VirtualBox

Changes between Initial Version and Version 1 of Ticket #15193, comment 3


Ignore:
Timestamp:
Jul 2, 2020 12:07:02 PM (4 years ago)
Author:
alex37region

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #15193, comment 3

    initial v1  
    1 same problem on windows 10 64 bit.[[BR]]
     1Same problem on windows 10 64 bit.[[BR]]
    22{{{
    33The virtual machine 'WinXP' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'D:\VMBOX\WinXP\WinXP\Logs\VBoxHardening.log'.
     
    1212}}}
    1313
    14 
    15 VBoxHardening.log
    16 
    17 {{{
    18 3f50.3ee0: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa047ba00
    19 3f50.3ee0: \SystemRoot\System32\ntdll.dll:
    20 3f50.3ee0:     CreationTime:    2019-10-15T01:27:38.187278500Z
    21 3f50.3ee0:     LastWriteTime:   2019-10-15T01:27:38.258088700Z
    22 3f50.3ee0:     ChangeTime:      2019-12-10T23:38:02.237850100Z
    23 3f50.3ee0:     FileAttributes:  0x20
    24 3f50.3ee0:     Size:            0x1e8528
    25 3f50.3ee0:     NT Headers:      0xd8
    26 3f50.3ee0:     Timestamp:       0x99ca0526
    27 3f50.3ee0:     Machine:         0x8664 - amd64
    28 3f50.3ee0:     Timestamp:       0x99ca0526
    29 3f50.3ee0:     Image Version:   10.0
    30 3f50.3ee0:     SizeOfImage:     0x1f0000 (2031616)
    31 3f50.3ee0:     Resource Dir:    0x17f000 LB 0x6f310
    32 3f50.3ee0:     [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
    33 3f50.3ee0:     [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
    34 3f50.3ee0:     ProductName:     Microsoft® Windows® Operating System
    35 3f50.3ee0:     ProductVersion:  10.0.18362.418
    36 3f50.3ee0:     FileVersion:     10.0.18362.418 (WinBuild.160101.0800)
    37 3f50.3ee0:     FileDescription: NT Layer DLL
    38 3f50.3ee0: \SystemRoot\System32\kernel32.dll:
    39 3f50.3ee0:     CreationTime:    2019-10-14T21:52:08.880289300Z
    40 3f50.3ee0:     LastWriteTime:   2019-10-14T21:52:08.895892800Z
    41 3f50.3ee0:     ChangeTime:      2019-12-10T23:38:01.396101400Z
    42 3f50.3ee0:     FileAttributes:  0x20
    43 3f50.3ee0:     Size:            0xb0570
    44 3f50.3ee0:     NT Headers:      0xe8
    45 3f50.3ee0:     Timestamp:       0xd0cecc10
    46 3f50.3ee0:     Machine:         0x8664 - amd64
    47 3f50.3ee0:     Timestamp:       0xd0cecc10
    48 3f50.3ee0:     Image Version:   10.0
    49 3f50.3ee0:     SizeOfImage:     0xb2000 (729088)
    50 3f50.3ee0:     Resource Dir:    0xb0000 LB 0x520
    51 3f50.3ee0:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
    52 3f50.3ee0:     [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
    53 3f50.3ee0:     ProductName:     Microsoft® Windows® Operating System
    54 3f50.3ee0:     ProductVersion:  10.0.18362.329
    55 3f50.3ee0:     FileVersion:     10.0.18362.329 (WinBuild.160101.0800)
    56 3f50.3ee0:     FileDescription: Windows NT BASE API Client DLL
    57 3f50.3ee0: \SystemRoot\System32\KernelBase.dll:
    58 3f50.3ee0:     CreationTime:    2019-12-10T23:37:24.476465800Z
    59 3f50.3ee0:     LastWriteTime:   2019-12-10T23:37:24.592153100Z
    60 3f50.3ee0:     ChangeTime:      2019-12-11T09:32:25.829231400Z
    61 3f50.3ee0:     FileAttributes:  0x20
    62 3f50.3ee0:     Size:            0x2a2638
    63 3f50.3ee0:     NT Headers:      0xf0
    64 3f50.3ee0:     Timestamp:       0x50cc8d5a
    65 3f50.3ee0:     Machine:         0x8664 - amd64
    66 3f50.3ee0:     Timestamp:       0x50cc8d5a
    67 3f50.3ee0:     Image Version:   10.0
    68 3f50.3ee0:     SizeOfImage:     0x2a3000 (2764800)
    69 3f50.3ee0:     Resource Dir:    0x27d000 LB 0x548
    70 3f50.3ee0:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
    71 3f50.3ee0:     [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
    72 3f50.3ee0:     ProductName:     Microsoft® Windows® Operating System
    73 3f50.3ee0:     ProductVersion:  10.0.18362.535
    74 3f50.3ee0:     FileVersion:     10.0.18362.535 (WinBuild.160101.0800)
    75 3f50.3ee0:     FileDescription: Windows NT BASE API Client DLL
    76 3f50.3ee0: \SystemRoot\System32\apisetschema.dll:
    77 3f50.3ee0:     CreationTime:    2019-03-19T04:43:54.837151500Z
    78 3f50.3ee0:     LastWriteTime:   2019-03-19T04:43:54.837151500Z
    79 3f50.3ee0:     ChangeTime:      2019-12-10T23:38:01.351221300Z
    80 3f50.3ee0:     FileAttributes:  0x20
    81 3f50.3ee0:     Size:            0x1d028
    82 3f50.3ee0:     NT Headers:      0xc8
    83 3f50.3ee0:     Timestamp:       0xd6ced080
    84 3f50.3ee0:     Machine:         0x8664 - amd64
    85 3f50.3ee0:     Timestamp:       0xd6ced080
    86 3f50.3ee0:     Image Version:   10.0
    87 3f50.3ee0:     SizeOfImage:     0x1e000 (122880)
    88 3f50.3ee0:     Resource Dir:    0x1d000 LB 0x408
    89 3f50.3ee0:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
    90 3f50.3ee0:     [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
    91 3f50.3ee0:     ProductName:     Microsoft® Windows® Operating System
    92 3f50.3ee0:     ProductVersion:  10.0.18362.1
    93 3f50.3ee0:     FileVersion:     10.0.18362.1 (WinBuild.160101.0800)
    94 3f50.3ee0:     FileDescription: ApiSet Schema DLL
    95 3f50.3ee0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
    96 3f50.3ee0: supR3HardenedWinFindAdversaries: 0x40
    97 3f50.3ee0: \SystemRoot\System32\drivers\klflt.sys:
    98 3f50.3ee0:     CreationTime:    2019-10-29T19:14:39.888045400Z
    99 3f50.3ee0:     LastWriteTime:   2020-04-13T10:51:55.718184300Z
    100 3f50.3ee0:     ChangeTime:      2020-04-13T10:51:55.718184300Z
    101 3f50.3ee0:     FileAttributes:  0x20
    102 3f50.3ee0:     Size:            0x3d798
    103 3f50.3ee0:     NT Headers:      0x100
    104 3f50.3ee0:     Timestamp:       0x70232f61
    105 3f50.3ee0:     Machine:         0x8664 - amd64
    106 3f50.3ee0:     Timestamp:       0x70232f61
    107 3f50.3ee0:     Image Version:   6.1
    108 3f50.3ee0:     SizeOfImage:     0x4a000 (303104)
    109 3f50.3ee0:     Resource Dir:    0x47000 LB 0x418
    110 3f50.3ee0:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
    111 3f50.3ee0:     [Raw version resource data: 0x47060 LB 0x3b8, codepage 0x0 (reserved 0x0)]
    112 3f50.3ee0:     ProductName:     Coretech Delivery
    113 3f50.3ee0:     ProductVersion:  30.347.47.0
    114 3f50.3ee0:     FileVersion:     30.347.47.0
    115 3f50.3ee0:     FileDescription: Filter Core [fre_win7_amd64]
    116 3f50.3ee0: \SystemRoot\System32\drivers\klif.sys:
    117 3f50.3ee0:     CreationTime:    2019-10-29T19:14:40.127821000Z
    118 3f50.3ee0:     LastWriteTime:   2020-04-13T10:51:55.865790400Z
    119 3f50.3ee0:     ChangeTime:      2020-04-13T10:51:55.865790400Z
    120 3f50.3ee0:     FileAttributes:  0x20
    121 3f50.3ee0:     Size:            0xf3b98
    122 3f50.3ee0:     NT Headers:      0xf8
    123 3f50.3ee0:     Timestamp:       0x5e6be381
