| 1 | f50.fb8: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000068 g_uNtVerCombined=0x63258000
|
|---|
| 2 | f50.fb8: \SystemRoot\System32\ntdll.dll:
|
|---|
| 3 | f50.fb8: CreationTime: 2014-09-12T17:28:12.875336300Z
|
|---|
| 4 | f50.fb8: LastWriteTime: 2014-08-16T04:01:48.888112400Z
|
|---|
| 5 | f50.fb8: ChangeTime: 2014-09-12T17:53:36.239600600Z
|
|---|
| 6 | f50.fb8: FileAttributes: 0x20
|
|---|
| 7 | f50.fb8: Size: 0x1a1868
|
|---|
| 8 | f50.fb8: NT Headers: 0xe8
|
|---|
| 9 | f50.fb8: Timestamp: 0x53eebd22
|
|---|
| 10 | f50.fb8: Machine: 0x8664 - amd64
|
|---|
| 11 | f50.fb8: Timestamp: 0x53eebd22
|
|---|
| 12 | f50.fb8: Image Version: 6.3
|
|---|
| 13 | f50.fb8: SizeOfImage: 0x1a6000 (1728512)
|
|---|
| 14 | f50.fb8: Resource Dir: 0x141000 LB 0x62450
|
|---|
| 15 | f50.fb8: ProductName: Microsoft® Windows® Operating System
|
|---|
| 16 | f50.fb8: ProductVersion: 6.3.9600.17278
|
|---|
| 17 | f50.fb8: FileVersion: 6.3.9600.17278 (winblue_r2.140815-1500)
|
|---|
| 18 | f50.fb8: FileDescription: NT Layer DLL
|
|---|
| 19 | f50.fb8: \SystemRoot\System32\kernel32.dll:
|
|---|
| 20 | f50.fb8: CreationTime: 2014-04-28T14:22:16.848773400Z
|
|---|
| 21 | f50.fb8: LastWriteTime: 2014-03-20T04:19:59.915412000Z
|
|---|
| 22 | f50.fb8: ChangeTime: 2014-04-28T14:25:53.627477800Z
|
|---|
| 23 | f50.fb8: FileAttributes: 0x20
|
|---|
| 24 | f50.fb8: Size: 0x13b3c0
|
|---|
| 25 | f50.fb8: NT Headers: 0xe8
|
|---|
| 26 | f50.fb8: Timestamp: 0x532a419c
|
|---|
| 27 | f50.fb8: Machine: 0x8664 - amd64
|
|---|
| 28 | f50.fb8: Timestamp: 0x532a419c
|
|---|
| 29 | f50.fb8: Image Version: 6.3
|
|---|
| 30 | f50.fb8: SizeOfImage: 0x13a000 (1286144)
|
|---|
| 31 | f50.fb8: Resource Dir: 0x12a000 LB 0x520
|
|---|
| 32 | f50.fb8: ProductName: Microsoft® Windows® Operating System
|
|---|
| 33 | f50.fb8: ProductVersion: 6.3.9600.17056
|
|---|
| 34 | f50.fb8: FileVersion: 6.3.9600.17056 (winblue_gdr.140319-1520)
|
|---|
| 35 | f50.fb8: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 36 | f50.fb8: \SystemRoot\System32\KernelBase.dll:
|
|---|
| 37 | f50.fb8: CreationTime: 2014-09-12T17:28:12.818299800Z
|
|---|
| 38 | f50.fb8: LastWriteTime: 2014-08-16T03:58:45.372065200Z
|
|---|
| 39 | f50.fb8: ChangeTime: 2014-09-12T17:53:36.067716900Z
|
|---|
| 40 | f50.fb8: FileAttributes: 0x20
|
|---|
| 41 | f50.fb8: Size: 0x10f9c0
|
|---|
| 42 | f50.fb8: NT Headers: 0xf0
|
|---|
| 43 | f50.fb8: Timestamp: 0x53eebf2e
|
|---|
| 44 | f50.fb8: Machine: 0x8664 - amd64
|
|---|
