| 25 | | |
| 26 | | |
| 27 | | |
| 28 | | |
| 29 | | the file of log : |
| 30 | | |
| 31 | | |
| 32 | | 14bc.6e8: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110 |
| 33 | | 14bc.6e8: \SystemRoot\System32\ntdll.dll: |
| 34 | | 14bc.6e8: CreationTime: 2010-11-21T03:23:51.351694200Z |
| 35 | | 14bc.6e8: LastWriteTime: 2010-11-21T03:23:51.367294200Z |
| 36 | | 14bc.6e8: ChangeTime: 2020-06-28T00:33:12.954124600Z |
| 37 | | 14bc.6e8: FileAttributes: 0x20 |
| 38 | | 14bc.6e8: Size: 0x1a6d60 |
| 39 | | 14bc.6e8: NT Headers: 0xe0 |
| 40 | | 14bc.6e8: Timestamp: 0x4ce7c8f9 |
| 41 | | 14bc.6e8: Machine: 0x8664 - amd64 |
| 42 | | 14bc.6e8: Timestamp: 0x4ce7c8f9 |
| 43 | | 14bc.6e8: Image Version: 6.1 |
| 44 | | 14bc.6e8: SizeOfImage: 0x1a9000 (1740800) |
| 45 | | 14bc.6e8: Resource Dir: 0x151000 LB 0x560d8 |
| 46 | | 14bc.6e8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 47 | | 14bc.6e8: [Raw version resource data: 0x1510f0 LB 0x380, codepage 0x0 (reserved 0x0)] |
| 48 | | 14bc.6e8: ProductName: Microsoft® Windows® Operating System |
| 49 | | 14bc.6e8: ProductVersion: 6.1.7601.17514 |
| 50 | | 14bc.6e8: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
| 51 | | 14bc.6e8: FileDescription: NT Layer DLL |
| 52 | | 14bc.6e8: \SystemRoot\System32\kernel32.dll: |
| 53 | | 14bc.6e8: CreationTime: 2020-06-29T07:05:55.386627700Z |
| 54 | | 14bc.6e8: LastWriteTime: 2011-05-14T07:20:00.106000000Z |
| 55 | | 14bc.6e8: ChangeTime: 2020-06-29T07:06:45.519519800Z |
| 56 | | 14bc.6e8: FileAttributes: 0x20 |
| 57 | | 14bc.6e8: Size: 0x11be00 |
| 58 | | 14bc.6e8: NT Headers: 0xe8 |
| 59 | | 14bc.6e8: Timestamp: 0x4dce2b0d |
| 60 | | 14bc.6e8: Machine: 0x8664 - amd64 |
| 61 | | 14bc.6e8: Timestamp: 0x4dce2b0d |
| 62 | | 14bc.6e8: Image Version: 6.1 |
| 63 | | 14bc.6e8: SizeOfImage: 0x11f000 (1175552) |
| 64 | | 14bc.6e8: Resource Dir: 0x116000 LB 0x528 |
| 65 | | 14bc.6e8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 66 | | 14bc.6e8: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] |
| 67 | | 14bc.6e8: ProductName: Microsoft® Windows® Operating System |
| 68 | | 14bc.6e8: ProductVersion: 6.1.7601.17617 |
| 69 | | 14bc.6e8: FileVersion: 6.1.7601.17617 (win7sp1_gdr.110513-1659) |
| 70 | | 14bc.6e8: FileDescription: Windows NT BASE API Client DLL |
| 71 | | 14bc.6e8: \SystemRoot\System32\KernelBase.dll: |
| 72 | | 14bc.6e8: CreationTime: 2020-06-29T07:05:55.916628400Z |
| 73 | | 14bc.6e8: LastWriteTime: 2011-05-14T07:20:00.247000000Z |
| 74 | | 14bc.6e8: ChangeTime: 2020-06-29T07:06:45.519519800Z |
| 75 | | 14bc.6e8: FileAttributes: 0x20 |
| 76 | | 14bc.6e8: Size: 0x67000 |
| 77 | | 14bc.6e8: NT Headers: 0xe8 |
| 78 | | 14bc.6e8: Timestamp: 0x4dce2b0e |
| 79 | | 14bc.6e8: Machine: 0x8664 - amd64 |
| 80 | | 14bc.6e8: Timestamp: 0x4dce2b0e |
| 81 | | 14bc.6e8: Image Version: 6.1 |
| 82 | | 14bc.6e8: SizeOfImage: 0x6c000 (442368) |
| 83 | | 14bc.6e8: Resource Dir: 0x6a000 LB 0x530 |
| 84 | | 14bc.6e8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 85 | | 14bc.6e8: [Raw version resource data: 0x6a0b0 LB 0x3ac, codepage 0x0 (reserved 0x0)] |
| 86 | | 14bc.6e8: ProductName: Microsoft® Windows® Operating System |
| 87 | | 14bc.6e8: ProductVersion: 6.1.7601.17617 |
| 88 | | 14bc.6e8: FileVersion: 6.1.7601.17617 (win7sp1_gdr.110513-1659) |
| 89 | | 14bc.6e8: FileDescription: Windows NT BASE API Client DLL |
| 90 | | 14bc.6e8: \SystemRoot\System32\apisetschema.dll: |
| 91 | | 14bc.6e8: CreationTime: 2020-06-29T08:41:18.865836100Z |
| 92 | | 14bc.6e8: LastWriteTime: 2015-02-03T03:28:14.008000000Z |
| 93 | | 14bc.6e8: ChangeTime: 2020-06-29T10:26:19.937919000Z |
| 94 | | 14bc.6e8: FileAttributes: 0x20 |
| 95 | | 14bc.6e8: Size: 0x1a00 |
| 96 | | 14bc.6e8: NT Headers: 0xc0 |
| 97 | | 14bc.6e8: Timestamp: 0x54d04096 |
| 98 | | 14bc.6e8: Machine: 0x8664 - amd64 |
| 99 | | 14bc.6e8: Timestamp: 0x54d04096 |
| 100 | | 14bc.6e8: Image Version: 6.1 |
| 101 | | 14bc.6e8: SizeOfImage: 0x50000 (327680) |
| 102 | | 14bc.6e8: Resource Dir: 0x30000 LB 0x3f8 |
| 103 | | 14bc.6e8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 104 | | 14bc.6e8: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)] |
| 105 | | 14bc.6e8: ProductName: Microsoft® Windows® Operating System |
| 106 | | 14bc.6e8: ProductVersion: 6.1.7601.18741 |
| 107 | | 14bc.6e8: FileVersion: 6.1.7601.18741 (win7sp1_gdr.150202-1526) |
| 108 | | 14bc.6e8: FileDescription: ApiSet Schema DLL |
| 109 | | 14bc.6e8: Found driver aswVmm (0x4) |
| 110 | | 14bc.6e8: Found driver aswStm (0x4) |
| 111 | | 14bc.6e8: Found driver aswRvrt (0x4) |
| 112 | | 14bc.6e8: supR3HardenedWinFindAdversaries: 0x4 |
| 113 | | 14bc.6e8: \SystemRoot\System32\drivers\aswMonFlt.sys: |
| 114 | | 14bc.6e8: CreationTime: 2020-06-29T04:41:37.759322500Z |
| 115 | | 14bc.6e8: LastWriteTime: 2020-06-29T04:41:30.295934900Z |
| 116 | | 14bc.6e8: ChangeTime: 2020-06-29T04:41:39.409850500Z |
| 117 | | 14bc.6e8: FileAttributes: 0x20 |
| 118 | | 14bc.6e8: Size: 0x2ac68 |
| 119 | | 14bc.6e8: NT Headers: 0xf0 |
| 120 | | 14bc.6e8: Timestamp: 0x5ed4b2b6 |
| 121 | | 14bc.6e8: Machine: 0x8664 - amd64 |
| 122 | | 14bc.6e8: Timestamp: 0x5ed4b2b6 |
| 123 | | 14bc.6e8: Image Version: 10.0 |
| 124 | | 14bc.6e8: SizeOfImage: 0x33000 (208896) |
| 125 | | 14bc.6e8: Resource Dir: 0x31000 LB 0x398 |
| 126 | | 14bc.6e8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 127 | | 14bc.6e8: [Raw version resource data: 0x31060 LB 0x338, codepage 0x0 (reserved 0x0)] |
| 128 | | 14bc.6e8: ProductName: Avast Antivirus |
| 129 | | 14bc.6e8: ProductVersion: 20.4.83.0 |
| 130 | | 14bc.6e8: FileVersion: 20.4.83.0 |
| 131 | | 14bc.6e8: FileDescription: Avast File System Filter |
| 132 | | 14bc.6e8: \SystemRoot\System32\drivers\aswRdr2.sys: |
| 133 | | 14bc.6e8: CreationTime: 2020-06-29T04:41:37.719309700Z |
| 134 | | 14bc.6e8: LastWriteTime: 2020-06-29T04:41:30.235915700Z |
| 135 | | 14bc.6e8: ChangeTime: 2020-06-29T04:41:39.409850500Z |
| 136 | | 14bc.6e8: FileAttributes: 0x20 |
| 137 | | 14bc.6e8: Size: 0x1aae0 |
| 138 | | 14bc.6e8: NT Headers: 0xf0 |
| 139 | | 14bc.6e8: Timestamp: 0x5ed4b2b6 |
| 140 | | 14bc.6e8: Machine: 0x8664 - amd64 |
| 141 | | 14bc.6e8: Timestamp: 0x5ed4b2b6 |
| 142 | | 14bc.6e8: Image Version: 10.0 |
| 143 | | 14bc.6e8: SizeOfImage: 0x1a000 (106496) |
| 144 | | 14bc.6e8: Resource Dir: 0x18000 LB 0x380 |
| 145 | | 14bc.6e8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 146 | | 14bc.6e8: [Raw version resource data: 0x18060 LB 0x31c, codepage 0x0 (reserved 0x0)] |
| 147 | | 14bc.6e8: ProductName: Avast Antivirus |
| 148 | | 14bc.6e8: ProductVersion: 20.4.83.0 |
| 149 | | 14bc.6e8: FileVersion: 20.4.83.0 |
| 150 | | 14bc.6e8: FileDescription: Avast Antivirus |
| 151 | | 14bc.6e8: \SystemRoot\System32\drivers\aswRvrt.sys: |
| 152 | | 14bc.6e8: CreationTime: 2020-06-29T04:41:37.789332100Z |
| 153 | | 14bc.6e8: LastWriteTime: 2020-06-29T04:41:30.345950900Z |
| 154 | | 14bc.6e8: ChangeTime: 2020-06-29T04:41:39.409850500Z |
| 155 | | 14bc.6e8: FileAttributes: 0x20 |
| 156 | | 14bc.6e8: Size: 0x14b78 |
| 157 | | 14bc.6e8: NT Headers: 0xe8 |
| 158 | | 14bc.6e8: Timestamp: 0x5ed4b2b6 |
| 159 | | 14bc.6e8: Machine: 0x8664 - amd64 |
| 160 | | 14bc.6e8: Timestamp: 0x5ed4b2b6 |
| 161 | | 14bc.6e8: Image Version: 10.0 |
| 162 | | 14bc.6e8: SizeOfImage: 0x13000 (77824) |
| 163 | | 14bc.6e8: Resource Dir: 0x11000 LB 0x378 |
| 164 | | 14bc.6e8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 165 | | 14bc.6e8: [Raw version resource data: 0x11060 LB 0x318, codepage 0x0 (reserved 0x0)] |
| 166 | | 14bc.6e8: ProductName: Avast Antivirus |
| 167 | | 14bc.6e8: ProductVersion: 20.4.83.0 |
| 168 | | 14bc.6e8: FileVersion: 20.4.83.0 |
| 169 | | 14bc.6e8: FileDescription: Avast Revert |
| 170 | | 14bc.6e8: \SystemRoot\System32\drivers\aswSnx.sys: |