    124 3f50.3ee0:     Machine:         0x8664 - amd64
    125 3f50.3ee0:     Timestamp:       0x5e6be381
    126 3f50.3ee0:     Image Version:   6.1
    127 3f50.3ee0:     SizeOfImage:     0xf4000 (999424)
    128 3f50.3ee0:     Resource Dir:    0xeb000 LB 0x33f8
    129 3f50.3ee0:     [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)]
    130 3f50.3ee0:     [Raw version resource data: 0xee028 LB 0x3d0, codepage 0x0 (reserved 0x0)]
    131 3f50.3ee0:     ProductName:     Coretech Delivery
    132 3f50.3ee0:     ProductVersion:  30.347.47.0
    133 3f50.3ee0:     FileVersion:     30.347.47.0
    134 3f50.3ee0:     FileDescription: Core System Interceptors [fre_win7_amd64]
    135 3f50.3ee0: \SystemRoot\System32\drivers\klim6.sys:
    136 3f50.3ee0:     CreationTime:    2019-03-19T04:21:06.000000000Z
    137 3f50.3ee0:     LastWriteTime:   2019-03-19T04:21:06.000000000Z
    138 3f50.3ee0:     ChangeTime:      2019-10-29T19:15:00.994361000Z
    139 3f50.3ee0:     FileAttributes:  0x20
    140 3f50.3ee0:     Size:            0xe350
    141 3f50.3ee0:     NT Headers:      0xe0
    142 3f50.3ee0:     Timestamp:       0x54ad405e
    143 3f50.3ee0:     Machine:         0x8664 - amd64
    144 3f50.3ee0:     Timestamp:       0x54ad405e
    145 3f50.3ee0:     Image Version:   6.1
    146 3f50.3ee0:     SizeOfImage:     0xb000 (45056)
    147 3f50.3ee0:     Resource Dir:    0x9000 LB 0x430
    148 3f50.3ee0:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
    149 3f50.3ee0:     [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
    150 3f50.3ee0:     ProductName:     Coretech Delivery
    151 3f50.3ee0:     ProductVersion:  30.0.3724.0
    152 3f50.3ee0:     FileVersion:     30.0.3724.0
    153 3f50.3ee0:     FileDescription: Packet Network Filter [fre_win7_amd64]
    154 3f50.3ee0: \SystemRoot\System32\drivers\klkbdflt.sys:
    155 3f50.3ee0:     CreationTime:    2019-03-17T23:11:30.000000000Z
    156 3f50.3ee0:     LastWriteTime:   2020-04-13T10:51:55.931614300Z
    157 3f50.3ee0:     ChangeTime:      2020-04-13T10:51:55.931614300Z
    158 3f50.3ee0:     FileAttributes:  0x20
    159 3f50.3ee0:     Size:            0x13790
    160 3f50.3ee0:     NT Headers:      0xf8
    161 3f50.3ee0:     Timestamp:       0x6193eeca
    162 3f50.3ee0:     Machine:         0x8664 - amd64
    163 3f50.3ee0:     Timestamp:       0x6193eeca
    164 3f50.3ee0:     Image Version:   6.1
    165 3f50.3ee0:     SizeOfImage:     0x12000 (73728)
    166 3f50.3ee0:     Resource Dir:    0x10000 LB 0x440
    167 3f50.3ee0:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
    168 3f50.3ee0:     [Raw version resource data: 0x10060 LB 0x3dc, codepage 0x0 (reserved 0x0)]
    169 3f50.3ee0:     ProductName:     Coretech Delivery
    170 3f50.3ee0:     ProductVersion:  30.256.110.0
    171 3f50.3ee0:     FileVersion:     30.256.110.0
    172 3f50.3ee0:     FileDescription: Keyboard Device Filter [fre_win7_amd64]
    173 3f50.3ee0: \SystemRoot\System32\drivers\klmouflt.sys:
    174 3f50.3ee0:     CreationTime:    2019-03-17T22:50:34.000000000Z
    175 3f50.3ee0:     LastWriteTime:   2019-03-17T22:50:34.000000000Z
    176 3f50.3ee0:     ChangeTime:      2019-10-29T19:15:00.619448000Z
    177 3f50.3ee0:     FileAttributes:  0x20
    178 3f50.3ee0:     Size:            0xe878
    179 3f50.3ee0:     NT Headers:      0xe8
    180 3f50.3ee0:     Timestamp:       0xab7b625
    181 3f50.3ee0:     Machine:         0x8664 - amd64
    182 3f50.3ee0:     Timestamp:       0xab7b625
    183 3f50.3ee0:     Image Version:   6.1
    184 3f50.3ee0:     SizeOfImage:     0xe000 (57344)
    185 3f50.3ee0:     Resource Dir:    0xc000 LB 0x430
    186 3f50.3ee0:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
    187 3f50.3ee0:     [Raw version resource data: 0xc060 LB 0x3d0, codepage 0x0 (reserved 0x0)]
    188 3f50.3ee0:     ProductName:     Coretech Delivery
    189 3f50.3ee0:     ProductVersion:  30.0.3716.0
    190 3f50.3ee0:     FileVersion:     30.0.3716.0
    191 3f50.3ee0:     FileDescription: Mouse Device Filter [fre_win7_amd64]
    192 3f50.3ee0: \SystemRoot\System32\drivers\kneps.sys:
    193 3f50.3ee0:     CreationTime:    2019-03-18T23:31:38.000000000Z
    194 3f50.3ee0:     LastWriteTime:   2020-04-13T10:51:56.055282500Z
    195 3f50.3ee0:     ChangeTime:      2020-04-13T10:51:56.055282500Z
    196 3f50.3ee0:     FileAttributes:  0x20
    197 3f50.3ee0:     Size:            0x38b98
    198 3f50.3ee0:     NT Headers:      0x108
    199 3f50.3ee0:     Timestamp:       0xe34c73f4
    200 3f50.3ee0:     Machine:         0x8664 - amd64
    201 3f50.3ee0:     Timestamp:       0xe34c73f4
    202 3f50.3ee0:     Image Version:   6.1
    203 3f50.3ee0:     SizeOfImage:     0x38000 (229376)
    204 3f50.3ee0:     Resource Dir:    0x35000 LB 0x428
    205 3f50.3ee0:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
    206 3f50.3ee0:     [Raw version resource data: 0x35060 LB 0x3c4, codepage 0x0 (reserved 0x0)]
    207 3f50.3ee0:     ProductName:     Coretech Delivery
    208 3f50.3ee0:     ProductVersion:  30.347.28.0
    209 3f50.3ee0:     FileVersion:     30.347.28.0
    210 3f50.3ee0:     FileDescription: Network Processor [fre_win7_amd64]
    211 3f50.3ee0: \SystemRoot\System32\klfphc.dll:
    212 3f50.3ee0:     CreationTime:    2019-10-29T19:14:58.573052500Z
    213 3f50.3ee0:     LastWriteTime:   2013-05-06T05:13:26.000000000Z
    214 3f50.3ee0:     ChangeTime:      2019-10-29T19:14:46.750433600Z
    215 3f50.3ee0:     FileAttributes:  0x20
    216 3f50.3ee0:     Size:            0x1ae60
    217 3f50.3ee0:     NT Headers:      0xe8
    218 3f50.3ee0:     Timestamp:       0x51873bf2
    219 3f50.3ee0:     Machine:         0x8664 - amd64
    220 3f50.3ee0:     Timestamp:       0x51873bf2
    221 3f50.3ee0:     Image Version:   0.0
    222 3f50.3ee0:     SizeOfImage:     0x1d000 (118784)
    223 3f50.3ee0:     Resource Dir:    0x18000 LB 0x3c80
    224 3f50.3ee0:     [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)]
    225 3f50.3ee0:     [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)]
    226 3f50.3ee0:     ProductName:     Kaspersky™ Anti-Virus ®
    227 3f50.3ee0:     ProductVersion:  1.0.0.12
    228 3f50.3ee0:     FileVersion:     1.0.0.12
    229 3f50.3ee0:     FileDescription: Filtering Platform Helper Class
    230 3f50.3ee0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
    231 3f50.3ee0: Calling main()
    232 3f50.3ee0: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
    233 3f50.3ee0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
    234 3f50.3ee0: SUPR3HardenedMain: Respawn #1
    235 3f50.3ee0: System32:  \Device\HarddiskVolume5\Windows\System32
    236 3f50.3ee0: WinSxS:    \Device\HarddiskVolume5\Windows\WinSxS
    237 3f50.3ee0: KnownDllPath: C:\WINDOWS\System32
    238 3f50.3ee0: supR3HardenedWinInit: Performing a limited self purification...
