| 1 | 78.183c: Log file opened: 5.0.2r102096 g_hStartupLog=0000000000000044 g_uNtVerCombined=0xa0280000
|
|---|
| 2 | 78.183c: \SystemRoot\System32\ntdll.dll:
|
|---|
| 3 | 78.183c: CreationTime: 2016-02-14T09:13:39.052060200Z
|
|---|
| 4 | 78.183c: LastWriteTime: 2016-01-31T06:24:08.504709500Z
|
|---|
| 5 | 78.183c: ChangeTime: 2016-02-15T18:56:30.861723300Z
|
|---|
| 6 | 78.183c: FileAttributes: 0x20
|
|---|
| 7 | 78.183c: Size: 0x1bd870
|
|---|
| 8 | 78.183c: NT Headers: 0xd8
|
|---|
| 9 | 78.183c: Timestamp: 0x56ad9704
|
|---|
| 10 | 78.183c: Machine: 0x8664 - amd64
|
|---|
| 11 | 78.183c: Timestamp: 0x56ad9704
|
|---|
| 12 | 78.183c: Image Version: 10.0
|
|---|
| 13 | 78.183c: SizeOfImage: 0x1c2000 (1843200)
|
|---|
| 14 | 78.183c: Resource Dir: 0x15b000 LB 0x65718
|
|---|
| 15 | 78.183c: ProductName: Microsoft® Windows® Operating System
|
|---|
| 16 | 78.183c: ProductVersion: 10.0.10240.16683
|
|---|
| 17 | 78.183c: FileVersion: 10.0.10240.16683 (th1.160130-1842)
|
|---|
| 18 | 78.183c: FileDescription: NT Layer DLL
|
|---|
| 19 | 78.183c: \SystemRoot\System32\kernel32.dll:
|
|---|
| 20 | 78.183c: CreationTime: 2015-07-10T10:59:59.699781600Z
|
|---|
| 21 | 78.183c: LastWriteTime: 2015-07-10T10:59:59.699781600Z
|
|---|
| 22 | 78.183c: ChangeTime: 2015-10-26T21:21:03.376459200Z
|
|---|
| 23 | 78.183c: FileAttributes: 0x20
|
|---|
| 24 | 78.183c: Size: 0xab830
|
|---|
| 25 | 78.183c: NT Headers: 0xf0
|
|---|
| 26 | 78.183c: Timestamp: 0x559f38ad
|
|---|
| 27 | 78.183c: Machine: 0x8664 - amd64
|
|---|
| 28 | 78.183c: Timestamp: 0x559f38ad
|
|---|
| 29 | 78.183c: Image Version: 10.0
|
|---|
| 30 | 78.183c: SizeOfImage: 0xad000 (708608)
|
|---|
| 31 | 78.183c: Resource Dir: 0xab000 LB 0x518
|
|---|
| 32 | 78.183c: ProductName: Microsoft® Windows® Operating System
|
|---|
| 33 | 78.183c: ProductVersion: 10.0.10240.16384
|
|---|
| 34 | 78.183c: FileVersion: 10.0.10240.16384 (th1.150709-1700)
|
|---|
| 35 | 78.183c: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 36 | 78.183c: \SystemRoot\System32\KernelBase.dll:
|
|---|
| 37 | 78.183c: CreationTime: 2016-02-14T09:13:43.046683400Z
|
|---|
| 38 | 78.183c: LastWriteTime: 2016-01-31T06:25:52.401093100Z
|
|---|
| 39 | 78.183c: ChangeTime: 2016-02-15T18:56:30.486719700Z
|
|---|
| 40 | 78.183c: FileAttributes: 0x20
|
|---|
| 41 | 78.183c: Size: 0x1dc880
|
|---|
| 42 | 78.183c: NT Headers: 0xf0
|
|---|
| 43 | 78.183c: Timestamp: 0x56ad97a2
|
|---|
| 44 | 78.183c: Machine: 0x8664 - amd64
|
|---|
| 45 | 78.183c: Timestamp: 0x56ad97a2
|
|---|
| 46 | 78.183c: Image Version: 10.0
|
|---|
| 47 | 78.183c: SizeOfImage: 0x1dd000 (1953792)
|
|---|
| 48 | 78.183c: Resource Dir: 0x1c7000 LB 0x530
|
|---|
| 49 | 78.183c: ProductName: Microsoft® Windows® Operating System
|
|---|
| 50 | 78.183c: ProductVersion: 10.0.10240.16683
|
|---|
| 51 | 78.183c: FileVersion: 10.0.10240.16683 (th1.160130-1842)
|
|---|
| 52 | 78.183c: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 53 | 78.183c: \SystemRoot\System32\apisetschema.dll:
|
|---|
| 54 | 78.183c: CreationTime: 2015-07-10T11:00:04.872098600Z
|
|---|
| 55 | 78.183c: LastWriteTime: 2015-07-10T11:00:04.872098600Z
|
|---|
| 56 | 78.183c: ChangeTime: 2015-09-04T22:44:05.965798400Z
|
|---|
| 57 | 78.183c: FileAttributes: 0x20
|
|---|
| 58 | 78.183c: Size: 0x16760
|
|---|
| 59 | 78.183c: NT Headers: 0xc8
|
|---|
| 60 | 78.183c: Timestamp: 0x559f3e3d
|
|---|
| 61 | 78.183c: Machine: 0x8664 - amd64
|
|---|
| 62 | 78.183c: Timestamp: 0x559f3e3d
|
|---|
| 63 | 78.183c: Image Version: 10.0
|
|---|
| 64 | 78.183c: SizeOfImage: 0x17000 (94208)
|
|---|
| 65 | 78.183c: Resource Dir: 0x16000 LB 0x3f0
|
|---|
| 66 | 78.183c: ProductName: Microsoft® Windows® Operating System
|
|---|
| 67 | 78.183c: ProductVersion: 10.0.10240.16384
|
|---|
| 68 | 78.183c: FileVersion: 10.0.10240.16384 (th1.150709-1700)
|
|---|
| 69 | 78.183c: FileDescription: ApiSet Schema DLL
|
|---|
| 70 | 78.183c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
|
|---|
| 71 | 78.183c: supR3HardenedWinFindAdversaries: 0x4
|
|---|
| 72 | 78.183c: \SystemRoot\System32\drivers\aswHwid.sys:
|
|---|
| 73 | 78.183c: CreationTime: 2015-09-04T22:31:44.708479200Z
|
|---|
| 74 | 78.183c: LastWriteTime: 2015-09-04T22:31:43.125021300Z
|
|---|
| 75 | 78.183c: ChangeTime: 2015-09-04T22:31:44.371300700Z
|
|---|
| 76 | 78.183c: FileAttributes: 0x20
|
|---|
| 77 | 78.183c: Size: 0x6ff0
|
|---|
| 78 | 78.183c: NT Headers: 0xe8
|
|---|
| 79 | 78.183c: Timestamp: 0x55b66532
|
|---|
| 80 | 78.183c: Machine: 0x8664 - amd64
|
|---|
| 81 | 78.183c: Timestamp: 0x55b66532
|
|---|
| 82 | 78.183c: Image Version: 6.0
|
|---|
| 83 | 78.183c: SizeOfImage: 0xa000 (40960)
|
|---|
| 84 | 78.183c: Resource Dir: 0x8000 LB 0x398
|
|---|
| 85 | 78.183c: ProductName: Avast Antivirus
|
|---|
| 86 | 78.183c: ProductVersion: 10.3.2225.1172
|
|---|
| 87 | 78.183c: FileVersion: 10.3.2225.1172
|
|---|
| 88 | 78.183c: FileDescription: avast! HWID
|
|---|
| 89 | 78.183c: \SystemRoot\System32\drivers\aswMonFlt.sys:
|
|---|
| 90 | 78.183c: CreationTime: 2015-09-04T22:31:44.708479200Z
|
|---|
| 91 | 78.183c: LastWriteTime: 2015-09-04T22:31:43.137032600Z
|
|---|
| 92 | 78.183c: ChangeTime: 2015-09-04T22:31:44.371300700Z
|
|---|
| 93 | 78.183c: FileAttributes: 0x20
|
|---|
| 94 | 78.183c: Size: 0x16358
|
|---|
| 95 | 78.183c: NT Headers: 0xe8
|
|---|
| 96 | 78.183c: Timestamp: 0x55b66516
|
|---|
| 97 | 78.183c: Machine: 0x8664 - amd64
|
|---|
| 98 | 78.183c: Timestamp: 0x55b66516
|
|---|
| 99 | 78.183c: Image Version: 6.0
|
|---|
| 100 | 78.183c: SizeOfImage: 0x24000 (147456)
|
|---|
| 101 | 78.183c: Resource Dir: 0x22000 LB 0x3c0
|
|---|
| 102 | 78.183c: ProductName: Avast Antivirus
|
|---|
| 103 | 78.183c: ProductVersion: 10.3.2225.1172
|
|---|
| 104 | 78.183c: FileVersion: 10.3.2225.1172
|
|---|
| 105 | 78.183c: FileDescription: avast! File System Minifilter for Windows 2003/Vista
|
|---|
| 106 | 78.183c: \SystemRoot\System32\drivers\aswRdr2.sys:
|
|---|
| 107 | 78.183c: CreationTime: 2015-09-04T22:31:44.704481000Z
|
|---|
| 108 | 78.183c: LastWriteTime: 2015-09-04T22:31:42.980946400Z
|
|---|
| 109 | 78.183c: ChangeTime: 2015-09-04T22:31:44.371300700Z
|
|---|
| 110 | 78.183c: FileAttributes: 0x20
|
|---|
| 111 | 78.183c: Size: 0x16d58
|
|---|
| 112 | 78.183c: NT Headers: 0xf0
|
|---|
| 113 | 78.183c: Timestamp: 0x55b66550
|
|---|
| 114 | 78.183c: Machine: 0x8664 - amd64
|
|---|
