| 14 | | |
| 15 | | VBoxHardening.log |
| 16 | | |
| 17 | | {{{ |
| 18 | | 3f50.3ee0: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa047ba00 |
| 19 | | 3f50.3ee0: \SystemRoot\System32\ntdll.dll: |
| 20 | | 3f50.3ee0: CreationTime: 2019-10-15T01:27:38.187278500Z |
| 21 | | 3f50.3ee0: LastWriteTime: 2019-10-15T01:27:38.258088700Z |
| 22 | | 3f50.3ee0: ChangeTime: 2019-12-10T23:38:02.237850100Z |
| 23 | | 3f50.3ee0: FileAttributes: 0x20 |
| 24 | | 3f50.3ee0: Size: 0x1e8528 |
| 25 | | 3f50.3ee0: NT Headers: 0xd8 |
| 26 | | 3f50.3ee0: Timestamp: 0x99ca0526 |
| 27 | | 3f50.3ee0: Machine: 0x8664 - amd64 |
| 28 | | 3f50.3ee0: Timestamp: 0x99ca0526 |
| 29 | | 3f50.3ee0: Image Version: 10.0 |
| 30 | | 3f50.3ee0: SizeOfImage: 0x1f0000 (2031616) |
| 31 | | 3f50.3ee0: Resource Dir: 0x17f000 LB 0x6f310 |
| 32 | | 3f50.3ee0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 33 | | 3f50.3ee0: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)] |
| 34 | | 3f50.3ee0: ProductName: Microsoft® Windows® Operating System |
| 35 | | 3f50.3ee0: ProductVersion: 10.0.18362.418 |
| 36 | | 3f50.3ee0: FileVersion: 10.0.18362.418 (WinBuild.160101.0800) |
| 37 | | 3f50.3ee0: FileDescription: NT Layer DLL |
| 38 | | 3f50.3ee0: \SystemRoot\System32\kernel32.dll: |
| 39 | | 3f50.3ee0: CreationTime: 2019-10-14T21:52:08.880289300Z |
| 40 | | 3f50.3ee0: LastWriteTime: 2019-10-14T21:52:08.895892800Z |
| 41 | | 3f50.3ee0: ChangeTime: 2019-12-10T23:38:01.396101400Z |
| 42 | | 3f50.3ee0: FileAttributes: 0x20 |
| 43 | | 3f50.3ee0: Size: 0xb0570 |
| 44 | | 3f50.3ee0: NT Headers: 0xe8 |
| 45 | | 3f50.3ee0: Timestamp: 0xd0cecc10 |
| 46 | | 3f50.3ee0: Machine: 0x8664 - amd64 |
| 47 | | 3f50.3ee0: Timestamp: 0xd0cecc10 |
| 48 | | 3f50.3ee0: Image Version: 10.0 |
| 49 | | 3f50.3ee0: SizeOfImage: 0xb2000 (729088) |
| 50 | | 3f50.3ee0: Resource Dir: 0xb0000 LB 0x520 |
| 51 | | 3f50.3ee0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 52 | | 3f50.3ee0: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] |
| 53 | | 3f50.3ee0: ProductName: Microsoft® Windows® Operating System |
| 54 | | 3f50.3ee0: ProductVersion: 10.0.18362.329 |
| 55 | | 3f50.3ee0: FileVersion: 10.0.18362.329 (WinBuild.160101.0800) |
| 56 | | 3f50.3ee0: FileDescription: Windows NT BASE API Client DLL |
| 57 | | 3f50.3ee0: \SystemRoot\System32\KernelBase.dll: |
| 58 | | 3f50.3ee0: CreationTime: 2019-12-10T23:37:24.476465800Z |
| 59 | | 3f50.3ee0: LastWriteTime: 2019-12-10T23:37:24.592153100Z |
| 60 | | 3f50.3ee0: ChangeTime: 2019-12-11T09:32:25.829231400Z |
| 61 | | 3f50.3ee0: FileAttributes: 0x20 |
| 62 | | 3f50.3ee0: Size: 0x2a2638 |
| 63 | | 3f50.3ee0: NT Headers: 0xf0 |
| 64 | | 3f50.3ee0: Timestamp: 0x50cc8d5a |
| 65 | | 3f50.3ee0: Machine: 0x8664 - amd64 |
| 66 | | 3f50.3ee0: Timestamp: 0x50cc8d5a |
| 67 | | 3f50.3ee0: Image Version: 10.0 |
| 68 | | 3f50.3ee0: SizeOfImage: 0x2a3000 (2764800) |
| 69 | | 3f50.3ee0: Resource Dir: 0x27d000 LB 0x548 |
| 70 | | 3f50.3ee0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 71 | | 3f50.3ee0: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] |
| 72 | | 3f50.3ee0: ProductName: Microsoft® Windows® Operating System |
| 73 | | 3f50.3ee0: ProductVersion: 10.0.18362.535 |
| 74 | | 3f50.3ee0: FileVersion: 10.0.18362.535 (WinBuild.160101.0800) |
| 75 | | 3f50.3ee0: FileDescription: Windows NT BASE API Client DLL |
| 76 | | 3f50.3ee0: \SystemRoot\System32\apisetschema.dll: |
| 77 | | 3f50.3ee0: CreationTime: 2019-03-19T04:43:54.837151500Z |
| 78 | | 3f50.3ee0: LastWriteTime: 2019-03-19T04:43:54.837151500Z |
| 79 | | 3f50.3ee0: ChangeTime: 2019-12-10T23:38:01.351221300Z |
| 80 | | 3f50.3ee0: FileAttributes: 0x20 |
| 81 | | 3f50.3ee0: Size: 0x1d028 |
| 82 | | 3f50.3ee0: NT Headers: 0xc8 |
| 83 | | 3f50.3ee0: Timestamp: 0xd6ced080 |
| 84 | | 3f50.3ee0: Machine: 0x8664 - amd64 |
| 85 | | 3f50.3ee0: Timestamp: 0xd6ced080 |
| 86 | | 3f50.3ee0: Image Version: 10.0 |
| 87 | | 3f50.3ee0: SizeOfImage: 0x1e000 (122880) |
| 88 | | 3f50.3ee0: Resource Dir: 0x1d000 LB 0x408 |
| 89 | | 3f50.3ee0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 90 | | 3f50.3ee0: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)] |
| 91 | | 3f50.3ee0: ProductName: Microsoft® Windows® Operating System |
| 92 | | 3f50.3ee0: ProductVersion: 10.0.18362.1 |
| 93 | | 3f50.3ee0: FileVersion: 10.0.18362.1 (WinBuild.160101.0800) |
| 94 | | 3f50.3ee0: FileDescription: ApiSet Schema DLL |
| 95 | | 3f50.3ee0: NtOpenDirectoryObject failed on \Driver: 0xc0000022 |
| 96 | | 3f50.3ee0: supR3HardenedWinFindAdversaries: 0x40 |
| 97 | | 3f50.3ee0: \SystemRoot\System32\drivers\klflt.sys: |
| 98 | | 3f50.3ee0: CreationTime: 2019-10-29T19:14:39.888045400Z |
| 99 | | 3f50.3ee0: LastWriteTime: 2020-04-13T10:51:55.718184300Z |
| 100 | | 3f50.3ee0: ChangeTime: 2020-04-13T10:51:55.718184300Z |
| 101 | | 3f50.3ee0: FileAttributes: 0x20 |
| 102 | | 3f50.3ee0: Size: 0x3d798 |
| 103 | | 3f50.3ee0: NT Headers: 0x100 |
| 104 | | 3f50.3ee0: Timestamp: 0x70232f61 |
| 105 | | 3f50.3ee0: Machine: 0x8664 - amd64 |
| 106 | | 3f50.3ee0: Timestamp: 0x70232f61 |
| 107 | | 3f50.3ee0: Image Version: 6.1 |
| 108 | | 3f50.3ee0: SizeOfImage: 0x4a000 (303104) |
| 109 | | 3f50.3ee0: Resource Dir: 0x47000 LB 0x418 |
| 110 | | 3f50.3ee0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 111 | | 3f50.3ee0: [Raw version resource data: 0x47060 LB 0x3b8, codepage 0x0 (reserved 0x0)] |
| 112 | | 3f50.3ee0: ProductName: Coretech Delivery |
| 113 | | 3f50.3ee0: ProductVersion: 30.347.47.0 |
| 114 | | 3f50.3ee0: FileVersion: 30.347.47.0 |
| 115 | | 3f50.3ee0: FileDescription: Filter Core [fre_win7_amd64] |
| 116 | | 3f50.3ee0: \SystemRoot\System32\drivers\klif.sys: |
| 117 | | 3f50.3ee0: CreationTime: 2019-10-29T19:14:40.127821000Z |
| 118 | | 3f50.3ee0: LastWriteTime: 2020-04-13T10:51:55.865790400Z |
| 119 | | 3f50.3ee0: ChangeTime: 2020-04-13T10:51:55.865790400Z |
| 120 | | 3f50.3ee0: FileAttributes: 0x20 |
| 121 | | 3f50.3ee0: Size: 0xf3b98 |
| 122 | | 3f50.3ee0: NT Headers: 0xf8 |
| 123 | | 3f50.3ee0: Timestamp: 0x5e6be381 |
| 124 | | 3f50.3ee0: Machine: 0x8664 - amd64 |
| 125 | | 3f50.3ee0: Timestamp: 0x5e6be381 |
| 126 | | 3f50.3ee0: Image Version: 6.1 |
| 127 | | 3f50.3ee0: SizeOfImage: 0xf4000 (999424) |
| 128 | | 3f50.3ee0: Resource Dir: 0xeb000 LB 0x33f8 |
| 129 | | 3f50.3ee0: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 130 | | 3f50.3ee0: [Raw version resource data: 0xee028 LB 0x3d0, codepage 0x0 (reserved 0x0)] |
| 131 | | 3f50.3ee0: ProductName: Coretech Delivery |
| 132 | | 3f50.3ee0: ProductVersion: 30.347.47.0 |
| 133 | | 3f50.3ee0: FileVersion: 30.347.47.0 |
| 134 | | 3f50.3ee0: FileDescription: Core System Interceptors [fre_win7_amd64] |
| 135 | | 3f50.3ee0: \SystemRoot\System32\drivers\klim6.sys: |
| 136 | | 3f50.3ee0: CreationTime: 2019-03-19T04:21:06.000000000Z |
| 137 | | 3f50.3ee0: LastWriteTime: 2019-03-19T04:21:06.000000000Z |
| 138 | | 3f50.3ee0: ChangeTime: 2019-10-29T19:15:00.994361000Z |
| 139 | | 3f50.3ee0: FileAttributes: 0x20 |
| 140 | | 3f50.3ee0: Size: 0xe350 |
| 141 | | 3f50.3ee0: NT Headers: 0xe0 |
| 142 | | 3f50.3ee0: Timestamp: 0x54ad405e |
| 143 | | 3f50.3ee0: Machine: 0x8664 - amd64 |
| 144 | | 3f50.3ee0: Timestamp: 0x54ad405e |
| 145 | | 3f50.3ee0: Image Version: 6.1 |
| 146 | | 3f50.3ee0: SizeOfImage: 0xb000 (45056) |
| 147 | | 3f50.3ee0: Resource Dir: 0x9000 LB 0x430 |
| 148 | | 3f50.3ee0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 149 | | 3f50.3ee0: [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)] |
| 150 | | 3f50.3ee0: ProductName: Coretech Delivery |
| 151 | | 3f50.3ee0: ProductVersion: 30.0.3724.0 |
| 152 | | 3f50.3ee0: FileVersion: 30.0.3724.0 |
| 153 | | 3f50.3ee0: FileDescription: Packet Network Filter [fre_win7_amd64] |
| 154 | | 3f50.3ee0: \SystemRoot\System32\drivers\klkbdflt.sys: |
| 155 | | 3f50.3ee0: CreationTime: 2019-03-17T23:11:30.000000000Z |
| 156 | | 3f50.3ee0: LastWriteTime: 2020-04-13T10:51:55.931614300Z |
| 157 | | 3f50.3ee0: ChangeTime: 2020-04-13T10:51:55.931614300Z |