    239 3f50.3ee0: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
    240 3f50.3ee0:  *0000000000000000-0000000000a7ffff 0x0001/0x0000 0x0000000
    241 3f50.3ee0:  *0000000000a80000-0000000000a8ffff 0x0004/0x0004 0x0040000
    242 3f50.3ee0:  *0000000000a90000-0000000000a9efff 0x0004/0x0004 0x0020000
    243 3f50.3ee0:   0000000000a9f000-0000000000a9ffff 0x0000/0x0004 0x0020000
    244 3f50.3ee0:  *0000000000aa0000-0000000000abafff 0x0002/0x0002 0x0040000
    245 3f50.3ee0:   0000000000abb000-0000000000abffff 0x0001/0x0000 0x0000000
    246 3f50.3ee0:  *0000000000ac0000-0000000000b70fff 0x0000/0x0004 0x0020000
    247 3f50.3ee0:   0000000000b71000-0000000000b73fff 0x0104/0x0004 0x0020000
    248 3f50.3ee0:   0000000000b74000-0000000000bbffff 0x0004/0x0004 0x0020000
    249 3f50.3ee0:  *0000000000bc0000-0000000000bc3fff 0x0002/0x0002 0x0040000
    250 3f50.3ee0:   0000000000bc4000-0000000000bcffff 0x0001/0x0000 0x0000000
    251 3f50.3ee0:  *0000000000bd0000-0000000000bd1fff 0x0004/0x0004 0x0020000
    252 3f50.3ee0:   0000000000bd2000-0000000000bdffff 0x0001/0x0000 0x0000000
    253 3f50.3ee0:  *0000000000be0000-0000000000be1fff 0x0004/0x0004 0x0020000
    254 3f50.3ee0:   0000000000be2000-0000000000bf9fff 0x0000/0x0004 0x0020000
    255 3f50.3ee0:   0000000000bfa000-0000000000bfffff 0x0001/0x0000 0x0000000
    256 3f50.3ee0:  *0000000000c00000-0000000000ccafff 0x0000/0x0004 0x0020000
    257 3f50.3ee0:   0000000000ccb000-0000000000ccdfff 0x0004/0x0004 0x0020000
    258 3f50.3ee0:   0000000000cce000-0000000000dfffff 0x0000/0x0004 0x0020000
    259 3f50.3ee0:  *0000000000e00000-0000000000ec6fff 0x0002/0x0002 0x0040000
    260 3f50.3ee0:   0000000000ec7000-0000000000f8ffff 0x0001/0x0000 0x0000000
    261 3f50.3ee0:  *0000000000f90000-0000000000f95fff 0x0004/0x0004 0x0020000
    262 3f50.3ee0:   0000000000f96000-000000000108ffff 0x0000/0x0004 0x0020000
    263 3f50.3ee0:  *0000000001090000-0000000001090fff 0x0000/0x0004 0x0020000
    264 3f50.3ee0:   0000000001091000-0000000001281fff 0x0004/0x0004 0x0020000
    265 3f50.3ee0:   0000000001282000-0000000001282fff 0x0000/0x0004 0x0020000
    266 3f50.3ee0:   0000000001283000-000000000128ffff 0x0001/0x0000 0x0000000
    267 3f50.3ee0:  *0000000001290000-00000000012acfff 0x0004/0x0004 0x0020000
    268 3f50.3ee0:   00000000012ad000-000000000138ffff 0x0000/0x0004 0x0020000
    269 3f50.3ee0:   0000000001390000-000000007ffdffff 0x0001/0x0000 0x0000000
    270 3f50.3ee0:  *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
    271 3f50.3ee0:   000000007ffe1000-000000007ffe3fff 0x0001/0x0000 0x0000000
    272 3f50.3ee0:  *000000007ffe4000-000000007ffe4fff 0x0002/0x0002 0x0020000
    273 3f50.3ee0:   000000007ffe5000-00007ff47768ffff 0x0001/0x0000 0x0000000
    274 3f50.3ee0:  *00007ff477690000-00007ff477694fff 0x0002/0x0002 0x0040000
    275 3f50.3ee0:   00007ff477695000-00007ff47778ffff 0x0000/0x0002 0x0040000
    276 3f50.3ee0:  *00007ff477790000-00007ff5777affff 0x0000/0x0004 0x0020000
    277 3f50.3ee0:  *00007ff5777b0000-00007ff5797affff 0x0000/0x0004 0x0020000
    278 3f50.3ee0:   00007ff5797b0000-00007ff5797b0fff 0x0004/0x0004 0x0020000
    279 3f50.3ee0:   00007ff5797b1000-00007ff5797bffff 0x0001/0x0000 0x0000000
    280 3f50.3ee0:  *00007ff5797c0000-00007ff5797c0fff 0x0002/0x0002 0x0040000
    281 3f50.3ee0:   00007ff5797c1000-00007ff5797cffff 0x0001/0x0000 0x0000000
    282 3f50.3ee0:  *00007ff5797d0000-00007ff5797f2fff 0x0002/0x0002 0x0040000
    283 3f50.3ee0:   00007ff5797f3000-00007ff6c39bffff 0x0001/0x0000 0x0000000
    284 3f50.3ee0:  *00007ff6c39c0000-00007ff6c39c0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    285 3f50.3ee0:   00007ff6c39c1000-00007ff6c3a36fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    286 3f50.3ee0:   00007ff6c3a37000-00007ff6c3a37fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    287 3f50.3ee0:   00007ff6c3a38000-00007ff6c3a7ffff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    288 3f50.3ee0:   00007ff6c3a80000-00007ff6c3a82fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    289 3f50.3ee0:   00007ff6c3a83000-00007ff6c3a85fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    290 3f50.3ee0:   00007ff6c3a86000-00007ff6c3a88fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    291 3f50.3ee0:   00007ff6c3a89000-00007ff6c3a89fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    292 3f50.3ee0:   00007ff6c3a8a000-00007ff6c3a8bfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    293 3f50.3ee0:   00007ff6c3a8c000-00007ff6c3a8cfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    294 3f50.3ee0:   00007ff6c3a8d000-00007ff6c3ad5fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    295 3f50.3ee0:   00007ff6c3ad6000-00007ff9f32bffff 0x0001/0x0000 0x0000000
    296 3f50.3ee0:  *00007ff9f32c0000-00007ff9f32c0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
    297 3f50.3ee0:   00007ff9f32c1000-00007ff9f33c5fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
    298 3f50.3ee0:   00007ff9f33c6000-00007ff9f3527fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
    299 3f50.3ee0:   00007ff9f3528000-00007ff9f352bfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
    300 3f50.3ee0:   00007ff9f352c000-00007ff9f352cfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
    301 3f50.3ee0:   00007ff9f352d000-00007ff9f3562fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
    302 3f50.3ee0:   00007ff9f3563000-00007ff9f558ffff 0x0001/0x0000 0x0000000
    303 3f50.3ee0:  *00007ff9f5590000-00007ff9f5590fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\kernel32.dll
    304 3f50.3ee0:   00007ff9f5591000-00007ff9f5605fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\kernel32.dll
    305 3f50.3ee0:   00007ff9f5606000-00007ff9f5637fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\kernel32.dll
    306 3f50.3ee0:   00007ff9f5638000-00007ff9f5638fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\kernel32.dll
    307 3f50.3ee0:   00007ff9f5639000-00007ff9f5639fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\kernel32.dll
    308 3f50.3ee0:   00007ff9f563a000-00007ff9f5641fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\kernel32.dll
    309 3f50.3ee0:   00007ff9f5642000-00007ff9f593ffff 0x0001/0x0000 0x0000000
    310 3f50.3ee0:  *00007ff9f5940000-00007ff9f5940fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
    311 3f50.3ee0:   00007ff9f5941000-00007ff9f5a57fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
    312 3f50.3ee0:   00007ff9f5a58000-00007ff9f5a9efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
    313 3f50.3ee0:   00007ff9f5a9f000-00007ff9f5a9ffff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
    314 3f50.3ee0:   00007ff9f5aa0000-00007ff9f5aa1fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
    315 3f50.3ee0:   00007ff9f5aa2000-00007ff9f5aaafff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
    316 3f50.3ee0:   00007ff9f5aab000-00007ff9f5b2ffff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
    317 3f50.3ee0:   00007ff9f5b30000-00007ffffffeffff 0x0001/0x0000 0x0000000
    318 3f50.3ee0: kernel32.dll: timestamp 0xd0cecc10 (rc=VINF_SUCCESS)
    319 3f50.3ee0: kernelbase.dll: timestamp 0x50cc8d5a (rc=VINF_SUCCESS)
    320 3f50.3ee0: VirtualBoxVM.exe: timestamp 0x5ed9201b (rc=VINF_SUCCESS)
    321 3f50.3ee0: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
    322 3f50.3ee0: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports
    323 3f50.3ee0: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
    324 3f50.3ee0: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
    325 3f50.3ee0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
    326 3f50.3ee0: supR3HardNtEnableThreadCreationEx:
    327 3f50.3ee0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9f59b17f0 pvNtTerminateThread=00007ff9f59dcb10
    328 3f50.3ee0: supR3HardenedWinDoReSpawn(1): New child 16dc.a34 [kernel32].
    329 3f50.3ee0: supR3HardNtChildGatherData: PebBaseAddress=00000000005e3000 cbPeb=0x388
    330 3f50.3ee0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff9f5940000 uNtDllChildAddr=00007ff9f5940000
    331 3f50.3ee0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9f59b17f0
    332 3f50.3ee0: supR3HardenedWinSetupChildInit: Initial context:
    333   rax=0000000000000000 rbx=0000000000000000 rcx=00007ff6c39c7900 rdx=00000000005e3000
    334   rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
    335   r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
    336   r14=0000000000000000 r15=0000000000000000  P1=0000000000000000  P2=0000000000000000
    337   rip=00007ff9f59aceb0 rsp=000000000071f948 rbp=0000000000000000    ctxflags=0010001b
    338   cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000    eflags=00000200   mxcrx=00001f80
    339    P3=0000000000000000  P4=0000000000000000  P5=0000000000000000  P6=0000000000000000
    340   dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
    341   dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
    342   lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
    343 3f50.3ee0: supR3HardenedWinSetupChildInit: Start child.
