe] +00000383 2.94886303 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5887080, [svchost.exe] +00000384 2.94891000 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD588E080, [dasHost.exe] +00000385 2.94898200 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD589C080, [svchost.exe] +00000386 2.94937444 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD58F0080, [svchost.exe] +00000387 2.94978309 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD59450C0, [svchost.exe] +00000388 2.94995356 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5962080, [svchost.exe] +00000389 2.95025492 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD59A90C0, [svchost.exe] +00000390 2.95032954 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD59B8080, [vmms.exe] +00000391 2.95088482 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5A250C0, [svchost.exe] +00000392 2.95094442 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5A31080, [svchost.exe] +00000393 2.95211935 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5B29080, [svchost.exe] +00000394 2.95217681 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5B350C0, [svchost.exe] +00000395 2.95223808 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5B42080, [NVDisplay.Cont] +00000396 2.95224428 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5B43080, [svchost.exe] +00000397 2.95240355 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5B65080, [svchost.exe] +00000398 2.95280814 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5BBF080, [svchost.exe] +00000399 2.95308948 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5BE8080, [svchost.exe] +00000400 2.95345449 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5C2F0D0, [] +00000401 2.95360231 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5C4E080, [igfxCUIService] +00000402 2.95364356 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5C51080, [h%ÚÓ Ûÿÿ:] +00000403 2.95370793 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5C57080, [vmwp.exe] +00000404 2.95459485 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5CCA0C0, [svchost.exe] +00000405 2.95464444 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5CCE080, [svchost.exe] +00000406 2.95469213 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5CD2080, [svchost.exe] +00000407 2.95558810 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5D840C0, [svchost.exe] +00000408 2.95584178 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5DBB080, [NVDisplay.Cont] +00000409 2.95605445 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5DE7080, [svchost.exe] +00000410 2.95606661 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5DE90C0, [svchost.exe] +00000411 2.95652485 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5E4A080, [svchost.exe] +00000412 2.95666122 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5E670C0, [svchost.exe] +00000413 2.95700240 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5EB0080, [conhost.exe] +00000414 2.95702648 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5EB5080, [svchost.exe] +00000415 2.95726752 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5EEA080, [svchost.exe] +00000416 2.95727372 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5EEB080, [svchost.exe] +00000417 2.95740604 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5F07080, [svchost.exe] +00000418 2.95841455 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD5FE9080, [svchost.exe] +00000419 2.95902801 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD606C080, [SynTPEnh.exe] +00000420 2.95903516 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD606D080, [svchost.exe] +00000421 2.96019650 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD6164080, [svchost.exe] +00000422 2.96021247 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD6167080, [svchost.exe] +00000423 2.96023345 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD616B080, [svchost.exe] +00000424 2.96058130 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD61B40C0, [spoolsv.exe] +00000425 2.96080041 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD61D50C0, [vmmem] +00000426 2.96114516 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD621B080, [svchost.exe] +00000427 2.96140885 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD6253080, [svchost.exe] +00000428 2.96181417 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD62AE080, [armsvc.exe] +00000429 2.96203542 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD62CB0C0, [AdobeUpdateSer] +00000430 2.96219349 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD62DF080, [AGMService.exe] +00000431 2.96224880 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD62E6080, [IntelCpHDCPSvc] +00000432 2.96225882 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD62E7080, [OfficeClickToR] +00000433 2.96226835 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD62E8080, [com.docker.ser] +00000434 2.96370101 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD63C80C0, [svchost.exe] +00000435 2.96385813 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD63DF080, [CxAudMsg64.exe] +00000436 2.96388078 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD63E2080, [CxUtilSvc.exe] +00000437 2.96463919 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD6452080, [DbxSvc.exe] +00000438 2.96466875 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD6456080, [svchost.exe] +00000439 2.96485615 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD646F080, [RtkAudUService] +00000440 2.96563125 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD64E10C0, [wlanext.exe] +00000441 2.96569848 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD64EC080, [EvtEng.exe] +00000442 2.96571350 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD64EE080, [ibtsiva.exe] +00000443 2.96585250 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD65020C0, [esif_uf.exe] +00000444 2.96586204 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD6503080, [FMService64.ex] +00000445 2.96607280 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD6522080, [svchost.exe] +00000446 2.96612597 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD652A080, [conhost.exe] +00000447 2.96613526 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD652B080, [LegacyCsLoader] +00000448 2.96628666 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD6540080, [svchost.exe] +00000449 2.96631217 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD6543080, [IntelTechnolog] +00000450 2.96672440 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD659A080, [NvTelemetryCon] +00000451 2.96746445 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD663F080, [PnkBstrA.exe] +00000452 2.96781206 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD668B080, [svchost.exe] +00000453 2.96783924 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD6690080, [SmartByteNetwo] +00000454 2.96784568 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD6691080, [RemoteServerWi] +00000455 2.96916771 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD6795080, [svchost.exe] +00000456 2.96918273 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD67970C0, [svchost.exe] +00000457 2.96923518 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD679D080, [SynTPEnhServic] +00000458 2.96947789 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD67C4080, [sqlwriter.exe] +00000459 2.96948504 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD67C5080, [ThunderboltSer] +00000460 2.97019792 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD685C080, [TeamViewer_Ser] +00000461 2.97067618 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD68C60C0, [svchost.exe] +00000462 2.97071409 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD68CE080, [TrueColorALS.e] +00000463 2.97072029 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD68CF080, [WmiPrvSE.exe] +00000464 2.97099590 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD690D080, [vmnetdhcp.exe] +00000465 2.97101235 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD6910080, [WmiPrvSE.exe] +00000466 2.97107911 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD691E080, [vmware-authd.e] +00000467 2.97123647 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD6940080, [vmware-usbarbi] +00000468 2.97125530 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD6944080, [svchost.exe] +00000469 2.97127104 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD6947080, [vmnat.exe] +00000470 2.97165990 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD69A00C0, [WDDriveService] +00000471 2.97167611 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD69A3080, [MsMpEng.exe] +00000472 2.97168708 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD69A5080, [ZeroConfigServ] +00000473 2.97186589 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD69C9080, [svchost.exe] +00000474 2.97216320 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD6A06080, [unsecapp.exe] +00000475 2.97266603 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD6A71080, [IntelCpHeciSvc] +00000476 2.97543430 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD6CCF080, [svchost.exe] +00000477 2.97611046 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD6D6B080, [igfxext.exe] +00000478 2.97943473 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD701C080, [svchost.exe] +00000479 2.98128009 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD71B0080, [svchost.exe] +00000480 2.98144913 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD71D40C0, [svchost.exe] +00000481 2.98282051 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD7296080, [vmware-hostd.e] +00000482 2.98661041 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD74EB080, [svchost.exe] +00000483 2.99496651 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD7973080, [svchost.exe] +00000484 2.99584842 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD79ED080, [vmcompute.exe] +00000485 2.99792528 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD7ADE080, [svchost.exe] +00000486 3.00029874 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD7BF6080, [dllhost.exe] +00000487 3.00457072 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD7E60080, [StartMenuExper] +00000488 3.00676703 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CD7FE6080, [NisSrv.exe] +00000489 3.28639555 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE401A250, [] +00000490 3.28735828 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE40F5080, [GoogleCrashHan] +00000491 3.28799891 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE4170080, [svchost.exe] +00000492 3.28811359 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE417F080, [svchost.exe] +00000493 3.28816867 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE4188080, [MsMpEngCP.exe] +00000494 3.28820729 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE4190080, [SynTPEnh.exe] +00000495 3.28860879 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE41E0080, [svchost.exe] +00000496 3.28864789 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE41E7210, [] +00000497 3.28950691 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE429E080, [svchost.exe] +00000498 3.28952146 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE42A1080, [GoogleUpdate.e] +00000499 3.28952718 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE42A2080, [svchost.exe] +00000500 3.28953314 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE42A3080, [PresentationFo] +00000501 3.28953886 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE42A4080, [DropboxUpdate.] +00000502 3.28954768 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE42A60C0, [taskhostw.exe] +00000503 3.28955722 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE42A8080, [svchost.exe] +00000504 3.29098248 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE43E00E0, [ˆÀ’× ÛÿÿˆÀ’× Ûÿ] +00000505 3.29099870 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE43E3200, [ctfmon.exe] +00000506 3.29109120 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE43F9080, [explorer.exe] +00000507 3.29118562 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE44130C0, [SynTPHelper.ex] +00000508 3.29326200 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE45E2080, [svchost.exe] +00000509 3.29384112 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE4659080, [ChsIME.exe] +00000510 3.29390001 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE4663080, [cmd.exe] +00000511 3.29411006 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE4688080, [userinit.exe] +00000512 3.29490852 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE47460C0, [igfxEM.exe] +00000513 3.29516125 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE4784140, [svchost.exe] +00000514 3.29586363 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE48240C0, [svchost.exe] +00000515 3.29657674 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE48C5080, [SearchIndexer.] +00000516 3.29871511 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE4AAB080, [svchost.exe] +00000517 3.29944324 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE4B54100, [chrome.exe] +00000518 3.29962206 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE4B7E080, [cmd.exe] +00000519 3.30003691 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE4BE1080, [RuntimeBroker.] +00000520 3.30031085 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE4C240C0, [TextInputHost.] +00000521 3.30134678 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE4D130C0, [RemoteServerWi] +00000522 3.30135274 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE4D14080, [chrome.exe] +00000523 3.30142379 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE4D240C0, [Docker.Watchgu] +00000524 3.30169678 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE4D650A0, [] +00000525 3.30205512 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE4DB90C0, [RuntimeBroker.] +00000526 3.30219984 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE4DD8080, [chrome.exe] +00000527 3.30251813 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE4E240C0, [IAStorIconLaun] +00000528 3.30344009 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE4EFC080, [YourPhone.exe] +00000529 3.30410147 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE4F860C0, [RuntimeBroker.] +00000530 3.30456710 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE4FF1080, [svchost.exe] +00000531 3.30864000 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE600B080, [chrome.exe] +00000532 3.30942130 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE60C30A0, [] +00000533 3.30947471 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE60CE250, [] +00000534 3.30963230 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE60F5080, [SkypeApp.exe] +00000535 3.30979204 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE611A140, [RtkAudUService] +00000536 3.30982947 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE61220A0, [ˆ€EÖ Ûÿÿˆ€EÖ Ûÿ] +00000537 3.31002927 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE61540E0, [ˆðÐä ÛÿÿˆðÐä Ûÿ] +00000538 3.31019044 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE61780C0, [SettingSyncHos] +00000539 3.31176949 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE62CE080, [ServiceShell.e] +00000540 3.31246471 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE636B080, [RuntimeBroker.] +00000541 3.31258917 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE6385080, [Dropbox.exe] +00000542 3.31278801 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE63B0080, [chrome.exe] +00000543 3.31299162 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE63DE0A0, [] +00000544 3.31472635 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE6577080, [chrome.exe] +00000545 3.31473613 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE6579080, [chrome.exe] +00000546 3.31479931 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE65870C0, [chrome.exe] +00000547 3.31558490 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE663B080, [chrome.exe] +00000548 3.31617689 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE66C8080, [chrome.exe] +00000549 3.31618571 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE66CA0C0, [chrome.exe] +00000550 3.31693316 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE6775080, [chrome.exe] +00000551 3.31703353 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE678A0C0, [Dropbox.exe] +00000552 3.31869006 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE69130C0, [vmware-tray.ex] +00000553 3.31873870 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE691D1F0, [] +00000554 3.31876397 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE6921080, [DSAPI.exe] +00000555 3.31897473 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE694D080, [Dropbox.exe] +00000556 3.31926370 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE698A0A0, [] +00000557 3.32157469 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE6B94080, [msdtc.exe] +00000558 3.32247639 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE6C620C0, [nvapiw.exe] +00000559 3.32292271 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE6CCA080, [aesm_service.e] +00000560 3.32754970 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE70E90C0, [DDVRulesProces] +00000561 3.33183599 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE74D90C0, [chrome.exe] +00000562 3.33184600 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE74DB080, [runonce.exe] +00000563 3.33223796 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE752D250, [] +00000564 3.33284116 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE75B80C0, [SecurityHealth] +00000565 3.33319354 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE7603080, [ShellExperienc] +00000566 3.33323169 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE760B170, [] +00000567 3.33363795 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE7662080, [GoogleCrashHan] +00000568 3.33412194 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE76D3080, [IAStorIcon.exe] +00000569 3.33434391 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE7705080, [chrome.exe] +00000570 3.33437157 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE770B080, [SearchApp.exe] +00000571 3.33439684 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE7710080, [chrome.exe] +00000572 3.33446765 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE7720080, [chrome.exe] +00000573 3.33448601 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE77240C0, [SmartAudio3.ex] +00000574 3.33454323 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE7731080, [Docker Desktop] +00000575 3.33463645 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE77460C0, [chrome.exe] +00000576 3.33467436 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE774E080, [chrome.exe] +00000577 3.33473611 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE775B080, [chrome.exe] +00000578 3.33474994 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE775E080, [chrome.exe] +00000579 3.33483458 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE7770080, [chrome.exe] +00000580 3.33487511 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE77790C0, [chrome.exe] +00000581 3.33648634 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE78DF080, [Docker.Watchgu] +00000582 3.33714986 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE79750C0, [dllhost.exe] +00000583 3.33721972 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE7984080, [conhost.exe] +00000584 3.33837271 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE7A8B080, [QtWebEnginePro] +00000585 3.34235191 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE7E15080, [DolbyDAX2API.e] +00000586 3.34262753 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE7E530C0, [YourPhoneServe] +00000587 3.34525514 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE80800C0, [SgrmBroker.exe] +00000588 3.34568691 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE80E3080, [IAStorDataMgrS] +00000589 3.34569359 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE80E50C0, [conhost.exe] +00000590 3.34627342 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE816E080, [LMS.exe] +00000591 3.34628510 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE8170080, [jhi_service.ex] +00000592 3.34630871 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE81760C0, [DDVCollectorSv] +00000593 3.34719944 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE824A080, [conhost.exe] +00000594 3.34724712 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE8255080, [SupportAssistA] +00000595 3.34816432 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE83240C0, [DDVDataCollect] +00000596 3.34828162 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE833E080, [com.docker.bac] +00000597 3.34985566 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE84B9080, [svchost.exe] +00000598 3.35335588 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE87C5080, [nvapiw.exe] +00000599 3.35537553 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE89940C0, [chrome.exe] +00000600 3.35656047 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE8AA50D0, [] +00000601 3.35697365 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE8B020C0, [conhost.exe] +00000602 3.35779047 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE8BC1240, [com.docker.pro] +00000603 3.35801768 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE8BF8080, [conhost.exe] +00000604 3.35802770 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE8BFA080, [mspdbsrv.exe] +00000605 3.35872483 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE8C95080, [conhost.exe] +00000606 3.35882521 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE8CAD0C0, [vpnkit.exe] +00000607 3.35910034 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE8CEE080, [chrome.exe] +00000608 3.36116886 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE8E9A0C0, [Tracker.exe] +00000609 3.36263990 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE8FEA0C0, [HxTsr.exe] +00000610 3.36290050 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE90241D0, [] +00000611 3.36324644 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE906E080, [chrome.exe] +00000612 3.36327887 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE90760F0, [] +00000613 3.36329150 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE90790F0, [] +00000614 3.36407995 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE9123230, [] +00000615 3.36408949 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE91250C0, [conhost.exe] +00000616 3.36410761 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE9129080, [explorer.exe] +00000617 3.36413932 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE9130270, [] +00000618 3.37451839 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CE9E11080, [dllhost.exe] +00000619 3.38101768 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEA3770C0, [languageclient] +00000620 3.38458967 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEA6920C0, [Microsoft.Phot] +00000621 3.38509631 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEA7020C0, [svchost.exe] +00000622 3.38530755 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEA7350C0, [RuntimeBroker.] +00000623 3.38608718 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEA7DC250, [] +00000624 3.39062309 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEAB9E0C0, [RuntimeBroker.] +00000625 3.39129710 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEAC350C0, [python.exe] +00000626 3.39329767 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEADD0080, [svchost.exe] +00000627 3.39734554 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEB0B80C0, [Dbgview.exe] +00000628 3.39742398 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEB0C5140, [chrome.exe] +00000629 3.39953208 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEB25C080, [MSBuild.exe] +00000630 3.40128160 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEB3CC0C0, [conhost.exe] +00000631 3.40129328 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEB3CE250, [] +00000632 3.40144920 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEB3EE080, [AcrobatNotific] +00000633 3.40218401 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEB4860C0, [nvim.exe] +00000634 3.40258121 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEB4DB0C0, [python.exe] +00000635 3.40300751 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEB5350C0, [chrome.exe] +00000636 3.40410805 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEB6020C0, [chrome.exe] +00000637 3.40424156 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEB61D080, [conhost.exe] +00000638 3.40674567 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEB8680C0, [nvapiw.exe] +00000639 3.40698719 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEB89F080, [conhost.exe] +00000640 3.40811443 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEB9CE0C0, [python.exe] +00000641 3.40863681 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEBA460C0, [chrome.exe] +00000642 3.40906000 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEBABD0C0, [chrome.exe] +00000643 3.40936565 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEBB07080, [cmd.exe] +00000644 3.40941429 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEBB130C0, [python.exe] +00000645 3.40942931 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEBB16080, [link.exe] +00000646 3.40962291 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEBB460C0, [conhost.exe] +00000647 3.41114521 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEBC8A0C0, [chrome.exe] +00000648 3.42360640 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEC9CE0C0, [svchost.exe] +00000649 3.42558122 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CECBAD0C0, [chrome.exe] +00000650 3.42760444 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CECD670C0, [conhost.exe] +00000651 3.42910671 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CECE950C0, [SearchApp.exe] +00000652 3.43050885 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CECFCA0C0, [conhost.exe] +00000653 3.43063807 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CECFE6250, [] +00000654 3.43387008 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CED2A50C0, [WmiApSrv.exe] +00000655 3.43430996 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CED3130C0, [python.exe] +00000656 3.43888521 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CED730080, [Tracker.exe] +00000657 3.43895841 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CED740250, [] +00000658 3.43905997 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CED7560C0, [HxTsr.exe] +00000659 3.43929195 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CED7890C0, [parse_pdb_for_] +00000660 3.43935728 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CED798080, [conhost.exe] +00000661 3.43936372 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CED79A0C0, [chrome.exe] +00000662 3.43977690 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CED7FE080, [signtool.exe] +00000663 3.44034481 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CED8790C0, [nvim.exe] +00000664 3.44190884 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CEF8680C0, [python.exe] +00000665 3.44340634 [NAK] :: [ ] eprocess offset 0x80 : 0xFFFFDB0CF01A7170, [] +00000666 33.47640610 [NAK] :: [+] Finish scanning +00000667 33.47640991 [NAK] :: [-] Scan large pool not supported yet +00000668 33.47682190 [NAK] :: [+] Goodbye from Kernel \ No newline at end of file