| 158 | | 3f50.3ee0: FileAttributes: 0x20 |
| 159 | | 3f50.3ee0: Size: 0x13790 |
| 160 | | 3f50.3ee0: NT Headers: 0xf8 |
| 161 | | 3f50.3ee0: Timestamp: 0x6193eeca |
| 162 | | 3f50.3ee0: Machine: 0x8664 - amd64 |
| 163 | | 3f50.3ee0: Timestamp: 0x6193eeca |
| 164 | | 3f50.3ee0: Image Version: 6.1 |
| 165 | | 3f50.3ee0: SizeOfImage: 0x12000 (73728) |
| 166 | | 3f50.3ee0: Resource Dir: 0x10000 LB 0x440 |
| 167 | | 3f50.3ee0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 168 | | 3f50.3ee0: [Raw version resource data: 0x10060 LB 0x3dc, codepage 0x0 (reserved 0x0)] |
| 169 | | 3f50.3ee0: ProductName: Coretech Delivery |
| 170 | | 3f50.3ee0: ProductVersion: 30.256.110.0 |
| 171 | | 3f50.3ee0: FileVersion: 30.256.110.0 |
| 172 | | 3f50.3ee0: FileDescription: Keyboard Device Filter [fre_win7_amd64] |
| 173 | | 3f50.3ee0: \SystemRoot\System32\drivers\klmouflt.sys: |
| 174 | | 3f50.3ee0: CreationTime: 2019-03-17T22:50:34.000000000Z |
| 175 | | 3f50.3ee0: LastWriteTime: 2019-03-17T22:50:34.000000000Z |
| 176 | | 3f50.3ee0: ChangeTime: 2019-10-29T19:15:00.619448000Z |
| 177 | | 3f50.3ee0: FileAttributes: 0x20 |
| 178 | | 3f50.3ee0: Size: 0xe878 |
| 179 | | 3f50.3ee0: NT Headers: 0xe8 |
| 180 | | 3f50.3ee0: Timestamp: 0xab7b625 |
| 181 | | 3f50.3ee0: Machine: 0x8664 - amd64 |
| 182 | | 3f50.3ee0: Timestamp: 0xab7b625 |
| 183 | | 3f50.3ee0: Image Version: 6.1 |
| 184 | | 3f50.3ee0: SizeOfImage: 0xe000 (57344) |
| 185 | | 3f50.3ee0: Resource Dir: 0xc000 LB 0x430 |
| 186 | | 3f50.3ee0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 187 | | 3f50.3ee0: [Raw version resource data: 0xc060 LB 0x3d0, codepage 0x0 (reserved 0x0)] |
| 188 | | 3f50.3ee0: ProductName: Coretech Delivery |
| 189 | | 3f50.3ee0: ProductVersion: 30.0.3716.0 |
| 190 | | 3f50.3ee0: FileVersion: 30.0.3716.0 |
| 191 | | 3f50.3ee0: FileDescription: Mouse Device Filter [fre_win7_amd64] |
| 192 | | 3f50.3ee0: \SystemRoot\System32\drivers\kneps.sys: |
| 193 | | 3f50.3ee0: CreationTime: 2019-03-18T23:31:38.000000000Z |
| 194 | | 3f50.3ee0: LastWriteTime: 2020-04-13T10:51:56.055282500Z |
| 195 | | 3f50.3ee0: ChangeTime: 2020-04-13T10:51:56.055282500Z |
| 196 | | 3f50.3ee0: FileAttributes: 0x20 |
| 197 | | 3f50.3ee0: Size: 0x38b98 |
| 198 | | 3f50.3ee0: NT Headers: 0x108 |
| 199 | | 3f50.3ee0: Timestamp: 0xe34c73f4 |
| 200 | | 3f50.3ee0: Machine: 0x8664 - amd64 |
| 201 | | 3f50.3ee0: Timestamp: 0xe34c73f4 |
| 202 | | 3f50.3ee0: Image Version: 6.1 |
| 203 | | 3f50.3ee0: SizeOfImage: 0x38000 (229376) |
| 204 | | 3f50.3ee0: Resource Dir: 0x35000 LB 0x428 |
| 205 | | 3f50.3ee0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 206 | | 3f50.3ee0: [Raw version resource data: 0x35060 LB 0x3c4, codepage 0x0 (reserved 0x0)] |
| 207 | | 3f50.3ee0: ProductName: Coretech Delivery |
| 208 | | 3f50.3ee0: ProductVersion: 30.347.28.0 |
| 209 | | 3f50.3ee0: FileVersion: 30.347.28.0 |
| 210 | | 3f50.3ee0: FileDescription: Network Processor [fre_win7_amd64] |
| 211 | | 3f50.3ee0: \SystemRoot\System32\klfphc.dll: |
| 212 | | 3f50.3ee0: CreationTime: 2019-10-29T19:14:58.573052500Z |
| 213 | | 3f50.3ee0: LastWriteTime: 2013-05-06T05:13:26.000000000Z |
| 214 | | 3f50.3ee0: ChangeTime: 2019-10-29T19:14:46.750433600Z |
| 215 | | 3f50.3ee0: FileAttributes: 0x20 |
| 216 | | 3f50.3ee0: Size: 0x1ae60 |
| 217 | | 3f50.3ee0: NT Headers: 0xe8 |
| 218 | | 3f50.3ee0: Timestamp: 0x51873bf2 |
| 219 | | 3f50.3ee0: Machine: 0x8664 - amd64 |
| 220 | | 3f50.3ee0: Timestamp: 0x51873bf2 |
| 221 | | 3f50.3ee0: Image Version: 0.0 |
| 222 | | 3f50.3ee0: SizeOfImage: 0x1d000 (118784) |
| 223 | | 3f50.3ee0: Resource Dir: 0x18000 LB 0x3c80 |
| 224 | | 3f50.3ee0: [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 225 | | 3f50.3ee0: [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)] |
| 226 | | 3f50.3ee0: ProductName: Kaspersky™ Anti-Virus ® |
| 227 | | 3f50.3ee0: ProductVersion: 1.0.0.12 |
| 228 | | 3f50.3ee0: FileVersion: 1.0.0.12 |
| 229 | | 3f50.3ee0: FileDescription: Filtering Platform Helper Class |
| 230 | | 3f50.3ee0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' |
| 231 | | 3f50.3ee0: Calling main() |
| 232 | | 3f50.3ee0: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 |
| 233 | | 3f50.3ee0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' |
| 234 | | 3f50.3ee0: SUPR3HardenedMain: Respawn #1 |
| 235 | | 3f50.3ee0: System32: \Device\HarddiskVolume5\Windows\System32 |
| 236 | | 3f50.3ee0: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS |
| 237 | | 3f50.3ee0: KnownDllPath: C:\WINDOWS\System32 |
| 238 | | 3f50.3ee0: supR3HardenedWinInit: Performing a limited self purification... |
| 239 | | 3f50.3ee0: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION |
| 240 | | 3f50.3ee0: *0000000000000000-0000000000a7ffff 0x0001/0x0000 0x0000000 |
| 241 | | 3f50.3ee0: *0000000000a80000-0000000000a8ffff 0x0004/0x0004 0x0040000 |
| 242 | | 3f50.3ee0: *0000000000a90000-0000000000a9efff 0x0004/0x0004 0x0020000 |
| 243 | | 3f50.3ee0: 0000000000a9f000-0000000000a9ffff 0x0000/0x0004 0x0020000 |
| 244 | | 3f50.3ee0: *0000000000aa0000-0000000000abafff 0x0002/0x0002 0x0040000 |
| 245 | | 3f50.3ee0: 0000000000abb000-0000000000abffff 0x0001/0x0000 0x0000000 |
| 246 | | 3f50.3ee0: *0000000000ac0000-0000000000b70fff 0x0000/0x0004 0x0020000 |
| 247 | | 3f50.3ee0: 0000000000b71000-0000000000b73fff 0x0104/0x0004 0x0020000 |
| 248 | | 3f50.3ee0: 0000000000b74000-0000000000bbffff 0x0004/0x0004 0x0020000 |
| 249 | | 3f50.3ee0: *0000000000bc0000-0000000000bc3fff 0x0002/0x0002 0x0040000 |
| 250 | | 3f50.3ee0: 0000000000bc4000-0000000000bcffff 0x0001/0x0000 0x0000000 |
| 251 | | 3f50.3ee0: *0000000000bd0000-0000000000bd1fff 0x0004/0x0004 0x0020000 |
| 252 | | 3f50.3ee0: 0000000000bd2000-0000000000bdffff 0x0001/0x0000 0x0000000 |
| 253 | | 3f50.3ee0: *0000000000be0000-0000000000be1fff 0x0004/0x0004 0x0020000 |
| 254 | | 3f50.3ee0: 0000000000be2000-0000000000bf9fff 0x0000/0x0004 0x0020000 |
| 255 | | 3f50.3ee0: 0000000000bfa000-0000000000bfffff 0x0001/0x0000 0x0000000 |
| 256 | | 3f50.3ee0: *0000000000c00000-0000000000ccafff 0x0000/0x0004 0x0020000 |
| 257 | | 3f50.3ee0: 0000000000ccb000-0000000000ccdfff 0x0004/0x0004 0x0020000 |
| 258 | | 3f50.3ee0: 0000000000cce000-0000000000dfffff 0x0000/0x0004 0x0020000 |
| 259 | | 3f50.3ee0: *0000000000e00000-0000000000ec6fff 0x0002/0x0002 0x0040000 |
| 260 | | 3f50.3ee0: 0000000000ec7000-0000000000f8ffff 0x0001/0x0000 0x0000000 |
| 261 | | 3f50.3ee0: *0000000000f90000-0000000000f95fff 0x0004/0x0004 0x0020000 |
| 262 | | 3f50.3ee0: 0000000000f96000-000000000108ffff 0x0000/0x0004 0x0020000 |
| 263 | | 3f50.3ee0: *0000000001090000-0000000001090fff 0x0000/0x0004 0x0020000 |
| 264 | | 3f50.3ee0: 0000000001091000-0000000001281fff 0x0004/0x0004 0x0020000 |
| 265 | | 3f50.3ee0: 0000000001282000-0000000001282fff 0x0000/0x0004 0x0020000 |
| 266 | | 3f50.3ee0: 0000000001283000-000000000128ffff 0x0001/0x0000 0x0000000 |
| 267 | | 3f50.3ee0: *0000000001290000-00000000012acfff 0x0004/0x0004 0x0020000 |
| 268 | | 3f50.3ee0: 00000000012ad000-000000000138ffff 0x0000/0x0004 0x0020000 |
| 269 | | 3f50.3ee0: 0000000001390000-000000007ffdffff 0x0001/0x0000 0x0000000 |
| 270 | | 3f50.3ee0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 |
| 271 | | 3f50.3ee0: 000000007ffe1000-000000007ffe3fff 0x0001/0x0000 0x0000000 |
| 272 | | 3f50.3ee0: *000000007ffe4000-000000007ffe4fff 0x0002/0x0002 0x0020000 |
| 273 | | 3f50.3ee0: 000000007ffe5000-00007ff47768ffff 0x0001/0x0000 0x0000000 |
| 274 | | 3f50.3ee0: *00007ff477690000-00007ff477694fff 0x0002/0x0002 0x0040000 |
| 275 | | 3f50.3ee0: 00007ff477695000-00007ff47778ffff 0x0000/0x0002 0x0040000 |
| 276 | | 3f50.3ee0: *00007ff477790000-00007ff5777affff 0x0000/0x0004 0x0020000 |
| 277 | | 3f50.3ee0: *00007ff5777b0000-00007ff5797affff 0x0000/0x0004 0x0020000 |
| 278 | | 3f50.3ee0: 00007ff5797b0000-00007ff5797b0fff 0x0004/0x0004 0x0020000 |
| 279 | | 3f50.3ee0: 00007ff5797b1000-00007ff5797bffff 0x0001/0x0000 0x0000000 |