    344 3f50.3ee0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
    345 3f50.3ee0: supR3HardNtChildPurify: Startup delay kludge #1/0: 519 ms, 58 sleeps
    346 3f50.3ee0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
    347 3f50.3ee0:  *0000000000000000-00000000003dffff 0x0001/0x0000 0x0000000
    348 3f50.3ee0:  *00000000003e0000-00000000003fffff 0x0004/0x0004 0x0020000
    349 3f50.3ee0:  *0000000000400000-00000000005e2fff 0x0000/0x0004 0x0020000
    350 3f50.3ee0:   00000000005e3000-00000000005e5fff 0x0004/0x0004 0x0020000
    351 3f50.3ee0:   00000000005e6000-00000000005fffff 0x0000/0x0004 0x0020000
    352 3f50.3ee0:  *0000000000600000-000000000061afff 0x0002/0x0002 0x0040000
    353 3f50.3ee0:   000000000061b000-000000000061ffff 0x0001/0x0000 0x0000000
    354 3f50.3ee0:  *0000000000620000-000000000071afff 0x0000/0x0004 0x0020000
    355 3f50.3ee0:   000000000071b000-000000000071dfff 0x0104/0x0004 0x0020000
    356 3f50.3ee0:   000000000071e000-000000000071ffff 0x0004/0x0004 0x0020000
    357 3f50.3ee0:  *0000000000720000-0000000000723fff 0x0002/0x0002 0x0040000
    358 3f50.3ee0:   0000000000724000-000000000072ffff 0x0001/0x0000 0x0000000
    359 3f50.3ee0:  *0000000000730000-0000000000731fff 0x0004/0x0004 0x0020000
    360 3f50.3ee0:   0000000000732000-000000007ffdffff 0x0001/0x0000 0x0000000
    361 3f50.3ee0:  *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
    362 3f50.3ee0:   000000007ffe1000-000000007ffe3fff 0x0001/0x0000 0x0000000
    363 3f50.3ee0:  *000000007ffe4000-000000007ffe4fff 0x0002/0x0002 0x0020000
    364 3f50.3ee0:   000000007ffe5000-00007ff522adffff 0x0001/0x0000 0x0000000
    365 3f50.3ee0:  *00007ff522ae0000-00007ff522ae0fff 0x0002/0x0002 0x0040000
    366 3f50.3ee0:   00007ff522ae1000-00007ff522aeffff 0x0001/0x0000 0x0000000
    367 3f50.3ee0:  *00007ff522af0000-00007ff522b12fff 0x0002/0x0002 0x0040000
    368 3f50.3ee0:   00007ff522b13000-00007ff6c39bffff 0x0001/0x0000 0x0000000
    369 3f50.3ee0:  *00007ff6c39c0000-00007ff6c39c0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    370 3f50.3ee0:   00007ff6c39c1000-00007ff6c3a36fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    371 3f50.3ee0:   00007ff6c3a37000-00007ff6c3a37fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    372 3f50.3ee0:   00007ff6c3a38000-00007ff6c3a7ffff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    373 3f50.3ee0:   00007ff6c3a80000-00007ff6c3a80fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    374 3f50.3ee0:   00007ff6c3a81000-00007ff6c3a81fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    375 3f50.3ee0:   00007ff6c3a82000-00007ff6c3a86fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    376 3f50.3ee0:   00007ff6c3a87000-00007ff6c3a87fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    377 3f50.3ee0:   00007ff6c3a88000-00007ff6c3a88fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    378 3f50.3ee0:   00007ff6c3a89000-00007ff6c3a8cfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    379 3f50.3ee0:   00007ff6c3a8d000-00007ff6c3ad5fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    380 3f50.3ee0:   00007ff6c3ad6000-00007ff9f593ffff 0x0001/0x0000 0x0000000
    381 3f50.3ee0:  *00007ff9f5940000-00007ff9f5940fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
    382 3f50.3ee0:   00007ff9f5941000-00007ff9f5a57fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
    383 3f50.3ee0:   00007ff9f5a58000-00007ff9f5a9efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
    384 3f50.3ee0:   00007ff9f5a9f000-00007ff9f5aaafff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
    385 3f50.3ee0:   00007ff9f5aab000-00007ff9f5ab9fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
    386 3f50.3ee0:   00007ff9f5aba000-00007ff9f5abafff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
    387 3f50.3ee0:   00007ff9f5abb000-00007ff9f5abdfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
    388 3f50.3ee0:   00007ff9f5abe000-00007ff9f5b2ffff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
    389 3f50.3ee0:   00007ff9f5b30000-00007ffffffeffff 0x0001/0x0000 0x0000000
    390 3f50.3ee0: supR3HardNtChildPurify: Done after 523 ms and 0 fixes (loop #0).
    391 16dc.a34: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00
    392 16dc.a34: supR3HardenedVmProcessInit: uNtDllAddr=00007ff9f5940000 g_uNtVerCombined=0xa047ba00 (stack ~000000000071f3d8)
    393 16dc.a34: ntdll.dll: timestamp 0x99ca0526 (rc=VINF_SUCCESS)
    394 16dc.a34: New simple heap: #1 0000000000840000 LB 0x400000 (for 2031616 allocation)
    395 16dc.a34: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
    396 3f50.3ee0: supR3HardNtEnableThreadCreationEx:
    397 16dc.a34: System32:  \Device\HarddiskVolume5\Windows\System32
    398 16dc.a34: WinSxS:    \Device\HarddiskVolume5\Windows\WinSxS
    399 16dc.a34: KnownDllPath: C:\WINDOWS\System32
    400 16dc.a34: supR3HardenedVmProcessInit: Opening vboxdrv stub...
    401 16dc.a34: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
    402 16dc.a34: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
    403 16dc.a34: Registered Dll notification callback with NTDLL.
    404 16dc.a34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll)
    405 16dc.a34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll
    406 16dc.a34: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
    407 16dc.a34: supR3HardenedDllNotificationCallback: load   00007ff9f32c0000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
    408 16dc.a34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll)
    409 16dc.a34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
    410 16dc.a34: supR3HardenedDllNotificationCallback: load   00007ff9f5590000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
    411 16dc.a34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
    412 16dc.a34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5590000 'C:\WINDOWS\System32\KERNEL32.DLL'
    413 16dc.a34: supR3HardenedDllNotificationCallback: load   00007ff6c39c0000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
    414 16dc.a34: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
    415 16dc.a34: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
    416 16dc.a34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    417 16dc.a34: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9f59b17f0 pvNtTerminateThread=00007ff9f59dcb10
    418 3f50.3ee0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 103 ms.
    419 16dc.a34: \SystemRoot\System32\ntdll.dll:
    420 16dc.a34:     CreationTime:    2019-10-15T01:27:38.187278500Z
    421 16dc.a34:     LastWriteTime:   2019-10-15T01:27:38.258088700Z
    422 16dc.a34:     ChangeTime:      2019-12-10T23:38:02.237850100Z
    423 16dc.a34:     FileAttributes:  0x20
    424 16dc.a34:     Size:            0x1e8528
    425 16dc.a34:     NT Headers:      0xd8
    426 16dc.a34:     Timestamp:       0x99ca0526
    427 16dc.a34:     Machine:         0x8664 - amd64
    428 16dc.a34:     Timestamp:       0x99ca0526
    429 16dc.a34:     Image Version:   10.0
    430 16dc.a34:     SizeOfImage:     0x1f0000 (2031616)
    431 16dc.a34:     Resource Dir:    0x17f000 LB 0x6f310
    432 16dc.a34:     [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
    433 16dc.a34:     [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
    434 16dc.a34:     ProductName:     Microsoft® Windows® Operating System
    435 16dc.a34:     ProductVersion:  10.0.18362.418
    436 16dc.a34:     FileVersion:     10.0.18362.418 (WinBuild.160101.0800)
    437 16dc.a34:     FileDescription: NT Layer DLL
    438 16dc.a34: \SystemRoot\System32\kernel32.dll:
    439 16dc.a34:     CreationTime:    2019-10-14T21:52:08.880289300Z
    440 16dc.a34:     LastWriteTime:   2019-10-14T21:52:08.895892800Z
    441 16dc.a34:     ChangeTime:      2019-12-10T23:38:01.396101400Z
    442 16dc.a34:     FileAttributes:  0x20
    443 16dc.a34:     Size:            0xb0570
    444 16dc.a34:     NT Headers:      0xe8
    445 16dc.a34:     Timestamp:       0xd0cecc10
    446 16dc.a34:     Machine:         0x8664 - amd64
    447 16dc.a34:     Timestamp:       0xd0cecc10
    448 16dc.a34:     Image Version:   10.0
    449 16dc.a34:     SizeOfImage:     0xb2000 (729088)
    450 16dc.a34:     Resource Dir:    0xb0000 LB 0x520
    451 16dc.a34:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
    452 16dc.a34:     [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
    453 16dc.a34:     ProductName:     Microsoft® Windows® Operating System
    454 16dc.a34:     ProductVersion:  10.0.18362.329
    455 16dc.a34:     FileVersion:     10.0.18362.329 (WinBuild.160101.0800)
    456 16dc.a34:     FileDescription: Windows NT BASE API Client DLL
    457 16dc.a34: \SystemRoot\System32\KernelBase.dll:
    458 16dc.a34:     CreationTime:    2019-12-10T23:37:24.476465800Z
