25 | | |
26 | | |
27 | | |
28 | | |
29 | | the file of log : |
30 | | |
31 | | |
32 | | 14bc.6e8: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110 |
33 | | 14bc.6e8: \SystemRoot\System32\ntdll.dll: |
34 | | 14bc.6e8: CreationTime: 2010-11-21T03:23:51.351694200Z |
35 | | 14bc.6e8: LastWriteTime: 2010-11-21T03:23:51.367294200Z |
36 | | 14bc.6e8: ChangeTime: 2020-06-28T00:33:12.954124600Z |
37 | | 14bc.6e8: FileAttributes: 0x20 |
38 | | 14bc.6e8: Size: 0x1a6d60 |
39 | | 14bc.6e8: NT Headers: 0xe0 |
40 | | 14bc.6e8: Timestamp: 0x4ce7c8f9 |
41 | | 14bc.6e8: Machine: 0x8664 - amd64 |
42 | | 14bc.6e8: Timestamp: 0x4ce7c8f9 |
43 | | 14bc.6e8: Image Version: 6.1 |
44 | | 14bc.6e8: SizeOfImage: 0x1a9000 (1740800) |
45 | | 14bc.6e8: Resource Dir: 0x151000 LB 0x560d8 |
46 | | 14bc.6e8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] |
47 | | 14bc.6e8: [Raw version resource data: 0x1510f0 LB 0x380, codepage 0x0 (reserved 0x0)] |
48 | | 14bc.6e8: ProductName: Microsoft® Windows® Operating System |
49 | | 14bc.6e8: ProductVersion: 6.1.7601.17514 |
50 | | 14bc.6e8: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
51 | | 14bc.6e8: FileDescription: NT Layer DLL |
52 | | 14bc.6e8: \SystemRoot\System32\kernel32.dll: |
53 | | 14bc.6e8: CreationTime: 2020-06-29T07:05:55.386627700Z |
54 | | 14bc.6e8: LastWriteTime: 2011-05-14T07:20:00.106000000Z |
55 | | 14bc.6e8: ChangeTime: 2020-06-29T07:06:45.519519800Z |
56 | | 14bc.6e8: FileAttributes: 0x20 |
57 | | 14bc.6e8: Size: 0x11be00 |
58 | | 14bc.6e8: NT Headers: 0xe8 |
59 | | 14bc.6e8: Timestamp: 0x4dce2b0d |
60 | | 14bc.6e8: Machine: 0x8664 - amd64 |
61 | | 14bc.6e8: Timestamp: 0x4dce2b0d |
62 | | 14bc.6e8: Image Version: 6.1 |
63 | | 14bc.6e8: SizeOfImage: 0x11f000 (1175552) |
64 | | 14bc.6e8: Resource Dir: 0x116000 LB 0x528 |
65 | | 14bc.6e8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] |
66 | | 14bc.6e8: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] |
67 | | 14bc.6e8: ProductName: Microsoft® Windows® Operating System |
68 | | 14bc.6e8: ProductVersion: 6.1.7601.17617 |
69 | | 14bc.6e8: FileVersion: 6.1.7601.17617 (win7sp1_gdr.110513-1659) |
70 | | 14bc.6e8: FileDescription: Windows NT BASE API Client DLL |
71 | | 14bc.6e8: \SystemRoot\System32\KernelBase.dll: |
72 | | 14bc.6e8: CreationTime: 2020-06-29T07:05:55.916628400Z |
73 | | 14bc.6e8: LastWriteTime: 2011-05-14T07:20:00.247000000Z |
74 | | 14bc.6e8: ChangeTime: 2020-06-29T07:06:45.519519800Z |
75 | | 14bc.6e8: FileAttributes: 0x20 |
76 | | 14bc.6e8: Size: 0x67000 |
77 | | 14bc.6e8: NT Headers: 0xe8 |
78 | | 14bc.6e8: Timestamp: 0x4dce2b0e |
79 | | 14bc.6e8: Machine: 0x8664 - amd64 |
80 | | 14bc.6e8: Timestamp: 0x4dce2b0e |
81 | | 14bc.6e8: Image Version: 6.1 |
82 | | 14bc.6e8: SizeOfImage: 0x6c000 (442368) |
83 | | 14bc.6e8: Resource Dir: 0x6a000 LB 0x530 |
84 | | 14bc.6e8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] |
85 | | 14bc.6e8: [Raw version resource data: 0x6a0b0 LB 0x3ac, codepage 0x0 (reserved 0x0)] |
86 | | 14bc.6e8: ProductName: Microsoft® Windows® Operating System |
87 | | 14bc.6e8: ProductVersion: 6.1.7601.17617 |
88 | | 14bc.6e8: FileVersion: 6.1.7601.17617 (win7sp1_gdr.110513-1659) |
89 | | 14bc.6e8: FileDescription: Windows NT BASE API Client DLL |
90 | | 14bc.6e8: \SystemRoot\System32\apisetschema.dll: |
91 | | 14bc.6e8: CreationTime: 2020-06-29T08:41:18.865836100Z |
92 | | 14bc.6e8: LastWriteTime: 2015-02-03T03:28:14.008000000Z |
93 | | 14bc.6e8: ChangeTime: 2020-06-29T10:26:19.937919000Z |
94 | | 14bc.6e8: FileAttributes: 0x20 |
95 | | 14bc.6e8: Size: 0x1a00 |
96 | | 14bc.6e8: NT Headers: 0xc0 |
97 | | 14bc.6e8: Timestamp: 0x54d04096 |
98 | | 14bc.6e8: Machine: 0x8664 - amd64 |
99 | | 14bc.6e8: Timestamp: 0x54d04096 |
100 | | 14bc.6e8: Image Version: 6.1 |
101 | | 14bc.6e8: SizeOfImage: 0x50000 (327680) |
102 | | 14bc.6e8: Resource Dir: 0x30000 LB 0x3f8 |
103 | | 14bc.6e8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
104 | | 14bc.6e8: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)] |
105 | | 14bc.6e8: ProductName: Microsoft® Windows® Operating System |
106 | | 14bc.6e8: ProductVersion: 6.1.7601.18741 |
107 | | 14bc.6e8: FileVersion: 6.1.7601.18741 (win7sp1_gdr.150202-1526) |
108 | | 14bc.6e8: FileDescription: ApiSet Schema DLL |
109 | | 14bc.6e8: Found driver aswVmm (0x4) |
110 | | 14bc.6e8: Found driver aswStm (0x4) |
111 | | 14bc.6e8: Found driver aswRvrt (0x4) |
112 | | 14bc.6e8: supR3HardenedWinFindAdversaries: 0x4 |
113 | | 14bc.6e8: \SystemRoot\System32\drivers\aswMonFlt.sys: |
114 | | 14bc.6e8: CreationTime: 2020-06-29T04:41:37.759322500Z |
115 | | 14bc.6e8: LastWriteTime: 2020-06-29T04:41:30.295934900Z |
116 | | 14bc.6e8: ChangeTime: 2020-06-29T04:41:39.409850500Z |
117 | | 14bc.6e8: FileAttributes: 0x20 |
118 | | 14bc.6e8: Size: 0x2ac68 |
119 | | 14bc.6e8: NT Headers: 0xf0 |
120 | | 14bc.6e8: Timestamp: 0x5ed4b2b6 |
121 | | 14bc.6e8: Machine: 0x8664 - amd64 |
122 | | 14bc.6e8: Timestamp: 0x5ed4b2b6 |
123 | | 14bc.6e8: Image Version: 10.0 |
124 | | 14bc.6e8: SizeOfImage: 0x33000 (208896) |
125 | | 14bc.6e8: Resource Dir: 0x31000 LB 0x398 |
126 | | 14bc.6e8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
127 | | 14bc.6e8: [Raw version resource data: 0x31060 LB 0x338, codepage 0x0 (reserved 0x0)] |
128 | | 14bc.6e8: ProductName: Avast Antivirus |
129 | | 14bc.6e8: ProductVersion: 20.4.83.0 |
130 | | 14bc.6e8: FileVersion: 20.4.83.0 |
131 | | 14bc.6e8: FileDescription: Avast File System Filter |
132 | | 14bc.6e8: \SystemRoot\System32\drivers\aswRdr2.sys: |
133 | | 14bc.6e8: CreationTime: 2020-06-29T04:41:37.719309700Z |
134 | | 14bc.6e8: LastWriteTime: 2020-06-29T04:41:30.235915700Z |
135 | | 14bc.6e8: ChangeTime: 2020-06-29T04:41:39.409850500Z |
136 | | 14bc.6e8: FileAttributes: 0x20 |
137 | | 14bc.6e8: Size: 0x1aae0 |
138 | | 14bc.6e8: NT Headers: 0xf0 |
139 | | 14bc.6e8: Timestamp: 0x5ed4b2b6 |
140 | | 14bc.6e8: Machine: 0x8664 - amd64 |
141 | | 14bc.6e8: Timestamp: 0x5ed4b2b6 |
142 | | 14bc.6e8: Image Version: 10.0 |
143 | | 14bc.6e8: SizeOfImage: 0x1a000 (106496) |
144 | | 14bc.6e8: Resource Dir: 0x18000 LB 0x380 |
145 | | 14bc.6e8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
146 | | 14bc.6e8: [Raw version resource data: 0x18060 LB 0x31c, codepage 0x0 (reserved 0x0)] |
147 | | 14bc.6e8: ProductName: Avast Antivirus |
148 | | 14bc.6e8: ProductVersion: 20.4.83.0 |
149 | | 14bc.6e8: FileVersion: 20.4.83.0 |
150 | | 14bc.6e8: FileDescription: Avast Antivirus |
151 | | 14bc.6e8: \SystemRoot\System32\drivers\aswRvrt.sys: |
152 | | 14bc.6e8: CreationTime: 2020-06-29T04:41:37.789332100Z |
153 | | 14bc.6e8: LastWriteTime: 2020-06-29T04:41:30.345950900Z |
154 | | 14bc.6e8: ChangeTime: 2020-06-29T04:41:39.409850500Z |
155 | | 14bc.6e8: FileAttributes: 0x20 |
156 | | 14bc.6e8: Size: 0x14b78 |
157 | | 14bc.6e8: NT Headers: 0xe8 |
158 | | 14bc.6e8: Timestamp: 0x5ed4b2b6 |
159 | | 14bc.6e8: Machine: 0x8664 - amd64 |
160 | | 14bc.6e8: Timestamp: 0x5ed4b2b6 |
161 | | 14bc.6e8: Image Version: 10.0 |
162 | | 14bc.6e8: SizeOfImage: 0x13000 (77824) |
163 | | 14bc.6e8: Resource Dir: 0x11000 LB 0x378 |
164 | | 14bc.6e8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
165 | | 14bc.6e8: [Raw version resource data: 0x11060 LB 0x318, codepage 0x0 (reserved 0x0)] |
166 | | 14bc.6e8: ProductName: Avast Antivirus |
167 | | 14bc.6e8: ProductVersion: 20.4.83.0 |
168 | | 14bc.6e8: FileVersion: 20.4.83.0 |
169 | | 14bc.6e8: FileDescription: Avast Revert |
170 | | 14bc.6e8: \SystemRoot\System32\drivers\aswSnx.sys: |
171 | | 14bc.6e8: CreationTime: 2020-06-29T04:41:37.549255300Z |
172 | | 14bc.6e8: LastWriteTime: 2020-06-29T04:41:12.943378500Z |
173 | | 14bc.6e8: ChangeTime: 2020-06-29T04:41:39.409850500Z |
174 | | 14bc.6e8: FileAttributes: 0x20 |
175 | | 14bc.6e8: Size: 0xcfe98 |
176 | | 14bc.6e8: NT Headers: 0x100 |
177 | | 14bc.6e8: Timestamp: 0x5ed4b2ba |
178 | | 14bc.6e8: Machine: 0x8664 - amd64 |
179 | | 14bc.6e8: Timestamp: 0x5ed4b2ba |
180 | | 14bc.6e8: Image Version: 10.0 |
181 | | 14bc.6e8: SizeOfImage: 0xcd000 (839680) |
182 | | 14bc.6e8: Resource Dir: 0xca000 LB 0x380 |
183 | | 14bc.6e8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
184 | | 14bc.6e8: [Raw version resource data: 0xca060 LB 0x31c, codepage 0x0 (reserved 0x0)] |
185 | | 14bc.6e8: ProductName: Avast Antivirus |
186 | | 14bc.6e8: ProductVersion: 20.4.83.0 |
187 | | 14bc.6e8: FileVersion: 20.4.83.0 |
188 | | 14bc.6e8: FileDescription: Avast Antivirus |
189 | | 14bc.6e8: \SystemRoot\System32\drivers\aswsp.sys: |
190 | | 14bc.6e8: CreationTime: 2020-06-29T04:41:37.829344900Z |
191 | | 14bc.6e8: LastWriteTime: 2020-06-29T04:42:14.991232900Z |
192 | | 14bc.6e8: ChangeTime: 2020-06-29T04:42:14.991232900Z |
193 | | 14bc.6e8: FileAttributes: 0x20 |
194 | | 14bc.6e8: Size: 0x70f00 |
195 | | 14bc.6e8: NT Headers: 0xe8 |
196 | | 14bc.6e8: Timestamp: 0x5ee709ca |
197 | | 14bc.6e8: Machine: 0x8664 - amd64 |
198 | | 14bc.6e8: Timestamp: 0x5ee709ca |
199 | | 14bc.6e8: Image Version: 10.0 |
200 | | 14bc.6e8: SizeOfImage: 0x72000 (466944) |
201 | | 14bc.6e8: Resource Dir: 0x70000 LB 0x380 |
202 | | 14bc.6e8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
203 | | 14bc.6e8: [Raw version resource data: 0x70060 LB 0x320, codepage 0x0 (reserved 0x0)] |
204 | | 14bc.6e8: ProductName: Avast Antivirus |
205 | | 14bc.6e8: ProductVersion: 20.4.90.0 |
206 | | 14bc.6e8: FileVersion: 20.4.90.0 |
207 | | 14bc.6e8: FileDescription: Avast Self Protection |
208 | | 14bc.6e8: \SystemRoot\System32\drivers\aswStm.sys: |
209 | | 14bc.6e8: CreationTime: 2020-06-29T04:41:37.889364100Z |
210 | | 14bc.6e8: LastWriteTime: 2020-06-29T04:41:30.475992500Z |
211 | | 14bc.6e8: ChangeTime: 2020-06-29T04:41:39.409850500Z |
212 | | 14bc.6e8: FileAttributes: 0x20 |
213 | | 14bc.6e8: Size: 0x34ef8 |
214 | | 14bc.6e8: NT Headers: 0xf0 |
215 | | 14bc.6e8: Timestamp: 0x5ed4b2b9 |
216 | | 14bc.6e8: Machine: 0x8664 - amd64 |
217 | | 14bc.6e8: Timestamp: 0x5ed4b2b9 |
218 | | 14bc.6e8: Image Version: 10.0 |
219 | | 14bc.6e8: SizeOfImage: 0x34000 (212992) |
220 | | 14bc.6e8: Resource Dir: 0x32000 LB 0x388 |
221 | | 14bc.6e8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
222 | | 14bc.6e8: [Raw version resource data: 0x32060 LB 0x324, codepage 0x0 (reserved 0x0)] |
223 | | 14bc.6e8: ProductName: Avast Antivirus |
224 | | 14bc.6e8: ProductVersion: 20.4.83.0 |
225 | | 14bc.6e8: FileVersion: 20.4.83.0 |
226 | | 14bc.6e8: FileDescription: Avast Stream Filter |
227 | | 14bc.6e8: \SystemRoot\System32\drivers\aswVmm.sys: |
228 | | 14bc.6e8: CreationTime: 2020-06-29T04:41:37.929376900Z |
229 | | 14bc.6e8: LastWriteTime: 2020-06-29T04:42:14.240992900Z |
230 | | 14bc.6e8: ChangeTime: 2020-06-29T04:42:14.240992900Z |
231 | | 14bc.6e8: FileAttributes: 0x20 |
232 | | 14bc.6e8: Size: 0x4ead0 |
233 | | 14bc.6e8: NT Headers: 0xe8 |
234 | | 14bc.6e8: Timestamp: 0x5ede39a4 |
235 | | 14bc.6e8: Machine: 0x8664 - amd64 |
236 | | 14bc.6e8: Timestamp: 0x5ede39a4 |
237 | | 14bc.6e8: Image Version: 10.0 |
238 | | 14bc.6e8: SizeOfImage: 0x4c000 (311296) |
239 | | 14bc.6e8: Resource Dir: 0x4a000 LB 0x380 |
240 | | 14bc.6e8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
241 | | 14bc.6e8: [Raw version resource data: 0x4a060 LB 0x320, codepage 0x0 (reserved 0x0)] |
242 | | 14bc.6e8: ProductName: Avast Antivirus |
243 | | 14bc.6e8: ProductVersion: 20.4.87.0 |
244 | | 14bc.6e8: FileVersion: 20.4.87.0 |
245 | | 14bc.6e8: FileDescription: Avast VM Monitor |
246 | | 14bc.6e8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' |
247 | | 14bc.6e8: Calling main() |
248 | | 14bc.6e8: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 |
249 | | 14bc.6e8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' |
250 | | 14bc.6e8: SUPR3HardenedMain: Respawn #1 |
251 | | 14bc.6e8: System32: \Device\HarddiskVolume2\Windows\System32 |
252 | | 14bc.6e8: WinSxS: \Device\HarddiskVolume2\Windows\winsxs |
253 | | 14bc.6e8: KnownDllPath: C:\Windows\system32 |
254 | | 14bc.6e8: supR3HardenedWinInit: Performing a limited self purification... |
255 | | 14bc.6e8: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION |
256 | | 14bc.6e8: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000 |
257 | | 14bc.6e8: *0000000000010000-000000000001ffff 0x0004/0x0004 0x0040000 |
258 | | 14bc.6e8: 0000000000020000-000000000002ffff 0x0001/0x0000 0x0000000 |
259 | | 14bc.6e8: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000 |
260 | | 14bc.6e8: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000 |
261 | | 14bc.6e8: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000 |
262 | | 14bc.6e8: 0000000000041000-000000000007ffff 0x0001/0x0000 0x0000000 |
263 | | 14bc.6e8: *0000000000080000-0000000000131fff 0x0000/0x0004 0x0020000 |
264 | | 14bc.6e8: 0000000000132000-0000000000133fff 0x0104/0x0004 0x0020000 |
265 | | 14bc.6e8: 0000000000134000-000000000017ffff 0x0004/0x0004 0x0020000 |
266 | | 14bc.6e8: *0000000000180000-00000000001e6fff 0x0002/0x0002 0x0040000 |
267 | | 14bc.6e8: 00000000001e7000-000000000020ffff 0x0001/0x0000 0x0000000 |
268 | | 14bc.6e8: *0000000000210000-0000000000214fff 0x0004/0x0004 0x0020000 |
269 | | 14bc.6e8: 0000000000215000-000000000030ffff 0x0000/0x0004 0x0020000 |
270 | | 14bc.6e8: 0000000000310000-00000000003cffff 0x0001/0x0000 0x0000000 |
271 | | 14bc.6e8: *00000000003d0000-0000000000433fff 0x0004/0x0004 0x0020000 |
272 | | 14bc.6e8: 0000000000434000-000000000044ffff 0x0000/0x0004 0x0020000 |
273 | | 14bc.6e8: *0000000000450000-00000000005f9fff 0x0004/0x0004 0x0020000 |
274 | | 14bc.6e8: 00000000005fa000-0000000076f1ffff 0x0001/0x0000 0x0000000 |
275 | | 14bc.6e8: *0000000076f20000-0000000076f20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll |
276 | | 14bc.6e8: 0000000076f21000-0000000076fbbfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll |
277 | | 14bc.6e8: 0000000076fbc000-0000000077029fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll |
278 | | 14bc.6e8: 000000007702a000-000000007702bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll |
279 | | 14bc.6e8: 000000007702c000-000000007703efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll |
280 | | 14bc.6e8: 000000007703f000-000000007703ffff 0x0001/0x0000 0x0000000 |
281 | | 14bc.6e8: *0000000077040000-0000000077040fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
282 | | 14bc.6e8: 0000000077041000-0000000077142fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
283 | | 14bc.6e8: 0000000077143000-0000000077171fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
284 | | 14bc.6e8: 0000000077172000-0000000077172fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
285 | | 14bc.6e8: 0000000077173000-0000000077173fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
286 | | 14bc.6e8: 0000000077174000-0000000077174fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
287 | | 14bc.6e8: 0000000077175000-0000000077176fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
288 | | 14bc.6e8: 0000000077177000-0000000077177fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
289 | | 14bc.6e8: 0000000077178000-0000000077178fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
290 | | 14bc.6e8: 0000000077179000-000000007717afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
291 | | 14bc.6e8: 000000007717b000-000000007717dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
292 | | 14bc.6e8: 000000007717e000-00000000771e8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
293 | | 14bc.6e8: 00000000771e9000-000000007efdffff 0x0001/0x0000 0x0000000 |
294 | | 14bc.6e8: *000000007efe0000-000000007efe4fff 0x0002/0x0002 0x0040000 |
295 | | 14bc.6e8: 000000007efe5000-000000007f0dffff 0x0000/0x0002 0x0040000 |
296 | | 14bc.6e8: *000000007f0e0000-000000007ffdffff 0x0000/0x0002 0x0020000 |
297 | | 14bc.6e8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 |
298 | | 14bc.6e8: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 |
299 | | 14bc.6e8: 000000007fff0000-000000013f3fffff 0x0001/0x0000 0x0000000 |
300 | | 14bc.6e8: *000000013f400000-000000013f400fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
301 | | 14bc.6e8: 000000013f401000-000000013f476fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
302 | | 14bc.6e8: 000000013f477000-000000013f477fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
303 | | 14bc.6e8: 000000013f478000-000000013f4bffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
304 | | 14bc.6e8: 000000013f4c0000-000000013f4c2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
305 | | 14bc.6e8: 000000013f4c3000-000000013f4c5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
306 | | 14bc.6e8: 000000013f4c6000-000000013f4c8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
307 | | 14bc.6e8: 000000013f4c9000-000000013f4c9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
308 | | 14bc.6e8: 000000013f4ca000-000000013f4cbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
309 | | 14bc.6e8: 000000013f4cc000-000000013f4ccfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
310 | | 14bc.6e8: 000000013f4cd000-000000013f515fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
311 | | 14bc.6e8: 000000013f516000-000007fefd1effff 0x0001/0x0000 0x0000000 |
312 | | 14bc.6e8: *000007fefd1f0000-000007fefd1f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll |
313 | | 14bc.6e8: 000007fefd1f1000-000007fefd23afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll |
314 | | 14bc.6e8: 000007fefd23b000-000007fefd250fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll |
315 | | 14bc.6e8: 000007fefd251000-000007fefd252fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll |
316 | | 14bc.6e8: 000007fefd253000-000007fefd25bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll |
317 | | 14bc.6e8: 000007fefd25c000-000007feff35ffff 0x0001/0x0000 0x0000000 |
318 | | 14bc.6e8: *000007feff360000-000007feff360fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll |
319 | | 14bc.6e8: 000007feff361000-000007fffffaffff 0x0001/0x0000 0x0000000 |
320 | | 14bc.6e8: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000 |
321 | | 14bc.6e8: 000007fffffd3000-000007fffffd5fff 0x0001/0x0000 0x0000000 |
322 | | 14bc.6e8: *000007fffffd6000-000007fffffd6fff 0x0004/0x0004 0x0020000 |
323 | | 14bc.6e8: 000007fffffd7000-000007fffffddfff 0x0001/0x0000 0x0000000 |
324 | | 14bc.6e8: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000 |
325 | | 14bc.6e8: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000 |
326 | | 14bc.6e8: apisetschema.dll: timestamp 0x54d04096 (rc=VINF_SUCCESS) |
327 | | 14bc.6e8: kernelbase.dll: timestamp 0x4dce2b0e (rc=VINF_SUCCESS) |
328 | | 14bc.6e8: VirtualBoxVM.exe: timestamp 0x5ed9201b (rc=VINF_SUCCESS) |
329 | | 14bc.6e8: kernel32.dll: timestamp 0x4dce2b0d (rc=VINF_SUCCESS) |
330 | | 14bc.6e8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports |
331 | | 14bc.6e8: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports |
332 | | 14bc.6e8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports |
333 | | 14bc.6e8: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0 |
334 | | 14bc.6e8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports |
335 | | 14bc.6e8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) |
336 | | 14bc.6e8: supR3HardNtEnableThreadCreationEx: |
337 | | 14bc.6e8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007706c320 pvNtTerminateThread=0000000077091840 |
338 | | 14bc.6e8: supR3HardenedWinDoReSpawn(1): New child 1580.d10 [kernel32]. |
339 | | 14bc.6e8: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdd000 cbPeb=0x380 |
340 | | 14bc.6e8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077040000 uNtDllChildAddr=0000000077040000 |
341 | | 14bc.6e8: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007706c320 |
342 | | 14bc.6e8: supR3HardenedWinSetupChildInit: Initial context: |
343 | | rax=0000000000000000 rbx=0000000000000000 rcx=000000013f407900 rdx=000007fffffdd000 |
344 | | rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000 |
345 | | r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 |
346 | | r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000 |
347 | | rip=000000007706c500 rsp=000000000024fe18 rbp=0000000000000000 ctxflags=0010001b |
348 | | cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80 |
349 | | P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000 |
350 | | dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000 |
351 | | dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000 |
352 | | lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000 |
353 | | 14bc.6e8: supR3HardenedWinSetupChildInit: Start child. |
354 | | 14bc.6e8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. |
355 | | 14bc.6e8: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 51 sleeps |
356 | | 14bc.6e8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION |
357 | | 14bc.6e8: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000 |
358 | | 14bc.6e8: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000 |
359 | | 14bc.6e8: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000 |
360 | | 14bc.6e8: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000 |
361 | | 14bc.6e8: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000 |
362 | | 14bc.6e8: 0000000000041000-000000000014ffff 0x0001/0x0000 0x0000000 |
363 | | 14bc.6e8: *0000000000150000-000000000024bfff 0x0000/0x0004 0x0020000 |
364 | | 14bc.6e8: 000000000024c000-000000000024dfff 0x0104/0x0004 0x0020000 |
365 | | 14bc.6e8: 000000000024e000-000000000024ffff 0x0004/0x0004 0x0020000 |
366 | | 14bc.6e8: 0000000000250000-000000007703ffff 0x0001/0x0000 0x0000000 |
367 | | 14bc.6e8: *0000000077040000-0000000077040fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
368 | | 14bc.6e8: 0000000077041000-0000000077142fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
369 | | 14bc.6e8: 0000000077143000-0000000077171fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
370 | | 14bc.6e8: 0000000077172000-000000007717dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
371 | | 14bc.6e8: 000000007717e000-00000000771e8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
372 | | 14bc.6e8: 00000000771e9000-000000007efdffff 0x0001/0x0000 0x0000000 |
373 | | 14bc.6e8: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000 |
374 | | 14bc.6e8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 |
375 | | 14bc.6e8: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 |
376 | | 14bc.6e8: 000000007fff0000-000000013f3fffff 0x0001/0x0000 0x0000000 |
377 | | 14bc.6e8: *000000013f400000-000000013f400fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
378 | | 14bc.6e8: 000000013f401000-000000013f476fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
379 | | 14bc.6e8: 000000013f477000-000000013f477fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
380 | | 14bc.6e8: 000000013f478000-000000013f4bffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
381 | | 14bc.6e8: 000000013f4c0000-000000013f4c0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
382 | | 14bc.6e8: 000000013f4c1000-000000013f4c1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
383 | | 14bc.6e8: 000000013f4c2000-000000013f4c6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
384 | | 14bc.6e8: 000000013f4c7000-000000013f4c7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
385 | | 14bc.6e8: 000000013f4c8000-000000013f4c8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
386 | | 14bc.6e8: 000000013f4c9000-000000013f4ccfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
387 | | 14bc.6e8: 000000013f4cd000-000000013f515fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
388 | | 14bc.6e8: 000000013f516000-000007feff35ffff 0x0001/0x0000 0x0000000 |
389 | | 14bc.6e8: *000007feff360000-000007feff360fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll |
390 | | 14bc.6e8: 000007feff361000-000007fffffaffff 0x0001/0x0000 0x0000000 |
391 | | 14bc.6e8: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000 |
392 | | 14bc.6e8: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000 |
393 | | 14bc.6e8: *000007fffffdd000-000007fffffddfff 0x0004/0x0004 0x0020000 |
394 | | 14bc.6e8: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000 |
395 | | 14bc.6e8: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000 |
396 | | 14bc.6e8: supR3HardNtChildPurify: Done after 525 ms and 0 fixes (loop #0). |
397 | | 14bc.6e8: supR3HardNtEnableThreadCreationEx: |
398 | | 1580.d10: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100 |
399 | | 1580.d10: supR3HardenedVmProcessInit: uNtDllAddr=0000000077040000 g_uNtVerCombined=0x611db100 (stack ~000000000024f8c8) |
400 | | 1580.d10: ntdll.dll: timestamp 0x4ce7c8f9 (rc=VINF_SUCCESS) |
401 | | 1580.d10: New simple heap: #1 0000000000250000 LB 0x400000 (for 1740800 allocation) |
402 | | 1580.d10: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' |
403 | | 1580.d10: System32: \Device\HarddiskVolume2\Windows\System32 |
404 | | 1580.d10: WinSxS: \Device\HarddiskVolume2\Windows\winsxs |
405 | | 1580.d10: KnownDllPath: C:\Windows\system32 |
406 | | 1580.d10: supR3HardenedVmProcessInit: Opening vboxdrv stub... |
407 | | 1580.d10: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... |
408 | | 1580.d10: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... |
409 | | 1580.d10: Registered Dll notification callback with NTDLL. |
410 | | 1580.d10: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) |
411 | | 1580.d10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll |
412 | | 1580.d10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling] |
413 | | 1580.d10: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] |
414 | | 1580.d10: supR3HardenedDllNotificationCallback: load 0000000076f20000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0] |
415 | | 1580.d10: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] |
416 | | 1580.d10: supR3HardenedDllNotificationCallback: load 000007fefd1f0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] |
417 | | 1580.d10: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) |
418 | | 1580.d10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll |
419 | | 1580.d10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f20000 'C:\Windows\system32\kernel32.dll' |
420 | | 1580.d10: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007706c320 pvNtTerminateThread=0000000077091840 |
421 | | 14bc.6e8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 81 ms. |
422 | | 1580.d10: \SystemRoot\System32\ntdll.dll: |
423 | | 1580.d10: CreationTime: 2010-11-21T03:23:51.351694200Z |
424 | | 1580.d10: LastWriteTime: 2010-11-21T03:23:51.367294200Z |
425 | | 1580.d10: ChangeTime: 2020-06-28T00:33:12.954124600Z |
426 | | 1580.d10: FileAttributes: 0x20 |
427 | | 1580.d10: Size: 0x1a6d60 |
428 | | 1580.d10: NT Headers: 0xe0 |
429 | | 1580.d10: Timestamp: 0x4ce7c8f9 |
430 | | 1580.d10: Machine: 0x8664 - amd64 |
431 | | 1580.d10: Timestamp: 0x4ce7c8f9 |
432 | | 1580.d10: Image Version: 6.1 |
433 | | 1580.d10: SizeOfImage: 0x1a9000 (1740800) |
434 | | 1580.d10: Resource Dir: 0x151000 LB 0x560d8 |
435 | | 1580.d10: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] |
436 | | 1580.d10: [Raw version resource data: 0x1510f0 LB 0x380, codepage 0x0 (reserved 0x0)] |
437 | | 1580.d10: ProductName: Microsoft® Windows® Operating System |
438 | | 1580.d10: ProductVersion: 6.1.7601.17514 |
439 | | 1580.d10: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
440 | | 1580.d10: FileDescription: NT Layer DLL |
441 | | 1580.d10: \SystemRoot\System32\kernel32.dll: |
442 | | 1580.d10: CreationTime: 2020-06-29T07:05:55.386627700Z |
443 | | 1580.d10: LastWriteTime: 2011-05-14T07:20:00.106000000Z |
444 | | 1580.d10: ChangeTime: 2020-06-29T07:06:45.519519800Z |
445 | | 1580.d10: FileAttributes: 0x20 |
446 | | 1580.d10: Size: 0x11be00 |
447 | | 1580.d10: NT Headers: 0xe8 |
448 | | 1580.d10: Timestamp: 0x4dce2b0d |
449 | | 1580.d10: Machine: 0x8664 - amd64 |
450 | | 1580.d10: Timestamp: 0x4dce2b0d |
451 | | 1580.d10: Image Version: 6.1 |
452 | | 1580.d10: SizeOfImage: 0x11f000 (1175552) |
453 | | 1580.d10: Resource Dir: 0x116000 LB 0x528 |
454 | | 1580.d10: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] |
455 | | 1580.d10: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] |
456 | | 1580.d10: ProductName: Microsoft® Windows® Operating System |
457 | | 1580.d10: ProductVersion: 6.1.7601.17617 |
458 | | 1580.d10: FileVersion: 6.1.7601.17617 (win7sp1_gdr.110513-1659) |
459 | | 1580.d10: FileDescription: Windows NT BASE API Client DLL |
460 | | 1580.d10: \SystemRoot\System32\KernelBase.dll: |
461 | | 1580.d10: CreationTime: 2020-06-29T07:05:55.916628400Z |
462 | | 1580.d10: LastWriteTime: 2011-05-14T07:20:00.247000000Z |
463 | | 1580.d10: ChangeTime: 2020-06-29T07:06:45.519519800Z |
464 | | 1580.d10: FileAttributes: 0x20 |
465 | | 1580.d10: Size: 0x67000 |
466 | | 1580.d10: NT Headers: 0xe8 |
467 | | 1580.d10: Timestamp: 0x4dce2b0e |
468 | | 1580.d10: Machine: 0x8664 - amd64 |
469 | | 1580.d10: Timestamp: 0x4dce2b0e |
470 | | 1580.d10: Image Version: 6.1 |
471 | | 1580.d10: SizeOfImage: 0x6c000 (442368) |
472 | | 1580.d10: Resource Dir: 0x6a000 LB 0x530 |
473 | | 1580.d10: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] |
474 | | 1580.d10: [Raw version resource data: 0x6a0b0 LB 0x3ac, codepage 0x0 (reserved 0x0)] |
475 | | 1580.d10: ProductName: Microsoft® Windows® Operating System |
476 | | 1580.d10: ProductVersion: 6.1.7601.17617 |
477 | | 1580.d10: FileVersion: 6.1.7601.17617 (win7sp1_gdr.110513-1659) |
478 | | 1580.d10: FileDescription: Windows NT BASE API Client DLL |
479 | | 1580.d10: \SystemRoot\System32\apisetschema.dll: |
480 | | 1580.d10: CreationTime: 2020-06-29T08:41:18.865836100Z |
481 | | 1580.d10: LastWriteTime: 2015-02-03T03:28:14.008000000Z |
482 | | 1580.d10: ChangeTime: 2020-06-29T10:26:19.937919000Z |
483 | | 1580.d10: FileAttributes: 0x20 |
484 | | 1580.d10: Size: 0x1a00 |
485 | | 1580.d10: NT Headers: 0xc0 |
486 | | 1580.d10: Timestamp: 0x54d04096 |
487 | | 1580.d10: Machine: 0x8664 - amd64 |
488 | | 1580.d10: Timestamp: 0x54d04096 |
489 | | 1580.d10: Image Version: 6.1 |
490 | | 1580.d10: SizeOfImage: 0x50000 (327680) |
491 | | 1580.d10: Resource Dir: 0x30000 LB 0x3f8 |
492 | | 1580.d10: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
493 | | 1580.d10: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)] |
494 | | 1580.d10: ProductName: Microsoft® Windows® Operating System |
495 | | 1580.d10: ProductVersion: 6.1.7601.18741 |
496 | | 1580.d10: FileVersion: 6.1.7601.18741 (win7sp1_gdr.150202-1526) |
497 | | 1580.d10: FileDescription: ApiSet Schema DLL |
498 | | 1580.d10: Found driver aswVmm (0x4) |
499 | | 1580.d10: Found driver aswStm (0x4) |
500 | | 1580.d10: Found driver aswRvrt (0x4) |
501 | | 1580.d10: supR3HardenedWinFindAdversaries: 0x4 |
502 | | 1580.d10: \SystemRoot\System32\drivers\aswMonFlt.sys: |
503 | | 1580.d10: CreationTime: 2020-06-29T04:41:37.759322500Z |
504 | | 1580.d10: LastWriteTime: 2020-06-29T04:41:30.295934900Z |
505 | | 1580.d10: ChangeTime: 2020-06-29T04:41:39.409850500Z |
506 | | 1580.d10: FileAttributes: 0x20 |
507 | | 1580.d10: Size: 0x2ac68 |
508 | | 1580.d10: NT Headers: 0xf0 |
509 | | 1580.d10: Timestamp: 0x5ed4b2b6 |
510 | | 1580.d10: Machine: 0x8664 - amd64 |
511 | | 1580.d10: Timestamp: 0x5ed4b2b6 |
512 | | 1580.d10: Image Version: 10.0 |
513 | | 1580.d10: SizeOfImage: 0x33000 (208896) |
514 | | 1580.d10: Resource Dir: 0x31000 LB 0x398 |
515 | | 1580.d10: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
516 | | 1580.d10: [Raw version resource data: 0x31060 LB 0x338, codepage 0x0 (reserved 0x0)] |
517 | | 1580.d10: ProductName: Avast Antivirus |
518 | | 1580.d10: ProductVersion: 20.4.83.0 |
519 | | 1580.d10: FileVersion: 20.4.83.0 |
520 | | 1580.d10: FileDescription: Avast File System Filter |
521 | | 1580.d10: \SystemRoot\System32\drivers\aswRdr2.sys: |
522 | | 1580.d10: CreationTime: 2020-06-29T04:41:37.719309700Z |
523 | | 1580.d10: LastWriteTime: 2020-06-29T04:41:30.235915700Z |
524 | | 1580.d10: ChangeTime: 2020-06-29T04:41:39.409850500Z |
525 | | 1580.d10: FileAttributes: 0x20 |
526 | | 1580.d10: Size: 0x1aae0 |
527 | | 1580.d10: NT Headers: 0xf0 |
528 | | 1580.d10: Timestamp: 0x5ed4b2b6 |
529 | | 1580.d10: Machine: 0x8664 - amd64 |
530 | | 1580.d10: Timestamp: 0x5ed4b2b6 |
531 | | 1580.d10: Image Version: 10.0 |
532 | | 1580.d10: SizeOfImage: 0x1a000 (106496) |
533 | | 1580.d10: Resource Dir: 0x18000 LB 0x380 |
534 | | 1580.d10: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
535 | | 1580.d10: [Raw version resource data: 0x18060 LB 0x31c, codepage 0x0 (reserved 0x0)] |
536 | | 1580.d10: ProductName: Avast Antivirus |
537 | | 1580.d10: ProductVersion: 20.4.83.0 |
538 | | 1580.d10: FileVersion: 20.4.83.0 |
539 | | 1580.d10: FileDescription: Avast Antivirus |
540 | | 1580.d10: \SystemRoot\System32\drivers\aswRvrt.sys: |
541 | | 1580.d10: CreationTime: 2020-06-29T04:41:37.789332100Z |
542 | | 1580.d10: LastWriteTime: 2020-06-29T04:41:30.345950900Z |
543 | | 1580.d10: ChangeTime: 2020-06-29T04:41:39.409850500Z |
544 | | 1580.d10: FileAttributes: 0x20 |
545 | | 1580.d10: Size: 0x14b78 |
546 | | 1580.d10: NT Headers: 0xe8 |
547 | | 1580.d10: Timestamp: 0x5ed4b2b6 |
548 | | 1580.d10: Machine: 0x8664 - amd64 |
549 | | 1580.d10: Timestamp: 0x5ed4b2b6 |
550 | | 1580.d10: Image Version: 10.0 |
551 | | 1580.d10: SizeOfImage: 0x13000 (77824) |
552 | | 1580.d10: Resource Dir: 0x11000 LB 0x378 |
553 | | 1580.d10: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
554 | | 1580.d10: [Raw version resource data: 0x11060 LB 0x318, codepage 0x0 (reserved 0x0)] |
555 | | 1580.d10: ProductName: Avast Antivirus |
556 | | 1580.d10: ProductVersion: 20.4.83.0 |
557 | | 1580.d10: FileVersion: 20.4.83.0 |
558 | | 1580.d10: FileDescription: Avast Revert |
559 | | 1580.d10: \SystemRoot\System32\drivers\aswSnx.sys: |
560 | | 1580.d10: CreationTime: 2020-06-29T04:41:37.549255300Z |
561 | | 1580.d10: LastWriteTime: 2020-06-29T04:41:12.943378500Z |
562 | | 1580.d10: ChangeTime: 2020-06-29T04:41:39.409850500Z |
563 | | 1580.d10: FileAttributes: 0x20 |
564 | | 1580.d10: Size: 0xcfe98 |
565 | | 1580.d10: NT Headers: 0x100 |
566 | | 1580.d10: Timestamp: 0x5ed4b2ba |
567 | | 1580.d10: Machine: 0x8664 - amd64 |
568 | | 1580.d10: Timestamp: 0x5ed4b2ba |
569 | | 1580.d10: Image Version: 10.0 |
570 | | 1580.d10: SizeOfImage: 0xcd000 (839680) |
571 | | 1580.d10: Resource Dir: 0xca000 LB 0x380 |
572 | | 1580.d10: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
573 | | 1580.d10: [Raw version resource data: 0xca060 LB 0x31c, codepage 0x0 (reserved 0x0)] |
574 | | 1580.d10: ProductName: Avast Antivirus |
575 | | 1580.d10: ProductVersion: 20.4.83.0 |
576 | | 1580.d10: FileVersion: 20.4.83.0 |
577 | | 1580.d10: FileDescription: Avast Antivirus |
578 | | 1580.d10: \SystemRoot\System32\drivers\aswsp.sys: |
579 | | 1580.d10: CreationTime: 2020-06-29T04:41:37.829344900Z |
580 | | 1580.d10: LastWriteTime: 2020-06-29T04:42:14.991232900Z |
581 | | 1580.d10: ChangeTime: 2020-06-29T04:42:14.991232900Z |
582 | | 1580.d10: FileAttributes: 0x20 |
583 | | 1580.d10: Size: 0x70f00 |
584 | | 1580.d10: NT Headers: 0xe8 |
585 | | 1580.d10: Timestamp: 0x5ee709ca |
586 | | 1580.d10: Machine: 0x8664 - amd64 |
587 | | 1580.d10: Timestamp: 0x5ee709ca |
588 | | 1580.d10: Image Version: 10.0 |
589 | | 1580.d10: SizeOfImage: 0x72000 (466944) |
590 | | 1580.d10: Resource Dir: 0x70000 LB 0x380 |
591 | | 1580.d10: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
592 | | 1580.d10: [Raw version resource data: 0x70060 LB 0x320, codepage 0x0 (reserved 0x0)] |
593 | | 1580.d10: ProductName: Avast Antivirus |
594 | | 1580.d10: ProductVersion: 20.4.90.0 |
595 | | 1580.d10: FileVersion: 20.4.90.0 |
596 | | 1580.d10: FileDescription: Avast Self Protection |
597 | | 1580.d10: \SystemRoot\System32\drivers\aswStm.sys: |
598 | | 1580.d10: CreationTime: 2020-06-29T04:41:37.889364100Z |
599 | | 1580.d10: LastWriteTime: 2020-06-29T04:41:30.475992500Z |
600 | | 1580.d10: ChangeTime: 2020-06-29T04:41:39.409850500Z |
601 | | 1580.d10: FileAttributes: 0x20 |
602 | | 1580.d10: Size: 0x34ef8 |
603 | | 1580.d10: NT Headers: 0xf0 |
604 | | 1580.d10: Timestamp: 0x5ed4b2b9 |
605 | | 1580.d10: Machine: 0x8664 - amd64 |
606 | | 1580.d10: Timestamp: 0x5ed4b2b9 |
607 | | 1580.d10: Image Version: 10.0 |
608 | | 1580.d10: SizeOfImage: 0x34000 (212992) |
609 | | 1580.d10: Resource Dir: 0x32000 LB 0x388 |
610 | | 1580.d10: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
611 | | 1580.d10: [Raw version resource data: 0x32060 LB 0x324, codepage 0x0 (reserved 0x0)] |
612 | | 1580.d10: ProductName: Avast Antivirus |
613 | | 1580.d10: ProductVersion: 20.4.83.0 |
614 | | 1580.d10: FileVersion: 20.4.83.0 |
615 | | 1580.d10: FileDescription: Avast Stream Filter |
616 | | 1580.d10: \SystemRoot\System32\drivers\aswVmm.sys: |
617 | | 1580.d10: CreationTime: 2020-06-29T04:41:37.929376900Z |
618 | | 1580.d10: LastWriteTime: 2020-06-29T04:42:14.240992900Z |
619 | | 1580.d10: ChangeTime: 2020-06-29T04:42:14.240992900Z |
620 | | 1580.d10: FileAttributes: 0x20 |
621 | | 1580.d10: Size: 0x4ead0 |
622 | | 1580.d10: NT Headers: 0xe8 |
623 | | 1580.d10: Timestamp: 0x5ede39a4 |
624 | | 1580.d10: Machine: 0x8664 - amd64 |
625 | | 1580.d10: Timestamp: 0x5ede39a4 |
626 | | 1580.d10: Image Version: 10.0 |
627 | | 1580.d10: SizeOfImage: 0x4c000 (311296) |
628 | | 1580.d10: Resource Dir: 0x4a000 LB 0x380 |
629 | | 1580.d10: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
630 | | 1580.d10: [Raw version resource data: 0x4a060 LB 0x320, codepage 0x0 (reserved 0x0)] |
631 | | 1580.d10: ProductName: Avast Antivirus |
632 | | 1580.d10: ProductVersion: 20.4.87.0 |
633 | | 1580.d10: FileVersion: 20.4.87.0 |
634 | | 1580.d10: FileDescription: Avast VM Monitor |
635 | | 1580.d10: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' |
636 | | 1580.d10: Calling main() |
637 | | 1580.d10: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 |
638 | | 1580.d10: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' |
639 | | 1580.d10: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports |
640 | | 1580.d10: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) |
641 | | 1580.d10: SUPR3HardenedMain: Respawn #2 |
642 | | 1580.d10: supR3HardNtEnableThreadCreationEx: |
643 | | 1580.d10: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) |
644 | | 1580.d10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll |
645 | | 1580.d10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling] |
646 | | 1580.d10: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust] |
647 | | 1580.d10: supR3HardenedDllNotificationCallback: load 000007fefce60000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0] |
648 | | 1580.d10: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust] |
649 | | 1580.d10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce60000 'C:\Windows\system32\apphelp.dll' |
650 | | 1580.d10: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007706c320 pvNtTerminateThread=0000000077091840 |
651 | | 1580.d10: supR3HardenedWinDoReSpawn(2): New child 1430.1484 [kernel32]. |
652 | | 1580.d10: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380 |
653 | | 1580.d10: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077040000 uNtDllChildAddr=0000000077040000 |
654 | | 1580.d10: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007706c320 |
655 | | 1580.d10: supR3HardenedWinSetupChildInit: Initial context: |
656 | | rax=0000000000000000 rbx=0000000000000000 rcx=000000013f407900 rdx=000007fffffdf000 |
657 | | rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000 |
658 | | r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 |
659 | | r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000 |
660 | | rip=000000007706c500 rsp=000000000031f8a8 rbp=0000000000000000 ctxflags=0010001b |
661 | | cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80 |
662 | | P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000 |
663 | | dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000 |
664 | | dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000 |
665 | | lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000 |
666 | | 1580.d10: kernel32.dll: timestamp 0x4dce2b0d (rc=VINF_SUCCESS) |
667 | | 1580.d10: supR3HardenedWinSetupChildInit: Start child. |
668 | | 1580.d10: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. |
669 | | 1580.d10: supR3HardNtChildPurify: Startup delay kludge #1/0: 518 ms, 51 sleeps |
670 | | 1580.d10: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION |
671 | | 1580.d10: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000 |
672 | | 1580.d10: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000 |
673 | | 1580.d10: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000 |
674 | | 1580.d10: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000 |
675 | | 1580.d10: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000 |
676 | | 1580.d10: 0000000000041000-000000000021ffff 0x0001/0x0000 0x0000000 |
677 | | 1580.d10: *0000000000220000-000000000031bfff 0x0000/0x0004 0x0020000 |
678 | | 1580.d10: 000000000031c000-000000000031dfff 0x0104/0x0004 0x0020000 |
679 | | 1580.d10: 000000000031e000-000000000031ffff 0x0004/0x0004 0x0020000 |
680 | | 1580.d10: 0000000000320000-000000007703ffff 0x0001/0x0000 0x0000000 |
681 | | 1580.d10: *0000000077040000-0000000077040fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
682 | | 1580.d10: 0000000077041000-0000000077142fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
683 | | 1580.d10: 0000000077143000-0000000077171fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
684 | | 1580.d10: 0000000077172000-000000007717dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
685 | | 1580.d10: 000000007717e000-00000000771e8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll |
686 | | 1580.d10: 00000000771e9000-000000007efdffff 0x0001/0x0000 0x0000000 |
687 | | 1580.d10: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000 |
688 | | 1580.d10: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 |
689 | | 1580.d10: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 |
690 | | 1580.d10: 000000007fff0000-000000013f3fffff 0x0001/0x0000 0x0000000 |
691 | | 1580.d10: *000000013f400000-000000013f400fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
692 | | 1580.d10: 000000013f401000-000000013f476fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
693 | | 1580.d10: 000000013f477000-000000013f477fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
694 | | 1580.d10: 000000013f478000-000000013f4bffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
695 | | 1580.d10: 000000013f4c0000-000000013f4c0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
696 | | 1580.d10: 000000013f4c1000-000000013f4c1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
697 | | 1580.d10: 000000013f4c2000-000000013f4c6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
698 | | 1580.d10: 000000013f4c7000-000000013f4c7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
699 | | 1580.d10: 000000013f4c8000-000000013f4c8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
700 | | 1580.d10: 000000013f4c9000-000000013f4ccfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
701 | | 1580.d10: 000000013f4cd000-000000013f515fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe |
702 | | 1580.d10: 000000013f516000-000007feff35ffff 0x0001/0x0000 0x0000000 |
703 | | 1580.d10: *000007feff360000-000007feff360fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll |
704 | | 1580.d10: 000007feff361000-000007fffffaffff 0x0001/0x0000 0x0000000 |
705 | | 1580.d10: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000 |
706 | | 1580.d10: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000 |
707 | | 1580.d10: *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000 |
708 | | 1580.d10: *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000 |
709 | | 1580.d10: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000 |
710 | | 1580.d10: apisetschema.dll: timestamp 0x54d04096 (rc=VINF_SUCCESS) |
711 | | 1580.d10: VirtualBoxVM.exe: timestamp 0x5ed9201b (rc=VINF_SUCCESS) |
712 | | 1580.d10: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports |
713 | | 1580.d10: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports |
714 | | 1580.d10: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports |
715 | | 1580.d10: supR3HardNtChildPurify: Done after 585 ms and 0 fixes (loop #0). |
716 | | 1430.1484: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100 |
717 | | 1430.1484: supR3HardenedVmProcessInit: uNtDllAddr=0000000077040000 g_uNtVerCombined=0x611db100 (stack ~000000000031f358) |
718 | | 1580.d10: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000250000 LB 0x400000) |
719 | | 1580.d10: supR3HardNtEnableThreadCreationEx: |
720 | | 1430.1484: ntdll.dll: timestamp 0x4ce7c8f9 (rc=VINF_SUCCESS) |
721 | | 1430.1484: New simple heap: #1 0000000000320000 LB 0x400000 (for 1740800 allocation) |
722 | | 1430.1484: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' |
723 | | 1430.1484: System32: \Device\HarddiskVolume2\Windows\System32 |
724 | | 1430.1484: WinSxS: \Device\HarddiskVolume2\Windows\winsxs |
725 | | 1430.1484: KnownDllPath: C:\Windows\system32 |
726 | | 1430.1484: supR3HardenedVmProcessInit: Opening vboxdrv... |
727 | | 1430.1484: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... |
728 | | 1430.1484: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... |
729 | | 1430.1484: Registered Dll notification callback with NTDLL. |
730 | | 1430.1484: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) |
731 | | 1430.1484: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll |
732 | | 1430.1484: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling] |
733 | | 1430.1484: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] |
734 | | 1430.1484: supR3HardenedDllNotificationCallback: load 0000000076f20000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0] |
735 | | 1430.1484: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] |
736 | | 1430.1484: supR3HardenedDllNotificationCallback: load 000007fefd1f0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] |
737 | | 1430.1484: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) |
738 | | 1430.1484: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll |
739 | | 1430.1484: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f20000 'C:\Windows\system32\kernel32.dll' |
740 | | 1430.1484: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007706c320 pvNtTerminateThread=0000000077091840 |
741 | | 1580.d10: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 80 ms. |
742 | | 1430.1484: \SystemRoot\System32\ntdll.dll: |
743 | | 1430.1484: CreationTime: 2010-11-21T03:23:51.351694200Z |
744 | | 1430.1484: LastWriteTime: 2010-11-21T03:23:51.367294200Z |
745 | | 1430.1484: ChangeTime: 2020-06-28T00:33:12.954124600Z |
746 | | 1430.1484: FileAttributes: 0x20 |
747 | | 1430.1484: Size: 0x1a6d60 |
748 | | 1430.1484: NT Headers: 0xe0 |
749 | | 1430.1484: Timestamp: 0x4ce7c8f9 |
750 | | 1430.1484: Machine: 0x8664 - amd64 |
751 | | 1430.1484: Timestamp: 0x4ce7c8f9 |
752 | | 1430.1484: Image Version: 6.1 |
753 | | 1430.1484: SizeOfImage: 0x1a9000 (1740800) |
754 | | 1430.1484: Resource Dir: 0x151000 LB 0x560d8 |
755 | | 1430.1484: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] |
756 | | 1430.1484: [Raw version resource data: 0x1510f0 LB 0x380, codepage 0x0 (reserved 0x0)] |
757 | | 1430.1484: ProductName: Microsoft® Windows® Operating System |
758 | | 1430.1484: ProductVersion: 6.1.7601.17514 |
759 | | 1430.1484: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
760 | | 1430.1484: FileDescription: NT Layer DLL |
761 | | 1430.1484: \SystemRoot\System32\kernel32.dll: |
762 | | 1430.1484: CreationTime: 2020-06-29T07:05:55.386627700Z |
763 | | 1430.1484: LastWriteTime: 2011-05-14T07:20:00.106000000Z |
764 | | 1430.1484: ChangeTime: 2020-06-29T07:06:45.519519800Z |
765 | | 1430.1484: FileAttributes: 0x20 |
766 | | 1430.1484: Size: 0x11be00 |
767 | | 1430.1484: NT Headers: 0xe8 |
768 | | 1430.1484: Timestamp: 0x4dce2b0d |
769 | | 1430.1484: Machine: 0x8664 - amd64 |
770 | | 1430.1484: Timestamp: 0x4dce2b0d |
771 | | 1430.1484: Image Version: 6.1 |
772 | | 1430.1484: SizeOfImage: 0x11f000 (1175552) |
773 | | 1430.1484: Resource Dir: 0x116000 LB 0x528 |
774 | | 1430.1484: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] |
775 | | 1430.1484: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] |
776 | | 1430.1484: ProductName: Microsoft® Windows® Operating System |
777 | | 1430.1484: ProductVersion: 6.1.7601.17617 |
778 | | 1430.1484: FileVersion: 6.1.7601.17617 (win7sp1_gdr.110513-1659) |
779 | | 1430.1484: FileDescription: Windows NT BASE API Client DLL |
780 | | 1430.1484: \SystemRoot\System32\KernelBase.dll: |
781 | | 1430.1484: CreationTime: 2020-06-29T07:05:55.916628400Z |
782 | | 1430.1484: LastWriteTime: 2011-05-14T07:20:00.247000000Z |
783 | | 1430.1484: ChangeTime: 2020-06-29T07:06:45.519519800Z |
784 | | 1430.1484: FileAttributes: 0x20 |
785 | | 1430.1484: Size: 0x67000 |
786 | | 1430.1484: NT Headers: 0xe8 |
787 | | 1430.1484: Timestamp: 0x4dce2b0e |
788 | | 1430.1484: Machine: 0x8664 - amd64 |
789 | | 1430.1484: Timestamp: 0x4dce2b0e |
790 | | 1430.1484: Image Version: 6.1 |
791 | | 1430.1484: SizeOfImage: 0x6c000 (442368) |
792 | | 1430.1484: Resource Dir: 0x6a000 LB 0x530 |
793 | | 1430.1484: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] |
794 | | 1430.1484: [Raw version resource data: 0x6a0b0 LB 0x3ac, codepage 0x0 (reserved 0x0)] |
795 | | 1430.1484: ProductName: Microsoft® Windows® Operating System |
796 | | 1430.1484: ProductVersion: 6.1.7601.17617 |
797 | | 1430.1484: FileVersion: 6.1.7601.17617 (win7sp1_gdr.110513-1659) |
798 | | 1430.1484: FileDescription: Windows NT BASE API Client DLL |
799 | | 1430.1484: \SystemRoot\System32\apisetschema.dll: |
800 | | 1430.1484: CreationTime: 2020-06-29T08:41:18.865836100Z |
801 | | 1430.1484: LastWriteTime: 2015-02-03T03:28:14.008000000Z |
802 | | 1430.1484: ChangeTime: 2020-06-29T10:26:19.937919000Z |
803 | | 1430.1484: FileAttributes: 0x20 |
804 | | 1430.1484: Size: 0x1a00 |
805 | | 1430.1484: NT Headers: 0xc0 |
806 | | 1430.1484: Timestamp: 0x54d04096 |
807 | | 1430.1484: Machine: 0x8664 - amd64 |
808 | | 1430.1484: Timestamp: 0x54d04096 |
809 | | 1430.1484: Image Version: 6.1 |
810 | | 1430.1484: SizeOfImage: 0x50000 (327680) |
811 | | 1430.1484: Resource Dir: 0x30000 LB 0x3f8 |
812 | | 1430.1484: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
813 | | 1430.1484: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)] |
814 | | 1430.1484: ProductName: Microsoft® Windows® Operating System |
815 | | 1430.1484: ProductVersion: 6.1.7601.18741 |
816 | | 1430.1484: FileVersion: 6.1.7601.18741 (win7sp1_gdr.150202-1526) |
817 | | 1430.1484: FileDescription: ApiSet Schema DLL |
818 | | 1430.1484: Found driver aswVmm (0x4) |
819 | | 1430.1484: Found driver aswStm (0x4) |
820 | | 1430.1484: Found driver aswRvrt (0x4) |
821 | | 1430.1484: supR3HardenedWinFindAdversaries: 0x4 |
822 | | 1430.1484: \SystemRoot\System32\drivers\aswMonFlt.sys: |
823 | | 1430.1484: CreationTime: 2020-06-29T04:41:37.759322500Z |
824 | | 1430.1484: LastWriteTime: 2020-06-29T04:41:30.295934900Z |
825 | | 1430.1484: ChangeTime: 2020-06-29T04:41:39.409850500Z |
826 | | 1430.1484: FileAttributes: 0x20 |
827 | | 1430.1484: Size: 0x2ac68 |
828 | | 1430.1484: NT Headers: 0xf0 |
829 | | 1430.1484: Timestamp: 0x5ed4b2b6 |
830 | | 1430.1484: Machine: 0x8664 - amd64 |
831 | | 1430.1484: Timestamp: 0x5ed4b2b6 |
832 | | 1430.1484: Image Version: 10.0 |
833 | | 1430.1484: SizeOfImage: 0x33000 (208896) |
834 | | 1430.1484: Resource Dir: 0x31000 LB 0x398 |
835 | | 1430.1484: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
836 | | 1430.1484: [Raw version resource data: 0x31060 LB 0x338, codepage 0x0 (reserved 0x0)] |
837 | | 1430.1484: ProductName: Avast Antivirus |
838 | | 1430.1484: ProductVersion: 20.4.83.0 |
839 | | 1430.1484: FileVersion: 20.4.83.0 |
840 | | 1430.1484: FileDescription: Avast File System Filter |
841 | | 1430.1484: \SystemRoot\System32\drivers\aswRdr2.sys: |
842 | | 1430.1484: CreationTime: 2020-06-29T04:41:37.719309700Z |
843 | | 1430.1484: LastWriteTime: 2020-06-29T04:41:30.235915700Z |
844 | | 1430.1484: ChangeTime: 2020-06-29T04:41:39.409850500Z |
845 | | 1430.1484: FileAttributes: 0x20 |
846 | | 1430.1484: Size: 0x1aae0 |
847 | | 1430.1484: NT Headers: 0xf0 |
848 | | 1430.1484: Timestamp: 0x5ed4b2b6 |
849 | | 1430.1484: Machine: 0x8664 - amd64 |
850 | | 1430.1484: Timestamp: 0x5ed4b2b6 |
851 | | 1430.1484: Image Version: 10.0 |
852 | | 1430.1484: SizeOfImage: 0x1a000 (106496) |
853 | | 1430.1484: Resource Dir: 0x18000 LB 0x380 |
854 | | 1430.1484: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
855 | | 1430.1484: [Raw version resource data: 0x18060 LB 0x31c, codepage 0x0 (reserved 0x0)] |
856 | | 1430.1484: ProductName: Avast Antivirus |
857 | | 1430.1484: ProductVersion: 20.4.83.0 |
858 | | 1430.1484: FileVersion: 20.4.83.0 |
859 | | 1430.1484: FileDescription: Avast Antivirus |
860 | | 1430.1484: \SystemRoot\System32\drivers\aswRvrt.sys: |
861 | | 1430.1484: CreationTime: 2020-06-29T04:41:37.789332100Z |
862 | | 1430.1484: LastWriteTime: 2020-06-29T04:41:30.345950900Z |
863 | | 1430.1484: ChangeTime: 2020-06-29T04:41:39.409850500Z |
864 | | 1430.1484: FileAttributes: 0x20 |
865 | | 1430.1484: Size: 0x14b78 |
866 | | 1430.1484: NT Headers: 0xe8 |
867 | | 1430.1484: Timestamp: 0x5ed4b2b6 |
868 | | 1430.1484: Machine: 0x8664 - amd64 |
869 | | 1430.1484: Timestamp: 0x5ed4b2b6 |
870 | | 1430.1484: Image Version: 10.0 |
871 | | 1430.1484: SizeOfImage: 0x13000 (77824) |
872 | | 1430.1484: Resource Dir: 0x11000 LB 0x378 |
873 | | 1430.1484: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
874 | | 1430.1484: [Raw version resource data: 0x11060 LB 0x318, codepage 0x0 (reserved 0x0)] |
875 | | 1430.1484: ProductName: Avast Antivirus |
876 | | 1430.1484: ProductVersion: 20.4.83.0 |
877 | | 1430.1484: FileVersion: 20.4.83.0 |
878 | | 1430.1484: FileDescription: Avast Revert |
879 | | 1430.1484: \SystemRoot\System32\drivers\aswSnx.sys: |
880 | | 1430.1484: CreationTime: 2020-06-29T04:41:37.549255300Z |
881 | | 1430.1484: LastWriteTime: 2020-06-29T04:41:12.943378500Z |
882 | | 1430.1484: ChangeTime: 2020-06-29T04:41:39.409850500Z |
883 | | 1430.1484: FileAttributes: 0x20 |
884 | | 1430.1484: Size: 0xcfe98 |
885 | | 1430.1484: NT Headers: 0x100 |
886 | | 1430.1484: Timestamp: 0x5ed4b2ba |
887 | | 1430.1484: Machine: 0x8664 - amd64 |
888 | | 1430.1484: Timestamp: 0x5ed4b2ba |
889 | | 1430.1484: Image Version: 10.0 |
890 | | 1430.1484: SizeOfImage: 0xcd000 (839680) |
891 | | 1430.1484: Resource Dir: 0xca000 LB 0x380 |
892 | | 1430.1484: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
893 | | 1430.1484: [Raw version resource data: 0xca060 LB 0x31c, codepage 0x0 (reserved 0x0)] |
894 | | 1430.1484: ProductName: Avast Antivirus |
895 | | 1430.1484: ProductVersion: 20.4.83.0 |
896 | | 1430.1484: FileVersion: 20.4.83.0 |
897 | | 1430.1484: FileDescription: Avast Antivirus |
898 | | 1430.1484: \SystemRoot\System32\drivers\aswsp.sys: |
899 | | 1430.1484: CreationTime: 2020-06-29T04:41:37.829344900Z |
900 | | 1430.1484: LastWriteTime: 2020-06-29T04:42:14.991232900Z |
901 | | 1430.1484: ChangeTime: 2020-06-29T04:42:14.991232900Z |
902 | | 1430.1484: FileAttributes: 0x20 |
903 | | 1430.1484: Size: 0x70f00 |
904 | | 1430.1484: NT Headers: 0xe8 |
905 | | 1430.1484: Timestamp: 0x5ee709ca |
906 | | 1430.1484: Machine: 0x8664 - amd64 |
907 | | 1430.1484: Timestamp: 0x5ee709ca |
908 | | 1430.1484: Image Version: 10.0 |
909 | | 1430.1484: SizeOfImage: 0x72000 (466944) |
910 | | 1430.1484: Resource Dir: 0x70000 LB 0x380 |
911 | | 1430.1484: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
912 | | 1430.1484: [Raw version resource data: 0x70060 LB 0x320, codepage 0x0 (reserved 0x0)] |
913 | | 1430.1484: ProductName: Avast Antivirus |
914 | | 1430.1484: ProductVersion: 20.4.90.0 |
915 | | 1430.1484: FileVersion: 20.4.90.0 |
916 | | 1430.1484: FileDescription: Avast Self Protection |
917 | | 1430.1484: \SystemRoot\System32\drivers\aswStm.sys: |
918 | | 1430.1484: CreationTime: 2020-06-29T04:41:37.889364100Z |
919 | | 1430.1484: LastWriteTime: 2020-06-29T04:41:30.475992500Z |
920 | | 1430.1484: ChangeTime: 2020-06-29T04:41:39.409850500Z |
921 | | 1430.1484: FileAttributes: 0x20 |
922 | | 1430.1484: Size: 0x34ef8 |
923 | | 1430.1484: NT Headers: 0xf0 |
924 | | 1430.1484: Timestamp: 0x5ed4b2b9 |
925 | | 1430.1484: Machine: 0x8664 - amd64 |
926 | | 1430.1484: Timestamp: 0x5ed4b2b9 |
927 | | 1430.1484: Image Version: 10.0 |
928 | | 1430.1484: SizeOfImage: 0x34000 (212992) |
929 | | 1430.1484: Resource Dir: 0x32000 LB 0x388 |
930 | | 1430.1484: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
931 | | 1430.1484: [Raw version resource data: 0x32060 LB 0x324, codepage 0x0 (reserved 0x0)] |
932 | | 1430.1484: ProductName: Avast Antivirus |
933 | | 1430.1484: ProductVersion: 20.4.83.0 |
934 | | 1430.1484: FileVersion: 20.4.83.0 |
935 | | 1430.1484: FileDescription: Avast Stream Filter |
936 | | 1430.1484: \SystemRoot\System32\drivers\aswVmm.sys: |
937 | | 1430.1484: CreationTime: 2020-06-29T04:41:37.929376900Z |
938 | | 1430.1484: LastWriteTime: 2020-06-29T04:42:14.240992900Z |
939 | | 1430.1484: ChangeTime: 2020-06-29T04:42:14.240992900Z |
940 | | 1430.1484: FileAttributes: 0x20 |
941 | | 1430.1484: Size: 0x4ead0 |
942 | | 1430.1484: NT Headers: 0xe8 |
943 | | 1430.1484: Timestamp: 0x5ede39a4 |
944 | | 1430.1484: Machine: 0x8664 - amd64 |
945 | | 1430.1484: Timestamp: 0x5ede39a4 |
946 | | 1430.1484: Image Version: 10.0 |
947 | | 1430.1484: SizeOfImage: 0x4c000 (311296) |
948 | | 1430.1484: Resource Dir: 0x4a000 LB 0x380 |
949 | | 1430.1484: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] |
950 | | 1430.1484: [Raw version resource data: 0x4a060 LB 0x320, codepage 0x0 (reserved 0x0)] |
951 | | 1430.1484: ProductName: Avast Antivirus |
952 | | 1430.1484: ProductVersion: 20.4.87.0 |
953 | | 1430.1484: FileVersion: 20.4.87.0 |
954 | | 1430.1484: FileDescription: Avast VM Monitor |
955 | | 1430.1484: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' |
956 | | 1430.1484: Calling main() |
957 | | 1430.1484: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 |
958 | | 1430.1484: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' |
959 | | 1430.1484: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports |
960 | | 1430.1484: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) |
961 | | 1430.1484: SUPR3HardenedMain: Final process, opening VBoxDrv... |
962 | | 1430.1484: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000320000 LB 0x400000) |
963 | | 1430.1484: supR3HardNtEnableThreadCreationEx: |
964 | | 1430.1484: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) |
965 | | 1430.1484: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll |
966 | | 1430.1484: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009043b0:C:\Windows\system32 [calling] |
967 | | 1430.1484: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] |
968 | | 1430.1484: supR3HardenedDllNotificationCallback: load 000007fee6d60000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] |
969 | | 1430.1484: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] |
970 | | 1430.1484: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] |
971 | | 1430.1484: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000904aa0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;C:\Program Files\Java\jdk1302\bin;C:\gradle-6.5\bin [calling] |
972 | | 1430.1484: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6d60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' |
973 | | 1430.1484: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] |
974 | | 1430.1484: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000904aa0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;C:\Program Files\Java\jdk1302\bin;C:\gradle-6.5\bin [calling] |
975 | | 1430.1484: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6d60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' |
976 | | 1430.1484: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6d60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' |
977 | | 1430.1484: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. |
978 | | 1430.1484: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dl |