| 280 | | 3f50.3ee0: *00007ff5797c0000-00007ff5797c0fff 0x0002/0x0002 0x0040000 |
| 281 | | 3f50.3ee0: 00007ff5797c1000-00007ff5797cffff 0x0001/0x0000 0x0000000 |
| 282 | | 3f50.3ee0: *00007ff5797d0000-00007ff5797f2fff 0x0002/0x0002 0x0040000 |
| 283 | | 3f50.3ee0: 00007ff5797f3000-00007ff6c39bffff 0x0001/0x0000 0x0000000 |
| 284 | | 3f50.3ee0: *00007ff6c39c0000-00007ff6c39c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 285 | | 3f50.3ee0: 00007ff6c39c1000-00007ff6c3a36fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 286 | | 3f50.3ee0: 00007ff6c3a37000-00007ff6c3a37fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 287 | | 3f50.3ee0: 00007ff6c3a38000-00007ff6c3a7ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 288 | | 3f50.3ee0: 00007ff6c3a80000-00007ff6c3a82fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 289 | | 3f50.3ee0: 00007ff6c3a83000-00007ff6c3a85fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 290 | | 3f50.3ee0: 00007ff6c3a86000-00007ff6c3a88fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 291 | | 3f50.3ee0: 00007ff6c3a89000-00007ff6c3a89fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 292 | | 3f50.3ee0: 00007ff6c3a8a000-00007ff6c3a8bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 293 | | 3f50.3ee0: 00007ff6c3a8c000-00007ff6c3a8cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 294 | | 3f50.3ee0: 00007ff6c3a8d000-00007ff6c3ad5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 295 | | 3f50.3ee0: 00007ff6c3ad6000-00007ff9f32bffff 0x0001/0x0000 0x0000000 |
| 296 | | 3f50.3ee0: *00007ff9f32c0000-00007ff9f32c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\KernelBase.dll |
| 297 | | 3f50.3ee0: 00007ff9f32c1000-00007ff9f33c5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\KernelBase.dll |
| 298 | | 3f50.3ee0: 00007ff9f33c6000-00007ff9f3527fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\KernelBase.dll |
| 299 | | 3f50.3ee0: 00007ff9f3528000-00007ff9f352bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\KernelBase.dll |
| 300 | | 3f50.3ee0: 00007ff9f352c000-00007ff9f352cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\KernelBase.dll |
| 301 | | 3f50.3ee0: 00007ff9f352d000-00007ff9f3562fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\KernelBase.dll |
| 302 | | 3f50.3ee0: 00007ff9f3563000-00007ff9f558ffff 0x0001/0x0000 0x0000000 |
| 303 | | 3f50.3ee0: *00007ff9f5590000-00007ff9f5590fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\kernel32.dll |
| 304 | | 3f50.3ee0: 00007ff9f5591000-00007ff9f5605fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\kernel32.dll |
| 305 | | 3f50.3ee0: 00007ff9f5606000-00007ff9f5637fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\kernel32.dll |
| 306 | | 3f50.3ee0: 00007ff9f5638000-00007ff9f5638fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\kernel32.dll |
| 307 | | 3f50.3ee0: 00007ff9f5639000-00007ff9f5639fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\kernel32.dll |
| 308 | | 3f50.3ee0: 00007ff9f563a000-00007ff9f5641fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\kernel32.dll |
| 309 | | 3f50.3ee0: 00007ff9f5642000-00007ff9f593ffff 0x0001/0x0000 0x0000000 |
| 310 | | 3f50.3ee0: *00007ff9f5940000-00007ff9f5940fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll |
| 311 | | 3f50.3ee0: 00007ff9f5941000-00007ff9f5a57fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll |
| 312 | | 3f50.3ee0: 00007ff9f5a58000-00007ff9f5a9efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll |
| 313 | | 3f50.3ee0: 00007ff9f5a9f000-00007ff9f5a9ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll |
| 314 | | 3f50.3ee0: 00007ff9f5aa0000-00007ff9f5aa1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll |
| 315 | | 3f50.3ee0: 00007ff9f5aa2000-00007ff9f5aaafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll |
| 316 | | 3f50.3ee0: 00007ff9f5aab000-00007ff9f5b2ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll |
| 317 | | 3f50.3ee0: 00007ff9f5b30000-00007ffffffeffff 0x0001/0x0000 0x0000000 |
| 318 | | 3f50.3ee0: kernel32.dll: timestamp 0xd0cecc10 (rc=VINF_SUCCESS) |
| 319 | | 3f50.3ee0: kernelbase.dll: timestamp 0x50cc8d5a (rc=VINF_SUCCESS) |
| 320 | | 3f50.3ee0: VirtualBoxVM.exe: timestamp 0x5ed9201b (rc=VINF_SUCCESS) |
| 321 | | 3f50.3ee0: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports |
| 322 | | 3f50.3ee0: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports |
| 323 | | 3f50.3ee0: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0 |
| 324 | | 3f50.3ee0: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports |
| 325 | | 3f50.3ee0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) |
| 326 | | 3f50.3ee0: supR3HardNtEnableThreadCreationEx: |
| 327 | | 3f50.3ee0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9f59b17f0 pvNtTerminateThread=00007ff9f59dcb10 |
| 328 | | 3f50.3ee0: supR3HardenedWinDoReSpawn(1): New child 16dc.a34 [kernel32]. |
| 329 | | 3f50.3ee0: supR3HardNtChildGatherData: PebBaseAddress=00000000005e3000 cbPeb=0x388 |
| 330 | | 3f50.3ee0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff9f5940000 uNtDllChildAddr=00007ff9f5940000 |
| 331 | | 3f50.3ee0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9f59b17f0 |
| 332 | | 3f50.3ee0: supR3HardenedWinSetupChildInit: Initial context: |
| 333 | | rax=0000000000000000 rbx=0000000000000000 rcx=00007ff6c39c7900 rdx=00000000005e3000 |
| 334 | | rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000 |
| 335 | | r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 |
| 336 | | r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000 |
| 337 | | rip=00007ff9f59aceb0 rsp=000000000071f948 rbp=0000000000000000 ctxflags=0010001b |
| 338 | | cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80 |
| 339 | | P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000 |
| 340 | | dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000 |
| 341 | | dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000 |
| 342 | | lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000 |
| 343 | | 3f50.3ee0: supR3HardenedWinSetupChildInit: Start child. |
| 344 | | 3f50.3ee0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. |
| 345 | | 3f50.3ee0: supR3HardNtChildPurify: Startup delay kludge #1/0: 519 ms, 58 sleeps |
| 346 | | 3f50.3ee0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION |
| 347 | | 3f50.3ee0: *0000000000000000-00000000003dffff 0x0001/0x0000 0x0000000 |
| 348 | | 3f50.3ee0: *00000000003e0000-00000000003fffff 0x0004/0x0004 0x0020000 |
| 349 | | 3f50.3ee0: *0000000000400000-00000000005e2fff 0x0000/0x0004 0x0020000 |
| 350 | | 3f50.3ee0: 00000000005e3000-00000000005e5fff 0x0004/0x0004 0x0020000 |
| 351 | | 3f50.3ee0: 00000000005e6000-00000000005fffff 0x0000/0x0004 0x0020000 |
| 352 | | 3f50.3ee0: *0000000000600000-000000000061afff 0x0002/0x0002 0x0040000 |
| 353 | | 3f50.3ee0: 000000000061b000-000000000061ffff 0x0001/0x0000 0x0000000 |
| 354 | | 3f50.3ee0: *0000000000620000-000000000071afff 0x0000/0x0004 0x0020000 |
| 355 | | 3f50.3ee0: 000000000071b000-000000000071dfff 0x0104/0x0004 0x0020000 |
| 356 | | 3f50.3ee0: 000000000071e000-000000000071ffff 0x0004/0x0004 0x0020000 |
| 357 | | 3f50.3ee0: *0000000000720000-0000000000723fff 0x0002/0x0002 0x0040000 |
| 358 | | 3f50.3ee0: 0000000000724000-000000000072ffff 0x0001/0x0000 0x0000000 |
| 359 | | 3f50.3ee0: *0000000000730000-0000000000731fff 0x0004/0x0004 0x0020000 |
| 360 | | 3f50.3ee0: 0000000000732000-000000007ffdffff 0x0001/0x0000 0x0000000 |
| 361 | | 3f50.3ee0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 |
| 362 | | 3f50.3ee0: 000000007ffe1000-000000007ffe3fff 0x0001/0x0000 0x0000000 |
| 363 | | 3f50.3ee0: *000000007ffe4000-000000007ffe4fff 0x0002/0x0002 0x0020000 |
| 364 | | 3f50.3ee0: 000000007ffe5000-00007ff522adffff 0x0001/0x0000 0x0000000 |
| 365 | | 3f50.3ee0: *00007ff522ae0000-00007ff522ae0fff 0x0002/0x0002 0x0040000 |
| 366 | | 3f50.3ee0: 00007ff522ae1000-00007ff522aeffff 0x0001/0x0000 0x0000000 |