    459 16dc.a34:     LastWriteTime:   2019-12-10T23:37:24.592153100Z
    460 16dc.a34:     ChangeTime:      2019-12-11T09:32:25.829231400Z
    461 16dc.a34:     FileAttributes:  0x20
    462 16dc.a34:     Size:            0x2a2638
    463 16dc.a34:     NT Headers:      0xf0
    464 16dc.a34:     Timestamp:       0x50cc8d5a
    465 16dc.a34:     Machine:         0x8664 - amd64
    466 16dc.a34:     Timestamp:       0x50cc8d5a
    467 16dc.a34:     Image Version:   10.0
    468 16dc.a34:     SizeOfImage:     0x2a3000 (2764800)
    469 16dc.a34:     Resource Dir:    0x27d000 LB 0x548
    470 16dc.a34:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
    471 16dc.a34:     [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
    472 16dc.a34:     ProductName:     Microsoft® Windows® Operating System
    473 16dc.a34:     ProductVersion:  10.0.18362.535
    474 16dc.a34:     FileVersion:     10.0.18362.535 (WinBuild.160101.0800)
    475 16dc.a34:     FileDescription: Windows NT BASE API Client DLL
    476 16dc.a34: \SystemRoot\System32\apisetschema.dll:
    477 16dc.a34:     CreationTime:    2019-03-19T04:43:54.837151500Z
    478 16dc.a34:     LastWriteTime:   2019-03-19T04:43:54.837151500Z
    479 16dc.a34:     ChangeTime:      2019-12-10T23:38:01.351221300Z
    480 16dc.a34:     FileAttributes:  0x20
    481 16dc.a34:     Size:            0x1d028
    482 16dc.a34:     NT Headers:      0xc8
    483 16dc.a34:     Timestamp:       0xd6ced080
    484 16dc.a34:     Machine:         0x8664 - amd64
    485 16dc.a34:     Timestamp:       0xd6ced080
    486 16dc.a34:     Image Version:   10.0
    487 16dc.a34:     SizeOfImage:     0x1e000 (122880)
    488 16dc.a34:     Resource Dir:    0x1d000 LB 0x408
    489 16dc.a34:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
    490 16dc.a34:     [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
    491 16dc.a34:     ProductName:     Microsoft® Windows® Operating System
    492 16dc.a34:     ProductVersion:  10.0.18362.1
    493 16dc.a34:     FileVersion:     10.0.18362.1 (WinBuild.160101.0800)
    494 16dc.a34:     FileDescription: ApiSet Schema DLL
    495 16dc.a34: NtOpenDirectoryObject failed on \Driver: 0xc0000022
    496 16dc.a34: supR3HardenedWinFindAdversaries: 0x40
    497 16dc.a34: \SystemRoot\System32\drivers\klflt.sys:
    498 16dc.a34:     CreationTime:    2019-10-29T19:14:39.888045400Z
    499 16dc.a34:     LastWriteTime:   2020-04-13T10:51:55.718184300Z
    500 16dc.a34:     ChangeTime:      2020-04-13T10:51:55.718184300Z
    501 16dc.a34:     FileAttributes:  0x20
    502 16dc.a34:     Size:            0x3d798
    503 16dc.a34:     NT Headers:      0x100
    504 16dc.a34:     Timestamp:       0x70232f61
    505 16dc.a34:     Machine:         0x8664 - amd64
    506 16dc.a34:     Timestamp:       0x70232f61
    507 16dc.a34:     Image Version:   6.1
    508 16dc.a34:     SizeOfImage:     0x4a000 (303104)
    509 16dc.a34:     Resource Dir:    0x47000 LB 0x418
    510 16dc.a34:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
    511 16dc.a34:     [Raw version resource data: 0x47060 LB 0x3b8, codepage 0x0 (reserved 0x0)]
    512 16dc.a34:     ProductName:     Coretech Delivery
    513 16dc.a34:     ProductVersion:  30.347.47.0
    514 16dc.a34:     FileVersion:     30.347.47.0
    515 16dc.a34:     FileDescription: Filter Core [fre_win7_amd64]
    516 16dc.a34: \SystemRoot\System32\drivers\klif.sys:
    517 16dc.a34:     CreationTime:    2019-10-29T19:14:40.127821000Z
    518 16dc.a34:     LastWriteTime:   2020-04-13T10:51:55.865790400Z
    519 16dc.a34:     ChangeTime:      2020-04-13T10:51:55.865790400Z
    520 16dc.a34:     FileAttributes:  0x20
    521 16dc.a34:     Size:            0xf3b98
    522 16dc.a34:     NT Headers:      0xf8
    523 16dc.a34:     Timestamp:       0x5e6be381
    524 16dc.a34:     Machine:         0x8664 - amd64
    525 16dc.a34:     Timestamp:       0x5e6be381
    526 16dc.a34:     Image Version:   6.1
    527 16dc.a34:     SizeOfImage:     0xf4000 (999424)
    528 16dc.a34:     Resource Dir:    0xeb000 LB 0x33f8
    529 16dc.a34:     [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)]
    530 16dc.a34:     [Raw version resource data: 0xee028 LB 0x3d0, codepage 0x0 (reserved 0x0)]
    531 16dc.a34:     ProductName:     Coretech Delivery
    532 16dc.a34:     ProductVersion:  30.347.47.0
    533 16dc.a34:     FileVersion:     30.347.47.0
    534 16dc.a34:     FileDescription: Core System Interceptors [fre_win7_amd64]
    535 16dc.a34: \SystemRoot\System32\drivers\klim6.sys:
    536 16dc.a34:     CreationTime:    2019-03-19T04:21:06.000000000Z
    537 16dc.a34:     LastWriteTime:   2019-03-19T04:21:06.000000000Z
    538 16dc.a34:     ChangeTime:      2019-10-29T19:15:00.994361000Z
    539 16dc.a34:     FileAttributes:  0x20
    540 16dc.a34:     Size:            0xe350
    541 16dc.a34:     NT Headers:      0xe0
    542 16dc.a34:     Timestamp:       0x54ad405e
    543 16dc.a34:     Machine:         0x8664 - amd64
    544 16dc.a34:     Timestamp:       0x54ad405e
    545 16dc.a34:     Image Version:   6.1
    546 16dc.a34:     SizeOfImage:     0xb000 (45056)
    547 16dc.a34:     Resource Dir:    0x9000 LB 0x430
    548 16dc.a34:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
    549 16dc.a34:     [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
    550 16dc.a34:     ProductName:     Coretech Delivery
    551 16dc.a34:     ProductVersion:  30.0.3724.0
    552 16dc.a34:     FileVersion:     30.0.3724.0
    553 16dc.a34:     FileDescription: Packet Network Filter [fre_win7_amd64]
    554 16dc.a34: \SystemRoot\System32\drivers\klkbdflt.sys:
    555 16dc.a34:     CreationTime:    2019-03-17T23:11:30.000000000Z
    556 16dc.a34:     LastWriteTime:   2020-04-13T10:51:55.931614300Z
    557 16dc.a34:     ChangeTime:      2020-04-13T10:51:55.931614300Z
    558 16dc.a34:     FileAttributes:  0x20
    559 16dc.a34:     Size:            0x13790
    560 16dc.a34:     NT Headers:      0xf8
    561 16dc.a34:     Timestamp:       0x6193eeca
    562 16dc.a34:     Machine:         0x8664 - amd64
    563 16dc.a34:     Timestamp:       0x6193eeca
    564 16dc.a34:     Image Version:   6.1
    565 16dc.a34:     SizeOfImage:     0x12000 (73728)
    566 16dc.a34:     Resource Dir:    0x10000 LB 0x440
    567 16dc.a34:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
    568 16dc.a34:     [Raw version resource data: 0x10060 LB 0x3dc, codepage 0x0 (reserved 0x0)]
    569 16dc.a34:     ProductName:     Coretech Delivery
    570 16dc.a34:     ProductVersion:  30.256.110.0
    571 16dc.a34:     FileVersion:     30.256.110.0
    572 16dc.a34:     FileDescription: Keyboard Device Filter [fre_win7_amd64]
    573 16dc.a34: \SystemRoot\System32\drivers\klmouflt.sys:
    574 16dc.a34:     CreationTime:    2019-03-17T22:50:34.000000000Z
    575 16dc.a34:     LastWriteTime:   2019-03-17T22:50:34.000000000Z
    576 16dc.a34:     ChangeTime:      2019-10-29T19:15:00.619448000Z
    577 16dc.a34:     FileAttributes:  0x20
    578 16dc.a34:     Size:            0xe878
    579 16dc.a34:     NT Headers:      0xe8
    580 16dc.a34:     Timestamp:       0xab7b625
    581 16dc.a34:     Machine:         0x8664 - amd64
    582 16dc.a34:     Timestamp:       0xab7b625
    583 16dc.a34:     Image Version:   6.1
    584 16dc.a34:     SizeOfImage:     0xe000 (57344)
    585 16dc.a34:     Resource Dir:    0xc000 LB 0x430
    586 16dc.a34:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
    587 16dc.a34:     [Raw version resource data: 0xc060 LB 0x3d0, codepage 0x0 (reserved 0x0)]
    588 16dc.a34:     ProductName:     Coretech Delivery
    589 16dc.a34:     ProductVersion:  30.0.3716.0
    590 16dc.a34:     FileVersion:     30.0.3716.0
    591 16dc.a34:     FileDescription: Mouse Device Filter [fre_win7_amd64]
    592 16dc.a34: \SystemRoot\System32\drivers\kneps.sys:
    593 16dc.a34:     CreationTime:    2019-03-18T23:31:38.000000000Z
    594 16dc.a34:     LastWriteTime:   2020-04-13T10:51:56.055282500Z
    595 16dc.a34:     ChangeTime:      2020-04-13T10:51:56.055282500Z
    596 16dc.a34:     FileAttributes:  0x20
    597 16dc.a34:     Size:            0x38b98
    598 16dc.a34:     NT Headers:      0x108
    599 16dc.a34:     Timestamp:       0xe34c73f4
    600 16dc.a34:     Machine:         0x8664 - amd64
    601 16dc.a34:     Timestamp:       0xe34c73f4
    602 16dc.a34:     Image Version:   6.1
    603 16dc.a34:     SizeOfImage:     0x38000 (229376)
    604 16dc.a34:     Resource Dir:    0x35000 LB 0x428
    605 16dc.a34:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
    606 16dc.a34:     [Raw version resource data: 0x35060 LB 0x3c4, codepage 0x0 (reserved 0x0)]
    607 16dc.a34:     ProductName:     Coretech Delivery
    608 16dc.a34:     ProductVersion:  30.347.28.0
    609 16dc.a34:     FileVersion:     30.347.28.0