| 171 | | 14bc.6e8: CreationTime: 2020-06-29T04:41:37.549255300Z |
| 172 | | 14bc.6e8: LastWriteTime: 2020-06-29T04:41:12.943378500Z |
| 173 | | 14bc.6e8: ChangeTime: 2020-06-29T04:41:39.409850500Z |
| 174 | | 14bc.6e8: FileAttributes: 0x20 |
| 175 | | 14bc.6e8: Size: 0xcfe98 |
| 176 | | 14bc.6e8: NT Headers: 0x100 |
| 177 | | 14bc.6e8: Timestamp: 0x5ed4b2ba |
| 178 | | 14bc.6e8: Machine: 0x8664 - amd64 |
| 179 | | 14bc.6e8: Timestamp: 0x5ed4b2ba |
| 180 | | 14bc.6e8: Image Version: 10.0 |
| 181 | | 14bc.6e8: SizeOfImage: 0xcd000 (839680) |
| 182 | | 14bc.6e8: Resource Dir: 0xca000 LB 0x380 |
| 183 | | 14bc.6e8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 184 | | 14bc.6e8: [Raw version resource data: 0xca060 LB 0x31c, codepage 0x0 (reserved 0x0)] |
| 185 | | 14bc.6e8: ProductName: Avast Antivirus |
| 186 | | 14bc.6e8: ProductVersion: 20.4.83.0 |
| 187 | | 14bc.6e8: FileVersion: 20.4.83.0 |
| 188 | | 14bc.6e8: FileDescription: Avast Antivirus |
| 189 | | 14bc.6e8: \SystemRoot\System32\drivers\aswsp.sys: |
| 190 | | 14bc.6e8: CreationTime: 2020-06-29T04:41:37.829344900Z |
| 191 | | 14bc.6e8: LastWriteTime: 2020-06-29T04:42:14.991232900Z |
| 192 | | 14bc.6e8: ChangeTime: 2020-06-29T04:42:14.991232900Z |
| 193 | | 14bc.6e8: FileAttributes: 0x20 |
| 194 | | 14bc.6e8: Size: 0x70f00 |
| 195 | | 14bc.6e8: NT Headers: 0xe8 |
| 196 | | 14bc.6e8: Timestamp: 0x5ee709ca |
| 197 | | 14bc.6e8: Machine: 0x8664 - amd64 |
| 198 | | 14bc.6e8: Timestamp: 0x5ee709ca |
| 199 | | 14bc.6e8: Image Version: 10.0 |
| 200 | | 14bc.6e8: SizeOfImage: 0x72000 (466944) |
| 201 | | 14bc.6e8: Resource Dir: 0x70000 LB 0x380 |
| 202 | | 14bc.6e8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 203 | | 14bc.6e8: [Raw version resource data: 0x70060 LB 0x320, codepage 0x0 (reserved 0x0)] |
| 204 | | 14bc.6e8: ProductName: Avast Antivirus |
| 205 | | 14bc.6e8: ProductVersion: 20.4.90.0 |
| 206 | | 14bc.6e8: FileVersion: 20.4.90.0 |
| 207 | | 14bc.6e8: FileDescription: Avast Self Protection |
| 208 | | 14bc.6e8: \SystemRoot\System32\drivers\aswStm.sys: |
| 209 | | 14bc.6e8: CreationTime: 2020-06-29T04:41:37.889364100Z |
| 210 | | 14bc.6e8: LastWriteTime: 2020-06-29T04:41:30.475992500Z |
| 211 | | 14bc.6e8: ChangeTime: 2020-06-29T04:41:39.409850500Z |
| 212 | | 14bc.6e8: FileAttributes: 0x20 |
| 213 | | 14bc.6e8: Size: 0x34ef8 |
| 214 | | 14bc.6e8: NT Headers: 0xf0 |
| 215 | | 14bc.6e8: Timestamp: 0x5ed4b2b9 |
| 216 | | 14bc.6e8: Machine: 0x8664 - amd64 |
| 217 | | 14bc.6e8: Timestamp: 0x5ed4b2b9 |
| 218 | | 14bc.6e8: Image Version: 10.0 |
| 219 | | 14bc.6e8: SizeOfImage: 0x34000 (212992) |
| 220 | | 14bc.6e8: Resource Dir: 0x32000 LB 0x388 |
| 221 | | 14bc.6e8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 222 | | 14bc.6e8: [Raw version resource data: 0x32060 LB 0x324, codepage 0x0 (reserved 0x0)] |
| 223 | | 14bc.6e8: ProductName: Avast Antivirus |
| 224 | | 14bc.6e8: ProductVersion: 20.4.83.0 |
| 225 | | 14bc.6e8: FileVersion: 20.4.83.0 |
| 226 | | 14bc.6e8: FileDescription: Avast Stream Filter |
| 227 | | 14bc.6e8: \SystemRoot\System32\drivers\aswVmm.sys: |
| 228 | | 14bc.6e8: CreationTime: 2020-06-29T04:41:37.929376900Z |
| 229 | | 14bc.6e8: LastWriteTime: 2020-06-29T04:42:14.240992900Z |
| 230 | | 14bc.6e8: ChangeTime: 2020-06-29T04:42:14.240992900Z |
| 231 | | 14bc.6e8: FileAttributes: 0x20 |
| 232 | | 14bc.6e8: Size: 0x4ead0 |
| 233 | | 14bc.6e8: NT Headers: 0xe8 |
| 234 | | 14bc.6e8: Timestamp: 0x5ede39a4 |
| 235 | | 14bc.6e8: Machine: 0x8664 - amd64 |
| 236 | | 14bc.6e8: Timestamp: 0x5ede39a4 |
| 237 | | 14bc.6e8: Image Version: 10.0 |
| 238 | | 14bc.6e8: SizeOfImage: 0x4c000 (311296) |
| 239 | | 14bc.6e8: Resource Dir: 0x4a000 LB 0x380 |
| 240 | | 14bc.6e8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 241 | | 14bc.6e8: [Raw version resource data: 0x4a060 LB 0x320, codepage 0x0 (reserved 0x0)] |
| 242 | | 14bc.6e8: ProductName: Avast Antivirus |
| 243 | | 14bc.6e8: ProductVersion: 20.4.87.0 |
| 244 | | 14bc.6e8: FileVersion: 20.4.87.0 |
| 245 | | 14bc.6e8: FileDescription: Avast VM Monitor |
| 246 | | 14bc.6e8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' |
| 247 | | 14bc.6e8: Calling main() |
| 248 | | 14bc.6e8: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 |
| 249 | | 14bc.6e8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' |
| 250 | | 14bc.6e8: SUPR3HardenedMain: Respawn #1 |
| 251 | | 14bc.6e8: System32: \Device\HarddiskVolume2\Windows\System32 |
| 252 | | 14bc.6e8: WinSxS: \Device\HarddiskVolume2\Windows\winsxs |
| 253 | | 14bc.6e8: KnownDllPath: C:\Windows\system32 |
| 254 | | 14bc.6e8: supR3HardenedWinInit: Performing a limited self purification... |
| 255 | | 14bc.6e8: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION |
| 256 | | 14bc.6e8: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000 |
| 257 | | 14bc.6e8: *0000000000010000-000000000001ffff 0x0004/0x0004 0x0040000 |
| 258 | | 14bc.6e8: 0000000000020000-000000000002ffff 0x0001/0x0000 0x0000000 |
| 259 | | 14bc.6e8: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000 |
| 260 | | 14bc.6e8: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000 |
| 261 | | 14bc.6e8: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000 |
| 262 | | 14bc.6e8: 0000000000041000-000000000007ffff 0x0001/0x0000 0x0000000 |
| 263 | | 14bc.6e8: *0000000000080000-0000000000131fff 0x0000/0x0004 0x0020000 |
| 264 | | 14bc.6e8: 0000000000132000-0000000000133fff 0x0104/0x0004 0x0020000 |
| 265 | | 14bc.6e8: 0000000000134000-000000000017ffff 0x0004/0x0004 0x0020000 |
| 266 | | 14bc.6e8: *0000000000180000-00000000001e6fff 0x0002/0x0002 0x0040000 |
| 267 | | 14bc.6e8: 00000000001e7000-000000000020ffff 0x0001/0x0000 0x0000000 |
| 268 | | 14bc.6e8: *0000000000210000-0000000000214fff 0x0004/0x0004 0x0020000 |
| 269 | | 14bc.6e8: 0000000000215000-000000000030ffff 0x0000/0x0004 0x0020000 |
| 270 | | 14bc.6e8: 0000000000310000-00000000003cffff 0x0001/0x0000 0x0000000 |
| 271 | | 14bc.6e8: *00000000003d0000-0000000000433fff 0x0004/0x0004 0x0020000 |
| 272 | | 14bc.6e8: 0000000000434000-000000000044ffff 0x0000/0x0004 0x0020000 |
| 273 | | 14bc.6e8: *0000000000450000-00000000005f9fff 0x0004/0x0004 0x0020000 |
| 274 | | 14bc.6e8: 00000000005fa000-0000000076f1ffff 0x0001/0x0000 0x0000000 |
| 275 | | 14bc.6e8: *0000000076f20000-0000000076f20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll |
| 276 | | 14bc.6e8: 0000000076f21000-0000000076fbbfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll |
| 277 | | 14bc.6e8: 0000000076fbc000-0000000077029fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll |
| 278 | | 14bc.6e8: 000000007702a000-000000007702bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll |
| 279 | | 14bc.6e8: 000000007702c000-000000007703efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll |
| 280 | | 14bc.6e8: 000000007703f000-000000007703ffff 0x0001/0x0000 0x0000000 |
| 281 | | 14bc.6e8: *0000000077040000-0000000077040fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
| 282 | | 14bc.6e8: 0000000077041000-0000000077142fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
| 283 | | 14bc.6e8: 0000000077143000-0000000077171fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
| 284 | | 14bc.6e8: 0000000077172000-0000000077172fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
| 285 | | 14bc.6e8: 0000000077173000-0000000077173fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
| 286 | | 14bc.6e8: 0000000077174000-0000000077174fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
| 287 | | 14bc.6e8: 0000000077175000-0000000077176fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
| 288 | | 14bc.6e8: 0000000077177000-0000000077177fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
| 289 | | 14bc.6e8: 0000000077178000-0000000077178fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
| 290 | | 14bc.6e8: 0000000077179000-000000007717afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
| 291 | | 14bc.6e8: 000000007717b000-000000007717dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
| 292 | | 14bc.6e8: 000000007717e000-00000000771e8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
| 293 | | 14bc.6e8: 00000000771e9000-000000007efdffff 0x0001/0x0000 0x0000000 |
| 294 | | 14bc.6e8: *000000007efe0000-000000007efe4fff 0x0002/0x0002 0x0040000 |
| 295 | | 14bc.6e8: 000000007efe5000-000000007f0dffff 0x0000/0x0002 0x0040000 |
| 296 | | 14bc.6e8: *000000007f0e0000-000000007ffdffff 0x0000/0x0002 0x0020000 |
| 297 | | 14bc.6e8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 |
| 298 | | 14bc.6e8: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 |
| 299 | | 14bc.6e8: 000000007fff0000-000000013f3fffff 0x0001/0x0000 0x0000000 |
| 300 | | 14bc.6e8: *000000013f400000-000000013f400fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 301 | | 14bc.6e8: 000000013f401000-000000013f476fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 302 | | 14bc.6e8: 000000013f477000-000000013f477fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 303 | | 14bc.6e8: 000000013f478000-000000013f4bffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 304 | | 14bc.6e8: 000000013f4c0000-000000013f4c2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 305 | | 14bc.6e8: 000000013f4c3000-000000013f4c5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 306 | | 14bc.6e8: 000000013f4c6000-000000013f4c8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 307 | | 14bc.6e8: 000000013f4c9000-000000013f4c9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 308 | | 14bc.6e8: 000000013f4ca000-000000013f4cbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 309 | | 14bc.6e8: 000000013f4cc000-000000013f4ccfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 310 | | 14bc.6e8: 000000013f4cd000-000000013f515fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 311 | | 14bc.6e8: 000000013f516000-000007fefd1effff 0x0001/0x0000 0x0000000 |
| 312 | | 14bc.6e8: *000007fefd1f0000-000007fefd1f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll |
| 313 | | 14bc.6e8: 000007fefd1f1000-000007fefd23afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll |
| 314 | | 14bc.6e8: 000007fefd23b000-000007fefd250fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll |
| 315 | | 14bc.6e8: 000007fefd251000-000007fefd252fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll |
| 316 | | 14bc.6e8: 000007fefd253000-000007fefd25bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll |
| 317 | | 14bc.6e8: 000007fefd25c000-000007feff35ffff 0x0001/0x0000 0x0000000 |
| 318 | | 14bc.6e8: *000007feff360000-000007feff360fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll |
| 319 | | 14bc.6e8: 000007feff361000-000007fffffaffff 0x0001/0x0000 0x0000000 |
| 320 | | 14bc.6e8: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000 |
| 321 | | 14bc.6e8: 000007fffffd3000-000007fffffd5fff 0x0001/0x0000 0x0000000 |
| 322 | | 14bc.6e8: *000007fffffd6000-000007fffffd6fff 0x0004/0x0004 0x0020000 |
| 323 | | 14bc.6e8: 000007fffffd7000-000007fffffddfff 0x0001/0x0000 0x0000000 |
| 324 | | 14bc.6e8: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000 |
| 325 | | 14bc.6e8: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000 |
| 326 | | 14bc.6e8: apisetschema.dll: timestamp 0x54d04096 (rc=VINF_SUCCESS) |
| 327 | | 14bc.6e8: kernelbase.dll: timestamp 0x4dce2b0e (rc=VINF_SUCCESS) |
| 328 | | 14bc.6e8: VirtualBoxVM.exe: timestamp 0x5ed9201b (rc=VINF_SUCCESS) |
| 329 | | 14bc.6e8: kernel32.dll: timestamp 0x4dce2b0d (rc=VINF_SUCCESS) |
| 330 | | 14bc.6e8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports |
| 331 | | 14bc.6e8: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports |
| 332 | | 14bc.6e8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports |
| 333 | | 14bc.6e8: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0 |
| 334 | | 14bc.6e8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports |
| 335 | | 14bc.6e8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) |
| 336 | | 14bc.6e8: supR3HardNtEnableThreadCreationEx: |
| 337 | | 14bc.6e8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007706c320 pvNtTerminateThread=0000000077091840 |
| 338 | | 14bc.6e8: supR3HardenedWinDoReSpawn(1): New child 1580.d10 [kernel32]. |
| 339 | | 14bc.6e8: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdd000 cbPeb=0x380 |
| 340 | | 14bc.6e8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077040000 uNtDllChildAddr=0000000077040000 |
| 341 | | 14bc.6e8: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007706c320 |
| 342 | | 14bc.6e8: supR3HardenedWinSetupChildInit: Initial context: |
| 343 | | rax=0000000000000000 rbx=0000000000000000 rcx=000000013f407900 rdx=000007fffffdd000 |
| 344 | | rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000 |
| 345 | | r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 |
| 346 | | r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000 |
| 347 | | rip=000000007706c500 rsp=000000000024fe18 rbp=0000000000000000 ctxflags=0010001b |
| 348 | | cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80 |
| 349 | | P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000 |
| 350 | | dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000 |
| 351 | | dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000 |
| 352 | | lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000 |
| 353 | | 14bc.6e8: supR3HardenedWinSetupChildInit: Start child. |
| 354 | | 14bc.6e8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. |
| 355 | | 14bc.6e8: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 51 sleeps |
| 356 | | 14bc.6e8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION |
| 357 | | 14bc.6e8: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000 |
| 358 | | 14bc.6e8: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000 |
| 359 | | 14bc.6e8: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000 |
| 360 | | 14bc.6e8: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000 |
| 361 | | 14bc.6e8: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000 |
| 362 | | 14bc.6e8: 0000000000041000-000000000014ffff 0x0001/0x0000 0x0000000 |
| 363 | | 14bc.6e8: *0000000000150000-000000000024bfff 0x0000/0x0004 0x0020000 |
| 364 | | 14bc.6e8: 000000000024c000-000000000024dfff 0x0104/0x0004 0x0020000 |
| 365 | | 14bc.6e8: 000000000024e000-000000000024ffff 0x0004/0x0004 0x0020000 |
| 366 | | 14bc.6e8: 0000000000250000-000000007703ffff 0x0001/0x0000 0x0000000 |
| 367 | | 14bc.6e8: *0000000077040000-0000000077040fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
| 368 | | 14bc.6e8: 0000000077041000-0000000077142fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
| 369 | | 14bc.6e8: 0000000077143000-0000000077171fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
| 370 | | 14bc.6e8: 0000000077172000-000000007717dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
| 371 | | 14bc.6e8: 000000007717e000-00000000771e8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
| 372 | | 14bc.6e8: 00000000771e9000-000000007efdffff 0x0001/0x0000 0x0000000 |
| 373 | | 14bc.6e8: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000 |
| 374 | | 14bc.6e8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 |
| 375 | | 14bc.6e8: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 |
| 376 | | 14bc.6e8: 000000007fff0000-000000013f3fffff 0x0001/0x0000 0x0000000 |
| 377 | | 14bc.6e8: *000000013f400000-000000013f400fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 378 | | 14bc.6e8: 000000013f401000-000000013f476fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 379 | | 14bc.6e8: 000000013f477000-000000013f477fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 380 | | 14bc.6e8: 000000013f478000-000000013f4bffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 381 | | 14bc.6e8: 000000013f4c0000-000000013f4c0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 382 | | 14bc.6e8: 000000013f4c1000-000000013f4c1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 383 | | 14bc.6e8: 000000013f4c2000-000000013f4c6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 384 | | 14bc.6e8: 000000013f4c7000-000000013f4c7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 385 | | 14bc.6e8: 000000013f4c8000-000000013f4c8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 386 | | 14bc.6e8: 000000013f4c9000-000000013f4ccfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 387 | | 14bc.6e8: 000000013f4cd000-000000013f515fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 388 | | 14bc.6e8: 000000013f516000-000007feff35ffff 0x0001/0x0000 0x0000000 |
| 389 | | 14bc.6e8: *000007feff360000-000007feff360fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll |
| 390 | | 14bc.6e8: 000007feff361000-000007fffffaffff 0x0001/0x0000 0x0000000 |
| 391 | | 14bc.6e8: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000 |
| 392 | | 14bc.6e8: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000 |
| 393 | | 14bc.6e8: *000007fffffdd000-000007fffffddfff 0x0004/0x0004 0x0020000 |
| 394 | | 14bc.6e8: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000 |
| 395 | | 14bc.6e8: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000 |
| 396 | | 14bc.6e8: supR3HardNtChildPurify: Done after 525 ms and 0 fixes (loop #0). |
| 397 | | 14bc.6e8: supR3HardNtEnableThreadCreationEx: |
| 398 | | 1580.d10: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100 |
| 399 | | 1580.d10: supR3HardenedVmProcessInit: uNtDllAddr=0000000077040000 g_uNtVerCombined=0x611db100 (stack ~000000000024f8c8) |
| 400 | | 1580.d10: ntdll.dll: timestamp 0x4ce7c8f9 (rc=VINF_SUCCESS) |
| 401 | | 1580.d10: New simple heap: #1 0000000000250000 LB 0x400000 (for 1740800 allocation) |
| 402 | | 1580.d10: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' |
| 403 | | 1580.d10: System32: \Device\HarddiskVolume2\Windows\System32 |
| 404 | | 1580.d10: WinSxS: \Device\HarddiskVolume2\Windows\winsxs |
| 405 | | 1580.d10: KnownDllPath: C:\Windows\system32 |
| 406 | | 1580.d10: supR3HardenedVmProcessInit: Opening vboxdrv stub... |
| 407 | | 1580.d10: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... |
| 408 | | 1580.d10: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... |
| 409 | | 1580.d10: Registered Dll notification callback with NTDLL. |
| 410 | | 1580.d10: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) |
| 411 | | 1580.d10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll |
| 412 | | 1580.d10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling] |
| 413 | | 1580.d10: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] |
| 414 | | 1580.d10: supR3HardenedDllNotificationCallback: load 0000000076f20000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0] |
| 415 | | 1580.d10: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] |
| 416 | | 1580.d10: supR3HardenedDllNotificationCallback: load 000007fefd1f0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] |
| 417 | | 1580.d10: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) |
| 418 | | 1580.d10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll |
| 419 | | 1580.d10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f20000 'C:\Windows\system32\kernel32.dll' |
| 420 | | 1580.d10: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007706c320 pvNtTerminateThread=0000000077091840 |
| 421 | | 14bc.6e8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 81 ms. |
| 422 | | 1580.d10: \SystemRoot\System32\ntdll.dll: |
| 423 | | 1580.d10: CreationTime: 2010-11-21T03:23:51.351694200Z |
| 424 | | 1580.d10: LastWriteTime: 2010-11-21T03:23:51.367294200Z |
| 425 | | 1580.d10: ChangeTime: 2020-06-28T00:33:12.954124600Z |
| 426 | | 1580.d10: FileAttributes: 0x20 |
| 427 | | 1580.d10: Size: 0x1a6d60 |
| 428 | | 1580.d10: NT Headers: 0xe0 |
| 429 | | 1580.d10: Timestamp: 0x4ce7c8f9 |
| 430 | | 1580.d10: Machine: 0x8664 - amd64 |
| 431 | | 1580.d10: Timestamp: 0x4ce7c8f9 |
| 432 | | 1580.d10: Image Version: 6.1 |
| 433 | | 1580.d10: SizeOfImage: 0x1a9000 (1740800) |
| 434 | | 1580.d10: Resource Dir: 0x151000 LB 0x560d8 |
| 435 | | 1580.d10: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 436 | | 1580.d10: [Raw version resource data: 0x1510f0 LB 0x380, codepage 0x0 (reserved 0x0)] |
| 437 | | 1580.d10: ProductName: Microsoft® Windows® Operating System |
| 438 | | 1580.d10: ProductVersion: 6.1.7601.17514 |
| 439 | | 1580.d10: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
| 440 | | 1580.d10: FileDescription: NT Layer DLL |
| 441 | | 1580.d10: \SystemRoot\System32\kernel32.dll: |
| 442 | | 1580.d10: CreationTime: 2020-06-29T07:05:55.386627700Z |
| 443 | | 1580.d10: LastWriteTime: 2011-05-14T07:20:00.106000000Z |
| 444 | | 1580.d10: ChangeTime: 2020-06-29T07:06:45.519519800Z |
| 445 | | 1580.d10: FileAttributes: 0x20 |
| 446 | | 1580.d10: Size: 0x11be00 |
| 447 | | 1580.d10: NT Headers: 0xe8 |
| 448 | | 1580.d10: Timestamp: 0x4dce2b0d |
| 449 | | 1580.d10: Machine: 0x8664 - amd64 |
| 450 | | 1580.d10: Timestamp: 0x4dce2b0d |
| 451 | | 1580.d10: Image Version: 6.1 |
| 452 | | 1580.d10: SizeOfImage: 0x11f000 (1175552) |
| 453 | | 1580.d10: Resource Dir: 0x116000 LB 0x528 |
| 454 | | 1580.d10: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 455 | | 1580.d10: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] |
| 456 | | 1580.d10: ProductName: Microsoft® Windows® Operating System |
| 457 | | 1580.d10: ProductVersion: 6.1.7601.17617 |
| 458 | | 1580.d10: FileVersion: 6.1.7601.17617 (win7sp1_gdr.110513-1659) |
| 459 | | 1580.d10: FileDescription: Windows NT BASE API Client DLL |
| 460 | | 1580.d10: \SystemRoot\System32\KernelBase.dll: |
| 461 | | 1580.d10: CreationTime: 2020-06-29T07:05:55.916628400Z |
| 462 | | 1580.d10: LastWriteTime: 2011-05-14T07:20:00.247000000Z |
| 463 | | 1580.d10: ChangeTime: 2020-06-29T07:06:45.519519800Z |
| 464 | | 1580.d10: FileAttributes: 0x20 |
| 465 | | 1580.d10: Size: 0x67000 |
| 466 | | 1580.d10: NT Headers: 0xe8 |
| 467 | | 1580.d10: Timestamp: 0x4dce2b0e |
| 468 | | 1580.d10: Machine: 0x8664 - amd64 |
| 469 | | 1580.d10: Timestamp: 0x4dce2b0e |
| 470 | | 1580.d10: Image Version: 6.1 |
| 471 | | 1580.d10: SizeOfImage: 0x6c000 (442368) |
| 472 | | 1580.d10: Resource Dir: 0x6a000 LB 0x530 |
| 473 | | 1580.d10: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 474 | | 1580.d10: [Raw version resource data: 0x6a0b0 LB 0x3ac, codepage 0x0 (reserved 0x0)] |
| 475 | | 1580.d10: ProductName: Microsoft® Windows® Operating System |
| 476 | | 1580.d10: ProductVersion: 6.1.7601.17617 |
| 477 | | 1580.d10: FileVersion: 6.1.7601.17617 (win7sp1_gdr.110513-1659) |
| 478 | | 1580.d10: FileDescription: Windows NT BASE API Client DLL |
| 479 | | 1580.d10: \SystemRoot\System32\apisetschema.dll: |
| 480 | | 1580.d10: CreationTime: 2020-06-29T08:41:18.865836100Z |
| 481 | | 1580.d10: LastWriteTime: 2015-02-03T03:28:14.008000000Z |
| 482 | | 1580.d10: ChangeTime: 2020-06-29T10:26:19.937919000Z |
| 483 | | 1580.d10: FileAttributes: 0x20 |
| 484 | | 1580.d10: Size: 0x1a00 |
| 485 | | 1580.d10: NT Headers: 0xc0 |
| 486 | | 1580.d10: Timestamp: 0x54d04096 |
| 487 | | 1580.d10: Machine: 0x8664 - amd64 |
| 488 | | 1580.d10: Timestamp: 0x54d04096 |
| 489 | | 1580.d10: Image Version: 6.1 |
| 490 | | 1580.d10: SizeOfImage: 0x50000 (327680) |
| 491 | | 1580.d10: Resource Dir: 0x30000 LB 0x3f8 |
| 492 | | 1580.d10: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 493 | | 1580.d10: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)] |
| 494 | | 1580.d10: ProductName: Microsoft® Windows® Operating System |
| 495 | | 1580.d10: ProductVersion: 6.1.7601.18741 |
| 496 | | 1580.d10: FileVersion: 6.1.7601.18741 (win7sp1_gdr.150202-1526) |
| 497 | | 1580.d10: FileDescription: ApiSet Schema DLL |
| 498 | | 1580.d10: Found driver aswVmm (0x4) |
| 499 | | 1580.d10: Found driver aswStm (0x4) |
| 500 | | 1580.d10: Found driver aswRvrt (0x4) |
| 501 | | 1580.d10: supR3HardenedWinFindAdversaries: 0x4 |
| 502 | | 1580.d10: \SystemRoot\System32\drivers\aswMonFlt.sys: |
| 503 | | 1580.d10: CreationTime: 2020-06-29T04:41:37.759322500Z |
| 504 | | 1580.d10: LastWriteTime: 2020-06-29T04:41:30.295934900Z |
| 505 | | 1580.d10: ChangeTime: 2020-06-29T04:41:39.409850500Z |
| 506 | | 1580.d10: FileAttributes: 0x20 |
| 507 | | 1580.d10: Size: 0x2ac68 |
| 508 | | 1580.d10: NT Headers: 0xf0 |
| 509 | | 1580.d10: Timestamp: 0x5ed4b2b6 |
| 510 | | 1580.d10: Machine: 0x8664 - amd64 |
| 511 | | 1580.d10: Timestamp: 0x5ed4b2b6 |
| 512 | | 1580.d10: Image Version: 10.0 |
| 513 | | 1580.d10: SizeOfImage: 0x33000 (208896) |
| 514 | | 1580.d10: Resource Dir: 0x31000 LB 0x398 |
| 515 | | 1580.d10: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 516 | | 1580.d10: [Raw version resource data: 0x31060 LB 0x338, codepage 0x0 (reserved 0x0)] |
| 517 | | 1580.d10: ProductName: Avast Antivirus |
| 518 | | 1580.d10: ProductVersion: 20.4.83.0 |
| 519 | | 1580.d10: FileVersion: 20.4.83.0 |
| 520 | | 1580.d10: FileDescription: Avast File System Filter |
| 521 | | 1580.d10: \SystemRoot\System32\drivers\aswRdr2.sys: |
| 522 | | 1580.d10: CreationTime: 2020-06-29T04:41:37.719309700Z |
| 523 | | 1580.d10: LastWriteTime: 2020-06-29T04:41:30.235915700Z |
| 524 | | 1580.d10: ChangeTime: 2020-06-29T04:41:39.409850500Z |
| 525 | | 1580.d10: FileAttributes: 0x20 |
| 526 | | 1580.d10: Size: 0x1aae0 |
| 527 | | 1580.d10: NT Headers: 0xf0 |
| 528 | | 1580.d10: Timestamp: 0x5ed4b2b6 |
| 529 | | 1580.d10: Machine: 0x8664 - amd64 |
| 530 | | 1580.d10: Timestamp: 0x5ed4b2b6 |
| 531 | | 1580.d10: Image Version: 10.0 |
| 532 | | 1580.d10: SizeOfImage: 0x1a000 (106496) |
| 533 | | 1580.d10: Resource Dir: 0x18000 LB 0x380 |
| 534 | | 1580.d10: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 535 | | 1580.d10: [Raw version resource data: 0x18060 LB 0x31c, codepage 0x0 (reserved 0x0)] |
| 536 | | 1580.d10: ProductName: Avast Antivirus |
| 537 | | 1580.d10: ProductVersion: 20.4.83.0 |
| 538 | | 1580.d10: FileVersion: 20.4.83.0 |
| 539 | | 1580.d10: FileDescription: Avast Antivirus |
| 540 | | 1580.d10: \SystemRoot\System32\drivers\aswRvrt.sys: |
| 541 | | 1580.d10: CreationTime: 2020-06-29T04:41:37.789332100Z |
| 542 | | 1580.d10: LastWriteTime: 2020-06-29T04:41:30.345950900Z |
| 543 | | 1580.d10: ChangeTime: 2020-06-29T04:41:39.409850500Z |
| 544 | | 1580.d10: FileAttributes: 0x20 |
| 545 | | 1580.d10: Size: 0x14b78 |
| 546 | | 1580.d10: NT Headers: 0xe8 |
| 547 | | 1580.d10: Timestamp: 0x5ed4b2b6 |
| 548 | | 1580.d10: Machine: 0x8664 - amd64 |
| 549 | | 1580.d10: Timestamp: 0x5ed4b2b6 |
| 550 | | 1580.d10: Image Version: 10.0 |
| 551 | | 1580.d10: SizeOfImage: 0x13000 (77824) |
| 552 | | 1580.d10: Resource Dir: 0x11000 LB 0x378 |
| 553 | | 1580.d10: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 554 | | 1580.d10: [Raw version resource data: 0x11060 LB 0x318, codepage 0x0 (reserved 0x0)] |
| 555 | | 1580.d10: ProductName: Avast Antivirus |
| 556 | | 1580.d10: ProductVersion: 20.4.83.0 |
| 557 | | 1580.d10: FileVersion: 20.4.83.0 |
| 558 | | 1580.d10: FileDescription: Avast Revert |
| 559 | | 1580.d10: \SystemRoot\System32\drivers\aswSnx.sys: |
| 560 | | 1580.d10: CreationTime: 2020-06-29T04:41:37.549255300Z |
| 561 | | 1580.d10: LastWriteTime: 2020-06-29T04:41:12.943378500Z |
| 562 | | 1580.d10: ChangeTime: 2020-06-29T04:41:39.409850500Z |
| 563 | | 1580.d10: FileAttributes: 0x20 |
| 564 | | 1580.d10: Size: 0xcfe98 |
| 565 | | 1580.d10: NT Headers: 0x100 |
| 566 | | 1580.d10: Timestamp: 0x5ed4b2ba |
| 567 | | 1580.d10: Machine: 0x8664 - amd64 |
| 568 | | 1580.d10: Timestamp: 0x5ed4b2ba |
| 569 | | 1580.d10: Image Version: 10.0 |
| 570 | | 1580.d10: SizeOfImage: 0xcd000 (839680) |
| 571 | | 1580.d10: Resource Dir: 0xca000 LB 0x380 |
| 572 | | 1580.d10: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 573 | | 1580.d10: [Raw version resource data: 0xca060 LB 0x31c, codepage 0x0 (reserved 0x0)] |
| 574 | | 1580.d10: ProductName: Avast Antivirus |
| 575 | | 1580.d10: ProductVersion: 20.4.83.0 |
| 576 | | 1580.d10: FileVersion: 20.4.83.0 |
| 577 | | 1580.d10: FileDescription: Avast Antivirus |
| 578 | | 1580.d10: \SystemRoot\System32\drivers\aswsp.sys: |
| 579 | | 1580.d10: CreationTime: 2020-06-29T04:41:37.829344900Z |
| 580 | | 1580.d10: LastWriteTime: 2020-06-29T04:42:14.991232900Z |
| 581 | | 1580.d10: ChangeTime: 2020-06-29T04:42:14.991232900Z |
| 582 | | 1580.d10: FileAttributes: 0x20 |
| 583 | | 1580.d10: Size: 0x70f00 |
| 584 | | 1580.d10: NT Headers: 0xe8 |
| 585 | | 1580.d10: Timestamp: 0x5ee709ca |
| 586 | | 1580.d10: Machine: 0x8664 - amd64 |
| 587 | | 1580.d10: Timestamp: 0x5ee709ca |
| 588 | | 1580.d10: Image Version: 10.0 |
| 589 | | 1580.d10: SizeOfImage: 0x72000 (466944) |
| 590 | | 1580.d10: Resource Dir: 0x70000 LB 0x380 |
| 591 | | 1580.d10: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 592 | | 1580.d10: [Raw version resource data: 0x70060 LB 0x320, codepage 0x0 (reserved 0x0)] |
| 593 | | 1580.d10: ProductName: Avast Antivirus |
| 594 | | 1580.d10: ProductVersion: 20.4.90.0 |
| 595 | | 1580.d10: FileVersion: 20.4.90.0 |
| 596 | | 1580.d10: FileDescription: Avast Self Protection |
| 597 | | 1580.d10: \SystemRoot\System32\drivers\aswStm.sys: |
| 598 | | 1580.d10: CreationTime: 2020-06-29T04:41:37.889364100Z |
| 599 | | 1580.d10: LastWriteTime: 2020-06-29T04:41:30.475992500Z |
| 600 | | 1580.d10: ChangeTime: 2020-06-29T04:41:39.409850500Z |
| 601 | | 1580.d10: FileAttributes: 0x20 |
| 602 | | 1580.d10: Size: 0x34ef8 |
| 603 | | 1580.d10: NT Headers: 0xf0 |
| 604 | | 1580.d10: Timestamp: 0x5ed4b2b9 |
| 605 | | 1580.d10: Machine: 0x8664 - amd64 |
| 606 | | 1580.d10: Timestamp: 0x5ed4b2b9 |
| 607 | | 1580.d10: Image Version: 10.0 |
| 608 | | 1580.d10: SizeOfImage: 0x34000 (212992) |
| 609 | | 1580.d10: Resource Dir: 0x32000 LB 0x388 |
| 610 | | 1580.d10: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 611 | | 1580.d10: [Raw version resource data: 0x32060 LB 0x324, codepage 0x0 (reserved 0x0)] |
| 612 | | 1580.d10: ProductName: Avast Antivirus |
| 613 | | 1580.d10: ProductVersion: 20.4.83.0 |
| 614 | | 1580.d10: FileVersion: 20.4.83.0 |
| 615 | | 1580.d10: FileDescription: Avast Stream Filter |
| 616 | | 1580.d10: \SystemRoot\System32\drivers\aswVmm.sys: |
| 617 | | 1580.d10: CreationTime: 2020-06-29T04:41:37.929376900Z |
| 618 | | 1580.d10: LastWriteTime: 2020-06-29T04:42:14.240992900Z |
| 619 | | 1580.d10: ChangeTime: 2020-06-29T04:42:14.240992900Z |
| 620 | | 1580.d10: FileAttributes: 0x20 |
| 621 | | 1580.d10: Size: 0x4ead0 |
| 622 | | 1580.d10: NT Headers: 0xe8 |
| 623 | | 1580.d10: Timestamp: 0x5ede39a4 |
| 624 | | 1580.d10: Machine: 0x8664 - amd64 |
| 625 | | 1580.d10: Timestamp: 0x5ede39a4 |
| 626 | | 1580.d10: Image Version: 10.0 |
| 627 | | 1580.d10: SizeOfImage: 0x4c000 (311296) |
| 628 | | 1580.d10: Resource Dir: 0x4a000 LB 0x380 |
| 629 | | 1580.d10: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 630 | | 1580.d10: [Raw version resource data: 0x4a060 LB 0x320, codepage 0x0 (reserved 0x0)] |
| 631 | | 1580.d10: ProductName: Avast Antivirus |
| 632 | | 1580.d10: ProductVersion: 20.4.87.0 |
| 633 | | 1580.d10: FileVersion: 20.4.87.0 |
| 634 | | 1580.d10: FileDescription: Avast VM Monitor |
| 635 | | 1580.d10: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' |
| 636 | | 1580.d10: Calling main() |
| 637 | | 1580.d10: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 |
| 638 | | 1580.d10: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' |
| 639 | | 1580.d10: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports |
| 640 | | 1580.d10: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) |
| 641 | | 1580.d10: SUPR3HardenedMain: Respawn #2 |
| 642 | | 1580.d10: supR3HardNtEnableThreadCreationEx: |
| 643 | | 1580.d10: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) |
| 644 | | 1580.d10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll |
| 645 | | 1580.d10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling] |
| 646 | | 1580.d10: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust] |
| 647 | | 1580.d10: supR3HardenedDllNotificationCallback: load 000007fefce60000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0] |
| 648 | | 1580.d10: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust] |
| 649 | | 1580.d10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce60000 'C:\Windows\system32\apphelp.dll' |
| 650 | | 1580.d10: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007706c320 pvNtTerminateThread=0000000077091840 |
| 651 | | 1580.d10: supR3HardenedWinDoReSpawn(2): New child 1430.1484 [kernel32]. |
| 652 | | 1580.d10: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380 |
| 653 | | 1580.d10: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077040000 uNtDllChildAddr=0000000077040000 |
| 654 | | 1580.d10: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007706c320 |
| 655 | | 1580.d10: supR3HardenedWinSetupChildInit: Initial context: |
| 656 | | rax=0000000000000000 rbx=0000000000000000 rcx=000000013f407900 rdx=000007fffffdf000 |
| 657 | | rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000 |
| 658 | | r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 |
| 659 | | r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000 |
| 660 | | rip=000000007706c500 rsp=000000000031f8a8 rbp=0000000000000000 ctxflags=0010001b |
| 661 | | cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80 |
| 662 | | P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000 |
| 663 | | dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000 |
| 664 | | dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000 |
| 665 | | lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000 |
| 666 | | 1580.d10: kernel32.dll: timestamp 0x4dce2b0d (rc=VINF_SUCCESS) |
| 667 | | 1580.d10: supR3HardenedWinSetupChildInit: Start child. |
| 668 | | 1580.d10: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. |
| 669 | | 1580.d10: supR3HardNtChildPurify: Startup delay kludge #1/0: 518 ms, 51 sleeps |
| 670 | | 1580.d10: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION |
| 671 | | 1580.d10: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000 |
| 672 | | 1580.d10: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000 |
| 673 | | 1580.d10: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000 |
| 674 | | 1580.d10: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000 |
| 675 | | 1580.d10: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000 |
| 676 | | 1580.d10: 0000000000041000-000000000021ffff 0x0001/0x0000 0x0000000 |
| 677 | | 1580.d10: *0000000000220000-000000000031bfff 0x0000/0x0004 0x0020000 |
| 678 | | 1580.d10: 000000000031c000-000000000031dfff 0x0104/0x0004 0x0020000 |
| 679 | | 1580.d10: 000000000031e000-000000000031ffff 0x0004/0x0004 0x0020000 |
| 680 | | 1580.d10: 0000000000320000-000000007703ffff 0x0001/0x0000 0x0000000 |
| 681 | | 1580.d10: *0000000077040000-0000000077040fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
| 682 | | 1580.d10: 0000000077041000-0000000077142fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
| 683 | | 1580.d10: 0000000077143000-0000000077171fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
| 684 | | 1580.d10: 0000000077172000-000000007717dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
| 685 | | 1580.d10: 000000007717e000-00000000771e8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
| 686 | | 1580.d10: 00000000771e9000-000000007efdffff 0x0001/0x0000 0x0000000 |
| 687 | | 1580.d10: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000 |
| 688 | | 1580.d10: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 |
| 689 | | 1580.d10: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 |
| 690 | | 1580.d10: 000000007fff0000-000000013f3fffff 0x0001/0x0000 0x0000000 |
| 691 | | 1580.d10: *000000013f400000-000000013f400fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 692 | | 1580.d10: 000000013f401000-000000013f476fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 693 | | 1580.d10: 000000013f477000-000000013f477fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 694 | | 1580.d10: 000000013f478000-000000013f4bffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 695 | | 1580.d10: 000000013f4c0000-000000013f4c0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 696 | | 1580.d10: 000000013f4c1000-000000013f4c1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 697 | | 1580.d10: 000000013f4c2000-000000013f4c6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 698 | | 1580.d10: 000000013f4c7000-000000013f4c7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 699 | | 1580.d10: 000000013f4c8000-000000013f4c8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 700 | | 1580.d10: 000000013f4c9000-000000013f4ccfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 701 | | 1580.d10: 000000013f4cd000-000000013f515fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
| 702 | | 1580.d10: 000000013f516000-000007feff35ffff 0x0001/0x0000 0x0000000 |
| 703 | | 1580.d10: *000007feff360000-000007feff360fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll |
| 704 | | 1580.d10: 000007feff361000-000007fffffaffff 0x0001/0x0000 0x0000000 |
| 705 | | 1580.d10: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000 |
| 706 | | 1580.d10: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000 |
| 707 | | 1580.d10: *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000 |
| 708 | | 1580.d10: *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000 |
| 709 | | 1580.d10: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000 |
| 710 | | 1580.d10: apisetschema.dll: timestamp 0x54d04096 (rc=VINF_SUCCESS) |
| 711 | | 1580.d10: VirtualBoxVM.exe: timestamp 0x5ed9201b (rc=VINF_SUCCESS) |
| 712 | | 1580.d10: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports |
| 713 | | 1580.d10: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports |
| 714 | | 1580.d10: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports |
| 715 | | 1580.d10: supR3HardNtChildPurify: Done after 585 ms and 0 fixes (loop #0). |
| 716 | | 1430.1484: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100 |
| 717 | | 1430.1484: supR3HardenedVmProcessInit: uNtDllAddr=0000000077040000 g_uNtVerCombined=0x611db100 (stack ~000000000031f358) |
| 718 | | 1580.d10: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000250000 LB 0x400000) |
| 719 | | 1580.d10: supR3HardNtEnableThreadCreationEx: |
| 720 | | 1430.1484: ntdll.dll: timestamp 0x4ce7c8f9 (rc=VINF_SUCCESS) |
| 721 | | 1430.1484: New simple heap: #1 0000000000320000 LB 0x400000 (for 1740800 allocation) |
| 722 | | 1430.1484: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' |
| 723 | | 1430.1484: System32: \Device\HarddiskVolume2\Windows\System32 |
| 724 | | 1430.1484: WinSxS: \Device\HarddiskVolume2\Windows\winsxs |
| 725 | | 1430.1484: KnownDllPath: C:\Windows\system32 |
| 726 | | 1430.1484: supR3HardenedVmProcessInit: Opening vboxdrv... |
| 727 | | 1430.1484: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... |
| 728 | | 1430.1484: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... |
| 729 | | 1430.1484: Registered Dll notification callback with NTDLL. |
| 730 | | 1430.1484: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) |
| 731 | | 1430.1484: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll |
| 732 | | 1430.1484: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling] |
| 733 | | 1430.1484: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] |
| 734 | | 1430.1484: supR3HardenedDllNotificationCallback: load 0000000076f20000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0] |
| 735 | | 1430.1484: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] |
| 736 | | 1430.1484: supR3HardenedDllNotificationCallback: load 000007fefd1f0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] |
| 737 | | 1430.1484: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) |
| 738 | | 1430.1484: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll |
| 739 | | 1430.1484: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f20000 'C:\Windows\system32\kernel32.dll' |
| 740 | | 1430.1484: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007706c320 pvNtTerminateThread=0000000077091840 |
| 741 | | 1580.d10: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 80 ms. |
| 742 | | 1430.1484: \SystemRoot\System32\ntdll.dll: |
| 743 | | 1430.1484: CreationTime: 2010-11-21T03:23:51.351694200Z |
| 744 | | 1430.1484: LastWriteTime: 2010-11-21T03:23:51.367294200Z |
| 745 | | 1430.1484: ChangeTime: 2020-06-28T00:33:12.954124600Z |
| 746 | | 1430.1484: FileAttributes: 0x20 |
| 747 | | 1430.1484: Size: 0x1a6d60 |
| 748 | | 1430.1484: NT Headers: 0xe0 |
| 749 | | 1430.1484: Timestamp: 0x4ce7c8f9 |
| 750 | | 1430.1484: Machine: 0x8664 - amd64 |
| 751 | | 1430.1484: Timestamp: 0x4ce7c8f9 |
| 752 | | 1430.1484: Image Version: 6.1 |
| 753 | | 1430.1484: SizeOfImage: 0x1a9000 (1740800) |
| 754 | | 1430.1484: Resource Dir: 0x151000 LB 0x560d8 |
| 755 | | 1430.1484: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 756 | | 1430.1484: [Raw version resource data: 0x1510f0 LB 0x380, codepage 0x0 (reserved 0x0)] |
| 757 | | 1430.1484: ProductName: Microsoft® Windows® Operating System |
| 758 | | 1430.1484: ProductVersion: 6.1.7601.17514 |
| 759 | | 1430.1484: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
| 760 | | 1430.1484: FileDescription: NT Layer DLL |
| 761 | | 1430.1484: \SystemRoot\System32\kernel32.dll: |
| 762 | | 1430.1484: CreationTime: 2020-06-29T07:05:55.386627700Z |
| 763 | | 1430.1484: LastWriteTime: 2011-05-14T07:20:00.106000000Z |
| 764 | | 1430.1484: ChangeTime: 2020-06-29T07:06:45.519519800Z |
| 765 | | 1430.1484: FileAttributes: 0x20 |
| 766 | | 1430.1484: Size: 0x11be00 |
| 767 | | 1430.1484: NT Headers: 0xe8 |
| 768 | | 1430.1484: Timestamp: 0x4dce2b0d |
| 769 | | 1430.1484: Machine: 0x8664 - amd64 |
| 770 | | 1430.1484: Timestamp: 0x4dce2b0d |
| 771 | | 1430.1484: Image Version: 6.1 |
| 772 | | 1430.1484: SizeOfImage: 0x11f000 (1175552) |
| 773 | | 1430.1484: Resource Dir: 0x116000 LB 0x528 |
| 774 | | 1430.1484: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 775 | | 1430.1484: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] |
| 776 | | 1430.1484: ProductName: Microsoft® Windows® Operating System |
| 777 | | 1430.1484: ProductVersion: 6.1.7601.17617 |
| 778 | | 1430.1484: FileVersion: 6.1.7601.17617 (win7sp1_gdr.110513-1659) |
| 779 | | 1430.1484: FileDescription: Windows NT BASE API Client DLL |
| 780 | | 1430.1484: \SystemRoot\System32\KernelBase.dll: |
| 781 | | 1430.1484: CreationTime: 2020-06-29T07:05:55.916628400Z |
| 782 | | 1430.1484: LastWriteTime: 2011-05-14T07:20:00.247000000Z |
| 783 | | 1430.1484: ChangeTime: 2020-06-29T07:06:45.519519800Z |
| 784 | | 1430.1484: FileAttributes: 0x20 |
| 785 | | 1430.1484: Size: 0x67000 |
| 786 | | 1430.1484: NT Headers: 0xe8 |
| 787 | | 1430.1484: Timestamp: 0x4dce2b0e |
| 788 | | 1430.1484: Machine: 0x8664 - amd64 |
| 789 | | 1430.1484: Timestamp: 0x4dce2b0e |
| 790 | | 1430.1484: Image Version: 6.1 |
| 791 | | 1430.1484: SizeOfImage: 0x6c000 (442368) |
| 792 | | 1430.1484: Resource Dir: 0x6a000 LB 0x530 |
| 793 | | 1430.1484: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 794 | | 1430.1484: [Raw version resource data: 0x6a0b0 LB 0x3ac, codepage 0x0 (reserved 0x0)] |
| 795 | | 1430.1484: ProductName: Microsoft® Windows® Operating System |
| 796 | | 1430.1484: ProductVersion: 6.1.7601.17617 |
| 797 | | 1430.1484: FileVersion: 6.1.7601.17617 (win7sp1_gdr.110513-1659) |
| 798 | | 1430.1484: FileDescription: Windows NT BASE API Client DLL |
| 799 | | 1430.1484: \SystemRoot\System32\apisetschema.dll: |
| 800 | | 1430.1484: CreationTime: 2020-06-29T08:41:18.865836100Z |
| 801 | | 1430.1484: LastWriteTime: 2015-02-03T03:28:14.008000000Z |
| 802 | | 1430.1484: ChangeTime: 2020-06-29T10:26:19.937919000Z |
| 803 | | 1430.1484: FileAttributes: 0x20 |
| 804 | | 1430.1484: Size: 0x1a00 |
| 805 | | 1430.1484: NT Headers: 0xc0 |
| 806 | | 1430.1484: Timestamp: 0x54d04096 |
| 807 | | 1430.1484: Machine: 0x8664 - amd64 |
| 808 | | 1430.1484: Timestamp: 0x54d04096 |
| 809 | | 1430.1484: Image Version: 6.1 |
| 810 | | 1430.1484: SizeOfImage: 0x50000 (327680) |
| 811 | | 1430.1484: Resource Dir: 0x30000 LB 0x3f8 |
| 812 | | 1430.1484: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 813 | | 1430.1484: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)] |
| 814 | | 1430.1484: ProductName: Microsoft® Windows® Operating System |
| 815 | | 1430.1484: ProductVersion: 6.1.7601.18741 |
| 816 | | 1430.1484: FileVersion: 6.1.7601.18741 (win7sp1_gdr.150202-1526) |
| 817 | | 1430.1484: FileDescription: ApiSet Schema DLL |
| 818 | | 1430.1484: Found driver aswVmm (0x4) |
| 819 | | 1430.1484: Found driver aswStm (0x4) |
| 820 | | 1430.1484: Found driver aswRvrt (0x4) |
| 821 | | 1430.1484: supR3HardenedWinFindAdversaries: 0x4 |
| 822 | | 1430.1484: \SystemRoot\System32\drivers\aswMonFlt.sys: |
| 823 | | 1430.1484: CreationTime: 2020-06-29T04:41:37.759322500Z |
| 824 | | 1430.1484: LastWriteTime: 2020-06-29T04:41:30.295934900Z |
| 825 | | 1430.1484: ChangeTime: 2020-06-29T04:41:39.409850500Z |
| 826 | | 1430.1484: FileAttributes: 0x20 |
| 827 | | 1430.1484: Size: 0x2ac68 |
| 828 | | 1430.1484: NT Headers: 0xf0 |
| 829 | | 1430.1484: Timestamp: 0x5ed4b2b6 |
| 830 | | 1430.1484: Machine: 0x8664 - amd64 |
| 831 | | 1430.1484: Timestamp: 0x5ed4b2b6 |
| 832 | | 1430.1484: Image Version: 10.0 |
| 833 | | 1430.1484: SizeOfImage: 0x33000 (208896) |
| 834 | | 1430.1484: Resource Dir: 0x31000 LB 0x398 |
| 835 | | 1430.1484: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 836 | | 1430.1484: [Raw version resource data: 0x31060 LB 0x338, codepage 0x0 (reserved 0x0)] |
| 837 | | 1430.1484: ProductName: Avast Antivirus |
| 838 | | 1430.1484: ProductVersion: 20.4.83.0 |
| 839 | | 1430.1484: FileVersion: 20.4.83.0 |
| 840 | | 1430.1484: FileDescription: Avast File System Filter |
| 841 | | 1430.1484: \SystemRoot\System32\drivers\aswRdr2.sys: |
| 842 | | 1430.1484: CreationTime: 2020-06-29T04:41:37.719309700Z |
| 843 | | 1430.1484: LastWriteTime: 2020-06-29T04:41:30.235915700Z |
| 844 | | 1430.1484: ChangeTime: 2020-06-29T04:41:39.409850500Z |
| 845 | | 1430.1484: FileAttributes: 0x20 |
| 846 | | 1430.1484: Size: 0x1aae0 |
| 847 | | 1430.1484: NT Headers: 0xf0 |
| 848 | | 1430.1484: Timestamp: 0x5ed4b2b6 |
| 849 | | 1430.1484: Machine: 0x8664 - amd64 |
| 850 | | 1430.1484: Timestamp: 0x5ed4b2b6 |
| 851 | | 1430.1484: Image Version: 10.0 |
| 852 | | 1430.1484: SizeOfImage: 0x1a000 (106496) |
| 853 | | 1430.1484: Resource Dir: 0x18000 LB 0x380 |
| 854 | | 1430.1484: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 855 | | 1430.1484: [Raw version resource data: 0x18060 LB 0x31c, codepage 0x0 (reserved 0x0)] |
| 856 | | 1430.1484: ProductName: Avast Antivirus |
| 857 | | 1430.1484: ProductVersion: 20.4.83.0 |
| 858 | | 1430.1484: FileVersion: 20.4.83.0 |
| 859 | | 1430.1484: FileDescription: Avast Antivirus |
| 860 | | 1430.1484: \SystemRoot\System32\drivers\aswRvrt.sys: |
| 861 | | 1430.1484: CreationTime: 2020-06-29T04:41:37.789332100Z |
| 862 | | 1430.1484: LastWriteTime: 2020-06-29T04:41:30.345950900Z |
| 863 | | 1430.1484: ChangeTime: 2020-06-29T04:41:39.409850500Z |
| 864 | | 1430.1484: FileAttributes: 0x20 |
| 865 | | 1430.1484: Size: 0x14b78 |
| 866 | | 1430.1484: NT Headers: 0xe8 |
| 867 | | 1430.1484: Timestamp: 0x5ed4b2b6 |
| 868 | | 1430.1484: Machine: 0x8664 - amd64 |
| 869 | | 1430.1484: Timestamp: 0x5ed4b2b6 |
| 870 | | 1430.1484: Image Version: 10.0 |
| 871 | | 1430.1484: SizeOfImage: 0x13000 (77824) |
| 872 | | 1430.1484: Resource Dir: 0x11000 LB 0x378 |
| 873 | | 1430.1484: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 874 | | 1430.1484: [Raw version resource data: 0x11060 LB 0x318, codepage 0x0 (reserved 0x0)] |
| 875 | | 1430.1484: ProductName: Avast Antivirus |
| 876 | | 1430.1484: ProductVersion: 20.4.83.0 |
| 877 | | 1430.1484: FileVersion: 20.4.83.0 |
| 878 | | 1430.1484: FileDescription: Avast Revert |
| 879 | | 1430.1484: \SystemRoot\System32\drivers\aswSnx.sys: |
| 880 | | 1430.1484: CreationTime: 2020-06-29T04:41:37.549255300Z |
| 881 | | 1430.1484: LastWriteTime: 2020-06-29T04:41:12.943378500Z |
| 882 | | 1430.1484: ChangeTime: 2020-06-29T04:41:39.409850500Z |
| 883 | | 1430.1484: FileAttributes: 0x20 |
| 884 | | 1430.1484: Size: 0xcfe98 |
| 885 | | 1430.1484: NT Headers: 0x100 |
| 886 | | 1430.1484: Timestamp: 0x5ed4b2ba |
| 887 | | 1430.1484: Machine: 0x8664 - amd64 |
| 888 | | 1430.1484: Timestamp: 0x5ed4b2ba |
| 889 | | 1430.1484: Image Version: 10.0 |
| 890 | | 1430.1484: SizeOfImage: 0xcd000 (839680) |
| 891 | | 1430.1484: Resource Dir: 0xca000 LB 0x380 |
| 892 | | 1430.1484: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 893 | | 1430.1484: [Raw version resource data: 0xca060 LB 0x31c, codepage 0x0 (reserved 0x0)] |
| 894 | | 1430.1484: ProductName: Avast Antivirus |
| 895 | | 1430.1484: ProductVersion: 20.4.83.0 |
| 896 | | 1430.1484: FileVersion: 20.4.83.0 |
| 897 | | 1430.1484: FileDescription: Avast Antivirus |
| 898 | | 1430.1484: \SystemRoot\System32\drivers\aswsp.sys: |
| 899 | | 1430.1484: CreationTime: 2020-06-29T04:41:37.829344900Z |
| 900 | | 1430.1484: LastWriteTime: 2020-06-29T04:42:14.991232900Z |
| 901 | | 1430.1484: ChangeTime: 2020-06-29T04:42:14.991232900Z |
| 902 | | 1430.1484: FileAttributes: 0x20 |
| 903 | | 1430.1484: Size: 0x70f00 |
| 904 | | 1430.1484: NT Headers: 0xe8 |
| 905 | | 1430.1484: Timestamp: 0x5ee709ca |
| 906 | | 1430.1484: Machine: 0x8664 - amd64 |
| 907 | | 1430.1484: Timestamp: 0x5ee709ca |
| 908 | | 1430.1484: Image Version: 10.0 |
| 909 | | 1430.1484: SizeOfImage: 0x72000 (466944) |
| 910 | | 1430.1484: Resource Dir: 0x70000 LB 0x380 |
| 911 | | 1430.1484: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 912 | | 1430.1484: [Raw version resource data: 0x70060 LB 0x320, codepage 0x0 (reserved 0x0)] |
| 913 | | 1430.1484: ProductName: Avast Antivirus |
| 914 | | 1430.1484: ProductVersion: 20.4.90.0 |
| 915 | | 1430.1484: FileVersion: 20.4.90.0 |
| 916 | | 1430.1484: FileDescription: Avast Self Protection |
| 917 | | 1430.1484: \SystemRoot\System32\drivers\aswStm.sys: |
| 918 | | 1430.1484: CreationTime: 2020-06-29T04:41:37.889364100Z |
| 919 | | 1430.1484: LastWriteTime: 2020-06-29T04:41:30.475992500Z |
| 920 | | 1430.1484: ChangeTime: 2020-06-29T04:41:39.409850500Z |
| 921 | | 1430.1484: FileAttributes: 0x20 |
| 922 | | 1430.1484: Size: 0x34ef8 |
| 923 | | 1430.1484: NT Headers: 0xf0 |
| 924 | | 1430.1484: Timestamp: 0x5ed4b2b9 |
| 925 | | 1430.1484: Machine: 0x8664 - amd64 |
| 926 | | 1430.1484: Timestamp: 0x5ed4b2b9 |
| 927 | | 1430.1484: Image Version: 10.0 |
| 928 | | 1430.1484: SizeOfImage: 0x34000 (212992) |
| 929 | | 1430.1484: Resource Dir: 0x32000 LB 0x388 |
| 930 | | 1430.1484: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 931 | | 1430.1484: [Raw version resource data: 0x32060 LB 0x324, codepage 0x0 (reserved 0x0)] |
| 932 | | 1430.1484: ProductName: Avast Antivirus |
| 933 | | 1430.1484: ProductVersion: 20.4.83.0 |
| 934 | | 1430.1484: FileVersion: 20.4.83.0 |
| 935 | | 1430.1484: FileDescription: Avast Stream Filter |
| 936 | | 1430.1484: \SystemRoot\System32\drivers\aswVmm.sys: |
| 937 | | 1430.1484: CreationTime: 2020-06-29T04:41:37.929376900Z |
| 938 | | 1430.1484: LastWriteTime: 2020-06-29T04:42:14.240992900Z |
| 939 | | 1430.1484: ChangeTime: 2020-06-29T04:42:14.240992900Z |
| 940 | | 1430.1484: FileAttributes: 0x20 |
| 941 | | 1430.1484: Size: 0x4ead0 |
| 942 | | 1430.1484: NT Headers: 0xe8 |
| 943 | | 1430.1484: Timestamp: 0x5ede39a4 |
| 944 | | 1430.1484: Machine: 0x8664 - amd64 |
| 945 | | 1430.1484: Timestamp: 0x5ede39a4 |
| 946 | | 1430.1484: Image Version: 10.0 |
| 947 | | 1430.1484: SizeOfImage: 0x4c000 (311296) |
| 948 | | 1430.1484: Resource Dir: 0x4a000 LB 0x380 |
| 949 | | 1430.1484: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
| 950 | | 1430.1484: [Raw version resource data: 0x4a060 LB 0x320, codepage 0x0 (reserved 0x0)] |
| 951 | | 1430.1484: ProductName: Avast Antivirus |
| 952 | | 1430.1484: ProductVersion: 20.4.87.0 |
| 953 | | 1430.1484: FileVersion: 20.4.87.0 |
| 954 | | 1430.1484: FileDescription: Avast VM Monitor |
| 955 | | 1430.1484: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' |
| 956 | | 1430.1484: Calling main() |
| 957 | | 1430.1484: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 |
| 958 | | 1430.1484: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' |
| 959 | | 1430.1484: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports |
| 960 | | 1430.1484: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) |
| 961 | | 1430.1484: SUPR3HardenedMain: Final process, opening VBoxDrv... |
| 962 | | 1430.1484: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000320000 LB 0x400000) |
| 963 | | 1430.1484: supR3HardNtEnableThreadCreationEx: |
| 964 | | 1430.1484: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) |
| 965 | | 1430.1484: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll |
| 966 | | 1430.1484: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009043b0:C:\Windows\system32 [calling] |
| 967 | | 1430.1484: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] |
| 968 | | 1430.1484: supR3HardenedDllNotificationCallback: load 000007fee6d60000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] |
| 969 | | 1430.1484: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] |
| 970 | | 1430.1484: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] |
| 971 | | 1430.1484: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000904aa0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;C:\Program Files\Java\jdk1302\bin;C:\gradle-6.5\bin [calling] |
| 972 | | 1430.1484: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6d60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' |
| 973 | | 1430.1484: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] |
| 974 | | 1430.1484: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000904aa0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;C:\Program Files\Java\jdk1302\bin;C:\gradle-6.5\bin [calling] |
| 975 | | 1430.1484: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6d60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' |
| 976 | | 1430.1484: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6d60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' |
| 977 | | 1430.1484: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. |
| 978 | | 1430.1484: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dl |