| 367 | | 3f50.3ee0: *00007ff522af0000-00007ff522b12fff 0x0002/0x0002 0x0040000 |
| 368 | | 3f50.3ee0: 00007ff522b13000-00007ff6c39bffff 0x0001/0x0000 0x0000000 |
| 369 | | 3f50.3ee0: *00007ff6c39c0000-00007ff6c39c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 370 | | 3f50.3ee0: 00007ff6c39c1000-00007ff6c3a36fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 371 | | 3f50.3ee0: 00007ff6c3a37000-00007ff6c3a37fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 372 | | 3f50.3ee0: 00007ff6c3a38000-00007ff6c3a7ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 373 | | 3f50.3ee0: 00007ff6c3a80000-00007ff6c3a80fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 374 | | 3f50.3ee0: 00007ff6c3a81000-00007ff6c3a81fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 375 | | 3f50.3ee0: 00007ff6c3a82000-00007ff6c3a86fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 376 | | 3f50.3ee0: 00007ff6c3a87000-00007ff6c3a87fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 377 | | 3f50.3ee0: 00007ff6c3a88000-00007ff6c3a88fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 378 | | 3f50.3ee0: 00007ff6c3a89000-00007ff6c3a8cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 379 | | 3f50.3ee0: 00007ff6c3a8d000-00007ff6c3ad5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 380 | | 3f50.3ee0: 00007ff6c3ad6000-00007ff9f593ffff 0x0001/0x0000 0x0000000 |
| 381 | | 3f50.3ee0: *00007ff9f5940000-00007ff9f5940fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll |
| 382 | | 3f50.3ee0: 00007ff9f5941000-00007ff9f5a57fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll |
| 383 | | 3f50.3ee0: 00007ff9f5a58000-00007ff9f5a9efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll |
| 384 | | 3f50.3ee0: 00007ff9f5a9f000-00007ff9f5aaafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll |
| 385 | | 3f50.3ee0: 00007ff9f5aab000-00007ff9f5ab9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll |
| 386 | | 3f50.3ee0: 00007ff9f5aba000-00007ff9f5abafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll |
| 387 | | 3f50.3ee0: 00007ff9f5abb000-00007ff9f5abdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll |
| 388 | | 3f50.3ee0: 00007ff9f5abe000-00007ff9f5b2ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll |
| 389 | | 3f50.3ee0: 00007ff9f5b30000-00007ffffffeffff 0x0001/0x0000 0x0000000 |
| 390 | | 3f50.3ee0: supR3HardNtChildPurify: Done after 523 ms and 0 fixes (loop #0). |
| 391 | | 16dc.a34: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00 |
| 392 | | 16dc.a34: supR3HardenedVmProcessInit: uNtDllAddr=00007ff9f5940000 g_uNtVerCombined=0xa047ba00 (stack ~000000000071f3d8) |
| 393 | | 16dc.a34: ntdll.dll: timestamp 0x99ca0526 (rc=VINF_SUCCESS) |
| 394 | | 16dc.a34: New simple heap: #1 0000000000840000 LB 0x400000 (for 2031616 allocation) |
| 395 | | 16dc.a34: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' |
| 396 | | 3f50.3ee0: supR3HardNtEnableThreadCreationEx: |
| 397 | | 16dc.a34: System32: \Device\HarddiskVolume5\Windows\System32 |
| 398 | | 16dc.a34: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS |
| 399 | | 16dc.a34: KnownDllPath: C:\WINDOWS\System32 |
| 400 | | 16dc.a34: supR3HardenedVmProcessInit: Opening vboxdrv stub... |
| 401 | | 16dc.a34: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... |
| 402 | | 16dc.a34: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... |
| 403 | | 16dc.a34: Registered Dll notification callback with NTDLL. |
| 404 | | 16dc.a34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll) |
| 405 | | 16dc.a34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll |
| 406 | | 16dc.a34: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling] |
| 407 | | 16dc.a34: supR3HardenedDllNotificationCallback: load 00007ff9f32c0000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] |
| 408 | | 16dc.a34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll) |
| 409 | | 16dc.a34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll |
| 410 | | 16dc.a34: supR3HardenedDllNotificationCallback: load 00007ff9f5590000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] |
| 411 | | 16dc.a34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust] |
| 412 | | 16dc.a34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5590000 'C:\WINDOWS\System32\KERNEL32.DLL' |
| 413 | | 16dc.a34: supR3HardenedDllNotificationCallback: load 00007ff6c39c0000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0] |
| 414 | | 16dc.a34: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports |
| 415 | | 16dc.a34: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) |
| 416 | | 16dc.a34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 417 | | 16dc.a34: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9f59b17f0 pvNtTerminateThread=00007ff9f59dcb10 |
| 418 | | 3f50.3ee0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 103 ms. |
| 419 | | 16dc.a34: \SystemRoot\System32\ntdll.dll: |
| 420 | | 16dc.a34: CreationTime: 2019-10-15T01:27:38.187278500Z |
| 421 | | 16dc.a34: LastWriteTime: 2019-10-15T01:27:38.258088700Z |
| 422 | | 16dc.a34: ChangeTime: 2019-12-10T23:38:02.237850100Z |
| 423 | | 16dc.a34: FileAttributes: 0x20 |
| 424 | | 16dc.a34: Size: 0x1e8528 |
| 425 | | 16dc.a34: NT Headers: 0xd8 |
| 426 | | 16dc.a34: Timestamp: 0x99ca0526 |
| 427 | | 16dc.a34: Machine: 0x8664 - amd64 |
| 428 | | 16dc.a34: Timestamp: 0x99ca0526 |
| 429 | | 16dc.a34: Image Version: 10.0 |
| 430 | | 16dc.a34: SizeOfImage: 0x1f0000 (2031616) |
| 431 | | 16dc.a34: Resource Dir: 0x17f000 LB 0x6f310 |
| 432 | | 16dc.a34: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 433 | | 16dc.a34: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)] |
| 434 | | 16dc.a34: ProductName: Microsoft® Windows® Operating System |
| 435 | | 16dc.a34: ProductVersion: 10.0.18362.418 |
| 436 | | 16dc.a34: FileVersion: 10.0.18362.418 (WinBuild.160101.0800) |
| 437 | | 16dc.a34: FileDescription: NT Layer DLL |
| 438 | | 16dc.a34: \SystemRoot\System32\kernel32.dll: |
| 439 | | 16dc.a34: CreationTime: 2019-10-14T21:52:08.880289300Z |
| 440 | | 16dc.a34: LastWriteTime: 2019-10-14T21:52:08.895892800Z |
| 441 | | 16dc.a34: ChangeTime: 2019-12-10T23:38:01.396101400Z |
| 442 | | 16dc.a34: FileAttributes: 0x20 |
| 443 | | 16dc.a34: Size: 0xb0570 |
| 444 | | 16dc.a34: NT Headers: 0xe8 |
| 445 | | 16dc.a34: Timestamp: 0xd0cecc10 |
| 446 | | 16dc.a34: Machine: 0x8664 - amd64 |
| 447 | | 16dc.a34: Timestamp: 0xd0cecc10 |
| 448 | | 16dc.a34: Image Version: 10.0 |
| 449 | | 16dc.a34: SizeOfImage: 0xb2000 (729088) |
| 450 | | 16dc.a34: Resource Dir: 0xb0000 LB 0x520 |
| 451 | | 16dc.a34: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 452 | | 16dc.a34: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] |
| 453 | | 16dc.a34: ProductName: Microsoft® Windows® Operating System |
| 454 | | 16dc.a34: ProductVersion: 10.0.18362.329 |
| 455 | | 16dc.a34: FileVersion: 10.0.18362.329 (WinBuild.160101.0800) |
| 456 | | 16dc.a34: FileDescription: Windows NT BASE API Client DLL |
| 457 | | 16dc.a34: \SystemRoot\System32\KernelBase.dll: |
| 458 | | 16dc.a34: CreationTime: 2019-12-10T23:37:24.476465800Z |
| 459 | | 16dc.a34: LastWriteTime: 2019-12-10T23:37:24.592153100Z |
| 460 | | 16dc.a34: ChangeTime: 2019-12-11T09:32:25.829231400Z |
| 461 | | 16dc.a34: FileAttributes: 0x20 |
| 462 | | 16dc.a34: Size: 0x2a2638 |
| 463 | | 16dc.a34: NT Headers: 0xf0 |
| 464 | | 16dc.a34: Timestamp: 0x50cc8d5a |
| 465 | | 16dc.a34: Machine: 0x8664 - amd64 |
| 466 | | 16dc.a34: Timestamp: 0x50cc8d5a |
| 467 | | 16dc.a34: Image Version: 10.0 |
| 468 | | 16dc.a34: SizeOfImage: 0x2a3000 (2764800) |
| 469 | | 16dc.a34: Resource Dir: 0x27d000 LB 0x548 |
| 470 | | 16dc.a34: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 471 | | 16dc.a34: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] |
| 472 | | 16dc.a34: ProductName: Microsoft® Windows® Operating System |
| 473 | | 16dc.a34: ProductVersion: 10.0.18362.535 |
| 474 | | 16dc.a34: FileVersion: 10.0.18362.535 (WinBuild.160101.0800) |
| 475 | | 16dc.a34: FileDescription: Windows NT BASE API Client DLL |
| 476 | | 16dc.a34: \SystemRoot\System32\apisetschema.dll: |
| 477 | | 16dc.a34: CreationTime: 2019-03-19T04:43:54.837151500Z |
| 478 | | 16dc.a34: LastWriteTime: 2019-03-19T04:43:54.837151500Z |
| 479 | | 16dc.a34: ChangeTime: 2019-12-10T23:38:01.351221300Z |
| 480 | | 16dc.a34: FileAttributes: 0x20 |
| 481 | | 16dc.a34: Size: 0x1d028 |
| 482 | | 16dc.a34: NT Headers: 0xc8 |
| 483 | | 16dc.a34: Timestamp: 0xd6ced080 |
| 484 | | 16dc.a34: Machine: 0x8664 - amd64 |
| 485 | | 16dc.a34: Timestamp: 0xd6ced080 |
| 486 | | 16dc.a34: Image Version: 10.0 |
| 487 | | 16dc.a34: SizeOfImage: 0x1e000 (122880) |
| 488 | | 16dc.a34: Resource Dir: 0x1d000 LB 0x408 |
| 489 | | 16dc.a34: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 490 | | 16dc.a34: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)] |
| 491 | | 16dc.a34: ProductName: Microsoft® Windows® Operating System |
| 492 | | 16dc.a34: ProductVersion: 10.0.18362.1 |
| 493 | | 16dc.a34: FileVersion: 10.0.18362.1 (WinBuild.160101.0800) |
| 494 | | 16dc.a34: FileDescription: ApiSet Schema DLL |
| 495 | | 16dc.a34: NtOpenDirectoryObject failed on \Driver: 0xc0000022 |
| 496 | | 16dc.a34: supR3HardenedWinFindAdversaries: 0x40 |
| 497 | | 16dc.a34: \SystemRoot\System32\drivers\klflt.sys: |
| 498 | | 16dc.a34: CreationTime: 2019-10-29T19:14:39.888045400Z |
| 499 | | 16dc.a34: LastWriteTime: 2020-04-13T10:51:55.718184300Z |
| 500 | | 16dc.a34: ChangeTime: 2020-04-13T10:51:55.718184300Z |
| 501 | | 16dc.a34: FileAttributes: 0x20 |
| 502 | | 16dc.a34: Size: 0x3d798 |
| 503 | | 16dc.a34: NT Headers: 0x100 |
| 504 | | 16dc.a34: Timestamp: 0x70232f61 |
| 505 | | 16dc.a34: Machine: 0x8664 - amd64 |
| 506 | | 16dc.a34: Timestamp: 0x70232f61 |
| 507 | | 16dc.a34: Image Version: 6.1 |
| 508 | | 16dc.a34: SizeOfImage: 0x4a000 (303104) |
| 509 | | 16dc.a34: Resource Dir: 0x47000 LB 0x418 |
| 510 | | 16dc.a34: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 511 | | 16dc.a34: [Raw version resource data: 0x47060 LB 0x3b8, codepage 0x0 (reserved 0x0)] |
| 512 | | 16dc.a34: ProductName: Coretech Delivery |
| 513 | | 16dc.a34: ProductVersion: 30.347.47.0 |
| 514 | | 16dc.a34: FileVersion: 30.347.47.0 |
| 515 | | 16dc.a34: FileDescription: Filter Core [fre_win7_amd64] |
| 516 | | 16dc.a34: \SystemRoot\System32\drivers\klif.sys: |
| 517 | | 16dc.a34: CreationTime: 2019-10-29T19:14:40.127821000Z |
| 518 | | 16dc.a34: LastWriteTime: 2020-04-13T10:51:55.865790400Z |
| 519 | | 16dc.a34: ChangeTime: 2020-04-13T10:51:55.865790400Z |
| 520 | | 16dc.a34: FileAttributes: 0x20 |
| 521 | | 16dc.a34: Size: 0xf3b98 |
| 522 | | 16dc.a34: NT Headers: 0xf8 |
| 523 | | 16dc.a34: Timestamp: 0x5e6be381 |
| 524 | | 16dc.a34: Machine: 0x8664 - amd64 |
| 525 | | 16dc.a34: Timestamp: 0x5e6be381 |
| 526 | | 16dc.a34: Image Version: 6.1 |
| 527 | | 16dc.a34: SizeOfImage: 0xf4000 (999424) |
| 528 | | 16dc.a34: Resource Dir: 0xeb000 LB 0x33f8 |
| 529 | | 16dc.a34: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 530 | | 16dc.a34: [Raw version resource data: 0xee028 LB 0x3d0, codepage 0x0 (reserved 0x0)] |
| 531 | | 16dc.a34: ProductName: Coretech Delivery |
| 532 | | 16dc.a34: ProductVersion: 30.347.47.0 |
| 533 | | 16dc.a34: FileVersion: 30.347.47.0 |
| 534 | | 16dc.a34: FileDescription: Core System Interceptors [fre_win7_amd64] |
| 535 | | 16dc.a34: \SystemRoot\System32\drivers\klim6.sys: |
| 536 | | 16dc.a34: CreationTime: 2019-03-19T04:21:06.000000000Z |
| 537 | | 16dc.a34: LastWriteTime: 2019-03-19T04:21:06.000000000Z |
| 538 | | 16dc.a34: ChangeTime: 2019-10-29T19:15:00.994361000Z |
| 539 | | 16dc.a34: FileAttributes: 0x20 |
| 540 | | 16dc.a34: Size: 0xe350 |
| 541 | | 16dc.a34: NT Headers: 0xe0 |
| 542 | | 16dc.a34: Timestamp: 0x54ad405e |
| 543 | | 16dc.a34: Machine: 0x8664 - amd64 |
| 544 | | 16dc.a34: Timestamp: 0x54ad405e |
| 545 | | 16dc.a34: Image Version: 6.1 |
| 546 | | 16dc.a34: SizeOfImage: 0xb000 (45056) |
| 547 | | 16dc.a34: Resource Dir: 0x9000 LB 0x430 |
| 548 | | 16dc.a34: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 549 | | 16dc.a34: [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)] |
| 550 | | 16dc.a34: ProductName: Coretech Delivery |
| 551 | | 16dc.a34: ProductVersion: 30.0.3724.0 |
| 552 | | 16dc.a34: FileVersion: 30.0.3724.0 |
| 553 | | 16dc.a34: FileDescription: Packet Network Filter [fre_win7_amd64] |
| 554 | | 16dc.a34: \SystemRoot\System32\drivers\klkbdflt.sys: |
| 555 | | 16dc.a34: CreationTime: 2019-03-17T23:11:30.000000000Z |
| 556 | | 16dc.a34: LastWriteTime: 2020-04-13T10:51:55.931614300Z |
| 557 | | 16dc.a34: ChangeTime: 2020-04-13T10:51:55.931614300Z |
| 558 | | 16dc.a34: FileAttributes: 0x20 |
| 559 | | 16dc.a34: Size: 0x13790 |
| 560 | | 16dc.a34: NT Headers: 0xf8 |
| 561 | | 16dc.a34: Timestamp: 0x6193eeca |
| 562 | | 16dc.a34: Machine: 0x8664 - amd64 |
| 563 | | 16dc.a34: Timestamp: 0x6193eeca |
| 564 | | 16dc.a34: Image Version: 6.1 |
| 565 | | 16dc.a34: SizeOfImage: 0x12000 (73728) |
| 566 | | 16dc.a34: Resource Dir: 0x10000 LB 0x440 |
| 567 | | 16dc.a34: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 568 | | 16dc.a34: [Raw version resource data: 0x10060 LB 0x3dc, codepage 0x0 (reserved 0x0)] |
| 569 | | 16dc.a34: ProductName: Coretech Delivery |
| 570 | | 16dc.a34: ProductVersion: 30.256.110.0 |
| 571 | | 16dc.a34: FileVersion: 30.256.110.0 |
| 572 | | 16dc.a34: FileDescription: Keyboard Device Filter [fre_win7_amd64] |
| 573 | | 16dc.a34: \SystemRoot\System32\drivers\klmouflt.sys: |
| 574 | | 16dc.a34: CreationTime: 2019-03-17T22:50:34.000000000Z |
| 575 | | 16dc.a34: LastWriteTime: 2019-03-17T22:50:34.000000000Z |
| 576 | | 16dc.a34: ChangeTime: 2019-10-29T19:15:00.619448000Z |
| 577 | | 16dc.a34: FileAttributes: 0x20 |
| 578 | | 16dc.a34: Size: 0xe878 |
| 579 | | 16dc.a34: NT Headers: 0xe8 |
| 580 | | 16dc.a34: Timestamp: 0xab7b625 |
| 581 | | 16dc.a34: Machine: 0x8664 - amd64 |
| 582 | | 16dc.a34: Timestamp: 0xab7b625 |
| 583 | | 16dc.a34: Image Version: 6.1 |
| 584 | | 16dc.a34: SizeOfImage: 0xe000 (57344) |
| 585 | | 16dc.a34: Resource Dir: 0xc000 LB 0x430 |
| 586 | | 16dc.a34: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 587 | | 16dc.a34: [Raw version resource data: 0xc060 LB 0x3d0, codepage 0x0 (reserved 0x0)] |
| 588 | | 16dc.a34: ProductName: Coretech Delivery |
| 589 | | 16dc.a34: ProductVersion: 30.0.3716.0 |
| 590 | | 16dc.a34: FileVersion: 30.0.3716.0 |
| 591 | | 16dc.a34: FileDescription: Mouse Device Filter [fre_win7_amd64] |
| 592 | | 16dc.a34: \SystemRoot\System32\drivers\kneps.sys: |
| 593 | | 16dc.a34: CreationTime: 2019-03-18T23:31:38.000000000Z |
| 594 | | 16dc.a34: LastWriteTime: 2020-04-13T10:51:56.055282500Z |
| 595 | | 16dc.a34: ChangeTime: 2020-04-13T10:51:56.055282500Z |
| 596 | | 16dc.a34: FileAttributes: 0x20 |
| 597 | | 16dc.a34: Size: 0x38b98 |
| 598 | | 16dc.a34: NT Headers: 0x108 |
| 599 | | 16dc.a34: Timestamp: 0xe34c73f4 |
| 600 | | 16dc.a34: Machine: 0x8664 - amd64 |
| 601 | | 16dc.a34: Timestamp: 0xe34c73f4 |
| 602 | | 16dc.a34: Image Version: 6.1 |
| 603 | | 16dc.a34: SizeOfImage: 0x38000 (229376) |
| 604 | | 16dc.a34: Resource Dir: 0x35000 LB 0x428 |
| 605 | | 16dc.a34: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 606 | | 16dc.a34: [Raw version resource data: 0x35060 LB 0x3c4, codepage 0x0 (reserved 0x0)] |
| 607 | | 16dc.a34: ProductName: Coretech Delivery |
| 608 | | 16dc.a34: ProductVersion: 30.347.28.0 |
| 609 | | 16dc.a34: FileVersion: 30.347.28.0 |
| 610 | | 16dc.a34: FileDescription: Network Processor [fre_win7_amd64] |
| 611 | | 16dc.a34: \SystemRoot\System32\klfphc.dll: |
| 612 | | 16dc.a34: CreationTime: 2019-10-29T19:14:58.573052500Z |
| 613 | | 16dc.a34: LastWriteTime: 2013-05-06T05:13:26.000000000Z |
| 614 | | 16dc.a34: ChangeTime: 2019-10-29T19:14:46.750433600Z |
| 615 | | 16dc.a34: FileAttributes: 0x20 |
| 616 | | 16dc.a34: Size: 0x1ae60 |
| 617 | | 16dc.a34: NT Headers: 0xe8 |
| 618 | | 16dc.a34: Timestamp: 0x51873bf2 |
| 619 | | 16dc.a34: Machine: 0x8664 - amd64 |
| 620 | | 16dc.a34: Timestamp: 0x51873bf2 |
| 621 | | 16dc.a34: Image Version: 0.0 |
| 622 | | 16dc.a34: SizeOfImage: 0x1d000 (118784) |
| 623 | | 16dc.a34: Resource Dir: 0x18000 LB 0x3c80 |
| 624 | | 16dc.a34: [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 625 | | 16dc.a34: [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)] |
| 626 | | 16dc.a34: ProductName: Kaspersky™ Anti-Virus ® |
| 627 | | 16dc.a34: ProductVersion: 1.0.0.12 |
| 628 | | 16dc.a34: FileVersion: 1.0.0.12 |
| 629 | | 16dc.a34: FileDescription: Filtering Platform Helper Class |
| 630 | | 16dc.a34: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' |
| 631 | | 16dc.a34: Calling main() |
| 632 | | 16dc.a34: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 |
| 633 | | 16dc.a34: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' |
| 634 | | 16dc.a34: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports |
| 635 | | 16dc.a34: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) |
| 636 | | 16dc.a34: SUPR3HardenedMain: Respawn #2 |
| 637 | | 16dc.a34: supR3HardNtEnableThreadCreationEx: |
| 638 | | 16dc.a34: supR3HardenedDllNotificationCallback: load 00007ff9f4940000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0] |
| 639 | | 16dc.a34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll) |
| 640 | | 16dc.a34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll |
| 641 | | 16dc.a34: supR3HardenedDllNotificationCallback: load 00007ff9f4760000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0] |
| 642 | | 16dc.a34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. |
| 643 | | 16dc.a34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\sechost.dll) |
| 644 | | 16dc.a34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sechost.dll |
| 645 | | 16dc.a34: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports |
| 646 | | 16dc.a34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ntdll.dll) |
| 647 | | 16dc.a34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ntdll.dll |
| 648 | | 16dc.a34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... |
| 649 | | 16dc.a34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] |
| 650 | | 16dc.a34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] |
| 651 | | 16dc.a34: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] |
| 652 | | 16dc.a34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5940000 'C:\WINDOWS\System32\ntdll.dll' |
| 653 | | 16dc.a34: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9f59b17f0 pvNtTerminateThread=00007ff9f59dcb10 |
| 654 | | 16dc.a34: supR3HardenedWinDoReSpawn(2): New child 3d54.3aa8 [kernel32]. |
| 655 | | 16dc.a34: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) |
| 656 | | 16dc.a34: supR3HardNtChildGatherData: PebBaseAddress=0000000000e5f000 cbPeb=0x388 |
| 657 | | 16dc.a34: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff9f5940000 uNtDllChildAddr=00007ff9f5940000 |
| 658 | | 16dc.a34: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9f59b17f0 |
| 659 | | 16dc.a34: supR3HardenedWinSetupChildInit: Initial context: |
| 660 | | rax=0000000000000000 rbx=0000000000000000 rcx=00007ff6c39c7900 rdx=0000000000e5f000 |
| 661 | | rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000 |
| 662 | | r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 |
| 663 | | r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000 |
| 664 | | rip=00007ff9f59aceb0 rsp=000000000113f948 rbp=0000000000000000 ctxflags=0010001b |
| 665 | | cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80 |
| 666 | | P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000 |
| 667 | | dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000 |
| 668 | | dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000 |
| 669 | | lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000 |
| 670 | | 16dc.a34: kernel32.dll: timestamp 0xd0cecc10 (rc=VINF_SUCCESS) |
| 671 | | 16dc.a34: supR3HardenedWinSetupChildInit: Start child. |
| 672 | | 16dc.a34: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. |
| 673 | | 16dc.a34: supR3HardNtChildPurify: Startup delay kludge #1/0: 521 ms, 58 sleeps |
| 674 | | 16dc.a34: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION |
| 675 | | 16dc.a34: *0000000000000000-0000000000deffff 0x0001/0x0000 0x0000000 |
| 676 | | 16dc.a34: *0000000000df0000-0000000000df3fff 0x0002/0x0002 0x0040000 |
| 677 | | 16dc.a34: 0000000000df4000-0000000000dfffff 0x0001/0x0000 0x0000000 |
| 678 | | 16dc.a34: *0000000000e00000-0000000000e5efff 0x0000/0x0004 0x0020000 |
| 679 | | 16dc.a34: 0000000000e5f000-0000000000e61fff 0x0004/0x0004 0x0020000 |
| 680 | | 16dc.a34: 0000000000e62000-0000000000ffffff 0x0000/0x0004 0x0020000 |
| 681 | | 16dc.a34: *0000000001000000-000000000101ffff 0x0004/0x0004 0x0020000 |
| 682 | | 16dc.a34: *0000000001020000-000000000103afff 0x0002/0x0002 0x0040000 |
| 683 | | 16dc.a34: 000000000103b000-000000000103ffff 0x0001/0x0000 0x0000000 |
| 684 | | 16dc.a34: *0000000001040000-000000000113afff 0x0000/0x0004 0x0020000 |
| 685 | | 16dc.a34: 000000000113b000-000000000113dfff 0x0104/0x0004 0x0020000 |
| 686 | | 16dc.a34: 000000000113e000-000000000113ffff 0x0004/0x0004 0x0020000 |
| 687 | | 16dc.a34: *0000000001140000-0000000001141fff 0x0004/0x0004 0x0020000 |
| 688 | | 16dc.a34: 0000000001142000-000000007ffdffff 0x0001/0x0000 0x0000000 |
| 689 | | 16dc.a34: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 |
| 690 | | 16dc.a34: 000000007ffe1000-000000007ffe3fff 0x0001/0x0000 0x0000000 |
| 691 | | 16dc.a34: *000000007ffe4000-000000007ffe4fff 0x0002/0x0002 0x0020000 |
| 692 | | 16dc.a34: 000000007ffe5000-00007ff5588bffff 0x0001/0x0000 0x0000000 |
| 693 | | 16dc.a34: *00007ff5588c0000-00007ff5588c0fff 0x0002/0x0002 0x0040000 |
| 694 | | 16dc.a34: 00007ff5588c1000-00007ff5588cffff 0x0001/0x0000 0x0000000 |
| 695 | | 16dc.a34: *00007ff5588d0000-00007ff5588f2fff 0x0002/0x0002 0x0040000 |
| 696 | | 16dc.a34: 00007ff5588f3000-00007ff6c39bffff 0x0001/0x0000 0x0000000 |
| 697 | | 16dc.a34: *00007ff6c39c0000-00007ff6c39c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 698 | | 16dc.a34: 00007ff6c39c1000-00007ff6c3a36fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 699 | | 16dc.a34: 00007ff6c3a37000-00007ff6c3a37fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 700 | | 16dc.a34: 00007ff6c3a38000-00007ff6c3a7ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 701 | | 16dc.a34: 00007ff6c3a80000-00007ff6c3a80fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 702 | | 16dc.a34: 00007ff6c3a81000-00007ff6c3a81fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 703 | | 16dc.a34: 00007ff6c3a82000-00007ff6c3a86fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 704 | | 16dc.a34: 00007ff6c3a87000-00007ff6c3a87fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 705 | | 16dc.a34: 00007ff6c3a88000-00007ff6c3a88fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 706 | | 16dc.a34: 00007ff6c3a89000-00007ff6c3a8cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 707 | | 16dc.a34: 00007ff6c3a8d000-00007ff6c3ad5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 708 | | 16dc.a34: 00007ff6c3ad6000-00007ff9f593ffff 0x0001/0x0000 0x0000000 |
| 709 | | 16dc.a34: *00007ff9f5940000-00007ff9f5940fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll |
| 710 | | 16dc.a34: 00007ff9f5941000-00007ff9f5a57fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll |
| 711 | | 16dc.a34: 00007ff9f5a58000-00007ff9f5a9efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll |
| 712 | | 16dc.a34: 00007ff9f5a9f000-00007ff9f5aaafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll |
| 713 | | 16dc.a34: 00007ff9f5aab000-00007ff9f5ab9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll |
| 714 | | 16dc.a34: 00007ff9f5aba000-00007ff9f5abafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll |
| 715 | | 16dc.a34: 00007ff9f5abb000-00007ff9f5abdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll |
| 716 | | 16dc.a34: 00007ff9f5abe000-00007ff9f5b2ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll |
| 717 | | 16dc.a34: 00007ff9f5b30000-00007ffffffeffff 0x0001/0x0000 0x0000000 |
| 718 | | 16dc.a34: VirtualBoxVM.exe: timestamp 0x5ed9201b (rc=VINF_SUCCESS) |
| 719 | | 16dc.a34: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports |
| 720 | | 16dc.a34: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports |
| 721 | | 16dc.a34: supR3HardNtChildPurify: Done after 565 ms and 0 fixes (loop #0). |
| 722 | | 3d54.3aa8: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00 |
| 723 | | 3d54.3aa8: supR3HardenedVmProcessInit: uNtDllAddr=00007ff9f5940000 g_uNtVerCombined=0xa047ba00 (stack ~000000000113f3d8) |
| 724 | | 3d54.3aa8: ntdll.dll: timestamp 0x99ca0526 (rc=VINF_SUCCESS) |
| 725 | | 3d54.3aa8: New simple heap: #1 0000000001250000 LB 0x400000 (for 2031616 allocation) |
| 726 | | 16dc.a34: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000840000 LB 0x400000) |
| 727 | | 16dc.a34: supR3HardNtEnableThreadCreationEx: |
| 728 | | 3d54.3aa8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' |
| 729 | | 3d54.3aa8: System32: \Device\HarddiskVolume5\Windows\System32 |
| 730 | | 3d54.3aa8: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS |
| 731 | | 3d54.3aa8: KnownDllPath: C:\WINDOWS\System32 |
| 732 | | 3d54.3aa8: supR3HardenedVmProcessInit: Opening vboxdrv... |
| 733 | | 3d54.3aa8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... |
| 734 | | 3d54.3aa8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... |
| 735 | | 3d54.3aa8: Registered Dll notification callback with NTDLL. |
| 736 | | 3d54.3aa8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll) |
| 737 | | 3d54.3aa8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll |
| 738 | | 3d54.3aa8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling] |
| 739 | | 3d54.3aa8: supR3HardenedDllNotificationCallback: load 00007ff9f32c0000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] |
| 740 | | 3d54.3aa8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll) |
| 741 | | 3d54.3aa8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll |
| 742 | | 3d54.3aa8: supR3HardenedDllNotificationCallback: load 00007ff9f5590000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] |
| 743 | | 3d54.3aa8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust] |
| 744 | | 3d54.3aa8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5590000 'C:\WINDOWS\System32\KERNEL32.DLL' |
| 745 | | 3d54.3aa8: supR3HardenedDllNotificationCallback: load 00007ff6c39c0000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0] |
| 746 | | 3d54.3aa8: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports |
| 747 | | 3d54.3aa8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) |
| 748 | | 3d54.3aa8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 749 | | 3d54.3aa8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9f59b17f0 pvNtTerminateThread=00007ff9f59dcb10 |
| 750 | | 16dc.a34: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 131 ms. |
| 751 | | 3d54.3aa8: \SystemRoot\System32\ntdll.dll: |
| 752 | | 3d54.3aa8: CreationTime: 2019-10-15T01:27:38.187278500Z |
| 753 | | 3d54.3aa8: LastWriteTime: 2019-10-15T01:27:38.258088700Z |
| 754 | | 3d54.3aa8: ChangeTime: 2019-12-10T23:38:02.237850100Z |
| 755 | | 3d54.3aa8: FileAttributes: 0x20 |
| 756 | | 3d54.3aa8: Size: 0x1e8528 |
| 757 | | 3d54.3aa8: NT Headers: 0xd8 |
| 758 | | 3d54.3aa8: Timestamp: 0x99ca0526 |
| 759 | | 3d54.3aa8: Machine: 0x8664 - amd64 |
| 760 | | 3d54.3aa8: Timestamp: 0x99ca0526 |
| 761 | | 3d54.3aa8: Image Version: 10.0 |
| 762 | | 3d54.3aa8: SizeOfImage: 0x1f0000 (2031616) |
| 763 | | 3d54.3aa8: Resource Dir: 0x17f000 LB 0x6f310 |
| 764 | | 3d54.3aa8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 765 | | 3d54.3aa8: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)] |
| 766 | | 3d54.3aa8: ProductName: Microsoft® Windows® Operating System |
| 767 | | 3d54.3aa8: ProductVersion: 10.0.18362.418 |
| 768 | | 3d54.3aa8: FileVersion: 10.0.18362.418 (WinBuild.160101.0800) |
| 769 | | 3d54.3aa8: FileDescription: NT Layer DLL |
| 770 | | 3d54.3aa8: \SystemRoot\System32\kernel32.dll: |
| 771 | | 3d54.3aa8: CreationTime: 2019-10-14T21:52:08.880289300Z |
| 772 | | 3d54.3aa8: LastWriteTime: 2019-10-14T21:52:08.895892800Z |
| 773 | | 3d54.3aa8: ChangeTime: 2019-12-10T23:38:01.396101400Z |
| 774 | | 3d54.3aa8: FileAttributes: 0x20 |
| 775 | | 3d54.3aa8: Size: 0xb0570 |
| 776 | | 3d54.3aa8: NT Headers: 0xe8 |
| 777 | | 3d54.3aa8: Timestamp: 0xd0cecc10 |
| 778 | | 3d54.3aa8: Machine: 0x8664 - amd64 |
| 779 | | 3d54.3aa8: Timestamp: 0xd0cecc10 |
| 780 | | 3d54.3aa8: Image Version: 10.0 |
| 781 | | 3d54.3aa8: SizeOfImage: 0xb2000 (729088) |
| 782 | | 3d54.3aa8: Resource Dir: 0xb0000 LB 0x520 |
| 783 | | 3d54.3aa8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 784 | | 3d54.3aa8: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] |
| 785 | | 3d54.3aa8: ProductName: Microsoft® Windows® Operating System |
| 786 | | 3d54.3aa8: ProductVersion: 10.0.18362.329 |
| 787 | | 3d54.3aa8: FileVersion: 10.0.18362.329 (WinBuild.160101.0800) |
| 788 | | 3d54.3aa8: FileDescription: Windows NT BASE API Client DLL |
| 789 | | 3d54.3aa8: \SystemRoot\System32\KernelBase.dll: |
| 790 | | 3d54.3aa8: CreationTime: 2019-12-10T23:37:24.476465800Z |
| 791 | | 3d54.3aa8: LastWriteTime: 2019-12-10T23:37:24.592153100Z |
| 792 | | 3d54.3aa8: ChangeTime: 2019-12-11T09:32:25.829231400Z |
| 793 | | 3d54.3aa8: FileAttributes: 0x20 |
| 794 | | 3d54.3aa8: Size: 0x2a2638 |
| 795 | | 3d54.3aa8: NT Headers: 0xf0 |
| 796 | | 3d54.3aa8: Timestamp: 0x50cc8d5a |
| 797 | | 3d54.3aa8: Machine: 0x8664 - amd64 |
| 798 | | 3d54.3aa8: Timestamp: 0x50cc8d5a |
| 799 | | 3d54.3aa8: Image Version: 10.0 |
| 800 | | 3d54.3aa8: SizeOfImage: 0x2a3000 (2764800) |
| 801 | | 3d54.3aa8: Resource Dir: 0x27d000 LB 0x548 |
| 802 | | 3d54.3aa8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 803 | | 3d54.3aa8: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] |
| 804 | | 3d54.3aa8: ProductName: Microsoft® Windows® Operating System |
| 805 | | 3d54.3aa8: ProductVersion: 10.0.18362.535 |
| 806 | | 3d54.3aa8: FileVersion: 10.0.18362.535 (WinBuild.160101.0800) |
| 807 | | 3d54.3aa8: FileDescription: Windows NT BASE API Client DLL |
| 808 | | 3d54.3aa8: \SystemRoot\System32\apisetschema.dll: |
| 809 | | 3d54.3aa8: CreationTime: 2019-03-19T04:43:54.837151500Z |
| 810 | | 3d54.3aa8: LastWriteTime: 2019-03-19T04:43:54.837151500Z |
| 811 | | 3d54.3aa8: ChangeTime: 2019-12-10T23:38:01.351221300Z |
| 812 | | 3d54.3aa8: FileAttributes: 0x20 |
| 813 | | 3d54.3aa8: Size: 0x1d028 |
| 814 | | 3d54.3aa8: NT Headers: 0xc8 |
| 815 | | 3d54.3aa8: Timestamp: 0xd6ced080 |
| 816 | | 3d54.3aa8: Machine: 0x8664 - amd64 |
| 817 | | 3d54.3aa8: Timestamp: 0xd6ced080 |
| 818 | | 3d54.3aa8: Image Version: 10.0 |
| 819 | | 3d54.3aa8: SizeOfImage: 0x1e000 (122880) |
| 820 | | 3d54.3aa8: Resource Dir: 0x1d000 LB 0x408 |
| 821 | | 3d54.3aa8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 822 | | 3d54.3aa8: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)] |
| 823 | | 3d54.3aa8: ProductName: Microsoft® Windows® Operating System |
| 824 | | 3d54.3aa8: ProductVersion: 10.0.18362.1 |
| 825 | | 3d54.3aa8: FileVersion: 10.0.18362.1 (WinBuild.160101.0800) |
| 826 | | 3d54.3aa8: FileDescription: ApiSet Schema DLL |
| 827 | | 3d54.3aa8: NtOpenDirectoryObject failed on \Driver: 0xc0000022 |
| 828 | | 3d54.3aa8: supR3HardenedWinFindAdversaries: 0x40 |
| 829 | | 3d54.3aa8: \SystemRoot\System32\drivers\klflt.sys: |
| 830 | | 3d54.3aa8: CreationTime: 2019-10-29T19:14:39.888045400Z |
| 831 | | 3d54.3aa8: LastWriteTime: 2020-04-13T10:51:55.718184300Z |
| 832 | | 3d54.3aa8: ChangeTime: 2020-04-13T10:51:55.718184300Z |
| 833 | | 3d54.3aa8: FileAttributes: 0x20 |
| 834 | | 3d54.3aa8: Size: 0x3d798 |
| 835 | | 3d54.3aa8: NT Headers: 0x100 |
| 836 | | 3d54.3aa8: Timestamp: 0x70232f61 |
| 837 | | 3d54.3aa8: Machine: 0x8664 - amd64 |
| 838 | | 3d54.3aa8: Timestamp: 0x70232f61 |
| 839 | | 3d54.3aa8: Image Version: 6.1 |
| 840 | | 3d54.3aa8: SizeOfImage: 0x4a000 (303104) |
| 841 | | 3d54.3aa8: Resource Dir: 0x47000 LB 0x418 |
| 842 | | 3d54.3aa8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 843 | | 3d54.3aa8: [Raw version resource data: 0x47060 LB 0x3b8, codepage 0x0 (reserved 0x0)] |
| 844 | | 3d54.3aa8: ProductName: Coretech Delivery |
| 845 | | 3d54.3aa8: ProductVersion: 30.347.47.0 |
| 846 | | 3d54.3aa8: FileVersion: 30.347.47.0 |
| 847 | | 3d54.3aa8: FileDescription: Filter Core [fre_win7_amd64] |
| 848 | | 3d54.3aa8: \SystemRoot\System32\drivers\klif.sys: |
| 849 | | 3d54.3aa8: CreationTime: 2019-10-29T19:14:40.127821000Z |
| 850 | | 3d54.3aa8: LastWriteTime: 2020-04-13T10:51:55.865790400Z |
| 851 | | 3d54.3aa8: ChangeTime: 2020-04-13T10:51:55.865790400Z |
| 852 | | 3d54.3aa8: FileAttributes: 0x20 |
| 853 | | 3d54.3aa8: Size: 0xf3b98 |
| 854 | | 3d54.3aa8: NT Headers: 0xf8 |
| 855 | | 3d54.3aa8: Timestamp: 0x5e6be381 |
| 856 | | 3d54.3aa8: Machine: 0x8664 - amd64 |
| 857 | | 3d54.3aa8: Timestamp: 0x5e6be381 |
| 858 | | 3d54.3aa8: Image Version: 6.1 |
| 859 | | 3d54.3aa8: SizeOfImage: 0xf4000 (999424) |
| 860 | | 3d54.3aa8: Resource Dir: 0xeb000 LB 0x33f8 |
| 861 | | 3d54.3aa8: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 862 | | 3d54.3aa8: [Raw version resource data: 0xee028 LB 0x3d0, codepage 0x0 (reserved 0x0)] |
| 863 | | 3d54.3aa8: ProductName: Coretech Delivery |
| 864 | | 3d54.3aa8: ProductVersion: 30.347.47.0 |
| 865 | | 3d54.3aa8: FileVersion: 30.347.47.0 |
| 866 | | 3d54.3aa8: FileDescription: Core System Interceptors [fre_win7_amd64] |
| 867 | | 3d54.3aa8: \SystemRoot\System32\drivers\klim6.sys: |
| 868 | | 3d54.3aa8: CreationTime: 2019-03-19T04:21:06.000000000Z |
| 869 | | 3d54.3aa8: LastWriteTime: 2019-03-19T04:21:06.000000000Z |
| 870 | | 3d54.3aa8: ChangeTime: 2019-10-29T19:15:00.994361000Z |
| 871 | | 3d54.3aa8: FileAttributes: 0x20 |
| 872 | | 3d54.3aa8: Size: 0xe350 |
| 873 | | 3d54.3aa8: NT Headers: 0xe0 |
| 874 | | 3d54.3aa8: Timestamp: 0x54ad405e |
| 875 | | 3d54.3aa8: Machine: 0x8664 - amd64 |
| 876 | | 3d54.3aa8: Timestamp: 0x54ad405e |
| 877 | | 3d54.3aa8: Image Version: 6.1 |
| 878 | | 3d54.3aa8: SizeOfImage: 0xb000 (45056) |
| 879 | | 3d54.3aa8: Resource Dir: 0x9000 LB 0x430 |
| 880 | | 3d54.3aa8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 881 | | 3d54.3aa8: [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)] |
| 882 | | 3d54.3aa8: ProductName: Coretech Delivery |
| 883 | | 3d54.3aa8: ProductVersion: 30.0.3724.0 |
| 884 | | 3d54.3aa8: FileVersion: 30.0.3724.0 |
| 885 | | 3d54.3aa8: FileDescription: Packet Network Filter [fre_win7_amd64] |
| 886 | | 3d54.3aa8: \SystemRoot\System32\drivers\klkbdflt.sys: |
| 887 | | 3d54.3aa8: CreationTime: 2019-03-17T23:11:30.000000000Z |
| 888 | | 3d54.3aa8: LastWriteTime: 2020-04-13T10:51:55.931614300Z |
| 889 | | 3d54.3aa8: ChangeTime: 2020-04-13T10:51:55.931614300Z |
| 890 | | 3d54.3aa8: FileAttributes: 0x20 |
| 891 | | 3d54.3aa8: Size: 0x13790 |
| 892 | | 3d54.3aa8: NT Headers: 0xf8 |
| 893 | | 3d54.3aa8: Timestamp: 0x6193eeca |
| 894 | | 3d54.3aa8: Machine: 0x8664 - amd64 |
| 895 | | 3d54.3aa8: Timestamp: 0x6193eeca |
| 896 | | 3d54.3aa8: Image Version: 6.1 |
| 897 | | 3d54.3aa8: SizeOfImage: 0x12000 (73728) |
| 898 | | 3d54.3aa8: Resource Dir: 0x10000 LB 0x440 |
| 899 | | 3d54.3aa8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 900 | | 3d54.3aa8: [Raw version resource data: 0x10060 LB 0x3dc, codepage 0x0 (reserved 0x0)] |
| 901 | | 3d54.3aa8: ProductName: Coretech Delivery |
| 902 | | 3d54.3aa8: ProductVersion: 30.256.110.0 |
| 903 | | 3d54.3aa8: FileVersion: 30.256.110.0 |
| 904 | | 3d54.3aa8: FileDescription: Keyboard Device Filter [fre_win7_amd64] |
| 905 | | 3d54.3aa8: \SystemRoot\System32\drivers\klmouflt.sys: |
| 906 | | 3d54.3aa8: CreationTime: 2019-03-17T22:50:34.000000000Z |
| 907 | | 3d54.3aa8: LastWriteTime: 2019-03-17T22:50:34.000000000Z |
| 908 | | 3d54.3aa8: ChangeTime: 2019-10-29T19:15:00.619448000Z |
| 909 | | 3d54.3aa8: FileAttributes: 0x20 |
| 910 | | 3d54.3aa8: Size: 0xe878 |
| 911 | | 3d54.3aa8: NT Headers: 0xe8 |
| 912 | | 3d54.3aa8: Timestamp: 0xab7b625 |
| 913 | | 3d54.3aa8: Machine: 0x8664 - amd64 |
| 914 | | 3d54.3aa8: Timestamp: 0xab7b625 |
| 915 | | 3d54.3aa8: Image Version: 6.1 |
| 916 | | 3d54.3aa8: SizeOfImage: 0xe000 (57344) |
| 917 | | 3d54.3aa8: Resource Dir: 0xc000 LB 0x430 |
| 918 | | 3d54.3aa8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 919 | | 3d54.3aa8: [Raw version resource data: 0xc060 LB 0x3d0, codepage 0x0 (reserved 0x0)] |
| 920 | | 3d54.3aa8: ProductName: Coretech Delivery |
| 921 | | 3d54.3aa8: ProductVersion: 30.0.3716.0 |
| 922 | | 3d54.3aa8: FileVersion: 30.0.3716.0 |
| 923 | | 3d54.3aa8: FileDescription: Mouse Device Filter [fre_win7_amd64] |
| 924 | | 3d54.3aa8: \SystemRoot\System32\drivers\kneps.sys: |
| 925 | | 3d54.3aa8: CreationTime: 2019-03-18T23:31:38.000000000Z |
| 926 | | 3d54.3aa8: LastWriteTime: 2020-04-13T10:51:56.055282500Z |
| 927 | | 3d54.3aa8: ChangeTime: 2020-04-13T10:51:56.055282500Z |
| 928 | | 3d54.3aa8: FileAttributes: 0x20 |
| 929 | | 3d54.3aa8: Size: 0x38b98 |
| 930 | | 3d54.3aa8: NT Headers: 0x108 |
| 931 | | 3d54.3aa8: Timestamp: 0xe34c73f4 |
| 932 | | 3d54.3aa8: Machine: 0x8664 - amd64 |
| 933 | | 3d54.3aa8: Timestamp: 0xe34c73f4 |
| 934 | | 3d54.3aa8: Image Version: 6.1 |
| 935 | | 3d54.3aa8: SizeOfImage: 0x38000 (229376) |
| 936 | | 3d54.3aa8: Resource Dir: 0x35000 LB 0x428 |
| 937 | | 3d54.3aa8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 938 | | 3d54.3aa8: [Raw version resource data: 0x35060 LB 0x3c4, codepage 0x0 (reserved 0x0)] |
| 939 | | 3d54.3aa8: ProductName: Coretech Delivery |
| 940 | | 3d54.3aa8: ProductVersion: 30.347.28.0 |
| 941 | | 3d54.3aa8: FileVersion: 30.347.28.0 |
| 942 | | 3d54.3aa8: FileDescription: Network Processor [fre_win7_amd64] |
| 943 | | 3d54.3aa8: \SystemRoot\System32\klfphc.dll: |
| 944 | | 3d54.3aa8: CreationTime: 2019-10-29T19:14:58.573052500Z |
| 945 | | 3d54.3aa8: LastWriteTime: 2013-05-06T05:13:26.000000000Z |
| 946 | | 3d54.3aa8: ChangeTime: 2019-10-29T19:14:46.750433600Z |
| 947 | | 3d54.3aa8: FileAttributes: 0x20 |
| 948 | | 3d54.3aa8: Size: 0x1ae60 |
| 949 | | 3d54.3aa8: NT Headers: 0xe8 |
| 950 | | 3d54.3aa8: Timestamp: 0x51873bf2 |
| 951 | | 3d54.3aa8: Machine: 0x8664 - amd64 |
| 952 | | 3d54.3aa8: Timestamp: 0x51873bf2 |
| 953 | | 3d54.3aa8: Image Version: 0.0 |
| 954 | | 3d54.3aa8: SizeOfImage: 0x1d000 (118784) |
| 955 | | 3d54.3aa8: Resource Dir: 0x18000 LB 0x3c80 |
| 956 | | 3d54.3aa8: [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 957 | | 3d54.3aa8: [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)] |
| 958 | | 3d54.3aa8: ProductName: Kaspersky™ Anti-Virus ® |
| 959 | | 3d54.3aa8: ProductVersion: 1.0.0.12 |
| 960 | | 3d54.3aa8: FileVersion: 1.0.0.12 |
| 961 | | 3d54.3aa8: FileDescription: Filtering Platform Helper Class |
| 962 | | 3d54.3aa8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' |
| 963 | | 3d54.3aa8: Calling main() |
| 964 | | 3d54.3aa8: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 |
| 965 | | 3d54.3aa8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' |
| 966 | | 3d54.3aa8: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports |
| 967 | | 3d54.3aa8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) |
| 968 | | 3d54.3aa8: SUPR3HardenedMain: Final process, opening VBoxDrv... |
| 969 | | 3d54.3aa8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001250000 LB 0x400000) |
| 970 | | 3d54.3aa8: supR3HardNtEnableThreadCreationEx: |
| 971 | | 3d54.3aa8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) |
| 972 | | 3d54.3aa8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll |
| 973 | | 3d54.3aa8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Or |
| | 14 | Where get file 'VBox.log'? This file is not on my PC. |