    610 16dc.a34:     FileDescription: Network Processor [fre_win7_amd64]
    611 16dc.a34: \SystemRoot\System32\klfphc.dll:
    612 16dc.a34:     CreationTime:    2019-10-29T19:14:58.573052500Z
    613 16dc.a34:     LastWriteTime:   2013-05-06T05:13:26.000000000Z
    614 16dc.a34:     ChangeTime:      2019-10-29T19:14:46.750433600Z
    615 16dc.a34:     FileAttributes:  0x20
    616 16dc.a34:     Size:            0x1ae60
    617 16dc.a34:     NT Headers:      0xe8
    618 16dc.a34:     Timestamp:       0x51873bf2
    619 16dc.a34:     Machine:         0x8664 - amd64
    620 16dc.a34:     Timestamp:       0x51873bf2
    621 16dc.a34:     Image Version:   0.0
    622 16dc.a34:     SizeOfImage:     0x1d000 (118784)
    623 16dc.a34:     Resource Dir:    0x18000 LB 0x3c80
    624 16dc.a34:     [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)]
    625 16dc.a34:     [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)]
    626 16dc.a34:     ProductName:     Kaspersky™ Anti-Virus ®
    627 16dc.a34:     ProductVersion:  1.0.0.12
    628 16dc.a34:     FileVersion:     1.0.0.12
    629 16dc.a34:     FileDescription: Filtering Platform Helper Class
    630 16dc.a34: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
    631 16dc.a34: Calling main()
    632 16dc.a34: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
    633 16dc.a34: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
    634 16dc.a34: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
    635 16dc.a34: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
    636 16dc.a34: SUPR3HardenedMain: Respawn #2
    637 16dc.a34: supR3HardNtEnableThreadCreationEx:
    638 16dc.a34: supR3HardenedDllNotificationCallback: load   00007ff9f4940000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
    639 16dc.a34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll)
    640 16dc.a34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
    641 16dc.a34: supR3HardenedDllNotificationCallback: load   00007ff9f4760000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
    642 16dc.a34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
    643 16dc.a34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\sechost.dll)
    644 16dc.a34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sechost.dll
    645 16dc.a34: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports
    646 16dc.a34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ntdll.dll)
    647 16dc.a34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ntdll.dll
    648 16dc.a34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
    649 16dc.a34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
    650 16dc.a34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
    651 16dc.a34: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
    652 16dc.a34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5940000 'C:\WINDOWS\System32\ntdll.dll'
    653 16dc.a34: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9f59b17f0 pvNtTerminateThread=00007ff9f59dcb10
    654 16dc.a34: supR3HardenedWinDoReSpawn(2): New child 3d54.3aa8 [kernel32].
    655 16dc.a34: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
    656 16dc.a34: supR3HardNtChildGatherData: PebBaseAddress=0000000000e5f000 cbPeb=0x388
    657 16dc.a34: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff9f5940000 uNtDllChildAddr=00007ff9f5940000
    658 16dc.a34: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9f59b17f0
    659 16dc.a34: supR3HardenedWinSetupChildInit: Initial context:
    660   rax=0000000000000000 rbx=0000000000000000 rcx=00007ff6c39c7900 rdx=0000000000e5f000
    661   rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
    662   r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
    663   r14=0000000000000000 r15=0000000000000000  P1=0000000000000000  P2=0000000000000000
    664   rip=00007ff9f59aceb0 rsp=000000000113f948 rbp=0000000000000000    ctxflags=0010001b
    665   cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000    eflags=00000200   mxcrx=00001f80
    666    P3=0000000000000000  P4=0000000000000000  P5=0000000000000000  P6=0000000000000000
    667   dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
    668   dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
    669   lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
    670 16dc.a34: kernel32.dll: timestamp 0xd0cecc10 (rc=VINF_SUCCESS)
    671 16dc.a34: supR3HardenedWinSetupChildInit: Start child.
    672 16dc.a34: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
    673 16dc.a34: supR3HardNtChildPurify: Startup delay kludge #1/0: 521 ms, 58 sleeps
    674 16dc.a34: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
    675 16dc.a34:  *0000000000000000-0000000000deffff 0x0001/0x0000 0x0000000
    676 16dc.a34:  *0000000000df0000-0000000000df3fff 0x0002/0x0002 0x0040000
    677 16dc.a34:   0000000000df4000-0000000000dfffff 0x0001/0x0000 0x0000000
    678 16dc.a34:  *0000000000e00000-0000000000e5efff 0x0000/0x0004 0x0020000
    679 16dc.a34:   0000000000e5f000-0000000000e61fff 0x0004/0x0004 0x0020000
    680 16dc.a34:   0000000000e62000-0000000000ffffff 0x0000/0x0004 0x0020000
    681 16dc.a34:  *0000000001000000-000000000101ffff 0x0004/0x0004 0x0020000
    682 16dc.a34:  *0000000001020000-000000000103afff 0x0002/0x0002 0x0040000
    683 16dc.a34:   000000000103b000-000000000103ffff 0x0001/0x0000 0x0000000
    684 16dc.a34:  *0000000001040000-000000000113afff 0x0000/0x0004 0x0020000
    685 16dc.a34:   000000000113b000-000000000113dfff 0x0104/0x0004 0x0020000
    686 16dc.a34:   000000000113e000-000000000113ffff 0x0004/0x0004 0x0020000
    687 16dc.a34:  *0000000001140000-0000000001141fff 0x0004/0x0004 0x0020000
    688 16dc.a34:   0000000001142000-000000007ffdffff 0x0001/0x0000 0x0000000
    689 16dc.a34:  *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
    690 16dc.a34:   000000007ffe1000-000000007ffe3fff 0x0001/0x0000 0x0000000
    691 16dc.a34:  *000000007ffe4000-000000007ffe4fff 0x0002/0x0002 0x0020000
    692 16dc.a34:   000000007ffe5000-00007ff5588bffff 0x0001/0x0000 0x0000000
    693 16dc.a34:  *00007ff5588c0000-00007ff5588c0fff 0x0002/0x0002 0x0040000
    694 16dc.a34:   00007ff5588c1000-00007ff5588cffff 0x0001/0x0000 0x0000000
    695 16dc.a34:  *00007ff5588d0000-00007ff5588f2fff 0x0002/0x0002 0x0040000
    696 16dc.a34:   00007ff5588f3000-00007ff6c39bffff 0x0001/0x0000 0x0000000
    697 16dc.a34:  *00007ff6c39c0000-00007ff6c39c0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    698 16dc.a34:   00007ff6c39c1000-00007ff6c3a36fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    699 16dc.a34:   00007ff6c3a37000-00007ff6c3a37fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    700 16dc.a34:   00007ff6c3a38000-00007ff6c3a7ffff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    701 16dc.a34:   00007ff6c3a80000-00007ff6c3a80fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    702 16dc.a34:   00007ff6c3a81000-00007ff6c3a81fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    703 16dc.a34:   00007ff6c3a82000-00007ff6c3a86fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    704 16dc.a34:   00007ff6c3a87000-00007ff6c3a87fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    705 16dc.a34:   00007ff6c3a88000-00007ff6c3a88fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    706 16dc.a34:   00007ff6c3a89000-00007ff6c3a8cfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    707 16dc.a34:   00007ff6c3a8d000-00007ff6c3ad5fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    708 16dc.a34:   00007ff6c3ad6000-00007ff9f593ffff 0x0001/0x0000 0x0000000
    709 16dc.a34:  *00007ff9f5940000-00007ff9f5940fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
    710 16dc.a34:   00007ff9f5941000-00007ff9f5a57fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
    711 16dc.a34:   00007ff9f5a58000-00007ff9f5a9efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
    712 16dc.a34:   00007ff9f5a9f000-00007ff9f5aaafff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
    713 16dc.a34:   00007ff9f5aab000-00007ff9f5ab9fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
    714 16dc.a34:   00007ff9f5aba000-00007ff9f5abafff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
    715 16dc.a34:   00007ff9f5abb000-00007ff9f5abdfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
    716 16dc.a34:   00007ff9f5abe000-00007ff9f5b2ffff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
    717 16dc.a34:   00007ff9f5b30000-00007ffffffeffff 0x0001/0x0000 0x0000000
    718 16dc.a34: VirtualBoxVM.exe: timestamp 0x5ed9201b (rc=VINF_SUCCESS)
    719 16dc.a34: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
    720 16dc.a34: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports
    721 16dc.a34: supR3HardNtChildPurify: Done after 565 ms and 0 fixes (loop #0).