| 115 | 78.183c: Timestamp: 0x55b66550
|
|---|
| 116 | 78.183c: Image Version: 6.1
|
|---|
| 117 | 78.183c: SizeOfImage: 0x1a000 (106496)
|
|---|
| 118 | 78.183c: Resource Dir: 0x18000 LB 0x3a8
|
|---|
| 119 | 78.183c: ProductName: Avast Antivirus
|
|---|
| 120 | 78.183c: ProductVersion: 10.3.2225.1172
|
|---|
| 121 | 78.183c: FileVersion: 10.3.2225.1172 built by: WinDDK
|
|---|
| 122 | 78.183c: FileDescription: avast! WFP Redirect Driver
|
|---|
| 123 | 78.183c: \SystemRoot\System32\drivers\aswRvrt.sys:
|
|---|
| 124 | 78.183c: CreationTime: 2015-09-04T22:31:44.712479200Z
|
|---|
| 125 | 78.183c: LastWriteTime: 2015-09-04T22:31:43.145023400Z
|
|---|
| 126 | 78.183c: ChangeTime: 2015-09-04T22:31:44.371300700Z
|
|---|
| 127 | 78.183c: FileAttributes: 0x20
|
|---|
| 128 | 78.183c: Size: 0xfec8
|
|---|
| 129 | 78.183c: NT Headers: 0xf8
|
|---|
| 130 | 78.183c: Timestamp: 0x55b66505
|
|---|
| 131 | 78.183c: Machine: 0x8664 - amd64
|
|---|
| 132 | 78.183c: Timestamp: 0x55b66505
|
|---|
| 133 | 78.183c: Image Version: 6.0
|
|---|
| 134 | 78.183c: SizeOfImage: 0x13000 (77824)
|
|---|
| 135 | 78.183c: Resource Dir: 0x11000 LB 0x398
|
|---|
| 136 | 78.183c: ProductName: Avast Antivirus
|
|---|
| 137 | 78.183c: ProductVersion: 10.3.2225.1172
|
|---|
| 138 | 78.183c: FileVersion: 10.3.2225.1172
|
|---|
| 139 | 78.183c: FileDescription: avast! Revert
|
|---|
| 140 | 78.183c: \SystemRoot\System32\drivers\aswSnx.sys:
|
|---|
| 141 | 78.183c: CreationTime: 2015-09-04T22:31:44.696478100Z
|
|---|
| 142 | 78.183c: LastWriteTime: 2015-11-12T10:31:56.443927500Z
|
|---|
| 143 | 78.183c: ChangeTime: 2015-11-12T10:31:56.443927500Z
|
|---|
| 144 | 78.183c: FileAttributes: 0x20
|
|---|
| 145 | 78.183c: Size: 0x102b48
|
|---|
| 146 | 78.183c: NT Headers: 0xe8
|
|---|
| 147 | 78.183c: Timestamp: 0x5631cc02
|
|---|
| 148 | 78.183c: Machine: 0x8664 - amd64
|
|---|
| 149 | 78.183c: Timestamp: 0x5631cc02
|
|---|
| 150 | 78.183c: Image Version: 6.0
|
|---|
| 151 | 78.183c: SizeOfImage: 0x106000 (1073152)
|
|---|
| 152 | 78.183c: Resource Dir: 0xfe000 LB 0x388
|
|---|
| 153 | 78.183c: ProductName: Avast Antivirus
|
|---|
| 154 | 78.183c: ProductVersion: 10.3.2225.1189
|
|---|
| 155 | 78.183c: FileVersion: 10.3.2225.1189
|
|---|
| 156 | 78.183c: FileDescription: avast! Virtualization Driver
|
|---|
| 157 | 78.183c: \SystemRoot\System32\drivers\aswsp.sys:
|
|---|
| 158 | 78.183c: CreationTime: 2015-09-04T22:31:44.716626700Z
|
|---|
| 159 | 78.183c: LastWriteTime: 2015-11-12T10:31:56.527020600Z
|
|---|
| 160 | 78.183c: ChangeTime: 2015-11-12T10:31:56.527020600Z
|
|---|
| 161 | 78.183c: FileAttributes: 0x20
|
|---|
| 162 | 78.183c: Size: 0x6ddc8
|
|---|
| 163 | 78.183c: NT Headers: 0x100
|
|---|
| 164 | 78.183c: Timestamp: 0x5631d051
|
|---|
| 165 | 78.183c: Machine: 0x8664 - amd64
|
|---|
| 166 | 78.183c: Timestamp: 0x5631d051
|
|---|
| 167 | 78.183c: Image Version: 6.0
|
|---|
| 168 | 78.183c: SizeOfImage: 0x75000 (479232)
|
|---|
| 169 | 78.183c: Resource Dir: 0x73000 LB 0x380
|
|---|
| 170 | 78.183c: ProductName: Avast Antivirus
|
|---|
| 171 | 78.183c: ProductVersion: 10.3.2225.1189
|
|---|
| 172 | 78.183c: FileVersion: 10.3.2225.1189
|
|---|
| 173 | 78.183c: FileDescription: avast! self protection module
|
|---|
| 174 | 78.183c: \SystemRoot\System32\drivers\aswStm.sys:
|
|---|
| 175 | 78.183c: CreationTime: 2015-09-04T22:31:44.716626700Z
|
|---|
| 176 | 78.183c: LastWriteTime: 2015-09-04T22:31:43.213027900Z
|
|---|
| 177 | 78.183c: ChangeTime: 2015-09-04T22:31:44.375306800Z
|
|---|
| 178 | 78.183c: FileAttributes: 0x20
|
|---|
| 179 | 78.183c: Size: 0x24c90
|
|---|
| 180 | 78.183c: NT Headers: 0x100
|
|---|
| 181 | 78.183c: Timestamp: 0x55b66c74
|
|---|
| 182 | 78.183c: Machine: 0x8664 - amd64
|
|---|
| 183 | 78.183c: Timestamp: 0x55b66c74
|
|---|
| 184 | 78.183c: Image Version: 6.2
|
|---|
| 185 | 78.183c: SizeOfImage: 0x27000 (159744)
|
|---|
| 186 | 78.183c: Resource Dir: 0x25000 LB 0x360
|
|---|
| 187 | 78.183c: ProductName: Avast Antivirus
|
|---|
| 188 | 78.183c: ProductVersion: 10.3.2225.1172
|
|---|
| 189 | 78.183c: FileVersion: 10.3.2225.1172
|
|---|
| 190 | 78.183c: FileDescription: Stream Filter
|
|---|
| 191 | 78.183c: \SystemRoot\System32\drivers\aswVmm.sys:
|
|---|
| 192 | 78.183c: CreationTime: 2015-09-04T22:31:44.716626700Z
|
|---|
| 193 | 78.183c: LastWriteTime: 2015-09-04T22:31:43.181025600Z
|
|---|
| 194 | 78.183c: ChangeTime: 2015-09-04T22:31:44.375306800Z
|
|---|
| 195 | 78.183c: FileAttributes: 0x20
|
|---|
| 196 | 78.183c: Size: 0x43178
|
|---|
| 197 | 78.183c: NT Headers: 0xf8
|
|---|
| 198 | 78.183c: Timestamp: 0x55b66b89
|
|---|
| 199 | 78.183c: Machine: 0x8664 - amd64
|
|---|
| 200 | 78.183c: Timestamp: 0x55b66b89
|
|---|
| 201 | 78.183c: Image Version: 6.0
|
|---|
| 202 | 78.183c: SizeOfImage: 0x45000 (282624)
|
|---|
| 203 | 78.183c: Resource Dir: 0x42000 LB 0x3a0
|
|---|
| 204 | 78.183c: ProductName: Avast Antivirus
|
|---|
| 205 | 78.183c: ProductVersion: 10.3.2225.1172
|
|---|
| 206 | 78.183c: FileVersion: 10.3.2225.1172
|
|---|
| 207 | 78.183c: FileDescription: avast! VM Monitor
|
|---|
| 208 | 78.183c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
|
|---|
| 209 | 78.183c: Calling main()
|
|---|
| 210 | 78.183c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
|
|---|
| 211 | 78.183c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
|
|---|
| 212 | 78.183c: SUPR3HardenedMain: Respawn #1
|
|---|
| 213 | 78.183c: System32: \Device\HarddiskVolume4\Windows\System32
|
|---|
| 214 | 78.183c: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
|
|---|
| 215 | 78.183c: KnownDllPath: C:\WINDOWS\system32
|
|---|
| 216 | 78.183c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 217 | 78.183c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
|
|---|
| 218 | 78.183c: supR3HardNtEnableThreadCreation:
|
|---|
| 219 | 78.183c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffcdccebe60 pvNtTerminateThread=00007ffcdcd13d50
|
|---|
| 220 | 78.183c: supR3HardenedWinDoReSpawn(1): New child 1e20.c78 [kernel32].
|
|---|
| 221 | 78.183c: supR3HardNtChildGatherData: PebBaseAddress=00007ff658297000 cbPeb=0x388
|
|---|
| 222 | 78.183c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffcdcc80000 uNtDllChildAddr=00007ffcdcc80000
|
|---|
| 223 | 78.183c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffcdccebe60
|
|---|
| 224 | 78.183c: supR3HardenedWinSetupChildInit: Start child.
|
|---|
| 225 | 78.183c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
|
|---|
| 226 | 78.183c: supR3HardNtChildPurify: Startup delay kludge #1/0: 519 ms, 60 sleeps
|
|---|
| 227 | 78.183c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
|
|---|
| 228 | 78.183c: *0000000000000000-ffffffffff9fffff 0x0001/0x0000 0x0000000
|
|---|
| 229 | 78.183c: *0000000000600000-00000000005dffff 0x0004/0x0004 0x0020000
|
|---|
| 230 | 78.183c: *0000000000620000-000000000060bfff 0x0002/0x0002 0x0040000
|
|---|
| 231 | 78.183c: 0000000000634000-0000000000627fff 0x0001/0x0000 0x0000000
|
|---|
| 232 | 78.183c: *0000000000640000-0000000000543fff 0x0000/0x0004 0x0020000
|
|---|
| 233 | 78.183c: 000000000073c000-0000000000738fff 0x0104/0x0004 0x0020000
|
|---|
| 234 | 78.183c: 000000000073f000-000000000073dfff 0x0004/0x0004 0x0020000
|
|---|
| 235 | 78.183c: *0000000000740000-000000000073bfff 0x0002/0x0002 0x0040000
|
|---|
| 236 | 78.183c: 0000000000744000-0000000000737fff 0x0001/0x0000 0x0000000
|
|---|
| 237 | 78.183c: *0000000000750000-000000000074dfff 0x0004/0x0004 0x0020000
|
|---|
| 238 | 78.183c: 0000000000752000-ffffffff80ec3fff 0x0001/0x0000 0x0000000
|
|---|
| 239 | 78.183c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
|
|---|
| 240 | 78.183c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
|
|---|
| 241 | 78.183c: 000000007fff0000-ffff800aa7d6ffff 0x0001/0x0000 0x0000000
|
|---|
| 242 | 78.183c: *00007ff658270000-00007ff65824cfff 0x0002/0x0002 0x0040000
|
|---|
| 243 | 78.183c: 00007ff658293000-00007ff65828efff 0x0001/0x0000 0x0000000
|
|---|
| 244 | 78.183c: *00007ff658297000-00007ff658295fff 0x0004/0x0004 0x0020000
|
|---|
| 245 | 78.183c: 00007ff658298000-00007ff658291fff 0x0001/0x0000 0x0000000
|
|---|
| 246 | 78.183c: *00007ff65829e000-00007ff65829bfff 0x0004/0x0004 0x0020000
|
|---|
| 247 | 78.183c: 00007ff6582a0000-00007ff657e2ffff 0x0001/0x0000 0x0000000
|
|---|
| 248 | 78.183c: *00007ff658710000-00007ff658710fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 249 | 78.183c: 00007ff658711000-00007ff658796fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 250 | 78.183c: 00007ff658797000-00007ff658797fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 251 | 78.183c: 00007ff658798000-00007ff6587e1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 252 | 78.183c: 00007ff6587e2000-00007ff6587e2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 253 | 78.183c: 00007ff6587e3000-00007ff6587e3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 254 | 78.183c: 00007ff6587e4000-00007ff6587e5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 255 | 78.183c: 00007ff6587e6000-00007ff6587e6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 256 | 78.183c: 00007ff6587e7000-00007ff6587e7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 257 | 78.183c: 00007ff6587e8000-00007ff6587ebfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 258 | 78.183c: 00007ff6587ec000-00007ff658835fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 259 | 78.183c: 00007ff658836000-00007ff05420bfff 0x0001/0x0000 0x0000000
|
|---|
| 260 | 78.183c: *00007ffc5ce60000-00007ffc5ce5cfff 0x0040/0x0040 0x0020000 !!
|
|---|
| 261 | 78.183c: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ffc5ce60000 (LB 0x3000, 00007ffc5ce60000 LB 0x3000)
|
|---|
| 262 | 78.183c: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ffc5ce60000/00007ffc5ce60000 LB 0/0x3000]
|
|---|
| 263 | 78.183c: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ffc5ce60000 LB 0x7fe20000 s=0x10000 ap=0x0 rp=0x00000000000001
|
|---|
| 264 | 78.183c: 00007ffc5ce63000-00007ffbdd045fff 0x0001/0x0000 0x0000000
|
|---|
| 265 | 78.183c: *00007ffcdcc80000-00007ffcdcc80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 266 | 78.183c: 00007ffcdcc81000-00007ffcdcd7dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 267 | 78.183c: 00007ffcdcd7e000-00007ffcdcdbffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 268 | 78.183c: 00007ffcdcdc0000-00007ffcdcdc8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 269 | 78.183c: 00007ffcdcdc9000-00007ffcdcdd6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 270 | 78.183c: 00007ffcdcdd7000-00007ffcdcdd7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 271 | 78.183c: 00007ffcdcdd8000-00007ffcdcddafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 272 | 78.183c: 00007ffcdcddb000-00007ffcdce41fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 273 | 78.183c: 00007ffcdce42000-00007ff9b9ca3fff 0x0001/0x0000 0x0000000
|
|---|
| 274 | 78.183c: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
|
|---|
| 275 | 78.183c: VirtualBox.exe: timestamp 0x55ccc4d5 (rc=VINF_SUCCESS)
|
|---|
| 276 | 78.183c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 277 | 78.183c: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
|
|---|
| 278 | 78.183c: ntdll.dll: Differences in section #1 (.text) between file and memory:
|
|---|
| 279 | 78.183c: 00007ffcdcd138d0 / 0x00938d0: 4c != e9
|
|---|
| 280 | 78.183c: 00007ffcdcd138d1 / 0x00938d1: 8b != 7b
|
|---|
| 281 | 78.183c: 00007ffcdcd138d2 / 0x00938d2: d1 != cb
|
|---|
| 282 | 78.183c: 00007ffcdcd138d3 / 0x00938d3: b8 != 14
|
|---|
| 283 | 78.183c: 00007ffcdcd138d4 / 0x00938d4: 0b != 80
|
|---|
| 284 | 78.183c: 00007ffcdcd13920 / 0x0093920: 4c != e9
|
|---|
| 285 | 78.183c: 00007ffcdcd13921 / 0x0093921: 8b != 1b
|
|---|
| 286 | 78.183c: 00007ffcdcd13922 / 0x0093922: d1 != cb
|
|---|
| 287 | 78.183c: 00007ffcdcd13923 / 0x0093923: b8 != 14
|
|---|
| 288 | 78.183c: 00007ffcdcd13924 / 0x0093924: 10 != 80
|
|---|
| 289 | 78.183c: 00007ffcdcd13a80 / 0x0093a80: 4c != e9
|
|---|
| 290 | 78.183c: 00007ffcdcd13a81 / 0x0093a81: 8b != db
|
|---|
| 291 | 78.183c: 00007ffcdcd13a82 / 0x0093a82: d1 != c8
|
|---|
| 292 | 78.183c: 00007ffcdcd13a83 / 0x0093a83: b8 != 14
|
|---|
| 293 | 78.183c: 00007ffcdcd13a84 / 0x0093a84: 26 != 80
|
|---|
| 294 | 78.183c: 00007ffcdcd13ad0 / 0x0093ad0: 4c != e9
|
|---|
| 295 | 78.183c: 00007ffcdcd13ad2 / 0x0093ad2: d1 != c9
|
|---|
| 296 | 78.183c: 00007ffcdcd13ad3 / 0x0093ad3: b8 != 14
|
|---|
| 297 | 78.183c: 00007ffcdcd13ad4 / 0x0093ad4: 2b != 80
|
|---|
| 298 | 78.183c: 00007ffcdcd13ae0 / 0x0093ae0: 4c != e9
|
|---|
| 299 | 78.183c: 00007ffcdcd13ae1 / 0x0093ae1: 8b != eb
|
|---|
| 300 | 78.183c: 00007ffcdcd13ae2 / 0x0093ae2: d1 != c8
|
|---|
| 301 | 78.183c: 00007ffcdcd13ae3 / 0x0093ae3: b8 != 14
|
|---|
| 302 | 78.183c: 00007ffcdcd13ae4 / 0x0093ae4: 2c != 80
|
|---|
| 303 | 78.183c: 00007ffcdcd13b90 / 0x0093b90: 4c != e9
|
|---|
| 304 | 78.183c: 00007ffcdcd13b91 / 0x0093b91: 8b != 7b
|
|---|
| 305 | 78.183c: 00007ffcdcd13b92 / 0x0093b92: d1 != c7
|
|---|
| 306 | 78.183c: 00007ffcdcd13b93 / 0x0093b93: b8 != 14
|
|---|
| 307 | 78.183c: 00007ffcdcd13b94 / 0x0093b94: 37 != 80
|
|---|
| 308 | 78.183c: 00007ffcdcd13bc0 / 0x0093bc0: 4c != e9
|
|---|
| 309 | 78.183c: 00007ffcdcd13bc1 / 0x0093bc1: 8b != db
|
|---|
| 310 | 78.183c: 00007ffcdcd13bc2 / 0x0093bc2: d1 != c7
|
|---|
| 311 | 78.183c: 00007ffcdcd13bc3 / 0x0093bc3: b8 != 14