| 45 | f50.fb8: Timestamp: 0x53eebf2e
|
|---|
| 46 | f50.fb8: Image Version: 6.3
|
|---|
| 47 | f50.fb8: SizeOfImage: 0x10f000 (1110016)
|
|---|
| 48 | f50.fb8: Resource Dir: 0x10a000 LB 0x3528
|
|---|
| 49 | f50.fb8: ProductName: Microsoft® Windows® Operating System
|
|---|
| 50 | f50.fb8: ProductVersion: 6.3.9600.17278
|
|---|
| 51 | f50.fb8: FileVersion: 6.3.9600.17278 (winblue_r2.140815-1500)
|
|---|
| 52 | f50.fb8: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 53 | f50.fb8: \SystemRoot\System32\apisetschema.dll:
|
|---|
| 54 | f50.fb8: CreationTime: 2013-08-22T12:13:09.745625900Z
|
|---|
| 55 | f50.fb8: LastWriteTime: 2013-08-22T12:35:12.091034400Z
|
|---|
| 56 | f50.fb8: ChangeTime: 2013-10-17T18:22:55.319119800Z
|
|---|
| 57 | f50.fb8: FileAttributes: 0x20
|
|---|
| 58 | f50.fb8: Size: 0x11360
|
|---|
| 59 | f50.fb8: NT Headers: 0xd0
|
|---|
| 60 | f50.fb8: Timestamp: 0x52160049
|
|---|
| 61 | f50.fb8: Machine: 0x8664 - amd64
|
|---|
| 62 | f50.fb8: Timestamp: 0x52160049
|
|---|
| 63 | f50.fb8: Image Version: 6.3
|
|---|
| 64 | f50.fb8: SizeOfImage: 0x13000 (77824)
|
|---|
| 65 | f50.fb8: Resource Dir: 0x11000 LB 0x3f8
|
|---|
| 66 | f50.fb8: ProductName: Microsoft® Windows® Operating System
|
|---|
| 67 | f50.fb8: ProductVersion: 6.3.9600.16384
|
|---|
| 68 | f50.fb8: FileVersion: 6.3.9600.16384 (winblue_rtm.130821-1623)
|
|---|
| 69 | f50.fb8: FileDescription: ApiSet Schema DLL
|
|---|
| 70 | f50.fb8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
|
|---|
| 71 | f50.fb8: supR3HardenedWinFindAdversaries: 0x100
|
|---|
| 72 | f50.fb8: \SystemRoot\System32\drivers\avgrkx64.sys:
|
|---|
| 73 | f50.fb8: CreationTime: 2014-06-18T18:03:20.000000000Z
|
|---|
| 74 | f50.fb8: LastWriteTime: 2014-06-18T18:03:20.000000000Z
|
|---|
| 75 | f50.fb8: ChangeTime: 2014-11-10T17:29:03.339408200Z
|
|---|
| 76 | f50.fb8: FileAttributes: 0x20
|
|---|
| 77 | f50.fb8: Size: 0x7b18
|
|---|
| 78 | f50.fb8: NT Headers: 0xe8
|
|---|
| 79 | f50.fb8: Timestamp: 0x53a1e275
|
|---|
| 80 | f50.fb8: Machine: 0x8664 - amd64
|
|---|
| 81 | f50.fb8: Timestamp: 0x53a1e275
|
|---|
| 82 | f50.fb8: Image Version: 6.1
|
|---|
| 83 | f50.fb8: SizeOfImage: 0xa000 (40960)
|
|---|
| 84 | f50.fb8: Resource Dir: 0x9000 LB 0x500
|
|---|
| 85 | f50.fb8: ProductName: AVG Internet Security
|
|---|
| 86 | f50.fb8: ProductVersion: 15.0.0.5201
|
|---|
| 87 | f50.fb8: FileVersion: 15.0.0.5201
|
|---|
| 88 | f50.fb8: SpecialBuild: AvgVC10_2014_0618_210006(5201), SVNRev bd1b88d0d91531dd0874ddf74bf3db54b76e31ae (release/AVG2015_beta), av
|
|---|
| 89 | f50.fb8: PrivateBuild: x64 Release_Unicode_DRIVER_wnet
|
|---|
| 90 | f50.fb8: FileDescription: AVG Anti-Rootkit Driver
|
|---|
| 91 | f50.fb8: \SystemRoot\System32\drivers\avgmfx64.sys:
|
|---|
| 92 | f50.fb8: CreationTime: 2014-10-05T18:41:40.000000000Z
|
|---|
| 93 | f50.fb8: LastWriteTime: 2014-10-05T18:41:40.000000000Z
|
|---|
| 94 | f50.fb8: ChangeTime: 2014-11-10T17:29:03.546545900Z
|
|---|
| 95 | f50.fb8: FileAttributes: 0x20
|
|---|
| 96 | f50.fb8: Size: 0x1e518
|
|---|
| 97 | f50.fb8: NT Headers: 0xe0
|
|---|
| 98 | f50.fb8: Timestamp: 0x54319ef0
|
|---|
| 99 | f50.fb8: Machine: 0x8664 - amd64
|
|---|
| 100 | f50.fb8: Timestamp: 0x54319ef0
|
|---|
| 101 | f50.fb8: Image Version: 6.1
|
|---|
| 102 | f50.fb8: SizeOfImage: 0x22000 (139264)
|
|---|
| 103 | f50.fb8: Resource Dir: 0x20000 LB 0x528
|
|---|
| 104 | f50.fb8: ProductName: AVG Internet Security
|
|---|
| 105 | f50.fb8: ProductVersion: 15.0.0.5551
|
|---|
| 106 | f50.fb8: FileVersion: 15.0.0.5551
|
|---|
| 107 | f50.fb8: SpecialBuild: AvgVC10_2014_1005_213919(5551), SVNRev 4864070b033d85893c4f701583bf0badb2f61dbf (release/AVG2015-Oct_release), av
|
|---|
| 108 | f50.fb8: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
|
|---|
| 109 | f50.fb8: FileDescription: AVG Resident Shield Minifilter Driver
|
|---|
| 110 | f50.fb8: \SystemRoot\System32\drivers\avgidsdrivera.sys:
|
|---|
| 111 | f50.fb8: CreationTime: 2014-10-29T18:35:16.000000000Z
|
|---|
| 112 | f50.fb8: LastWriteTime: 2014-10-29T18:35:16.000000000Z
|
|---|
| 113 | f50.fb8: ChangeTime: 2014-11-14T05:51:43.646674300Z
|
|---|
| 114 | f50.fb8: FileAttributes: 0x20
|
|---|
| 115 | f50.fb8: Size: 0x40718
|
|---|
| 116 | f50.fb8: NT Headers: 0xd8
|
|---|
| 117 | f50.fb8: Timestamp: 0x54514f7e
|
|---|
| 118 | f50.fb8: Machine: 0x8664 - amd64
|
|---|
| 119 | f50.fb8: Timestamp: 0x54514f7e
|
|---|
| 120 | f50.fb8: Image Version: 6.1
|
|---|
| 121 | f50.fb8: SizeOfImage: 0x48000 (294912)
|
|---|
| 122 | f50.fb8: Resource Dir: 0x46000 LB 0x53c
|
|---|
| 123 | f50.fb8: ProductName: AVG Internet Security
|
|---|
| 124 | f50.fb8: ProductVersion: 15.0.0.5575
|
|---|
| 125 | f50.fb8: FileVersion: 15.0.0.5575
|
|---|
| 126 | f50.fb8: SpecialBuild: AvgVC10_2014_1029_213245(5575), SVNRev 30ff724c3e16098bdbe8f33214083038fc38c214 (release/HotFix2015-02), av
|
|---|
| 127 | f50.fb8: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
|
|---|
| 128 | f50.fb8: FileDescription: AVG IDS Application Activity Monitor Driver.
|
|---|
| 129 | f50.fb8: \SystemRoot\System32\drivers\avgidsha.sys:
|
|---|
| 130 | f50.fb8: CreationTime: 2014-06-18T18:03:34.000000000Z
|
|---|
| 131 | f50.fb8: LastWriteTime: 2014-06-18T18:03:34.000000000Z
|
|---|
| 132 | f50.fb8: ChangeTime: 2014-11-10T17:29:03.828828000Z
|
|---|
| 133 | f50.fb8: FileAttributes: 0x20
|
|---|
| 134 | f50.fb8: Size: 0x2e918
|
|---|
| 135 | f50.fb8: NT Headers: 0xe0
|
|---|
| 136 | f50.fb8: Timestamp: 0x53a1e283
|
|---|
| 137 | f50.fb8: Machine: 0x8664 - amd64
|
|---|
| 138 | f50.fb8: Timestamp: 0x53a1e283
|
|---|
| 139 | f50.fb8: Image Version: 6.1
|
|---|
| 140 | f50.fb8: SizeOfImage: 0x31000 (200704)
|
|---|
| 141 | f50.fb8: Resource Dir: 0x2f000 LB 0x530
|
|---|
| 142 | f50.fb8: ProductName: AVG Internet Security
|
|---|
| 143 | f50.fb8: ProductVersion: 15.0.0.5201
|
|---|
| 144 | f50.fb8: FileVersion: 15.0.0.5201
|
|---|
| 145 | f50.fb8: SpecialBuild: AvgVC10_2014_0618_210006(5201), SVNRev bd1b88d0d91531dd0874ddf74bf3db54b76e31ae (release/AVG2015_beta), av
|
|---|
| 146 | f50.fb8: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
|
|---|
| 147 | f50.fb8: FileDescription: AVG Application Activity Monitor Helper Driver
|
|---|
| 148 | f50.fb8: \SystemRoot\System32\drivers\avgloga.sys:
|
|---|
| 149 | f50.fb8: CreationTime: 2014-07-18T12:53:26.000000000Z
|
|---|
| 150 | f50.fb8: LastWriteTime: 2014-07-18T12:53:26.000000000Z
|
|---|
| 151 | f50.fb8: ChangeTime: 2014-11-10T17:29:03.241342600Z
|
|---|
| 152 | f50.fb8: FileAttributes: 0x20
|
|---|
| 153 | f50.fb8: Size: 0x4c918
|
|---|
| 154 | f50.fb8: NT Headers: 0xe8
|
|---|
| 155 | f50.fb8: Timestamp: 0x53c926d0
|
|---|
| 156 | f50.fb8: Machine: 0x8664 - amd64
|
|---|
| 157 | f50.fb8: Timestamp: 0x53c926d0
|
|---|
| 158 | f50.fb8: Image Version: 6.1
|
|---|
| 159 | f50.fb8: SizeOfImage: 0x4f000 (323584)
|
|---|
| 160 | f50.fb8: Resource Dir: 0x4d000 LB 0x4f0
|
|---|
| 161 | f50.fb8: ProductName: AVG Internet Security
|
|---|
| 162 | f50.fb8: ProductVersion: 15.0.0.5253
|
|---|
| 163 | f50.fb8: FileVersion: 15.0.0.5253
|
|---|
| 164 | f50.fb8: SpecialBuild: AvgVC10_2014_0718_154537(5253), SVNRev 448c6021b34489e17d581606b6584bfbd09f8224 (release/AVG2015_beta), av
|
|---|
| 165 | f50.fb8: PrivateBuild: x64 Release_Unicode_DRIVER_wnet
|
|---|
| 166 | f50.fb8: FileDescription: AVG Logging Driver
|
|---|
| 167 | f50.fb8: \SystemRoot\System32\drivers\avgldx64.sys:
|
|---|
| 168 | f50.fb8: CreationTime: 2014-08-28T18:47:24.000000000Z
|
|---|
| 169 | f50.fb8: LastWriteTime: 2014-08-28T18:47:24.000000000Z
|
|---|
| 170 | f50.fb8: ChangeTime: 2014-11-10T17:29:03.427466600Z
|
|---|
| 171 | f50.fb8: FileAttributes: 0x20
|
|---|
| 172 | f50.fb8: Size: 0x3b718
|
|---|
| 173 | f50.fb8: NT Headers: 0xd0
|
|---|
| 174 | f50.fb8: Timestamp: 0x53ff8749
|
|---|
| 175 | f50.fb8: Machine: 0x8664 - amd64
|
|---|
| 176 | f50.fb8: Timestamp: 0x53ff8749
|
|---|
| 177 | f50.fb8: Image Version: 6.1
|
|---|
| 178 | f50.fb8: SizeOfImage: 0x40000 (262144)
|
|---|
| 179 | f50.fb8: Resource Dir: 0x3e000 LB 0x504
|
|---|
| 180 | f50.fb8: ProductName: AVG Internet Security
|
|---|
| 181 | f50.fb8: ProductVersion: 15.0.0.5500
|
|---|
| 182 | f50.fb8: FileVersion: 15.0.0.5500
|
|---|
| 183 | f50.fb8: SpecialBuild: AvgVC10_2014_0828_213614(5500), SVNRev d9a34f8a555118351dc28a5971fe7707eb760d16 (release/AVG2015-GMS_beta), av
|
|---|
| 184 | f50.fb8: PrivateBuild: x64 Release_Unicode_DRIVER_wnet
|
|---|
| 185 | f50.fb8: FileDescription: AVG AVI Loader Driver
|
|---|
| 186 | f50.fb8: \SystemRoot\System32\drivers\avgdiska.sys:
|
|---|
| 187 | f50.fb8: CreationTime: 2014-06-18T18:03:34.000000000Z
|
|---|
| 188 | f50.fb8: LastWriteTime: 2014-06-18T18:03:34.000000000Z
|
|---|
| 189 | f50.fb8: ChangeTime: 2014-11-10T17:29:04.134031000Z
|
|---|
| 190 | f50.fb8: FileAttributes: 0x20
|
|---|
| 191 | f50.fb8: Size: 0x25718
|
|---|
| 192 | f50.fb8: NT Headers: 0xd0
|
|---|
| 193 | f50.fb8: Timestamp: 0x53a1e281
|
|---|
| 194 | f50.fb8: Machine: 0x8664 - amd64
|
|---|
| 195 | f50.fb8: Timestamp: 0x53a1e281
|
|---|
| 196 | f50.fb8: Image Version: 6.1
|
|---|
| 197 | f50.fb8: SizeOfImage: 0x29000 (167936)
|
|---|
| 198 | f50.fb8: Resource Dir: 0x27000 LB 0x4fc
|
|---|
| 199 | f50.fb8: ProductName: AVG Internet Security
|
|---|
| 200 | f50.fb8: ProductVersion: 15.0.0.5201
|
|---|
| 201 | f50.fb8: FileVersion: 15.0.0.5201
|
|---|
| 202 | f50.fb8: SpecialBuild: AvgVC10_2014_0618_210006(5201), SVNRev bd1b88d0d91531dd0874ddf74bf3db54b76e31ae (release/AVG2015_beta), av
|
|---|
| 203 | f50.fb8: PrivateBuild: x64 Release_Unicode_DRIVER_wlh
|
|---|
| 204 | f50.fb8: FileDescription: AVG File Vault Driver
|
|---|
| 205 | f50.fb8: Calling main()
|
|---|
| 206 | f50.fb8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
|
|---|
| 207 | f50.fb8: SUPR3HardenedMain: Respawn #1
|
|---|
| 208 | f50.fb8: System32: \Device\HarddiskVolume6\Windows\System32
|
|---|
| 209 | f50.fb8: WinSxS: \Device\HarddiskVolume6\Windows\WinSxS
|
|---|
| 210 | f50.fb8: KnownDllPath: C:\WINDOWS\system32
|
|---|
| 211 | f50.fb8: '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 212 | f50.fb8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe)
|
|---|
| 213 | f50.fb8: supR3HardNtEnableThreadCreation:
|
|---|
| 214 | f50.fb8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff914c29c5c pvNtTerminateThread=00007ff914c51ba0
|
|---|
| 215 | f50.fb8: supR3HardenedWinDoReSpawn(1): New child 1438.1470 [kernel32].