    722 3d54.3aa8: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00
    723 3d54.3aa8: supR3HardenedVmProcessInit: uNtDllAddr=00007ff9f5940000 g_uNtVerCombined=0xa047ba00 (stack ~000000000113f3d8)
    724 3d54.3aa8: ntdll.dll: timestamp 0x99ca0526 (rc=VINF_SUCCESS)
    725 3d54.3aa8: New simple heap: #1 0000000001250000 LB 0x400000 (for 2031616 allocation)
    726 16dc.a34: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000840000 LB 0x400000)
    727 16dc.a34: supR3HardNtEnableThreadCreationEx:
    728 3d54.3aa8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
    729 3d54.3aa8: System32:  \Device\HarddiskVolume5\Windows\System32
    730 3d54.3aa8: WinSxS:    \Device\HarddiskVolume5\Windows\WinSxS
    731 3d54.3aa8: KnownDllPath: C:\WINDOWS\System32
    732 3d54.3aa8: supR3HardenedVmProcessInit: Opening vboxdrv...
    733 3d54.3aa8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
    734 3d54.3aa8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
    735 3d54.3aa8: Registered Dll notification callback with NTDLL.
    736 3d54.3aa8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll)
    737 3d54.3aa8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll
    738 3d54.3aa8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
    739 3d54.3aa8: supR3HardenedDllNotificationCallback: load   00007ff9f32c0000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
    740 3d54.3aa8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll)
    741 3d54.3aa8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
    742 3d54.3aa8: supR3HardenedDllNotificationCallback: load   00007ff9f5590000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
    743 3d54.3aa8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
    744 3d54.3aa8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5590000 'C:\WINDOWS\System32\KERNEL32.DLL'
    745 3d54.3aa8: supR3HardenedDllNotificationCallback: load   00007ff6c39c0000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
    746 3d54.3aa8: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
    747 3d54.3aa8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
    748 3d54.3aa8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
    749 3d54.3aa8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9f59b17f0 pvNtTerminateThread=00007ff9f59dcb10
    750 16dc.a34: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 131 ms.
    751 3d54.3aa8: \SystemRoot\System32\ntdll.dll:
    752 3d54.3aa8:     CreationTime:    2019-10-15T01:27:38.187278500Z
    753 3d54.3aa8:     LastWriteTime:   2019-10-15T01:27:38.258088700Z
    754 3d54.3aa8:     ChangeTime:      2019-12-10T23:38:02.237850100Z
    755 3d54.3aa8:     FileAttributes:  0x20
    756 3d54.3aa8:     Size:            0x1e8528
    757 3d54.3aa8:     NT Headers:      0xd8
    758 3d54.3aa8:     Timestamp:       0x99ca0526
    759 3d54.3aa8:     Machine:         0x8664 - amd64
    760 3d54.3aa8:     Timestamp:       0x99ca0526
    761 3d54.3aa8:     Image Version:   10.0
    762 3d54.3aa8:     SizeOfImage:     0x1f0000 (2031616)
    763 3d54.3aa8:     Resource Dir:    0x17f000 LB 0x6f310
    764 3d54.3aa8:     [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
    765 3d54.3aa8:     [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
    766 3d54.3aa8:     ProductName:     Microsoft® Windows® Operating System
    767 3d54.3aa8:     ProductVersion:  10.0.18362.418
    768 3d54.3aa8:     FileVersion:     10.0.18362.418 (WinBuild.160101.0800)
    769 3d54.3aa8:     FileDescription: NT Layer DLL
    770 3d54.3aa8: \SystemRoot\System32\kernel32.dll:
    771 3d54.3aa8:     CreationTime:    2019-10-14T21:52:08.880289300Z
    772 3d54.3aa8:     LastWriteTime:   2019-10-14T21:52:08.895892800Z
    773 3d54.3aa8:     ChangeTime:      2019-12-10T23:38:01.396101400Z
    774 3d54.3aa8:     FileAttributes:  0x20
    775 3d54.3aa8:     Size:            0xb0570
    776 3d54.3aa8:     NT Headers:      0xe8
    777 3d54.3aa8:     Timestamp:       0xd0cecc10
    778 3d54.3aa8:     Machine:         0x8664 - amd64
    779 3d54.3aa8:     Timestamp:       0xd0cecc10
    780 3d54.3aa8:     Image Version:   10.0
    781 3d54.3aa8:     SizeOfImage:     0xb2000 (729088)
    782 3d54.3aa8:     Resource Dir:    0xb0000 LB 0x520
    783 3d54.3aa8:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
    784 3d54.3aa8:     [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
    785 3d54.3aa8:     ProductName:     Microsoft® Windows® Operating System
    786 3d54.3aa8:     ProductVersion:  10.0.18362.329
    787 3d54.3aa8:     FileVersion:     10.0.18362.329 (WinBuild.160101.0800)
    788 3d54.3aa8:     FileDescription: Windows NT BASE API Client DLL
    789 3d54.3aa8: \SystemRoot\System32\KernelBase.dll:
    790 3d54.3aa8:     CreationTime:    2019-12-10T23:37:24.476465800Z
    791 3d54.3aa8:     LastWriteTime:   2019-12-10T23:37:24.592153100Z
    792 3d54.3aa8:     ChangeTime:      2019-12-11T09:32:25.829231400Z
    793 3d54.3aa8:     FileAttributes:  0x20
    794 3d54.3aa8:     Size:            0x2a2638
    795 3d54.3aa8:     NT Headers:      0xf0
    796 3d54.3aa8:     Timestamp:       0x50cc8d5a
    797 3d54.3aa8:     Machine:         0x8664 - amd64
    798 3d54.3aa8:     Timestamp:       0x50cc8d5a
    799 3d54.3aa8:     Image Version:   10.0
    800 3d54.3aa8:     SizeOfImage:     0x2a3000 (2764800)
    801 3d54.3aa8:     Resource Dir:    0x27d000 LB 0x548
    802 3d54.3aa8:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
    803 3d54.3aa8:     [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
    804 3d54.3aa8:     ProductName:     Microsoft® Windows® Operating System
    805 3d54.3aa8:     ProductVersion:  10.0.18362.535
    806 3d54.3aa8:     FileVersion:     10.0.18362.535 (WinBuild.160101.0800)
    807 3d54.3aa8:     FileDescription: Windows NT BASE API Client DLL
    808 3d54.3aa8: \SystemRoot\System32\apisetschema.dll:
    809 3d54.3aa8:     CreationTime:    2019-03-19T04:43:54.837151500Z
    810 3d54.3aa8:     LastWriteTime:   2019-03-19T04:43:54.837151500Z
    811 3d54.3aa8:     ChangeTime:      2019-12-10T23:38:01.351221300Z
    812 3d54.3aa8:     FileAttributes:  0x20
    813 3d54.3aa8:     Size:            0x1d028
    814 3d54.3aa8:     NT Headers:      0xc8
    815 3d54.3aa8:     Timestamp:       0xd6ced080
    816 3d54.3aa8:     Machine:         0x8664 - amd64
    817 3d54.3aa8:     Timestamp:       0xd6ced080
    818 3d54.3aa8:     Image Version:   10.0
    819 3d54.3aa8:     SizeOfImage:     0x1e000 (122880)
    820 3d54.3aa8:     Resource Dir:    0x1d000 LB 0x408
    821 3d54.3aa8:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
    822 3d54.3aa8:     [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
    823 3d54.3aa8:     ProductName:     Microsoft® Windows® Operating System
    824 3d54.3aa8:     ProductVersion:  10.0.18362.1
    825 3d54.3aa8:     FileVersion:     10.0.18362.1 (WinBuild.160101.0800)
    826 3d54.3aa8:     FileDescription: ApiSet Schema DLL
    827 3d54.3aa8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
    828 3d54.3aa8: supR3HardenedWinFindAdversaries: 0x40
    829 3d54.3aa8: \SystemRoot\System32\drivers\klflt.sys:
    830 3d54.3aa8:     CreationTime:    2019-10-29T19:14:39.888045400Z
    831 3d54.3aa8:     LastWriteTime:   2020-04-13T10:51:55.718184300Z
    832 3d54.3aa8:     ChangeTime:      2020-04-13T10:51:55.718184300Z
    833 3d54.3aa8:     FileAttributes:  0x20
    834 3d54.3aa8:     Size:            0x3d798
    835 3d54.3aa8:     NT Headers:      0x100
    836 3d54.3aa8:     Timestamp:       0x70232f61
    837 3d54.3aa8:     Machine:         0x8664 - amd64
    838 3d54.3aa8:     Timestamp:       0x70232f61
    839 3d54.3aa8:     Image Version:   6.1
    840 3d54.3aa8:     SizeOfImage:     0x4a000 (303104)
    841 3d54.3aa8:     Resource Dir:    0x47000 LB 0x418
    842 3d54.3aa8:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
    843 3d54.3aa8:     [Raw version resource data: 0x47060 LB 0x3b8, codepage 0x0 (reserved 0x0)]