|
|---|
| 312 | 78.183c: 00007ffcdcd13bc4 / 0x0093bc4: 3a != 80
|
|---|
| 313 | 78.183c: 00007ffcdcd13be0 / 0x0093be0: 4c != e9
|
|---|
| 314 | 78.183c: 00007ffcdcd13be1 / 0x0093be1: 8b != 9b
|
|---|
| 315 | 78.183c: 00007ffcdcd13be2 / 0x0093be2: d1 != c7
|
|---|
| 316 | 78.183c: 00007ffcdcd13be3 / 0x0093be3: b8 != 14
|
|---|
| 317 | 78.183c: 00007ffcdcd13be4 / 0x0093be4: 3c != 80
|
|---|
| 318 | 78.183c: 00007ffcdcd13c20 / 0x0093c20: 4c != e9
|
|---|
| 319 | 78.183c: 00007ffcdcd13c21 / 0x0093c21: 8b != ab
|
|---|
| 320 | 78.183c: 00007ffcdcd13c22 / 0x0093c22: d1 != c6
|
|---|
| 321 | 78.183c: 00007ffcdcd13c23 / 0x0093c23: b8 != 14
|
|---|
| 322 | 78.183c: 00007ffcdcd13c24 / 0x0093c24: 40 != 80
|
|---|
| 323 | 78.183c: 00007ffcdcd13ca0 / 0x0093ca0: 4c != e9
|
|---|
| 324 | 78.183c: 00007ffcdcd13ca1 / 0x0093ca1: 8b != 1b
|
|---|
| 325 | 78.183c: 00007ffcdcd13ca2 / 0x0093ca2: d1 != c6
|
|---|
| 326 | 78.183c: 00007ffcdcd13ca3 / 0x0093ca3: b8 != 14
|
|---|
| 327 | 78.183c: 00007ffcdcd13ca4 / 0x0093ca4: 48 != 80
|
|---|
| 328 | 78.183c: 00007ffcdcd13cc0 / 0x0093cc0: 4c != e9
|
|---|
| 329 | 78.183c: 00007ffcdcd13cc1 / 0x0093cc1: 8b != 3b
|
|---|
| 330 | 78.183c: 00007ffcdcd13cc2 / 0x0093cc2: d1 != c6
|
|---|
| 331 | 78.183c: 00007ffcdcd13cc3 / 0x0093cc3: b8 != 14
|
|---|
| 332 | 78.183c: 00007ffcdcd13cc4 / 0x0093cc4: 4a != 80
|
|---|
| 333 | 78.183c: 00007ffcdcd13d00 / 0x0093d00: 4c != e9
|
|---|
| 334 | 78.183c: 00007ffcdcd13d01 / 0x0093d01: 8b != ab
|
|---|
| 335 | 78.183c: 00007ffcdcd13d02 / 0x0093d02: d1 != c6
|
|---|
| 336 | 78.183c: 00007ffcdcd13d03 / 0x0093d03: b8 != 14
|
|---|
| 337 | 78.183c: 00007ffcdcd13d04 / 0x0093d04: 4e != 80
|
|---|
| 338 | 78.183c: 00007ffcdcd13d50 / 0x0093d50: 4c != e9
|
|---|
| 339 | 78.183c: 00007ffcdcd13d52 / 0x0093d52: d1 != c6
|
|---|
| 340 | 78.183c: 00007ffcdcd13d53 / 0x0093d53: b8 != 14
|
|---|
| 341 | 78.183c: 00007ffcdcd13d54 / 0x0093d54: 53 != 80
|
|---|
| 342 | 78.183c: Restored 0x2000 bytes of original file content at 00007ffcdcd11e6e
|
|---|
| 343 | 78.183c: ntdll.dll: Differences in section #1 (.text) between file and memory:
|
|---|
| 344 | 78.183c: 00007ffcdcd13ea0 / 0x0093ea0: 4c != e9
|
|---|
| 345 | 78.183c: 00007ffcdcd13ea1 / 0x0093ea1: 8b != 7b
|
|---|
| 346 | 78.183c: 00007ffcdcd13ea2 / 0x0093ea2: d1 != c3
|
|---|
| 347 | 78.183c: 00007ffcdcd13ea3 / 0x0093ea3: b8 != 14
|
|---|
| 348 | 78.183c: 00007ffcdcd13ea4 / 0x0093ea4: 68 != 80
|
|---|
| 349 | 78.183c: 00007ffcdcd140a0 / 0x00940a0: 4c != e9
|
|---|
| 350 | 78.183c: 00007ffcdcd140a1 / 0x00940a1: 8b != cb
|
|---|
| 351 | 78.183c: 00007ffcdcd140a2 / 0x00940a2: d1 != c3
|
|---|
| 352 | 78.183c: 00007ffcdcd140a3 / 0x00940a3: b8 != 14
|
|---|
| 353 | 78.183c: 00007ffcdcd140a4 / 0x00940a4: 88 != 80
|
|---|
| 354 | 78.183c: 00007ffcdcd140d0 / 0x00940d0: 4c != e9
|
|---|
| 355 | 78.183c: 00007ffcdcd140d1 / 0x00940d1: 8b != bb
|
|---|
| 356 | 78.183c: 00007ffcdcd140d2 / 0x00940d2: d1 != c2
|
|---|
| 357 | 78.183c: 00007ffcdcd140d3 / 0x00940d3: b8 != 14
|
|---|
| 358 | 78.183c: 00007ffcdcd140d4 / 0x00940d4: 8b != 80
|
|---|
| 359 | 78.183c: 00007ffcdcd14200 / 0x0094200: 4c != e9
|
|---|
| 360 | 78.183c: 00007ffcdcd14201 / 0x0094201: 8b != db
|
|---|
| 361 | 78.183c: 00007ffcdcd14202 / 0x0094202: d1 != c0
|
|---|
| 362 | 78.183c: 00007ffcdcd14203 / 0x0094203: b8 != 14
|
|---|
| 363 | 78.183c: 00007ffcdcd14204 / 0x0094204: 9e != 80
|
|---|
| 364 | 78.183c: 00007ffcdcd14220 / 0x0094220: 4c != e9
|
|---|
| 365 | 78.183c: 00007ffcdcd14221 / 0x0094221: 8b != 1b
|
|---|
| 366 | 78.183c: 00007ffcdcd14222 / 0x0094222: d1 != c1
|
|---|
| 367 | 78.183c: 00007ffcdcd14223 / 0x0094223: b8 != 14
|
|---|
| 368 | 78.183c: 00007ffcdcd14224 / 0x0094224: a0 != 80
|
|---|
| 369 | 78.183c: 00007ffcdcd14290 / 0x0094290: 4c != e9
|
|---|
| 370 | 78.183c: 00007ffcdcd14291 / 0x0094291: 8b != eb
|
|---|
| 371 | 78.183c: 00007ffcdcd14292 / 0x0094292: d1 != bf
|
|---|
| 372 | 78.183c: 00007ffcdcd14293 / 0x0094293: b8 != 14
|
|---|
| 373 | 78.183c: 00007ffcdcd14294 / 0x0094294: a7 != 80
|
|---|
| 374 | 78.183c: 00007ffcdcd14330 / 0x0094330: 4c != e9
|
|---|
| 375 | 78.183c: 00007ffcdcd14331 / 0x0094331: 8b != 6b
|
|---|
| 376 | 78.183c: 00007ffcdcd14332 / 0x0094332: d1 != bf
|
|---|
| 377 | 78.183c: 00007ffcdcd14333 / 0x0094333: b8 != 14
|
|---|
| 378 | 78.183c: 00007ffcdcd14334 / 0x0094334: b1 != 80
|
|---|
| 379 | 78.183c: 00007ffcdcd14350 / 0x0094350: 4c != e9
|
|---|
| 380 | 78.183c: 00007ffcdcd14351 / 0x0094351: 8b != 6b
|
|---|
| 381 | 78.183c: 00007ffcdcd14352 / 0x0094352: d1 != c0
|
|---|
| 382 | 78.183c: 00007ffcdcd14353 / 0x0094353: b8 != 14
|
|---|
| 383 | 78.183c: 00007ffcdcd14354 / 0x0094354: b3 != 80
|
|---|
| 384 | 78.183c: 00007ffcdcd14360 / 0x0094360: 4c != e9
|
|---|
| 385 | 78.183c: 00007ffcdcd14361 / 0x0094361: 8b != bb
|
|---|
| 386 | 78.183c: 00007ffcdcd14362 / 0x0094362: d1 != bf
|
|---|
| 387 | 78.183c: 00007ffcdcd14363 / 0x0094363: b8 != 14
|
|---|
| 388 | 78.183c: 00007ffcdcd14364 / 0x0094364: b4 != 80
|
|---|
| 389 | 78.183c: 00007ffcdcd14410 / 0x0094410: 4c != e9
|
|---|
| 390 | 78.183c: 00007ffcdcd14411 / 0x0094411: 8b != eb
|
|---|
| 391 | 78.183c: 00007ffcdcd14412 / 0x0094412: d1 != bf
|
|---|
| 392 | 78.183c: 00007ffcdcd14413 / 0x0094413: b8 != 14
|
|---|
| 393 | 78.183c: 00007ffcdcd14414 / 0x0094414: bf != 80
|
|---|
| 394 | 78.183c: 00007ffcdcd14440 / 0x0094440: 4c != e9
|
|---|
| 395 | 78.183c: 00007ffcdcd14441 / 0x0094441: 8b != eb
|
|---|
| 396 | 78.183c: 00007ffcdcd14442 / 0x0094442: d1 != bd
|
|---|
| 397 | 78.183c: 00007ffcdcd14443 / 0x0094443: b8 != 14
|
|---|
| 398 | 78.183c: 00007ffcdcd14444 / 0x0094444: c2 != 80
|
|---|
| 399 | 78.183c: 00007ffcdcd14770 / 0x0094770: 4c != e9
|
|---|
| 400 | 78.183c: 00007ffcdcd14771 / 0x0094771: 8b != 5b
|
|---|
| 401 | 78.183c: 00007ffcdcd14772 / 0x0094772: d1 != ba
|
|---|
| 402 | 78.183c: 00007ffcdcd14773 / 0x0094773: b8 != 14
|
|---|
| 403 | 78.183c: 00007ffcdcd14774 / 0x0094774: f5 != 80
|
|---|
| 404 | 78.183c: 00007ffcdcd14840 / 0x0094840: 4c != e9
|
|---|
| 405 | 78.183c: 00007ffcdcd14841 / 0x0094841: 8b != fb
|
|---|
| 406 | 78.183c: 00007ffcdcd14842 / 0x0094842: d1 != b9
|
|---|
| 407 | 78.183c: 00007ffcdcd14843 / 0x0094843: b8 != 14
|
|---|
| 408 | 78.183c: 00007ffcdcd14844 / 0x0094844: 02 != 80
|
|---|
| 409 | 78.183c: 00007ffcdcd14870 / 0x0094870: 4c != e9
|
|---|
| 410 | 78.183c: 00007ffcdcd14871 / 0x0094871: 8b != 0b
|
|---|
| 411 | 78.183c: 00007ffcdcd14872 / 0x0094872: d1 != bc
|
|---|
| 412 | 78.183c: 00007ffcdcd14873 / 0x0094873: b8 != 14
|
|---|
| 413 | 78.183c: 00007ffcdcd14874 / 0x0094874: 05 != 80
|
|---|
| 414 | 78.183c: 00007ffcdcd14880 / 0x0094880: 4c != e9
|
|---|
| 415 | 78.183c: 00007ffcdcd14881 / 0x0094881: 8b != 0b
|
|---|
| 416 | 78.183c: 00007ffcdcd14882 / 0x0094882: d1 != bc
|
|---|
| 417 | 78.183c: 00007ffcdcd14883 / 0x0094883: b8 != 14
|
|---|
| 418 | 78.183c: 00007ffcdcd14884 / 0x0094884: 06 != 80
|
|---|
| 419 | 78.183c: 00007ffcdcd148b0 / 0x00948b0: 4c != e9
|
|---|
| 420 | 78.183c: 00007ffcdcd148b1 / 0x00948b1: 8b != 3b
|
|---|
| 421 | 78.183c: 00007ffcdcd148b2 / 0x00948b2: d1 != ba
|
|---|
| 422 | 78.183c: 00007ffcdcd148b3 / 0x00948b3: b8 != 14
|
|---|
| 423 | 78.183c: 00007ffcdcd148b4 / 0x00948b4: 09 != 80
|
|---|
| 424 | 78.183c: 00007ffcdcd148c0 / 0x00948c0: 4c != e9
|
|---|
| 425 | 78.183c: 00007ffcdcd148c2 / 0x00948c2: d1 != ba
|
|---|
| 426 | 78.183c: 00007ffcdcd148c3 / 0x00948c3: b8 != 14
|
|---|
| 427 | 78.183c: 00007ffcdcd148c4 / 0x00948c4: 0a != 80
|
|---|
| 428 | 78.183c: 00007ffcdcd14920 / 0x0094920: 4c != e9
|
|---|
| 429 | 78.183c: 00007ffcdcd14921 / 0x0094921: 8b != 6b
|
|---|
| 430 | 78.183c: 00007ffcdcd14922 / 0x0094922: d1 != b9
|
|---|
| 431 | 78.183c: 00007ffcdcd14923 / 0x0094923: b8 != 14
|
|---|
| 432 | 78.183c: 00007ffcdcd14924 / 0x0094924: 10 != 80
|
|---|
| 433 | 78.183c: 00007ffcdcd14980 / 0x0094980: 4c != e9
|
|---|
| 434 | 78.183c: 00007ffcdcd14981 / 0x0094981: 8b != 2b
|
|---|
| 435 | 78.183c: 00007ffcdcd14982 / 0x0094982: d1 != b9
|
|---|
| 436 | 78.183c: 00007ffcdcd14983 / 0x0094983: b8 != 14
|
|---|
| 437 | 78.183c: 00007ffcdcd14984 / 0x0094984: 16 != 80
|
|---|
| 438 | 78.183c: 00007ffcdcd149b0 / 0x00949b0: 4c != e9
|
|---|
| 439 | 78.183c: 00007ffcdcd149b1 / 0x00949b1: 8b != bb
|
|---|
| 440 | 78.183c: 00007ffcdcd149b2 / 0x00949b2: d1 != b9
|
|---|
| 441 | 78.183c: 00007ffcdcd149b3 / 0x00949b3: b8 != 14
|
|---|
| 442 | 78.183c: 00007ffcdcd149b4 / 0x00949b4: 19 != 80
|
|---|
| 443 | 78.183c: 00007ffcdcd149c0 / 0x00949c0: 4c != e9
|
|---|
| 444 | 78.183c: 00007ffcdcd149c1 / 0x00949c1: 8b != 6b
|
|---|
| 445 | 78.183c: 00007ffcdcd149c2 / 0x00949c2: d1 != b9
|
|---|
| 446 | 78.183c: 00007ffcdcd149c3 / 0x00949c3: b8 != 14
|
|---|
| 447 | 78.183c: 00007ffcdcd149c4 / 0x00949c4: 1a != 80
|
|---|
| 448 | 78.183c: 00007ffcdcd14cd0 / 0x0094cd0: 4c != e9
|
|---|
| 449 | 78.183c: 00007ffcdcd14cd1 / 0x0094cd1: 8b != 5b
|
|---|
| 450 | 78.183c: 00007ffcdcd14cd2 / 0x0094cd2: d1 != b7
|
|---|
| 451 | 78.183c: 00007ffcdcd14cd3 / 0x0094cd3: b8 != 14
|
|---|
| 452 | 78.183c: 00007ffcdcd14cd4 / 0x0094cd4: 4b != 80
|
|---|
| 453 | 78.183c: 00007ffcdcd14ee0 / 0x0094ee0: 4c != e9
|
|---|
| 454 | 78.183c: 00007ffcdcd14ee1 / 0x0094ee1: 8b != 6b
|
|---|
| 455 | 78.183c: 00007ffcdcd14ee2 / 0x0094ee2: d1 != b3
|
|---|
| 456 | 78.183c: 00007ffcdcd14ee3 / 0x0094ee3: b8 != 14
|
|---|
| 457 | 78.183c: 00007ffcdcd14ee4 / 0x0094ee4: 6c != 80
|
|---|
| 458 | 78.183c: 00007ffcdcd14ef0 / 0x0094ef0: 4c != e9
|
|---|
| 459 | 78.183c: 00007ffcdcd14ef1 / 0x0094ef1: 8b != 6b
|
|---|
| 460 | 78.183c: 00007ffcdcd14ef2 / 0x0094ef2: d1 != b3
|
|---|
| 461 | 78.183c: 00007ffcdcd14ef3 / 0x0094ef3: b8 != 14
|
|---|
| 462 | 78.183c: 00007ffcdcd14ef4 / 0x0094ef4: 6d != 80
|
|---|
| 463 | 78.183c: 00007ffcdcd14f10 / 0x0094f10: 4c != e9
|
|---|
| 464 | 78.183c: 00007ffcdcd14f11 / 0x0094f11: 8b != db
|
|---|
| 465 | 78.183c: 00007ffcdcd14f12 / 0x0094f12: d1 != b4
|
|---|
| 466 | 78.183c: 00007ffcdcd14f13 / 0x0094f13: b8 != 14
|
|---|
| 467 | 78.183c: 00007ffcdcd14f14 / 0x0094f14: 6f != 80
|
|---|
| 468 | 78.183c: 00007ffcdcd15100 / 0x0095100: 4c != e9
|
|---|
| 469 | 78.183c: 00007ffcdcd15101 / 0x0095101: 8b != db
|
|---|
| 470 | 78.183c: 00007ffcdcd15102 / 0x0095102: d1 != b0
|
|---|
| 471 | 78.183c: 00007ffcdcd15103 / 0x0095103: b8 != 14
|
|---|
| 472 | 78.183c: 00007ffcdcd15104 / 0x0095104: 8e != 80
|
|---|
| 473 | 78.183c: 00007ffcdcd15110 / 0x0095110: 4c != e9
|
|---|
| 474 | 78.183c: 00007ffcdcd15111 / 0x0095111: 8b != eb
|
|---|
| 475 | 78.183c: 00007ffcdcd15112 / 0x0095112: d1 != b0
|
|---|
| 476 | 78.183c: 00007ffcdcd15113 / 0x0095113: b8 != 14
|
|---|
| 477 | 78.183c: 00007ffcdcd15114 / 0x0095114: 8f != 80
|
|---|
| 478 | 78.183c: 00007ffcdcd151a0 / 0x00951a0: 4c != e9
|
|---|
| 479 | 78.183c: 00007ffcdcd151a1 / 0x00951a1: 8b != 4b
|
|---|
| 480 | 78.183c: 00007ffcdcd151a2 / 0x00951a2: d1 != b0
|
|---|
| 481 | 78.183c: 00007ffcdcd151a3 / 0x00951a3: b8 != 14
|
|---|
| 482 | 78.183c: 00007ffcdcd151a4 / 0x00951a4: 98 != 80
|
|---|
| 483 | 78.183c: 00007ffcdcd15210 / 0x0095210: 4c != e9
|
|---|
| 484 | 78.183c: 00007ffcdcd15211 / 0x0095211: 8b != fb
|
|---|
| 485 | 78.183c: 00007ffcdcd15212 / 0x0095212: d1 != b1
|
|---|
| 486 | 78.183c: 00007ffcdcd15213 / 0x0095213: b8 != 14
|
|---|
| 487 | 78.183c: 00007ffcdcd15214 / 0x0095214: 9f != 80
|
|---|
| 488 | 78.183c: 00007ffcdcd15220 / 0x0095220: 4c != e9
|
|---|
| 489 | 78.183c: 00007ffcdcd15221 / 0x0095221: 8b != fb
|
|---|
| 490 | 78.183c: 00007ffcdcd15222 / 0x0095222: d1 != b1
|
|---|
| 491 | 78.183c: 00007ffcdcd15223 / 0x0095223: b8 != 14
|
|---|
| 492 | 78.183c: 00007ffcdcd15224 / 0x0095224: a0 != 80
|
|---|
| 493 | 78.183c: 00007ffcdcd15230 / 0x0095230: 4c != e9
|
|---|
| 494 | 78.183c: 00007ffcdcd15231 / 0x0095231: 8b != db
|
|---|
| 495 | 78.183c: 00007ffcdcd15232 / 0x0095232: d1 != af
|
|---|
| 496 | 78.183c: 00007ffcdcd15233 / 0x0095233: b8 != 14
|
|---|
| 497 | 78.183c: 00007ffcdcd15234 / 0x0095234: a1 != 80
|
|---|
| 498 | 78.183c: 00007ffcdcd15340 / 0x0095340: 4c != e9
|
|---|
| 499 | 78.183c: 00007ffcdcd15341 / 0x0095341: 8b != 2b
|
|---|
| 500 | 78.183c: 00007ffcdcd15342 / 0x0095342: d1 != af
|
|---|
| 501 | 78.183c: 00007ffcdcd15343 / 0x0095343: b8 != 14
|
|---|
| 502 | 78.183c: 00007ffcdcd15344 / 0x0095344: b2 != 80
|
|---|
| 503 | 78.183c: Restored 0x2000 bytes of original file content at 00007ffcdcd13e6e
|
|---|
| 504 | 78.183c: supR3HardNtChildPurify: cFixes=3 g_fSupAdversaries=0x4
|
|---|
| 505 | 78.183c: supR3HardNtChildPurify: Startup delay kludge #1/1: 514 ms, 60 sleeps
|
|---|
| 506 | 78.183c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
|
|---|
| 507 | 78.183c: *0000000000000000-ffffffffff9fffff 0x0001/0x0000 0x0000000
|
|---|
| 508 | 78.183c: *0000000000600000-00000000005dffff 0x0004/0x0004 0x0020000
|
|---|
| 509 | 78.183c: *0000000000620000-000000000060bfff 0x0002/0x0002 0x0040000
|
|---|
| 510 | 78.183c: 0000000000634000-0000000000627fff 0x0001/0x0000 0x0000000
|
|---|
| 511 | 78.183c: *0000000000640000-0000000000543fff 0x0000/0x0004 0x0020000
|
|---|
| 512 | 78.183c: 000000000073c000-0000000000738fff 0x0104/0x0004 0x0020000
|
|---|
| 513 | 78.183c: 000000000073f000-000000000073dfff 0x0004/0x0004 0x0020000
|
|---|
| 514 | 78.183c: *0000000000740000-000000000073bfff 0x0002/0x0002 0x0040000
|
|---|
| 515 | 78.183c: 0000000000744000-0000000000737fff 0x0001/0x0000 0x0000000
|
|---|
| 516 | 78.183c: *0000000000750000-000000000074dfff 0x0004/0x0004 0x0020000
|
|---|
| 517 | 78.183c: 0000000000752000-ffffffff80ec3fff 0x0001/0x0000 0x0000000
|
|---|
| 518 | 78.183c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
|
|---|
| 519 | 78.183c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
|
|---|
| 520 | 78.183c: 000000007fff0000-ffff800aa7d6ffff 0x0001/0x0000 0x0000000
|
|---|
| 521 | 78.183c: *00007ff658270000-00007ff65824cfff 0x0002/0x0002 0x0040000
|
|---|
| 522 | 78.183c: 00007ff658293000-00007ff65828efff 0x0001/0x0000 0x0000000
|
|---|
| 523 | 78.183c: *00007ff658297000-00007ff658295fff 0x0004/0x0004 0x0020000
|
|---|
| 524 | 78.183c: 00007ff658298000-00007ff658291fff 0x0001/0x0000 0x0000000
|
|---|
| 525 | 78.183c: *00007ff65829e000-00007ff65829bfff 0x0004/0x0004 0x0020000
|
|---|
| 526 | 78.183c: 00007ff6582a0000-00007ff657e2ffff 0x0001/0x0000 0x0000000
|
|---|
| 527 | 78.183c: *00007ff658710000-00007ff658710fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 528 | 78.183c: 00007ff658711000-00007ff658796fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 529 | 78.183c: 00007ff658797000-00007ff658797fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 530 | 78.183c: 00007ff658798000-00007ff6587e1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 531 | 78.183c: 00007ff6587e2000-00007ff6587ebfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 532 | 78.183c: 00007ff6587ec000-00007ff658835fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 533 | 78.183c: 00007ff658836000-00007fefd43ebfff 0x0001/0x0000 0x0000000
|
|---|
| 534 | 78.183c: *00007ffcdcc80000-00007ffcdcc80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 535 | 78.183c: 00007ffcdcc81000-00007ffcdcd7dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 536 | 78.183c: 00007ffcdcd7e000-00007ffcdcdbffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 537 | 78.183c: 00007ffcdcdc0000-00007ffcdcdc3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 538 | 78.183c: 00007ffcdcdc4000-00007ffcdcdc8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 539 | 78.183c: 00007ffcdcdc9000-00007ffcdcdd6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 540 | 78.183c: 00007ffcdcdd7000-00007ffcdcdd7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 541 | 78.183c: 00007ffcdcdd8000-00007ffcdcddafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 542 | 78.183c: 00007ffcdcddb000-00007ffcdce41fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 543 | 78.183c: 00007ffcdce42000-00007ff9b9ca3fff 0x0001/0x0000 0x0000000
|
|---|
| 544 | 78.183c: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
|
|---|
| 545 | 78.183c: supR3HardNtChildPurify: Done after 1123 ms and 3 fixes (loop #1).
|
|---|
| 546 | 1e20.c78: Log file opened: 5.0.2r102096 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa0280000
|
|---|
| 547 | 1e20.c78: supR3HardenedVmProcessInit: uNtDllAddr=00007ffcdcc80000
|
|---|
| 548 | 1e20.c78: ntdll.dll: timestamp 0x56ad9704 (rc=VINF_SUCCESS)
|
|---|
| 549 | 78.183c: supR3HardNtEnableThreadCreation:
|
|---|
| 550 | 1e20.c78: New simple heap: #1 0000000000860000 LB 0x400000 (for 1843200 allocation)
|
|---|
| 551 | 1e20.c78: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
|
|---|
| 552 | 1e20.c78: System32: \Device\HarddiskVolume4\Windows\System32
|
|---|
| 553 | 1e20.c78: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
|
|---|
| 554 | 1e20.c78: KnownDllPath: C:\WINDOWS\system32
|
|---|
| 555 | 1e20.c78: supR3HardenedVmProcessInit: Opening vboxdrv stub...
|
|---|
| 556 | 1e20.c78: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
|
|---|
| 557 | 1e20.c78: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
|
|---|
| 558 | 1e20.c78: Registered Dll notification callback with NTDLL.
|
|---|
| 559 | 1e20.c78: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
|
|---|
| 560 | 1e20.c78: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
|
|---|
| 561 | 1e20.c78: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
|
|---|
| 562 | 1e20.c78: supR3HardenedDllNotificationCallback: load 00007ffcda0c0000 LB 0x001dd000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
|
|---|
| 563 | 1e20.c78: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
|
|---|
| 564 | 1e20.c78: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
|
|---|
| 565 | 1e20.c78: supR3HardenedDllNotificationCallback: load 00007ffcdc870000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
|
|---|
| 566 | 1e20.c78: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
|
|---|
| 567 | 1e20.c78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcdc870000 'C:\WINDOWS\system32\KERNEL32.DLL'
|
|---|
| 568 | 1e20.c78: supR3HardenedDllNotificationCallback: load 00007ff658710000 LB 0x00126000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
|
|---|
| 569 | 1e20.c78: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 570 | 1e20.c78: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
|
|---|
| 571 | 1e20.c78: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 572 | 1e20.c78: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffcdccebe60 pvNtTerminateThread=00007ffcdcd13d50
|
|---|
| 573 | 78.183c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 119 ms.
|
|---|
| 574 | 1e20.c78: \SystemRoot\System32\ntdll.dll:
|
|---|
| 575 | 1e20.c78: CreationTime: 2016-02-14T09:13:39.052060200Z
|
|---|
| 576 | 1e20.c78: LastWriteTime: 2016-01-31T06:24:08.504709500Z
|
|---|
| 577 | 1e20.c78: ChangeTime: 2016-02-15T18:56:30.861723300Z
|
|---|
| 578 | 1e20.c78: FileAttributes: 0x20
|
|---|
| 579 | 1e20.c78: Size: 0x1bd870
|
|---|
| 580 | 1e20.c78: NT Headers: 0xd8
|
|---|
| 581 | 1e20.c78: Timestamp: 0x56ad9704
|
|---|
| 582 | 1e20.c78: Machine: 0x8664 - amd64
|
|---|
| 583 | 1e20.c78: Timestamp: 0x56ad9704
|
|---|
| 584 | 1e20.c78: Image Version: 10.0
|
|---|
| 585 | 1e20.c78: SizeOfImage: 0x1c2000 (1843200)
|
|---|
| 586 | 1e20.c78: Resource Dir: 0x15b000 LB 0x65718
|
|---|
| 587 | 1e20.c78: ProductName: Microsoft® Windows® Operating System
|
|---|
| 588 | 1e20.c78: ProductVersion: 10.0.10240.16683
|
|---|
| 589 | 1e20.c78: FileVersion: 10.0.10240.16683 (th1.160130-1842)
|
|---|
| 590 | 1e20.c78: FileDescription: NT Layer DLL
|
|---|
| 591 | 1e20.c78: \SystemRoot\System32\kernel32.dll:
|
|---|
| 592 | 1e20.c78: CreationTime: 2015-07-10T10:59:59.699781600Z
|
|---|
| 593 | 1e20.c78: LastWriteTime: 2015-07-10T10:59:59.699781600Z
|
|---|
| 594 | 1e20.c78: ChangeTime: 2015-10-26T21:21:03.376459200Z
|
|---|
| 595 | 1e20.c78: FileAttributes: 0x20
|
|---|
| 596 | 1e20.c78: Size: 0xab830
|
|---|
| 597 | 1e20.c78: NT Headers: 0xf0
|
|---|
| 598 | 1e20.c78: Timestamp: 0x559f38ad
|
|---|
| 599 | 1e20.c78: Machine: 0x8664 - amd64
|
|---|
| 600 | 1e20.c78: Timestamp: 0x559f38ad
|
|---|
| 601 | 1e20.c78: Image Version: 10.0
|
|---|
| 602 | 1e20.c78: SizeOfImage: 0xad000 (708608)
|
|---|
| 603 | 1e20.c78: Resource Dir: 0xab000 LB 0x518
|
|---|
| 604 | 1e20.c78: ProductName: Microsoft® Windows® Operating System
|
|---|
| 605 | 1e20.c78: ProductVersion: 10.0.10240.16384
|
|---|
| 606 | 1e20.c78: FileVersion: 10.0.10240.16384 (th1.150709-1700)
|
|---|
| 607 | 1e20.c78: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 608 | 1e20.c78: \SystemRoot\System32\KernelBase.dll:
|
|---|
| 609 | 1e20.c78: CreationTime: 2016-02-14T09:13:43.046683400Z
|
|---|
| 610 | 1e20.c78: LastWriteTime: 2016-01-31T06:25:52.401093100Z
|
|---|
| 611 | 1e20.c78: ChangeTime: 2016-02-15T18:56:30.486719700Z
|
|---|
| 612 | 1e20.c78: FileAttributes: 0x20
|
|---|
| 613 | 1e20.c78: Size: 0x1dc880
|
|---|
| 614 | 1e20.c78: NT Headers: 0xf0
|
|---|
| 615 | 1e20.c78: Timestamp: 0x56ad97a2
|
|---|
| 616 | 1e20.c78: Machine: 0x8664 - amd64
|
|---|
| 617 | 1e20.c78: Timestamp: 0x56ad97a2
|
|---|
| 618 | 1e20.c78: Image Version: 10.0
|
|---|
| 619 | 1e20.c78: SizeOfImage: 0x1dd000 (1953792)
|
|---|
| 620 | 1e20.c78: Resource Dir: 0x1c7000 LB 0x530
|
|---|
| 621 | 1e20.c78: ProductName: Microsoft® Windows® Operating System
|
|---|
| 622 | 1e20.c78: ProductVersion: 10.0.10240.16683
|
|---|
| 623 | 1e20.c78: FileVersion: 10.0.10240.16683 (th1.160130-1842)
|
|---|
| 624 | 1e20.c78: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 625 | 1e20.c78: \SystemRoot\System32\apisetschema.dll:
|
|---|
| 626 | 1e20.c78: CreationTime: 2015-07-10T11:00:04.872098600Z
|
|---|
| 627 | 1e20.c78: LastWriteTime: 2015-07-10T11:00:04.872098600Z
|
|---|
| 628 | 1e20.c78: ChangeTime: 2015-09-04T22:44:05.965798400Z
|
|---|
| 629 | 1e20.c78: FileAttributes: 0x20
|
|---|
| 630 | 1e20.c78: Size: 0x16760
|
|---|
| 631 | 1e20.c78: NT Headers: 0xc8
|
|---|
| 632 | 1e20.c78: Timestamp: 0x559f3e3d
|
|---|
| 633 | 1e20.c78: Machine: 0x8664 - amd64
|
|---|
| 634 | 1e20.c78: Timestamp: 0x559f3e3d
|
|---|
| 635 | 1e20.c78: Image Version: 10.0
|
|---|
| 636 | 1e20.c78: SizeOfImage: 0x17000 (94208)
|
|---|
| 637 | 1e20.c78: Resource Dir: 0x16000 LB 0x3f0
|
|---|
| 638 | 1e20.c78: ProductName: Microsoft® Windows® Operating System
|
|---|
| 639 | 1e20.c78: ProductVersion: 10.0.10240.16384
|
|---|
| 640 | 1e20.c78: FileVersion: 10.0.10240.16384 (th1.150709-1700)
|
|---|
| 641 | 1e20.c78: FileDescription: ApiSet Schema DLL
|
|---|
| 642 | 1e20.c78: NtOpenDirectoryObject failed on \Driver: 0xc0000022
|
|---|
| 643 | 1e20.c78: supR3HardenedWinFindAdversaries: 0x4
|
|---|
| 644 | 1e20.c78: \SystemRoot\System32\drivers\aswHwid.sys:
|
|---|
| 645 | 1e20.c78: CreationTime: 2015-09-04T22:31:44.708479200Z
|
|---|
| 646 | 1e20.c78: LastWriteTime: 2015-09-04T22:31:43.125021300Z
|
|---|
| 647 | 1e20.c78: ChangeTime: 2015-09-04T22:31:44.371300700Z
|
|---|
| 648 | 1e20.c78: FileAttributes: 0x20
|
|---|
| 649 | 1e20.c78: Size: 0x6ff0
|
|---|
| 650 | 1e20.c78: NT Headers: 0xe8
|
|---|
| 651 | 1e20.c78: Timestamp: 0x55b66532
|
|---|
| 652 | 1e20.c78: Machine: 0x8664 - amd64
|
|---|
| 653 | 1e20.c78: Timestamp: 0x55b66532
|
|---|
| 654 | 1e20.c78: Image Version: 6.0
|
|---|
| 655 | 1e20.c78: SizeOfImage: 0xa000 (40960)
|
|---|
| 656 | 1e20.c78: Resource Dir: 0x8000 LB 0x398
|
|---|
| 657 | 1e20.c78: ProductName: Avast Antivirus
|
|---|
| 658 | 1e20.c78: ProductVersion: 10.3.2225.1172
|
|---|
| 659 | 1e20.c78: FileVersion: 10.3.2225.1172
|
|---|
| 660 | 1e20.c78: FileDescription: avast! HWID
|
|---|
| 661 | 1e20.c78: \SystemRoot\System32\drivers\aswMonFlt.sys:
|
|---|
| 662 | 1e20.c78: CreationTime: 2015-09-04T22:31:44.708479200Z
|
|---|
| 663 | 1e20.c78: LastWriteTime: 2015-09-04T22:31:43.137032600Z
|
|---|
| 664 | 1e20.c78: ChangeTime: 2015-09-04T22:31:44.371300700Z
|
|---|
| 665 | 1e20.c78: FileAttributes: 0x20
|
|---|
| 666 | 1e20.c78: Size: 0x16358
|
|---|
| 667 | 1e20.c78: NT Headers: 0xe8
|
|---|
| 668 | 1e20.c78: Timestamp: 0x55b66516
|
|---|
| 669 | 1e20.c78: Machine: 0x8664 - amd64
|
|---|
| 670 | 1e20.c78: Timestamp: 0x55b66516
|
|---|
| 671 | 1e20.c78: Image Version: 6.0
|
|---|
| 672 | 1e20.c78: SizeOfImage: 0x24000 (147456)
|
|---|
| 673 | 1e20.c78: Resource Dir: 0x22000 LB 0x3c0
|
|---|
| 674 | 1e20.c78: ProductName: Avast Antivirus
|
|---|
| 675 | 1e20.c78: ProductVersion: 10.3.2225.1172
|
|---|
| 676 | 1e20.c78: FileVersion: 10.3.2225.1172
|
|---|
| 677 | 1e20.c78: FileDescription: avast! File System Minifilter for Windows 2003/Vista
|
|---|
| 678 | 1e20.c78: \SystemRoot\System32\drivers\aswRdr2.sys:
|
|---|
| 679 | 1e20.c78: CreationTime: 2015-09-04T22:31:44.704481000Z
|
|---|
| 680 | 1e20.c78: LastWriteTime: 2015-09-04T22:31:42.980946400Z
|
|---|
| 681 | 1e20.c78: ChangeTime: 2015-09-04T22:31:44.371300700Z
|
|---|
| 682 | 1e20.c78: FileAttributes: 0x20
|
|---|
| 683 | 1e20.c78: Size: 0x16d58
|
|---|
| 684 | 1e20.c78: NT Headers: 0xf0
|
|---|
| 685 | 1e20.c78: Timestamp: 0x55b66550
|
|---|
| 686 | 1e20.c78: Machine: 0x8664 - amd64
|
|---|
| 687 | 1e20.c78: Timestamp: 0x55b66550
|
|---|
| 688 | 1e20.c78: Image Version: 6.1
|
|---|
| 689 | 1e20.c78: SizeOfImage: 0x1a000 (106496)
|
|---|
| 690 | 1e20.c78: Resource Dir: 0x18000 LB 0x3a8
|
|---|
| 691 | 1e20.c78: ProductName: Avast Antivirus
|
|---|
| 692 | 1e20.c78: ProductVersion: 10.3.2225.1172
|
|---|
| 693 | 1e20.c78: FileVersion: 10.3.2225.1172 built by: WinDDK
|
|---|
| 694 | 1e20.c78: FileDescription: avast! WFP Redirect Driver
|
|---|
| 695 | 1e20.c78: \SystemRoot\System32\drivers\aswRvrt.sys:
|
|---|
| 696 | 1e20.c78: CreationTime: 2015-09-04T22:31:44.712479200Z
|
|---|
| 697 | 1e20.c78: LastWriteTime: 2015-09-04T22:31:43.145023400Z
|
|---|
| 698 | 1e20.c78: ChangeTime: 2015-09-04T22:31:44.371300700Z
|
|---|
| 699 | 1e20.c78: FileAttributes: 0x20
|
|---|
| 700 | 1e20.c78: Size: 0xfec8
|
|---|
| 701 | 1e20.c78: NT Headers: 0xf8
|
|---|
| 702 | 1e20.c78: Timestamp: 0x55b66505
|
|---|
| 703 | 1e20.c78: Machine: 0x8664 - amd64
|
|---|
| 704 | 1e20.c78: Timestamp: 0x55b66505
|
|---|
| 705 | 1e20.c78: Image Version: 6.0
|
|---|
| 706 | 1e20.c78: SizeOfImage: 0x13000 (77824)
|
|---|
| 707 | 1e20.c78: Resource Dir: 0x11000 LB 0x398
|
|---|
| 708 | 1e20.c78: ProductName: Avast Antivirus
|
|---|
| 709 | 1e20.c78: ProductVersion: 10.3.2225.1172
|
|---|
| 710 | 1e20.c78: FileVersion: 10.3.2225.1172
|
|---|
| 711 | 1e20.c78: FileDescription: avast! Revert
|
|---|
| 712 | 1e20.c78: \SystemRoot\System32\drivers\aswSnx.sys:
|
|---|
| 713 | 1e20.c78: CreationTime: 2015-09-04T22:31:44.696478100Z
|
|---|
| 714 | 1e20.c78: LastWriteTime: 2015-11-12T10:31:56.443927500Z
|
|---|
| 715 | 1e20.c78: ChangeTime: 2015-11-12T10:31:56.443927500Z
|
|---|
| 716 | 1e20.c78: FileAttributes: 0x20
|
|---|
| 717 | 1e20.c78: Size: 0x102b48
|
|---|
| 718 | 1e20.c78: NT Headers: 0xe8
|
|---|
| 719 | 1e20.c78: Timestamp: 0x5631cc02
|
|---|
| 720 | 1e20.c78: Machine: 0x8664 - amd64
|
|---|
| 721 | 1e20.c78: Timestamp: 0x5631cc02
|
|---|
| 722 | 1e20.c78: Image Version: 6.0
|
|---|
| 723 | 1e20.c78: SizeOfImage: 0x106000 (1073152)
|
|---|
| 724 | 1e20.c78: Resource Dir: 0xfe000 LB 0x388
|
|---|
| 725 | 1e20.c78: ProductName: Avast Antivirus
|
|---|
| 726 | 1e20.c78: ProductVersion: 10.3.2225.1189
|
|---|
| 727 | 1e20.c78: FileVersion: 10.3.2225.1189
|
|---|
| 728 | 1e20.c78: FileDescription: avast! Virtualization Driver
|
|---|
| 729 | 1e20.c78: \SystemRoot\System32\drivers\aswsp.sys:
|
|---|
| 730 | 1e20.c78: CreationTime: 2015-09-04T22:31:44.716626700Z
|
|---|
| 731 | 1e20.c78: LastWriteTime: 2015-11-12T10:31:56.527020600Z
|
|---|
| 732 | 1e20.c78: ChangeTime: 2015-11-12T10:31:56.527020600Z
|
|---|
| 733 | 1e20.c78: FileAttributes: 0x20
|
|---|
| 734 | 1e20.c78: Size: 0x6ddc8
|
|---|
| 735 | 1e20.c78: NT Headers: 0x100
|
|---|
| 736 | 1e20.c78: Timestamp: 0x5631d051
|
|---|
| 737 | 1e20.c78: Machine: 0x8664 - amd64
|
|---|
| 738 | 1e20.c78: Timestamp: 0x5631d051
|
|---|
| 739 | 1e20.c78: Image Version: 6.0
|
|---|
| 740 | 1e20.c78: SizeOfImage: 0x75000 (479232)
|
|---|
| 741 | 1e20.c78: Resource Dir: 0x73000 LB 0x380
|
|---|
| 742 | 1e20.c78: ProductName: Avast Antivirus
|
|---|
| 743 | 1e20.c78: ProductVersion: 10.3.2225.1189
|
|---|
| 744 | 1e20.c78: FileVersion: 10.3.2225.1189
|
|---|
| 745 | 1e20.c78: FileDescription: avast! self protection module
|
|---|
| 746 | 1e20.c78: \SystemRoot\System32\drivers\aswStm.sys:
|
|---|
| 747 | 1e20.c78: CreationTime: 2015-09-04T22:31:44.716626700Z
|
|---|
| 748 | 1e20.c78: LastWriteTime: 2015-09-04T22:31:43.213027900Z
|
|---|
| 749 | 1e20.c78: ChangeTime: 2015-09-04T22:31:44.375306800Z
|
|---|
| 750 | 1e20.c78: FileAttributes: 0x20
|
|---|
| 751 | 1e20.c78: Size: 0x24c90
|
|---|
| 752 | 1e20.c78: NT Headers: 0x100
|
|---|
| 753 | 1e20.c78: Timestamp: 0x55b66c74
|
|---|
| 754 | 1e20.c78: Machine: 0x8664 - amd64
|
|---|
| 755 | 1e20.c78: Timestamp: 0x55b66c74
|
|---|
| 756 | 1e20.c78: Image Version: 6.2
|
|---|
| 757 | 1e20.c78: SizeOfImage: 0x27000 (159744)
|
|---|
| 758 | 1e20.c78: Resource Dir: 0x25000 LB 0x360
|
|---|
| 759 | 1e20.c78: ProductName: Avast Antivirus
|
|---|
| 760 | 1e20.c78: ProductVersion: 10.3.2225.1172
|
|---|
| 761 | 1e20.c78: FileVersion: 10.3.2225.1172
|
|---|
| 762 | 1e20.c78: FileDescription: Stream Filter
|
|---|
| 763 | 1e20.c78: \SystemRoot\System32\drivers\aswVmm.sys:
|
|---|
| 764 | 1e20.c78: CreationTime: 2015-09-04T22:31:44.716626700Z
|
|---|
| 765 | 1e20.c78: LastWriteTime: 2015-09-04T22:31:43.181025600Z
|
|---|
| 766 | 1e20.c78: ChangeTime: 2015-09-04T22:31:44.375306800Z
|
|---|
| 767 | 1e20.c78: FileAttributes: 0x20
|
|---|
| 768 | 1e20.c78: Size: 0x43178
|
|---|
| 769 | 1e20.c78: NT Headers: 0xf8
|
|---|
| 770 | 1e20.c78: Timestamp: 0x55b66b89
|
|---|
| 771 | 1e20.c78: Machine: 0x8664 - amd64
|
|---|
| 772 | 1e20.c78: Timestamp: 0x55b66b89
|
|---|
| 773 | 1e20.c78: Image Version: 6.0
|
|---|
| 774 | 1e20.c78: SizeOfImage: 0x45000 (282624)
|
|---|
| 775 | 1e20.c78: Resource Dir: 0x42000 LB 0x3a0
|
|---|
| 776 | 1e20.c78: ProductName: Avast Antivirus
|
|---|
| 777 | 1e20.c78: ProductVersion: 10.3.2225.1172
|
|---|
| 778 | 1e20.c78: FileVersion: 10.3.2225.1172
|
|---|
| 779 | 1e20.c78: FileDescription: avast! VM Monitor
|
|---|
| 780 | 1e20.c78: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
|
|---|
| 781 | 1e20.c78: Calling main()
|
|---|
| 782 | 1e20.c78: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
|
|---|
| 783 | 1e20.c78: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
|
|---|
| 784 | 1e20.c78: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
|
|---|
| 785 | 1e20.c78: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
|
|---|
| 786 | 1e20.c78: SUPR3HardenedMain: Respawn #2
|
|---|
| 787 | 1e20.c78: supR3HardNtEnableThreadCreation:
|
|---|
| 788 | 1e20.c78: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffcdccebe60 pvNtTerminateThread=00007ffcdcd13d50
|
|---|
| 789 | 1e20.c78: supR3HardenedWinDoReSpawn(2): New child 1e48.1e34 [kernel32].
|
|---|
| 790 | 1e20.c78: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
|
|---|
| 791 | 1e20.c78: supR3HardNtChildGatherData: PebBaseAddress=00007ff658637000 cbPeb=0x388
|
|---|
| 792 | 1e20.c78: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffcdcc80000 uNtDllChildAddr=00007ffcdcc80000
|
|---|
| 793 | 1e20.c78: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffcdccebe60
|
|---|
| 794 | 1e20.c78: supR3HardenedWinSetupChildInit: Start child.
|
|---|
| 795 | 1e20.c78: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
|
|---|
| 796 | 1e20.c78: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 61 sleeps
|
|---|
| 797 | 1e20.c78: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
|
|---|
| 798 | 1e20.c78: *0000000000000000-ffffffffff32ffff 0x0001/0x0000 0x0000000
|
|---|
| 799 | 1e20.c78: *0000000000cd0000-0000000000caffff 0x0004/0x0004 0x0020000
|
|---|
| 800 | 1e20.c78: *0000000000cf0000-0000000000cdbfff 0x0002/0x0002 0x0040000
|
|---|
| 801 | 1e20.c78: 0000000000d04000-0000000000cf7fff 0x0001/0x0000 0x0000000
|
|---|
| 802 | 1e20.c78: *0000000000d10000-0000000000c13fff 0x0000/0x0004 0x0020000
|
|---|
| 803 | 1e20.c78: 0000000000e0c000-0000000000e08fff 0x0104/0x0004 0x0020000
|
|---|
| 804 | 1e20.c78: 0000000000e0f000-0000000000e0dfff 0x0004/0x0004 0x0020000
|
|---|
| 805 | 1e20.c78: *0000000000e10000-0000000000e0bfff 0x0002/0x0002 0x0040000
|
|---|
| 806 | 1e20.c78: 0000000000e14000-0000000000e07fff 0x0001/0x0000 0x0000000
|
|---|
| 807 | 1e20.c78: *0000000000e20000-0000000000e1dfff 0x0004/0x0004 0x0020000
|
|---|
| 808 | 1e20.c78: 0000000000e22000-ffffffff81c63fff 0x0001/0x0000 0x0000000
|
|---|
| 809 | 1e20.c78: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
|
|---|
| 810 | 1e20.c78: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
|
|---|
| 811 | 1e20.c78: 000000007fff0000-ffff800aa79cffff 0x0001/0x0000 0x0000000
|
|---|
| 812 | 1e20.c78: *00007ff658610000-00007ff6585ecfff 0x0002/0x0002 0x0040000
|
|---|
| 813 | 1e20.c78: 00007ff658633000-00007ff65862efff 0x0001/0x0000 0x0000000
|
|---|
| 814 | 1e20.c78: *00007ff658637000-00007ff658635fff 0x0004/0x0004 0x0020000
|
|---|
| 815 | 1e20.c78: 00007ff658638000-00007ff658631fff 0x0001/0x0000 0x0000000
|
|---|
| 816 | 1e20.c78: *00007ff65863e000-00007ff65863bfff 0x0004/0x0004 0x0020000
|
|---|
| 817 | 1e20.c78: 00007ff658640000-00007ff65856ffff 0x0001/0x0000 0x0000000
|
|---|
| 818 | 1e20.c78: *00007ff658710000-00007ff658710fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 819 | 1e20.c78: 00007ff658711000-00007ff658796fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 820 | 1e20.c78: 00007ff658797000-00007ff658797fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 821 | 1e20.c78: 00007ff658798000-00007ff6587e1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 822 | 1e20.c78: 00007ff6587e2000-00007ff6587e2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 823 | 1e20.c78: 00007ff6587e3000-00007ff6587e3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 824 | 1e20.c78: 00007ff6587e4000-00007ff6587e5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 825 | 1e20.c78: 00007ff6587e6000-00007ff6587e6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 826 | 1e20.c78: 00007ff6587e7000-00007ff6587e7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 827 | 1e20.c78: 00007ff6587e8000-00007ff6587ebfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 828 | 1e20.c78: 00007ff6587ec000-00007ff658835fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
|
|---|
| 829 | 1e20.c78: 00007ff658836000-00007ff05420bfff 0x0001/0x0000 0x0000000
|
|---|
| 830 | 1e20.c78: *00007ffc5ce60000-00007ffc5ce5cfff 0x0040/0x0040 0x0020000 !!
|
|---|
| 831 | 1e20.c78: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ffc5ce60000 (LB 0x3000, 00007ffc5ce60000 LB 0x3000)
|
|---|
| 832 | 1e20.c78: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ffc5ce60000/00007ffc5ce60000 LB 0/0x3000]
|
|---|
| 833 | 1e20.c78: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ffc5ce60000 LB 0x7fe20000 s=0x10000 ap=0x0 rp=0x00000000000001
|
|---|
| 834 |
|
|---|