|
|---|
| 216 | f50.fb8: supR3HardNtChildGatherData: PebBaseAddress=00007ff73282b000 cbPeb=0x388
|
|---|
| 217 | f50.fb8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff914bc0000 uNtDllChildAddr=00007ff914bc0000
|
|---|
| 218 | f50.fb8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff914c29c5c
|
|---|
| 219 | f50.fb8: supR3HardenedWinSetupChildInit: Start child.
|
|---|
| 220 | f50.fb8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
|
|---|
| 221 | f50.fb8: supR3HardNtChildPurify: Startup delay kludge #1/0: 513 ms, 57 sleeps
|
|---|
| 222 | f50.fb8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
|
|---|
| 223 | f50.fb8: *0000000000000000-ffffffffff83ffff 0x0001/0x0000 0x0000000
|
|---|
| 224 | f50.fb8: *00000000007c0000-000000000079ffff 0x0004/0x0004 0x0020000
|
|---|
| 225 | f50.fb8: *00000000007e0000-00000000007d0fff 0x0002/0x0002 0x0040000
|
|---|
| 226 | f50.fb8: 00000000007ef000-00000000007edfff 0x0001/0x0000 0x0000000
|
|---|
| 227 | f50.fb8: *00000000007f0000-00000000006f3fff 0x0000/0x0004 0x0020000
|
|---|
| 228 | f50.fb8: 00000000008ec000-00000000008e8fff 0x0104/0x0004 0x0020000
|
|---|
| 229 | f50.fb8: 00000000008ef000-00000000008edfff 0x0004/0x0004 0x0020000
|
|---|
| 230 | f50.fb8: *00000000008f0000-00000000008ebfff 0x0002/0x0002 0x0040000
|
|---|
| 231 | f50.fb8: 00000000008f4000-00000000008e7fff 0x0001/0x0000 0x0000000
|
|---|
| 232 | f50.fb8: *0000000000900000-00000000008fdfff 0x0004/0x0004 0x0020000
|
|---|
| 233 | f50.fb8: 0000000000902000-00000000008f3fff 0x0001/0x0000 0x0000000
|
|---|
| 234 | f50.fb8: *0000000000910000-000000000090efff 0x0040/0x0040 0x0020000 !!
|
|---|
| 235 | f50.fb8: supHardNtVpScanVirtualMemory: Freeing exec mem at 0000000000910000 (0000000000910000 LB 0x1000)
|
|---|
| 236 | f50.fb8: 0000000000911000-ffffffff81241fff 0x0001/0x0000 0x0000000
|
|---|
| 237 | f50.fb8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
|
|---|
| 238 | f50.fb8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
|
|---|
| 239 | f50.fb8: 000000007fff0000-ffff8009cd7dffff 0x0001/0x0000 0x0000000
|
|---|
| 240 | f50.fb8: *00007ff732800000-00007ff7327dcfff 0x0002/0x0002 0x0040000
|
|---|
| 241 | f50.fb8: 00007ff732823000-00007ff73281afff 0x0001/0x0000 0x0000000
|
|---|
| 242 | f50.fb8: *00007ff73282b000-00007ff732829fff 0x0004/0x0004 0x0020000
|
|---|
| 243 | f50.fb8: 00007ff73282c000-00007ff732829fff 0x0001/0x0000 0x0000000
|
|---|
| 244 | f50.fb8: *00007ff73282e000-00007ff73282bfff 0x0004/0x0004 0x0020000
|
|---|
| 245 | f50.fb8: 00007ff732830000-00007ff731dbffff 0x0001/0x0000 0x0000000
|
|---|
| 246 | f50.fb8: *00007ff7332a0000-00007ff73329efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 247 | f50.fb8: 00007ff7332a1000-00007ff73321cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 248 | f50.fb8: 00007ff733325000-00007ff733323fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 249 | f50.fb8: 00007ff733326000-00007ff7332e8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 250 | f50.fb8: 00007ff733363000-00007ff733361fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 251 | f50.fb8: 00007ff733364000-00007ff733362fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 252 | f50.fb8: 00007ff733365000-00007ff733362fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 253 | f50.fb8: 00007ff733367000-00007ff733365fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 254 | f50.fb8: 00007ff733368000-00007ff733366fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 255 | f50.fb8: 00007ff733369000-00007ff733364fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 256 | f50.fb8: 00007ff73336d000-00007ff733333fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 257 | f50.fb8: 00007ff7333a6000-00007ff551b8bfff 0x0001/0x0000 0x0000000
|
|---|
| 258 | f50.fb8: *00007ff914bc0000-00007ff914bbefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
|
|---|
| 259 | f50.fb8: 00007ff914bc1000-00007ff914a9bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
|
|---|
| 260 | f50.fb8: 00007ff914ce6000-00007ff914cdcfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
|
|---|
| 261 | f50.fb8: 00007ff914cef000-00007ff914ce1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
|
|---|
| 262 | f50.fb8: 00007ff914cfc000-00007ff914cfafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
|
|---|
| 263 | f50.fb8: 00007ff914cfd000-00007ff914cfbfff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
|
|---|
| 264 | f50.fb8: 00007ff914cfe000-00007ff914c95fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
|
|---|
| 265 | f50.fb8: 00007ff914d66000-00007ff229aebfff 0x0001/0x0000 0x0000000
|
|---|
| 266 | f50.fb8: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
|
|---|
| 267 | f50.fb8: VirtualBox.exe: timestamp 0x54731167 (rc=VINF_SUCCESS)
|
|---|
| 268 | f50.fb8: '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 269 | f50.fb8: '\Device\HarddiskVolume6\Windows\System32\ntdll.dll' has no imports
|
|---|
| 270 | f50.fb8: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x100
|
|---|
| 271 | f50.fb8: supR3HardNtChildPurify: Startup delay kludge #1/1: 520 ms, 58 sleeps
|
|---|
| 272 | f50.fb8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
|
|---|
| 273 | f50.fb8: *0000000000000000-ffffffffff83ffff 0x0001/0x0000 0x0000000
|
|---|
| 274 | f50.fb8: *00000000007c0000-000000000079ffff 0x0004/0x0004 0x0020000
|
|---|
| 275 | f50.fb8: *00000000007e0000-00000000007d0fff 0x0002/0x0002 0x0040000
|
|---|
| 276 | f50.fb8: 00000000007ef000-00000000007edfff 0x0001/0x0000 0x0000000
|
|---|
| 277 | f50.fb8: *00000000007f0000-00000000006f3fff 0x0000/0x0004 0x0020000
|
|---|
| 278 | f50.fb8: 00000000008ec000-00000000008e8fff 0x0104/0x0004 0x0020000
|
|---|
| 279 | f50.fb8: 00000000008ef000-00000000008edfff 0x0004/0x0004 0x0020000
|
|---|
| 280 | f50.fb8: *00000000008f0000-00000000008ebfff 0x0002/0x0002 0x0040000
|
|---|
| 281 | f50.fb8: 00000000008f4000-00000000008e7fff 0x0001/0x0000 0x0000000
|
|---|
| 282 | f50.fb8: *0000000000900000-00000000008fdfff 0x0004/0x0004 0x0020000
|
|---|
| 283 | f50.fb8: 0000000000902000-ffffffff81223fff 0x0001/0x0000 0x0000000
|
|---|
| 284 | f50.fb8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
|
|---|
| 285 | f50.fb8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
|
|---|
| 286 | f50.fb8: 000000007fff0000-ffff8009cd7dffff 0x0001/0x0000 0x0000000
|
|---|
| 287 | f50.fb8: *00007ff732800000-00007ff7327dcfff 0x0002/0x0002 0x0040000
|
|---|
| 288 | f50.fb8: 00007ff732823000-00007ff73281afff 0x0001/0x0000 0x0000000
|
|---|
| 289 | f50.fb8: *00007ff73282b000-00007ff732829fff 0x0004/0x0004 0x0020000
|
|---|
| 290 | f50.fb8: 00007ff73282c000-00007ff732829fff 0x0001/0x0000 0x0000000
|
|---|
| 291 | f50.fb8: *00007ff73282e000-00007ff73282bfff 0x0004/0x0004 0x0020000
|
|---|
| 292 | f50.fb8: 00007ff732830000-00007ff731dbffff 0x0001/0x0000 0x0000000
|
|---|
| 293 | f50.fb8: *00007ff7332a0000-00007ff73329efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 294 | f50.fb8: 00007ff7332a1000-00007ff73321cfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 295 | f50.fb8: 00007ff733325000-00007ff733323fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 296 | f50.fb8: 00007ff733326000-00007ff7332e8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 297 | f50.fb8: 00007ff733363000-00007ff733358fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 298 | f50.fb8: 00007ff73336d000-00007ff733333fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 299 | f50.fb8: 00007ff7333a6000-00007ff551b8bfff 0x0001/0x0000 0x0000000
|
|---|
| 300 | f50.fb8: *00007ff914bc0000-00007ff914bbefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
|
|---|
| 301 | f50.fb8: 00007ff914bc1000-00007ff914a9bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
|
|---|
| 302 | f50.fb8: 00007ff914ce6000-00007ff914cdcfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
|
|---|
| 303 | f50.fb8: 00007ff914cef000-00007ff914ce1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
|
|---|
| 304 | f50.fb8: 00007ff914cfc000-00007ff914cfafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
|
|---|
| 305 | f50.fb8: 00007ff914cfd000-00007ff914cfbfff 0x0010/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
|
|---|
| 306 | f50.fb8: 00007ff914cfe000-00007ff914c95fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume6\Windows\System32\ntdll.dll
|
|---|
| 307 | f50.fb8: 00007ff914d66000-00007ff229aebfff 0x0001/0x0000 0x0000000
|
|---|
| 308 | f50.fb8: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
|
|---|
| 309 | f50.fb8: supR3HardNtChildPurify: Done after 1085 ms and 1 fixes (loop #1).
|
|---|
| 310 | f50.fb8: supR3HardNtEnableThreadCreation:
|
|---|
| 311 | 1438.1470: Log file opened: 4.3.20r96997 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000
|
|---|
| 312 | 1438.1470: supR3HardenedVmProcessInit: uNtDllAddr=00007ff914bc0000
|
|---|
| 313 | 1438.1470: ntdll.dll: timestamp 0x53eebd22 (rc=VINF_SUCCESS)
|
|---|
| 314 | 1438.1470: New simple heap: #1 0000000000a10000 LB 0x400000 (for 1728512 allocation)
|
|---|
| 315 | 1438.1470: System32: \Device\HarddiskVolume6\Windows\System32
|
|---|
| 316 | 1438.1470: WinSxS: \Device\HarddiskVolume6\Windows\WinSxS
|
|---|
| 317 | 1438.1470: KnownDllPath: C:\WINDOWS\system32
|
|---|
| 318 | 1438.1470: supR3HardenedVmProcessInit: Opening vboxdrv stub...
|
|---|
| 319 | 1438.1470: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
|
|---|
| 320 | 1438.1470: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
|
|---|
| 321 | 1438.1470: Registered Dll notification callback with NTDLL.
|
|---|
| 322 | 1438.1470: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\kernel32.dll)
|
|---|
| 323 | 1438.1470: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\kernel32.dll
|
|---|
| 324 | 1438.1470: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 325 | 1438.1470: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
|
|---|
| 326 | 1438.1470: supR3HardenedDllNotificationCallback: load 00007ff911190000 LB 0x0010f000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
|
|---|
| 327 | 1438.1470: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Windows\System32\KernelBase.dll)
|
|---|
| 328 | 1438.1470: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Windows\System32\KernelBase.dll
|
|---|
| 329 | 1438.1470: supR3HardenedDllNotificationCallback: load 00007ff913920000 LB 0x0013a000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
|
|---|
| 330 | 1438.1470: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume6\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
|
|---|
| 331 | 1438.1470: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff913920000 'C:\WINDOWS\system32\KERNEL32.DLL'
|
|---|
| 332 | 1438.1470: supR3HardenedDllNotificationCallback: load 00007ff7332a0000 LB 0x00106000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
|
|---|
| 333 | 1438.1470: '\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 334 | 1438.1470: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe)
|
|---|
| 335 | 1438.1470: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume6\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 336 | f50.fb8: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 86 ms, CloseEvents);
|
|---|