    844 3d54.3aa8:     ProductName:     Coretech Delivery
    845 3d54.3aa8:     ProductVersion:  30.347.47.0
    846 3d54.3aa8:     FileVersion:     30.347.47.0
    847 3d54.3aa8:     FileDescription: Filter Core [fre_win7_amd64]
    848 3d54.3aa8: \SystemRoot\System32\drivers\klif.sys:
    849 3d54.3aa8:     CreationTime:    2019-10-29T19:14:40.127821000Z
    850 3d54.3aa8:     LastWriteTime:   2020-04-13T10:51:55.865790400Z
    851 3d54.3aa8:     ChangeTime:      2020-04-13T10:51:55.865790400Z
    852 3d54.3aa8:     FileAttributes:  0x20
    853 3d54.3aa8:     Size:            0xf3b98
    854 3d54.3aa8:     NT Headers:      0xf8
    855 3d54.3aa8:     Timestamp:       0x5e6be381
    856 3d54.3aa8:     Machine:         0x8664 - amd64
    857 3d54.3aa8:     Timestamp:       0x5e6be381
    858 3d54.3aa8:     Image Version:   6.1
    859 3d54.3aa8:     SizeOfImage:     0xf4000 (999424)
    860 3d54.3aa8:     Resource Dir:    0xeb000 LB 0x33f8
    861 3d54.3aa8:     [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)]
    862 3d54.3aa8:     [Raw version resource data: 0xee028 LB 0x3d0, codepage 0x0 (reserved 0x0)]
    863 3d54.3aa8:     ProductName:     Coretech Delivery
    864 3d54.3aa8:     ProductVersion:  30.347.47.0
    865 3d54.3aa8:     FileVersion:     30.347.47.0
    866 3d54.3aa8:     FileDescription: Core System Interceptors [fre_win7_amd64]
    867 3d54.3aa8: \SystemRoot\System32\drivers\klim6.sys:
    868 3d54.3aa8:     CreationTime:    2019-03-19T04:21:06.000000000Z
    869 3d54.3aa8:     LastWriteTime:   2019-03-19T04:21:06.000000000Z
    870 3d54.3aa8:     ChangeTime:      2019-10-29T19:15:00.994361000Z
    871 3d54.3aa8:     FileAttributes:  0x20
    872 3d54.3aa8:     Size:            0xe350
    873 3d54.3aa8:     NT Headers:      0xe0
    874 3d54.3aa8:     Timestamp:       0x54ad405e
    875 3d54.3aa8:     Machine:         0x8664 - amd64
    876 3d54.3aa8:     Timestamp:       0x54ad405e
    877 3d54.3aa8:     Image Version:   6.1
    878 3d54.3aa8:     SizeOfImage:     0xb000 (45056)
    879 3d54.3aa8:     Resource Dir:    0x9000 LB 0x430
    880 3d54.3aa8:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
    881 3d54.3aa8:     [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
    882 3d54.3aa8:     ProductName:     Coretech Delivery
    883 3d54.3aa8:     ProductVersion:  30.0.3724.0
    884 3d54.3aa8:     FileVersion:     30.0.3724.0
    885 3d54.3aa8:     FileDescription: Packet Network Filter [fre_win7_amd64]
    886 3d54.3aa8: \SystemRoot\System32\drivers\klkbdflt.sys:
    887 3d54.3aa8:     CreationTime:    2019-03-17T23:11:30.000000000Z
    888 3d54.3aa8:     LastWriteTime:   2020-04-13T10:51:55.931614300Z
    889 3d54.3aa8:     ChangeTime:      2020-04-13T10:51:55.931614300Z
    890 3d54.3aa8:     FileAttributes:  0x20
    891 3d54.3aa8:     Size:            0x13790
    892 3d54.3aa8:     NT Headers:      0xf8
    893 3d54.3aa8:     Timestamp:       0x6193eeca
    894 3d54.3aa8:     Machine:         0x8664 - amd64
    895 3d54.3aa8:     Timestamp:       0x6193eeca
    896 3d54.3aa8:     Image Version:   6.1
    897 3d54.3aa8:     SizeOfImage:     0x12000 (73728)
    898 3d54.3aa8:     Resource Dir:    0x10000 LB 0x440
    899 3d54.3aa8:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
    900 3d54.3aa8:     [Raw version resource data: 0x10060 LB 0x3dc, codepage 0x0 (reserved 0x0)]
    901 3d54.3aa8:     ProductName:     Coretech Delivery
    902 3d54.3aa8:     ProductVersion:  30.256.110.0
    903 3d54.3aa8:     FileVersion:     30.256.110.0
    904 3d54.3aa8:     FileDescription: Keyboard Device Filter [fre_win7_amd64]
    905 3d54.3aa8: \SystemRoot\System32\drivers\klmouflt.sys:
    906 3d54.3aa8:     CreationTime:    2019-03-17T22:50:34.000000000Z
    907 3d54.3aa8:     LastWriteTime:   2019-03-17T22:50:34.000000000Z
    908 3d54.3aa8:     ChangeTime:      2019-10-29T19:15:00.619448000Z
    909 3d54.3aa8:     FileAttributes:  0x20
    910 3d54.3aa8:     Size:            0xe878
    911 3d54.3aa8:     NT Headers:      0xe8
    912 3d54.3aa8:     Timestamp:       0xab7b625
    913 3d54.3aa8:     Machine:         0x8664 - amd64
    914 3d54.3aa8:     Timestamp:       0xab7b625
    915 3d54.3aa8:     Image Version:   6.1
    916 3d54.3aa8:     SizeOfImage:     0xe000 (57344)
    917 3d54.3aa8:     Resource Dir:    0xc000 LB 0x430
    918 3d54.3aa8:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
    919 3d54.3aa8:     [Raw version resource data: 0xc060 LB 0x3d0, codepage 0x0 (reserved 0x0)]
    920 3d54.3aa8:     ProductName:     Coretech Delivery
    921 3d54.3aa8:     ProductVersion:  30.0.3716.0
    922 3d54.3aa8:     FileVersion:     30.0.3716.0
    923 3d54.3aa8:     FileDescription: Mouse Device Filter [fre_win7_amd64]
    924 3d54.3aa8: \SystemRoot\System32\drivers\kneps.sys:
    925 3d54.3aa8:     CreationTime:    2019-03-18T23:31:38.000000000Z
    926 3d54.3aa8:     LastWriteTime:   2020-04-13T10:51:56.055282500Z
    927 3d54.3aa8:     ChangeTime:      2020-04-13T10:51:56.055282500Z
    928 3d54.3aa8:     FileAttributes:  0x20
    929 3d54.3aa8:     Size:            0x38b98
    930 3d54.3aa8:     NT Headers:      0x108
    931 3d54.3aa8:     Timestamp:       0xe34c73f4
    932 3d54.3aa8:     Machine:         0x8664 - amd64
    933 3d54.3aa8:     Timestamp:       0xe34c73f4
    934 3d54.3aa8:     Image Version:   6.1
    935 3d54.3aa8:     SizeOfImage:     0x38000 (229376)
    936 3d54.3aa8:     Resource Dir:    0x35000 LB 0x428
    937 3d54.3aa8:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
    938 3d54.3aa8:     [Raw version resource data: 0x35060 LB 0x3c4, codepage 0x0 (reserved 0x0)]
    939 3d54.3aa8:     ProductName:     Coretech Delivery
    940 3d54.3aa8:     ProductVersion:  30.347.28.0
    941 3d54.3aa8:     FileVersion:     30.347.28.0
    942 3d54.3aa8:     FileDescription: Network Processor [fre_win7_amd64]
    943 3d54.3aa8: \SystemRoot\System32\klfphc.dll:
    944 3d54.3aa8:     CreationTime:    2019-10-29T19:14:58.573052500Z
    945 3d54.3aa8:     LastWriteTime:   2013-05-06T05:13:26.000000000Z
    946 3d54.3aa8:     ChangeTime:      2019-10-29T19:14:46.750433600Z
    947 3d54.3aa8:     FileAttributes:  0x20
    948 3d54.3aa8:     Size:            0x1ae60
    949 3d54.3aa8:     NT Headers:      0xe8
    950 3d54.3aa8:     Timestamp:       0x51873bf2
    951 3d54.3aa8:     Machine:         0x8664 - amd64
    952 3d54.3aa8:     Timestamp:       0x51873bf2
    953 3d54.3aa8:     Image Version:   0.0
    954 3d54.3aa8:     SizeOfImage:     0x1d000 (118784)
    955 3d54.3aa8:     Resource Dir:    0x18000 LB 0x3c80
    956 3d54.3aa8:     [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)]
    957 3d54.3aa8:     [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)]
    958 3d54.3aa8:     ProductName:     Kaspersky™ Anti-Virus ®
    959 3d54.3aa8:     ProductVersion:  1.0.0.12
    960 3d54.3aa8:     FileVersion:     1.0.0.12
    961 3d54.3aa8:     FileDescription: Filtering Platform Helper Class
    962 3d54.3aa8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
    963 3d54.3aa8: Calling main()
    964 3d54.3aa8: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
    965 3d54.3aa8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
    966 3d54.3aa8: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
    967 3d54.3aa8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
    968 3d54.3aa8: SUPR3HardenedMain: Final process, opening VBoxDrv...
    969 3d54.3aa8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001250000 LB 0x400000)
    970 3d54.3aa8: supR3HardNtEnableThreadCreationEx:
    971 3d54.3aa8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
    972 3d54.3aa8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
    973 3d54.3aa8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Or
     14Where get file 'VBox.log'?  This file is not on my PC.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy