Context Navigation

← Previous Change
Ticket History
Next Change →

Changes between Initial Version and Version 1 of Ticket #19693

Timestamp:: Jul 13, 2020 2:38:35 PM (4 years ago)
Author:: Klaus Espenlaub
Comment:

Legend:

: Unmodified
: Added
: Removed
: Modified

Ticket #19693 – Description

-              initial
+              v1
 Thanks
-the file of log :
-bc.6e8: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
-bc.6e8: \SystemRoot\System32\ntdll.dll:
-bc.6e8:     CreationTime:    2010-11-21T03:23:51.351694200Z
-bc.6e8:     LastWriteTime:   2010-11-21T03:23:51.367294200Z
-bc.6e8:     ChangeTime:      2020-06-28T00:33:12.954124600Z
-bc.6e8:     FileAttributes:  0x20
-bc.6e8:     Size:            0x1a6d60
-bc.6e8:     NT Headers:      0xe0
-bc.6e8:     Timestamp:       0x4ce7c8f9
-bc.6e8:     Machine:         0x8664 - amd64
-bc.6e8:     Timestamp:       0x4ce7c8f9
-bc.6e8:     Image Version:   6.1
-bc.6e8:     SizeOfImage:     0x1a9000 (1740800)
-bc.6e8:     Resource Dir:    0x151000 LB 0x560d8
-bc.6e8:     [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
-bc.6e8:     [Raw version resource data: 0x1510f0 LB 0x380, codepage 0x0 (reserved 0x0)]
-bc.6e8:     ProductName:     Microsoft® Windows® Operating System
-bc.6e8:     ProductVersion:  6.1.7601.17514
-bc.6e8:     FileVersion:     6.1.7601.17514 (win7sp1_rtm.101119-1850)
-bc.6e8:     FileDescription: NT Layer DLL
-bc.6e8: \SystemRoot\System32\kernel32.dll:
-bc.6e8:     CreationTime:    2020-06-29T07:05:55.386627700Z
-bc.6e8:     LastWriteTime:   2011-05-14T07:20:00.106000000Z
-bc.6e8:     ChangeTime:      2020-06-29T07:06:45.519519800Z
-bc.6e8:     FileAttributes:  0x20
-bc.6e8:     Size:            0x11be00
-bc.6e8:     NT Headers:      0xe8
-bc.6e8:     Timestamp:       0x4dce2b0d
-bc.6e8:     Machine:         0x8664 - amd64
-bc.6e8:     Timestamp:       0x4dce2b0d
-bc.6e8:     Image Version:   6.1
-bc.6e8:     SizeOfImage:     0x11f000 (1175552)
-bc.6e8:     Resource Dir:    0x116000 LB 0x528
-bc.6e8:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
-bc.6e8:     [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
-bc.6e8:     ProductName:     Microsoft® Windows® Operating System
-bc.6e8:     ProductVersion:  6.1.7601.17617
-bc.6e8:     FileVersion:     6.1.7601.17617 (win7sp1_gdr.110513-1659)
-bc.6e8:     FileDescription: Windows NT BASE API Client DLL
-bc.6e8: \SystemRoot\System32\KernelBase.dll:
-bc.6e8:     CreationTime:    2020-06-29T07:05:55.916628400Z
-bc.6e8:     LastWriteTime:   2011-05-14T07:20:00.247000000Z
-bc.6e8:     ChangeTime:      2020-06-29T07:06:45.519519800Z
-bc.6e8:     FileAttributes:  0x20
-bc.6e8:     Size:            0x67000
-bc.6e8:     NT Headers:      0xe8
-bc.6e8:     Timestamp:       0x4dce2b0e
-bc.6e8:     Machine:         0x8664 - amd64
-bc.6e8:     Timestamp:       0x4dce2b0e
-bc.6e8:     Image Version:   6.1
-bc.6e8:     SizeOfImage:     0x6c000 (442368)
-bc.6e8:     Resource Dir:    0x6a000 LB 0x530
-bc.6e8:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
-bc.6e8:     [Raw version resource data: 0x6a0b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
-bc.6e8:     ProductName:     Microsoft® Windows® Operating System
-bc.6e8:     ProductVersion:  6.1.7601.17617
-bc.6e8:     FileVersion:     6.1.7601.17617 (win7sp1_gdr.110513-1659)
-bc.6e8:     FileDescription: Windows NT BASE API Client DLL
-bc.6e8: \SystemRoot\System32\apisetschema.dll:
-bc.6e8:     CreationTime:    2020-06-29T08:41:18.865836100Z
-bc.6e8:     LastWriteTime:   2015-02-03T03:28:14.008000000Z
-bc.6e8:     ChangeTime:      2020-06-29T10:26:19.937919000Z
-bc.6e8:     FileAttributes:  0x20
-bc.6e8:     Size:            0x1a00
-bc.6e8:     NT Headers:      0xc0
-bc.6e8:     Timestamp:       0x54d04096
-bc.6e8:     Machine:         0x8664 - amd64
-bc.6e8:     Timestamp:       0x54d04096
-bc.6e8:     Image Version:   6.1
-bc.6e8:     SizeOfImage:     0x50000 (327680)
-bc.6e8:     Resource Dir:    0x30000 LB 0x3f8
-bc.6e8:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
-bc.6e8:     [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
-bc.6e8:     ProductName:     Microsoft® Windows® Operating System
-bc.6e8:     ProductVersion:  6.1.7601.18741
-bc.6e8:     FileVersion:     6.1.7601.18741 (win7sp1_gdr.150202-1526)
-bc.6e8:     FileDescription: ApiSet Schema DLL
-bc.6e8: Found driver aswVmm (0x4)
-bc.6e8: Found driver aswStm (0x4)
-bc.6e8: Found driver aswRvrt (0x4)
-bc.6e8: supR3HardenedWinFindAdversaries: 0x4
-bc.6e8: \SystemRoot\System32\drivers\aswMonFlt.sys:
-bc.6e8:     CreationTime:    2020-06-29T04:41:37.759322500Z
-bc.6e8:     LastWriteTime:   2020-06-29T04:41:30.295934900Z
-bc.6e8:     ChangeTime:      2020-06-29T04:41:39.409850500Z
-bc.6e8:     FileAttributes:  0x20
-bc.6e8:     Size:            0x2ac68
-bc.6e8:     NT Headers:      0xf0
-bc.6e8:     Timestamp:       0x5ed4b2b6
-bc.6e8:     Machine:         0x8664 - amd64
-bc.6e8:     Timestamp:       0x5ed4b2b6
-bc.6e8:     Image Version:   10.0
-bc.6e8:     SizeOfImage:     0x33000 (208896)
-bc.6e8:     Resource Dir:    0x31000 LB 0x398
-bc.6e8:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
-bc.6e8:     [Raw version resource data: 0x31060 LB 0x338, codepage 0x0 (reserved 0x0)]
-bc.6e8:     ProductName:     Avast Antivirus
-bc.6e8:     ProductVersion:  20.4.83.0
-bc.6e8:     FileVersion:     20.4.83.0
-bc.6e8:     FileDescription: Avast File System Filter
-bc.6e8: \SystemRoot\System32\drivers\aswRdr2.sys:
-bc.6e8:     CreationTime:    2020-06-29T04:41:37.719309700Z
-bc.6e8:     LastWriteTime:   2020-06-29T04:41:30.235915700Z
-bc.6e8:     ChangeTime:      2020-06-29T04:41:39.409850500Z
-bc.6e8:     FileAttributes:  0x20
-bc.6e8:     Size:            0x1aae0
-bc.6e8:     NT Headers:      0xf0
-bc.6e8:     Timestamp:       0x5ed4b2b6
-bc.6e8:     Machine:         0x8664 - amd64
-bc.6e8:     Timestamp:       0x5ed4b2b6
-bc.6e8:     Image Version:   10.0
-bc.6e8:     SizeOfImage:     0x1a000 (106496)
-bc.6e8:     Resource Dir:    0x18000 LB 0x380
-bc.6e8:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
-bc.6e8:     [Raw version resource data: 0x18060 LB 0x31c, codepage 0x0 (reserved 0x0)]
-bc.6e8:     ProductName:     Avast Antivirus
-bc.6e8:     ProductVersion:  20.4.83.0
-bc.6e8:     FileVersion:     20.4.83.0
-bc.6e8:     FileDescription: Avast Antivirus
-bc.6e8: \SystemRoot\System32\drivers\aswRvrt.sys:
-bc.6e8:     CreationTime:    2020-06-29T04:41:37.789332100Z
-bc.6e8:     LastWriteTime:   2020-06-29T04:41:30.345950900Z
-bc.6e8:     ChangeTime:      2020-06-29T04:41:39.409850500Z
-bc.6e8:     FileAttributes:  0x20
-bc.6e8:     Size:            0x14b78
-bc.6e8:     NT Headers:      0xe8
-bc.6e8:     Timestamp:       0x5ed4b2b6
-bc.6e8:     Machine:         0x8664 - amd64
-bc.6e8:     Timestamp:       0x5ed4b2b6
-bc.6e8:     Image Version:   10.0
-bc.6e8:     SizeOfImage:     0x13000 (77824)
-bc.6e8:     Resource Dir:    0x11000 LB 0x378
-bc.6e8:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
-bc.6e8:     [Raw version resource data: 0x11060 LB 0x318, codepage 0x0 (reserved 0x0)]
-bc.6e8:     ProductName:     Avast Antivirus
-bc.6e8:     ProductVersion:  20.4.83.0
-bc.6e8:     FileVersion:     20.4.83.0
-bc.6e8:     FileDescription: Avast Revert
-bc.6e8: \SystemRoot\System32\drivers\aswSnx.sys:
-bc.6e8:     CreationTime:    2020-06-29T04:41:37.549255300Z
-bc.6e8:     LastWriteTime:   2020-06-29T04:41:12.943378500Z
-bc.6e8:     ChangeTime:      2020-06-29T04:41:39.409850500Z
-bc.6e8:     FileAttributes:  0x20
-bc.6e8:     Size:            0xcfe98
-bc.6e8:     NT Headers:      0x100
-bc.6e8:     Timestamp:       0x5ed4b2ba
-bc.6e8:     Machine:         0x8664 - amd64
-bc.6e8:     Timestamp:       0x5ed4b2ba
-bc.6e8:     Image Version:   10.0
-bc.6e8:     SizeOfImage:     0xcd000 (839680)
-bc.6e8:     Resource Dir:    0xca000 LB 0x380
-bc.6e8:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
-bc.6e8:     [Raw version resource data: 0xca060 LB 0x31c, codepage 0x0 (reserved 0x0)]
-bc.6e8:     ProductName:     Avast Antivirus
-bc.6e8:     ProductVersion:  20.4.83.0
-bc.6e8:     FileVersion:     20.4.83.0
-bc.6e8:     FileDescription: Avast Antivirus
-bc.6e8: \SystemRoot\System32\drivers\aswsp.sys:
-bc.6e8:     CreationTime:    2020-06-29T04:41:37.829344900Z
-bc.6e8:     LastWriteTime:   2020-06-29T04:42:14.991232900Z
-bc.6e8:     ChangeTime:      2020-06-29T04:42:14.991232900Z
-bc.6e8:     FileAttributes:  0x20
-bc.6e8:     Size:            0x70f00
-bc.6e8:     NT Headers:      0xe8
-bc.6e8:     Timestamp:       0x5ee709ca
-bc.6e8:     Machine:         0x8664 - amd64
-bc.6e8:     Timestamp:       0x5ee709ca
-bc.6e8:     Image Version:   10.0
-bc.6e8:     SizeOfImage:     0x72000 (466944)
-bc.6e8:     Resource Dir:    0x70000 LB 0x380
-bc.6e8:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
-bc.6e8:     [Raw version resource data: 0x70060 LB 0x320, codepage 0x0 (reserved 0x0)]
-bc.6e8:     ProductName:     Avast Antivirus
-bc.6e8:     ProductVersion:  20.4.90.0
-bc.6e8:     FileVersion:     20.4.90.0
-bc.6e8:     FileDescription: Avast Self Protection
-bc.6e8: \SystemRoot\System32\drivers\aswStm.sys:
-bc.6e8:     CreationTime:    2020-06-29T04:41:37.889364100Z
-bc.6e8:     LastWriteTime:   2020-06-29T04:41:30.475992500Z
-bc.6e8:     ChangeTime:      2020-06-29T04:41:39.409850500Z
-bc.6e8:     FileAttributes:  0x20
-bc.6e8:     Size:            0x34ef8
-bc.6e8:     NT Headers:      0xf0
-bc.6e8:     Timestamp:       0x5ed4b2b9
-bc.6e8:     Machine:         0x8664 - amd64
-bc.6e8:     Timestamp:       0x5ed4b2b9
-bc.6e8:     Image Version:   10.0
-bc.6e8:     SizeOfImage:     0x34000 (212992)
-bc.6e8:     Resource Dir:    0x32000 LB 0x388
-bc.6e8:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
-bc.6e8:     [Raw version resource data: 0x32060 LB 0x324, codepage 0x0 (reserved 0x0)]
-bc.6e8:     ProductName:     Avast Antivirus
-bc.6e8:     ProductVersion:  20.4.83.0
-bc.6e8:     FileVersion:     20.4.83.0
-bc.6e8:     FileDescription: Avast Stream Filter
-bc.6e8: \SystemRoot\System32\drivers\aswVmm.sys:
-bc.6e8:     CreationTime:    2020-06-29T04:41:37.929376900Z
-bc.6e8:     LastWriteTime:   2020-06-29T04:42:14.240992900Z
-bc.6e8:     ChangeTime:      2020-06-29T04:42:14.240992900Z
-bc.6e8:     FileAttributes:  0x20
-bc.6e8:     Size:            0x4ead0
-bc.6e8:     NT Headers:      0xe8
-bc.6e8:     Timestamp:       0x5ede39a4
-bc.6e8:     Machine:         0x8664 - amd64
-bc.6e8:     Timestamp:       0x5ede39a4
-bc.6e8:     Image Version:   10.0
-bc.6e8:     SizeOfImage:     0x4c000 (311296)
-bc.6e8:     Resource Dir:    0x4a000 LB 0x380
-bc.6e8:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
-bc.6e8:     [Raw version resource data: 0x4a060 LB 0x320, codepage 0x0 (reserved 0x0)]
-bc.6e8:     ProductName:     Avast Antivirus
-bc.6e8:     ProductVersion:  20.4.87.0
-bc.6e8:     FileVersion:     20.4.87.0
-bc.6e8:     FileDescription: Avast VM Monitor
-bc.6e8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
-bc.6e8: Calling main()
-bc.6e8: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
-bc.6e8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
-bc.6e8: SUPR3HardenedMain: Respawn #1
-bc.6e8: System32:  \Device\HarddiskVolume2\Windows\System32
-bc.6e8: WinSxS:    \Device\HarddiskVolume2\Windows\winsxs
-bc.6e8: KnownDllPath: C:\Windows\system32
-bc.6e8: supR3HardenedWinInit: Performing a limited self purification...
-bc.6e8: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
-bc.6e8:  *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
-bc.6e8:  *0000000000010000-000000000001ffff 0x0004/0x0004 0x0040000
-bc.6e8:   0000000000020000-000000000002ffff 0x0001/0x0000 0x0000000
-bc.6e8:  *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
-bc.6e8:   0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
-bc.6e8:  *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
-bc.6e8:   0000000000041000-000000000007ffff 0x0001/0x0000 0x0000000
-bc.6e8:  *0000000000080000-0000000000131fff 0x0000/0x0004 0x0020000
-bc.6e8:   0000000000132000-0000000000133fff 0x0104/0x0004 0x0020000
-bc.6e8:   0000000000134000-000000000017ffff 0x0004/0x0004 0x0020000
-bc.6e8:  *0000000000180000-00000000001e6fff 0x0002/0x0002 0x0040000
-bc.6e8:   00000000001e7000-000000000020ffff 0x0001/0x0000 0x0000000
-bc.6e8:  *0000000000210000-0000000000214fff 0x0004/0x0004 0x0020000
-bc.6e8:   0000000000215000-000000000030ffff 0x0000/0x0004 0x0020000
-bc.6e8:   0000000000310000-00000000003cffff 0x0001/0x0000 0x0000000
-bc.6e8:  *00000000003d0000-0000000000433fff 0x0004/0x0004 0x0020000
-bc.6e8:   0000000000434000-000000000044ffff 0x0000/0x0004 0x0020000
-bc.6e8:  *0000000000450000-00000000005f9fff 0x0004/0x0004 0x0020000
-bc.6e8:   00000000005fa000-0000000076f1ffff 0x0001/0x0000 0x0000000
-bc.6e8:  *0000000076f20000-0000000076f20fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\kernel32.dll
-bc.6e8:   0000000076f21000-0000000076fbbfff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\kernel32.dll
-bc.6e8:   0000000076fbc000-0000000077029fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\kernel32.dll
-bc.6e8:   000000007702a000-000000007702bfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\kernel32.dll
-bc.6e8:   000000007702c000-000000007703efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\kernel32.dll
-bc.6e8:   000000007703f000-000000007703ffff 0x0001/0x0000 0x0000000
-bc.6e8:  *0000000077040000-0000000077040fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
-bc.6e8:   0000000077041000-0000000077142fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
-bc.6e8:   0000000077143000-0000000077171fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
-bc.6e8:   0000000077172000-0000000077172fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
-bc.6e8:   0000000077173000-0000000077173fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
-bc.6e8:   0000000077174000-0000000077174fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
-bc.6e8:   0000000077175000-0000000077176fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
-bc.6e8:   0000000077177000-0000000077177fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
-bc.6e8:   0000000077178000-0000000077178fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
-bc.6e8:   0000000077179000-000000007717afff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
-bc.6e8:   000000007717b000-000000007717dfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
-bc.6e8:   000000007717e000-00000000771e8fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
-bc.6e8:   00000000771e9000-000000007efdffff 0x0001/0x0000 0x0000000
-bc.6e8:  *000000007efe0000-000000007efe4fff 0x0002/0x0002 0x0040000
-bc.6e8:   000000007efe5000-000000007f0dffff 0x0000/0x0002 0x0040000
-bc.6e8:  *000000007f0e0000-000000007ffdffff 0x0000/0x0002 0x0020000
-bc.6e8:  *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
-bc.6e8:   000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
-bc.6e8:   000000007fff0000-000000013f3fffff 0x0001/0x0000 0x0000000
-bc.6e8:  *000000013f400000-000000013f400fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-bc.6e8:   000000013f401000-000000013f476fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-bc.6e8:   000000013f477000-000000013f477fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-bc.6e8:   000000013f478000-000000013f4bffff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-bc.6e8:   000000013f4c0000-000000013f4c2fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-bc.6e8:   000000013f4c3000-000000013f4c5fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-bc.6e8:   000000013f4c6000-000000013f4c8fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-bc.6e8:   000000013f4c9000-000000013f4c9fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-bc.6e8:   000000013f4ca000-000000013f4cbfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-bc.6e8:   000000013f4cc000-000000013f4ccfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-bc.6e8:   000000013f4cd000-000000013f515fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-bc.6e8:   000000013f516000-000007fefd1effff 0x0001/0x0000 0x0000000
-bc.6e8:  *000007fefd1f0000-000007fefd1f0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
-bc.6e8:   000007fefd1f1000-000007fefd23afff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
-bc.6e8:   000007fefd23b000-000007fefd250fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
-bc.6e8:   000007fefd251000-000007fefd252fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
-bc.6e8:   000007fefd253000-000007fefd25bfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
-bc.6e8:   000007fefd25c000-000007feff35ffff 0x0001/0x0000 0x0000000
-bc.6e8:  *000007feff360000-000007feff360fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
-bc.6e8:   000007feff361000-000007fffffaffff 0x0001/0x0000 0x0000000
-bc.6e8:  *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
-bc.6e8:   000007fffffd3000-000007fffffd5fff 0x0001/0x0000 0x0000000
-bc.6e8:  *000007fffffd6000-000007fffffd6fff 0x0004/0x0004 0x0020000
-bc.6e8:   000007fffffd7000-000007fffffddfff 0x0001/0x0000 0x0000000
-bc.6e8:  *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
-bc.6e8:  *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
-bc.6e8: apisetschema.dll: timestamp 0x54d04096 (rc=VINF_SUCCESS)
-bc.6e8: kernelbase.dll: timestamp 0x4dce2b0e (rc=VINF_SUCCESS)
-bc.6e8: VirtualBoxVM.exe: timestamp 0x5ed9201b (rc=VINF_SUCCESS)
-bc.6e8: kernel32.dll: timestamp 0x4dce2b0d (rc=VINF_SUCCESS)
-bc.6e8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
-bc.6e8: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
-bc.6e8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
-bc.6e8: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
-bc.6e8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
-bc.6e8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
-bc.6e8: supR3HardNtEnableThreadCreationEx:
-bc.6e8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007706c320 pvNtTerminateThread=0000000077091840
-bc.6e8: supR3HardenedWinDoReSpawn(1): New child 1580.d10 [kernel32].
-bc.6e8: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdd000 cbPeb=0x380
-bc.6e8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077040000 uNtDllChildAddr=0000000077040000
-bc.6e8: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007706c320
-bc.6e8: supR3HardenedWinSetupChildInit: Initial context:
-  rax=0000000000000000 rbx=0000000000000000 rcx=000000013f407900 rdx=000007fffffdd000
-  rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
-  r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
-  r14=0000000000000000 r15=0000000000000000  P1=0000000000000000  P2=0000000000000000
-  rip=000000007706c500 rsp=000000000024fe18 rbp=0000000000000000    ctxflags=0010001b
-  cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000    eflags=00000200   mxcrx=00001f80
-   P3=0000000000000000  P4=0000000000000000  P5=0000000000000000  P6=0000000000000000
-  dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
-  dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
-  lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
-bc.6e8: supR3HardenedWinSetupChildInit: Start child.
-bc.6e8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
-bc.6e8: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 51 sleeps
-bc.6e8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
-bc.6e8:  *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
-bc.6e8:  *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
-bc.6e8:  *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
-bc.6e8:   0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
-bc.6e8:  *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
-bc.6e8:   0000000000041000-000000000014ffff 0x0001/0x0000 0x0000000
-bc.6e8:  *0000000000150000-000000000024bfff 0x0000/0x0004 0x0020000
-bc.6e8:   000000000024c000-000000000024dfff 0x0104/0x0004 0x0020000
-bc.6e8:   000000000024e000-000000000024ffff 0x0004/0x0004 0x0020000
-bc.6e8:   0000000000250000-000000007703ffff 0x0001/0x0000 0x0000000
-bc.6e8:  *0000000077040000-0000000077040fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
-bc.6e8:   0000000077041000-0000000077142fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
-bc.6e8:   0000000077143000-0000000077171fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
-bc.6e8:   0000000077172000-000000007717dfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
-bc.6e8:   000000007717e000-00000000771e8fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
-bc.6e8:   00000000771e9000-000000007efdffff 0x0001/0x0000 0x0000000
-bc.6e8:  *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
-bc.6e8:  *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
-bc.6e8:   000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
-bc.6e8:   000000007fff0000-000000013f3fffff 0x0001/0x0000 0x0000000
-bc.6e8:  *000000013f400000-000000013f400fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-bc.6e8:   000000013f401000-000000013f476fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-bc.6e8:   000000013f477000-000000013f477fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-bc.6e8:   000000013f478000-000000013f4bffff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-bc.6e8:   000000013f4c0000-000000013f4c0fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-bc.6e8:   000000013f4c1000-000000013f4c1fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-bc.6e8:   000000013f4c2000-000000013f4c6fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-bc.6e8:   000000013f4c7000-000000013f4c7fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-bc.6e8:   000000013f4c8000-000000013f4c8fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-bc.6e8:   000000013f4c9000-000000013f4ccfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-bc.6e8:   000000013f4cd000-000000013f515fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-bc.6e8:   000000013f516000-000007feff35ffff 0x0001/0x0000 0x0000000
-bc.6e8:  *000007feff360000-000007feff360fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
-bc.6e8:   000007feff361000-000007fffffaffff 0x0001/0x0000 0x0000000
-bc.6e8:  *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
-bc.6e8:   000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
-bc.6e8:  *000007fffffdd000-000007fffffddfff 0x0004/0x0004 0x0020000
-bc.6e8:  *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
-bc.6e8:  *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
-bc.6e8: supR3HardNtChildPurify: Done after 525 ms and 0 fixes (loop #0).
-bc.6e8: supR3HardNtEnableThreadCreationEx:
-.d10: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
-.d10: supR3HardenedVmProcessInit: uNtDllAddr=0000000077040000 g_uNtVerCombined=0x611db100 (stack ~000000000024f8c8)
-.d10: ntdll.dll: timestamp 0x4ce7c8f9 (rc=VINF_SUCCESS)
-.d10: New simple heap: #1 0000000000250000 LB 0x400000 (for 1740800 allocation)
-.d10: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
-.d10: System32:  \Device\HarddiskVolume2\Windows\System32
-.d10: WinSxS:    \Device\HarddiskVolume2\Windows\winsxs
-.d10: KnownDllPath: C:\Windows\system32
-.d10: supR3HardenedVmProcessInit: Opening vboxdrv stub...
-.d10: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
-.d10: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
-.d10: Registered Dll notification callback with NTDLL.
-.d10: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
-.d10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
-.d10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
-.d10: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
-.d10: supR3HardenedDllNotificationCallback: load   0000000076f20000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
-.d10: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
-.d10: supR3HardenedDllNotificationCallback: load   000007fefd1f0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
-.d10: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
-.d10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
-.d10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f20000 'C:\Windows\system32\kernel32.dll'
-.d10: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007706c320 pvNtTerminateThread=0000000077091840
-bc.6e8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 81 ms.
-.d10: \SystemRoot\System32\ntdll.dll:
-.d10:     CreationTime:    2010-11-21T03:23:51.351694200Z
-.d10:     LastWriteTime:   2010-11-21T03:23:51.367294200Z
-.d10:     ChangeTime:      2020-06-28T00:33:12.954124600Z
-.d10:     FileAttributes:  0x20
-.d10:     Size:            0x1a6d60
-.d10:     NT Headers:      0xe0
-.d10:     Timestamp:       0x4ce7c8f9
-.d10:     Machine:         0x8664 - amd64
-.d10:     Timestamp:       0x4ce7c8f9
-.d10:     Image Version:   6.1
-.d10:     SizeOfImage:     0x1a9000 (1740800)
-.d10:     Resource Dir:    0x151000 LB 0x560d8
-.d10:     [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
-.d10:     [Raw version resource data: 0x1510f0 LB 0x380, codepage 0x0 (reserved 0x0)]
-.d10:     ProductName:     Microsoft® Windows® Operating System
-.d10:     ProductVersion:  6.1.7601.17514
-.d10:     FileVersion:     6.1.7601.17514 (win7sp1_rtm.101119-1850)
-.d10:     FileDescription: NT Layer DLL
-.d10: \SystemRoot\System32\kernel32.dll:
-.d10:     CreationTime:    2020-06-29T07:05:55.386627700Z
-.d10:     LastWriteTime:   2011-05-14T07:20:00.106000000Z
-.d10:     ChangeTime:      2020-06-29T07:06:45.519519800Z
-.d10:     FileAttributes:  0x20
-.d10:     Size:            0x11be00
-.d10:     NT Headers:      0xe8
-.d10:     Timestamp:       0x4dce2b0d
-.d10:     Machine:         0x8664 - amd64
-.d10:     Timestamp:       0x4dce2b0d
-.d10:     Image Version:   6.1
-.d10:     SizeOfImage:     0x11f000 (1175552)
-.d10:     Resource Dir:    0x116000 LB 0x528
-.d10:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
-.d10:     [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
-.d10:     ProductName:     Microsoft® Windows® Operating System
-.d10:     ProductVersion:  6.1.7601.17617
-.d10:     FileVersion:     6.1.7601.17617 (win7sp1_gdr.110513-1659)
-.d10:     FileDescription: Windows NT BASE API Client DLL
-.d10: \SystemRoot\System32\KernelBase.dll:
-.d10:     CreationTime:    2020-06-29T07:05:55.916628400Z
-.d10:     LastWriteTime:   2011-05-14T07:20:00.247000000Z
-.d10:     ChangeTime:      2020-06-29T07:06:45.519519800Z
-.d10:     FileAttributes:  0x20
-.d10:     Size:            0x67000
-.d10:     NT Headers:      0xe8
-.d10:     Timestamp:       0x4dce2b0e
-.d10:     Machine:         0x8664 - amd64
-.d10:     Timestamp:       0x4dce2b0e
-.d10:     Image Version:   6.1
-.d10:     SizeOfImage:     0x6c000 (442368)
-.d10:     Resource Dir:    0x6a000 LB 0x530
-.d10:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
-.d10:     [Raw version resource data: 0x6a0b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
-.d10:     ProductName:     Microsoft® Windows® Operating System
-.d10:     ProductVersion:  6.1.7601.17617
-.d10:     FileVersion:     6.1.7601.17617 (win7sp1_gdr.110513-1659)
-.d10:     FileDescription: Windows NT BASE API Client DLL
-.d10: \SystemRoot\System32\apisetschema.dll:
-.d10:     CreationTime:    2020-06-29T08:41:18.865836100Z
-.d10:     LastWriteTime:   2015-02-03T03:28:14.008000000Z
-.d10:     ChangeTime:      2020-06-29T10:26:19.937919000Z
-.d10:     FileAttributes:  0x20
-.d10:     Size:            0x1a00
-.d10:     NT Headers:      0xc0
-.d10:     Timestamp:       0x54d04096
-.d10:     Machine:         0x8664 - amd64
-.d10:     Timestamp:       0x54d04096
-.d10:     Image Version:   6.1
-.d10:     SizeOfImage:     0x50000 (327680)
-.d10:     Resource Dir:    0x30000 LB 0x3f8
-.d10:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
-.d10:     [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
-.d10:     ProductName:     Microsoft® Windows® Operating System
-.d10:     ProductVersion:  6.1.7601.18741
-.d10:     FileVersion:     6.1.7601.18741 (win7sp1_gdr.150202-1526)
-.d10:     FileDescription: ApiSet Schema DLL
-.d10: Found driver aswVmm (0x4)
-.d10: Found driver aswStm (0x4)
-.d10: Found driver aswRvrt (0x4)
-.d10: supR3HardenedWinFindAdversaries: 0x4
-.d10: \SystemRoot\System32\drivers\aswMonFlt.sys:
-.d10:     CreationTime:    2020-06-29T04:41:37.759322500Z
-.d10:     LastWriteTime:   2020-06-29T04:41:30.295934900Z
-.d10:     ChangeTime:      2020-06-29T04:41:39.409850500Z
-.d10:     FileAttributes:  0x20
-.d10:     Size:            0x2ac68
-.d10:     NT Headers:      0xf0
-.d10:     Timestamp:       0x5ed4b2b6
-.d10:     Machine:         0x8664 - amd64
-.d10:     Timestamp:       0x5ed4b2b6
-.d10:     Image Version:   10.0
-.d10:     SizeOfImage:     0x33000 (208896)
-.d10:     Resource Dir:    0x31000 LB 0x398
-.d10:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
-.d10:     [Raw version resource data: 0x31060 LB 0x338, codepage 0x0 (reserved 0x0)]
-.d10:     ProductName:     Avast Antivirus
-.d10:     ProductVersion:  20.4.83.0
-.d10:     FileVersion:     20.4.83.0
-.d10:     FileDescription: Avast File System Filter
-.d10: \SystemRoot\System32\drivers\aswRdr2.sys:
-.d10:     CreationTime:    2020-06-29T04:41:37.719309700Z
-.d10:     LastWriteTime:   2020-06-29T04:41:30.235915700Z
-.d10:     ChangeTime:      2020-06-29T04:41:39.409850500Z
-.d10:     FileAttributes:  0x20
-.d10:     Size:            0x1aae0
-.d10:     NT Headers:      0xf0
-.d10:     Timestamp:       0x5ed4b2b6
-.d10:     Machine:         0x8664 - amd64
-.d10:     Timestamp:       0x5ed4b2b6
-.d10:     Image Version:   10.0
-.d10:     SizeOfImage:     0x1a000 (106496)
-.d10:     Resource Dir:    0x18000 LB 0x380
-.d10:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
-.d10:     [Raw version resource data: 0x18060 LB 0x31c, codepage 0x0 (reserved 0x0)]
-.d10:     ProductName:     Avast Antivirus
-.d10:     ProductVersion:  20.4.83.0
-.d10:     FileVersion:     20.4.83.0
-.d10:     FileDescription: Avast Antivirus
-.d10: \SystemRoot\System32\drivers\aswRvrt.sys:
-.d10:     CreationTime:    2020-06-29T04:41:37.789332100Z
-.d10:     LastWriteTime:   2020-06-29T04:41:30.345950900Z
-.d10:     ChangeTime:      2020-06-29T04:41:39.409850500Z
-.d10:     FileAttributes:  0x20
-.d10:     Size:            0x14b78
-.d10:     NT Headers:      0xe8
-.d10:     Timestamp:       0x5ed4b2b6
-.d10:     Machine:         0x8664 - amd64
-.d10:     Timestamp:       0x5ed4b2b6
-.d10:     Image Version:   10.0
-.d10:     SizeOfImage:     0x13000 (77824)
-.d10:     Resource Dir:    0x11000 LB 0x378
-.d10:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
-.d10:     [Raw version resource data: 0x11060 LB 0x318, codepage 0x0 (reserved 0x0)]
-.d10:     ProductName:     Avast Antivirus
-.d10:     ProductVersion:  20.4.83.0
-.d10:     FileVersion:     20.4.83.0
-.d10:     FileDescription: Avast Revert
-.d10: \SystemRoot\System32\drivers\aswSnx.sys:
-.d10:     CreationTime:    2020-06-29T04:41:37.549255300Z
-.d10:     LastWriteTime:   2020-06-29T04:41:12.943378500Z
-.d10:     ChangeTime:      2020-06-29T04:41:39.409850500Z
-.d10:     FileAttributes:  0x20
-.d10:     Size:            0xcfe98
-.d10:     NT Headers:      0x100
-.d10:     Timestamp:       0x5ed4b2ba
-.d10:     Machine:         0x8664 - amd64
-.d10:     Timestamp:       0x5ed4b2ba
-.d10:     Image Version:   10.0
-.d10:     SizeOfImage:     0xcd000 (839680)
-.d10:     Resource Dir:    0xca000 LB 0x380
-.d10:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
-.d10:     [Raw version resource data: 0xca060 LB 0x31c, codepage 0x0 (reserved 0x0)]
-.d10:     ProductName:     Avast Antivirus
-.d10:     ProductVersion:  20.4.83.0
-.d10:     FileVersion:     20.4.83.0
-.d10:     FileDescription: Avast Antivirus
-.d10: \SystemRoot\System32\drivers\aswsp.sys:
-.d10:     CreationTime:    2020-06-29T04:41:37.829344900Z
-.d10:     LastWriteTime:   2020-06-29T04:42:14.991232900Z
-.d10:     ChangeTime:      2020-06-29T04:42:14.991232900Z
-.d10:     FileAttributes:  0x20
-.d10:     Size:            0x70f00
-.d10:     NT Headers:      0xe8
-.d10:     Timestamp:       0x5ee709ca
-.d10:     Machine:         0x8664 - amd64
-.d10:     Timestamp:       0x5ee709ca
-.d10:     Image Version:   10.0
-.d10:     SizeOfImage:     0x72000 (466944)
-.d10:     Resource Dir:    0x70000 LB 0x380
-.d10:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
-.d10:     [Raw version resource data: 0x70060 LB 0x320, codepage 0x0 (reserved 0x0)]
-.d10:     ProductName:     Avast Antivirus
-.d10:     ProductVersion:  20.4.90.0
-.d10:     FileVersion:     20.4.90.0
-.d10:     FileDescription: Avast Self Protection
-.d10: \SystemRoot\System32\drivers\aswStm.sys:
-.d10:     CreationTime:    2020-06-29T04:41:37.889364100Z
-.d10:     LastWriteTime:   2020-06-29T04:41:30.475992500Z
-.d10:     ChangeTime:      2020-06-29T04:41:39.409850500Z
-.d10:     FileAttributes:  0x20
-.d10:     Size:            0x34ef8
-.d10:     NT Headers:      0xf0
-.d10:     Timestamp:       0x5ed4b2b9
-.d10:     Machine:         0x8664 - amd64
-.d10:     Timestamp:       0x5ed4b2b9
-.d10:     Image Version:   10.0
-.d10:     SizeOfImage:     0x34000 (212992)
-.d10:     Resource Dir:    0x32000 LB 0x388
-.d10:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
-.d10:     [Raw version resource data: 0x32060 LB 0x324, codepage 0x0 (reserved 0x0)]
-.d10:     ProductName:     Avast Antivirus
-.d10:     ProductVersion:  20.4.83.0
-.d10:     FileVersion:     20.4.83.0
-.d10:     FileDescription: Avast Stream Filter
-.d10: \SystemRoot\System32\drivers\aswVmm.sys:
-.d10:     CreationTime:    2020-06-29T04:41:37.929376900Z
-.d10:     LastWriteTime:   2020-06-29T04:42:14.240992900Z
-.d10:     ChangeTime:      2020-06-29T04:42:14.240992900Z
-.d10:     FileAttributes:  0x20
-.d10:     Size:            0x4ead0
-.d10:     NT Headers:      0xe8
-.d10:     Timestamp:       0x5ede39a4
-.d10:     Machine:         0x8664 - amd64
-.d10:     Timestamp:       0x5ede39a4
-.d10:     Image Version:   10.0
-.d10:     SizeOfImage:     0x4c000 (311296)
-.d10:     Resource Dir:    0x4a000 LB 0x380
-.d10:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
-.d10:     [Raw version resource data: 0x4a060 LB 0x320, codepage 0x0 (reserved 0x0)]
-.d10:     ProductName:     Avast Antivirus
-.d10:     ProductVersion:  20.4.87.0
-.d10:     FileVersion:     20.4.87.0
-.d10:     FileDescription: Avast VM Monitor
-.d10: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
-.d10: Calling main()
-.d10: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
-.d10: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
-.d10: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
-.d10: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
-.d10: SUPR3HardenedMain: Respawn #2
-.d10: supR3HardNtEnableThreadCreationEx:
-.d10: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
-.d10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
-.d10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
-.d10: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
-.d10: supR3HardenedDllNotificationCallback: load   000007fefce60000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
-.d10: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
-.d10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce60000 'C:\Windows\system32\apphelp.dll'
-.d10: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007706c320 pvNtTerminateThread=0000000077091840
-.d10: supR3HardenedWinDoReSpawn(2): New child 1430.1484 [kernel32].
-.d10: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
-.d10: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077040000 uNtDllChildAddr=0000000077040000
-.d10: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007706c320
-.d10: supR3HardenedWinSetupChildInit: Initial context:
-  rax=0000000000000000 rbx=0000000000000000 rcx=000000013f407900 rdx=000007fffffdf000
-  rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
-  r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
-  r14=0000000000000000 r15=0000000000000000  P1=0000000000000000  P2=0000000000000000
-  rip=000000007706c500 rsp=000000000031f8a8 rbp=0000000000000000    ctxflags=0010001b
-  cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000    eflags=00000200   mxcrx=00001f80
-   P3=0000000000000000  P4=0000000000000000  P5=0000000000000000  P6=0000000000000000
-  dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
-  dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
-  lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
-.d10: kernel32.dll: timestamp 0x4dce2b0d (rc=VINF_SUCCESS)
-.d10: supR3HardenedWinSetupChildInit: Start child.
-.d10: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
-.d10: supR3HardNtChildPurify: Startup delay kludge #1/0: 518 ms, 51 sleeps
-.d10: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
-.d10:  *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
-.d10:  *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
-.d10:  *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
-.d10:   0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
-.d10:  *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
-.d10:   0000000000041000-000000000021ffff 0x0001/0x0000 0x0000000
-.d10:  *0000000000220000-000000000031bfff 0x0000/0x0004 0x0020000
-.d10:   000000000031c000-000000000031dfff 0x0104/0x0004 0x0020000
-.d10:   000000000031e000-000000000031ffff 0x0004/0x0004 0x0020000
-.d10:   0000000000320000-000000007703ffff 0x0001/0x0000 0x0000000
-.d10:  *0000000077040000-0000000077040fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
-.d10:   0000000077041000-0000000077142fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
-.d10:   0000000077143000-0000000077171fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
-.d10:   0000000077172000-000000007717dfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
-.d10:   000000007717e000-00000000771e8fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
-.d10:   00000000771e9000-000000007efdffff 0x0001/0x0000 0x0000000
-.d10:  *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
-.d10:  *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
-.d10:   000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
-.d10:   000000007fff0000-000000013f3fffff 0x0001/0x0000 0x0000000
-.d10:  *000000013f400000-000000013f400fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-.d10:   000000013f401000-000000013f476fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-.d10:   000000013f477000-000000013f477fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-.d10:   000000013f478000-000000013f4bffff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-.d10:   000000013f4c0000-000000013f4c0fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-.d10:   000000013f4c1000-000000013f4c1fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-.d10:   000000013f4c2000-000000013f4c6fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-.d10:   000000013f4c7000-000000013f4c7fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-.d10:   000000013f4c8000-000000013f4c8fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-.d10:   000000013f4c9000-000000013f4ccfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-.d10:   000000013f4cd000-000000013f515fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
-.d10:   000000013f516000-000007feff35ffff 0x0001/0x0000 0x0000000
-.d10:  *000007feff360000-000007feff360fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
-.d10:   000007feff361000-000007fffffaffff 0x0001/0x0000 0x0000000
-.d10:  *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
-.d10:   000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
-.d10:  *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000
-.d10:  *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000
-.d10:  *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
-.d10: apisetschema.dll: timestamp 0x54d04096 (rc=VINF_SUCCESS)
-.d10: VirtualBoxVM.exe: timestamp 0x5ed9201b (rc=VINF_SUCCESS)
-.d10: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
-.d10: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
-.d10: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
-.d10: supR3HardNtChildPurify: Done after 585 ms and 0 fixes (loop #0).
-.1484: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
-.1484: supR3HardenedVmProcessInit: uNtDllAddr=0000000077040000 g_uNtVerCombined=0x611db100 (stack ~000000000031f358)
-.d10: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000250000 LB 0x400000)
-.d10: supR3HardNtEnableThreadCreationEx:
-.1484: ntdll.dll: timestamp 0x4ce7c8f9 (rc=VINF_SUCCESS)
-.1484: New simple heap: #1 0000000000320000 LB 0x400000 (for 1740800 allocation)
-.1484: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
-.1484: System32:  \Device\HarddiskVolume2\Windows\System32
-.1484: WinSxS:    \Device\HarddiskVolume2\Windows\winsxs
-.1484: KnownDllPath: C:\Windows\system32
-.1484: supR3HardenedVmProcessInit: Opening vboxdrv...
-.1484: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
-.1484: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
-.1484: Registered Dll notification callback with NTDLL.
-.1484: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
-.1484: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
-.1484: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
-.1484: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
-.1484: supR3HardenedDllNotificationCallback: load   0000000076f20000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
-.1484: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
-.1484: supR3HardenedDllNotificationCallback: load   000007fefd1f0000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
-.1484: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
-.1484: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
-.1484: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f20000 'C:\Windows\system32\kernel32.dll'
-.1484: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007706c320 pvNtTerminateThread=0000000077091840
-.d10: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 80 ms.
-.1484: \SystemRoot\System32\ntdll.dll:
-.1484:     CreationTime:    2010-11-21T03:23:51.351694200Z
-.1484:     LastWriteTime:   2010-11-21T03:23:51.367294200Z
-.1484:     ChangeTime:      2020-06-28T00:33:12.954124600Z
-.1484:     FileAttributes:  0x20
-.1484:     Size:            0x1a6d60
-.1484:     NT Headers:      0xe0
-.1484:     Timestamp:       0x4ce7c8f9
-.1484:     Machine:         0x8664 - amd64
-.1484:     Timestamp:       0x4ce7c8f9
-.1484:     Image Version:   6.1
-.1484:     SizeOfImage:     0x1a9000 (1740800)
-.1484:     Resource Dir:    0x151000 LB 0x560d8
-.1484:     [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
-.1484:     [Raw version resource data: 0x1510f0 LB 0x380, codepage 0x0 (reserved 0x0)]
-.1484:     ProductName:     Microsoft® Windows® Operating System
-.1484:     ProductVersion:  6.1.7601.17514
-.1484:     FileVersion:     6.1.7601.17514 (win7sp1_rtm.101119-1850)
-.1484:     FileDescription: NT Layer DLL
-.1484: \SystemRoot\System32\kernel32.dll:
-.1484:     CreationTime:    2020-06-29T07:05:55.386627700Z
-.1484:     LastWriteTime:   2011-05-14T07:20:00.106000000Z
-.1484:     ChangeTime:      2020-06-29T07:06:45.519519800Z
-.1484:     FileAttributes:  0x20
-.1484:     Size:            0x11be00
-.1484:     NT Headers:      0xe8
-.1484:     Timestamp:       0x4dce2b0d
-.1484:     Machine:         0x8664 - amd64
-.1484:     Timestamp:       0x4dce2b0d
-.1484:     Image Version:   6.1
-.1484:     SizeOfImage:     0x11f000 (1175552)
-.1484:     Resource Dir:    0x116000 LB 0x528
-.1484:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
-.1484:     [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
-.1484:     ProductName:     Microsoft® Windows® Operating System
-.1484:     ProductVersion:  6.1.7601.17617
-.1484:     FileVersion:     6.1.7601.17617 (win7sp1_gdr.110513-1659)
-.1484:     FileDescription: Windows NT BASE API Client DLL
-.1484: \SystemRoot\System32\KernelBase.dll:
-.1484:     CreationTime:    2020-06-29T07:05:55.916628400Z
-.1484:     LastWriteTime:   2011-05-14T07:20:00.247000000Z
-.1484:     ChangeTime:      2020-06-29T07:06:45.519519800Z
-.1484:     FileAttributes:  0x20
-.1484:     Size:            0x67000
-.1484:     NT Headers:      0xe8
-.1484:     Timestamp:       0x4dce2b0e
-.1484:     Machine:         0x8664 - amd64
-.1484:     Timestamp:       0x4dce2b0e
-.1484:     Image Version:   6.1
-.1484:     SizeOfImage:     0x6c000 (442368)
-.1484:     Resource Dir:    0x6a000 LB 0x530
-.1484:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
-.1484:     [Raw version resource data: 0x6a0b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
-.1484:     ProductName:     Microsoft® Windows® Operating System
-.1484:     ProductVersion:  6.1.7601.17617
-.1484:     FileVersion:     6.1.7601.17617 (win7sp1_gdr.110513-1659)
-.1484:     FileDescription: Windows NT BASE API Client DLL
-.1484: \SystemRoot\System32\apisetschema.dll:
-.1484:     CreationTime:    2020-06-29T08:41:18.865836100Z
-.1484:     LastWriteTime:   2015-02-03T03:28:14.008000000Z
-.1484:     ChangeTime:      2020-06-29T10:26:19.937919000Z
-.1484:     FileAttributes:  0x20
-.1484:     Size:            0x1a00
-.1484:     NT Headers:      0xc0
-.1484:     Timestamp:       0x54d04096
-.1484:     Machine:         0x8664 - amd64
-.1484:     Timestamp:       0x54d04096
-.1484:     Image Version:   6.1
-.1484:     SizeOfImage:     0x50000 (327680)
-.1484:     Resource Dir:    0x30000 LB 0x3f8
-.1484:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
-.1484:     [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
-.1484:     ProductName:     Microsoft® Windows® Operating System
-.1484:     ProductVersion:  6.1.7601.18741
-.1484:     FileVersion:     6.1.7601.18741 (win7sp1_gdr.150202-1526)
-.1484:     FileDescription: ApiSet Schema DLL
-.1484: Found driver aswVmm (0x4)
-.1484: Found driver aswStm (0x4)
-.1484: Found driver aswRvrt (0x4)
-.1484: supR3HardenedWinFindAdversaries: 0x4
-.1484: \SystemRoot\System32\drivers\aswMonFlt.sys:
-.1484:     CreationTime:    2020-06-29T04:41:37.759322500Z
-.1484:     LastWriteTime:   2020-06-29T04:41:30.295934900Z
-.1484:     ChangeTime:      2020-06-29T04:41:39.409850500Z
-.1484:     FileAttributes:  0x20
-.1484:     Size:            0x2ac68
-.1484:     NT Headers:      0xf0
-.1484:     Timestamp:       0x5ed4b2b6
-.1484:     Machine:         0x8664 - amd64
-.1484:     Timestamp:       0x5ed4b2b6
-.1484:     Image Version:   10.0
-.1484:     SizeOfImage:     0x33000 (208896)
-.1484:     Resource Dir:    0x31000 LB 0x398
-.1484:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
-.1484:     [Raw version resource data: 0x31060 LB 0x338, codepage 0x0 (reserved 0x0)]
-.1484:     ProductName:     Avast Antivirus
-.1484:     ProductVersion:  20.4.83.0
-.1484:     FileVersion:     20.4.83.0
-.1484:     FileDescription: Avast File System Filter
-.1484: \SystemRoot\System32\drivers\aswRdr2.sys:
-.1484:     CreationTime:    2020-06-29T04:41:37.719309700Z
-.1484:     LastWriteTime:   2020-06-29T04:41:30.235915700Z
-.1484:     ChangeTime:      2020-06-29T04:41:39.409850500Z
-.1484:     FileAttributes:  0x20
-.1484:     Size:            0x1aae0
-.1484:     NT Headers:      0xf0
-.1484:     Timestamp:       0x5ed4b2b6
-.1484:     Machine:         0x8664 - amd64
-.1484:     Timestamp:       0x5ed4b2b6
-.1484:     Image Version:   10.0
-.1484:     SizeOfImage:     0x1a000 (106496)
-.1484:     Resource Dir:    0x18000 LB 0x380
-.1484:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
-.1484:     [Raw version resource data: 0x18060 LB 0x31c, codepage 0x0 (reserved 0x0)]
-.1484:     ProductName:     Avast Antivirus
-.1484:     ProductVersion:  20.4.83.0
-.1484:     FileVersion:     20.4.83.0
-.1484:     FileDescription: Avast Antivirus
-.1484: \SystemRoot\System32\drivers\aswRvrt.sys:
-.1484:     CreationTime:    2020-06-29T04:41:37.789332100Z
-.1484:     LastWriteTime:   2020-06-29T04:41:30.345950900Z
-.1484:     ChangeTime:      2020-06-29T04:41:39.409850500Z
-.1484:     FileAttributes:  0x20
-.1484:     Size:            0x14b78
-.1484:     NT Headers:      0xe8
-.1484:     Timestamp:       0x5ed4b2b6
-.1484:     Machine:         0x8664 - amd64
-.1484:     Timestamp:       0x5ed4b2b6
-.1484:     Image Version:   10.0
-.1484:     SizeOfImage:     0x13000 (77824)
-.1484:     Resource Dir:    0x11000 LB 0x378
-.1484:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
-.1484:     [Raw version resource data: 0x11060 LB 0x318, codepage 0x0 (reserved 0x0)]
-.1484:     ProductName:     Avast Antivirus
-.1484:     ProductVersion:  20.4.83.0
-.1484:     FileVersion:     20.4.83.0
-.1484:     FileDescription: Avast Revert
-.1484: \SystemRoot\System32\drivers\aswSnx.sys:
-.1484:     CreationTime:    2020-06-29T04:41:37.549255300Z
-.1484:     LastWriteTime:   2020-06-29T04:41:12.943378500Z
-.1484:     ChangeTime:      2020-06-29T04:41:39.409850500Z
-.1484:     FileAttributes:  0x20
-.1484:     Size:            0xcfe98
-.1484:     NT Headers:      0x100
-.1484:     Timestamp:       0x5ed4b2ba
-.1484:     Machine:         0x8664 - amd64
-.1484:     Timestamp:       0x5ed4b2ba
-.1484:     Image Version:   10.0
-.1484:     SizeOfImage:     0xcd000 (839680)
-.1484:     Resource Dir:    0xca000 LB 0x380
-.1484:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
-.1484:     [Raw version resource data: 0xca060 LB 0x31c, codepage 0x0 (reserved 0x0)]
-.1484:     ProductName:     Avast Antivirus
-.1484:     ProductVersion:  20.4.83.0
-.1484:     FileVersion:     20.4.83.0
-.1484:     FileDescription: Avast Antivirus
-.1484: \SystemRoot\System32\drivers\aswsp.sys:
-.1484:     CreationTime:    2020-06-29T04:41:37.829344900Z
-.1484:     LastWriteTime:   2020-06-29T04:42:14.991232900Z
-.1484:     ChangeTime:      2020-06-29T04:42:14.991232900Z
-.1484:     FileAttributes:  0x20
-.1484:     Size:            0x70f00
-.1484:     NT Headers:      0xe8
-.1484:     Timestamp:       0x5ee709ca
-.1484:     Machine:         0x8664 - amd64
-.1484:     Timestamp:       0x5ee709ca
-.1484:     Image Version:   10.0
-.1484:     SizeOfImage:     0x72000 (466944)
-.1484:     Resource Dir:    0x70000 LB 0x380
-.1484:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
-.1484:     [Raw version resource data: 0x70060 LB 0x320, codepage 0x0 (reserved 0x0)]
-.1484:     ProductName:     Avast Antivirus
-.1484:     ProductVersion:  20.4.90.0
-.1484:     FileVersion:     20.4.90.0
-.1484:     FileDescription: Avast Self Protection
-.1484: \SystemRoot\System32\drivers\aswStm.sys:
-.1484:     CreationTime:    2020-06-29T04:41:37.889364100Z
-.1484:     LastWriteTime:   2020-06-29T04:41:30.475992500Z
-.1484:     ChangeTime:      2020-06-29T04:41:39.409850500Z
-.1484:     FileAttributes:  0x20
-.1484:     Size:            0x34ef8
-.1484:     NT Headers:      0xf0
-.1484:     Timestamp:       0x5ed4b2b9
-.1484:     Machine:         0x8664 - amd64
-.1484:     Timestamp:       0x5ed4b2b9
-.1484:     Image Version:   10.0
-.1484:     SizeOfImage:     0x34000 (212992)
-.1484:     Resource Dir:    0x32000 LB 0x388
-.1484:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
-.1484:     [Raw version resource data: 0x32060 LB 0x324, codepage 0x0 (reserved 0x0)]
-.1484:     ProductName:     Avast Antivirus
-.1484:     ProductVersion:  20.4.83.0
-.1484:     FileVersion:     20.4.83.0
-.1484:     FileDescription: Avast Stream Filter
-.1484: \SystemRoot\System32\drivers\aswVmm.sys:
-.1484:     CreationTime:    2020-06-29T04:41:37.929376900Z
-.1484:     LastWriteTime:   2020-06-29T04:42:14.240992900Z
-.1484:     ChangeTime:      2020-06-29T04:42:14.240992900Z
-.1484:     FileAttributes:  0x20
-.1484:     Size:            0x4ead0
-.1484:     NT Headers:      0xe8
-.1484:     Timestamp:       0x5ede39a4
-.1484:     Machine:         0x8664 - amd64
-.1484:     Timestamp:       0x5ede39a4
-.1484:     Image Version:   10.0
-.1484:     SizeOfImage:     0x4c000 (311296)
-.1484:     Resource Dir:    0x4a000 LB 0x380
-.1484:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
-.1484:     [Raw version resource data: 0x4a060 LB 0x320, codepage 0x0 (reserved 0x0)]
-.1484:     ProductName:     Avast Antivirus
-.1484:     ProductVersion:  20.4.87.0
-.1484:     FileVersion:     20.4.87.0
-.1484:     FileDescription: Avast VM Monitor
-.1484: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
-.1484: Calling main()
-.1484: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
-.1484: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
-.1484: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
-.1484: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
-.1484: SUPR3HardenedMain: Final process, opening VBoxDrv...
-.1484: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000320000 LB 0x400000)
-.1484: supR3HardNtEnableThreadCreationEx:
-.1484: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
-.1484: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
-.1484: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009043b0:C:\Windows\system32 [calling]
-.1484: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
-.1484: supR3HardenedDllNotificationCallback: load   000007fee6d60000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
-.1484: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
-.1484: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
-.1484: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000904aa0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;C:\Program Files\Java\jdk1302\bin;C:\gradle-6.5\bin [calling]
-.1484: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6d60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
-.1484: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
-.1484: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000904aa0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\Driver;C:\Program Files\Java\jdk1302\bin;C:\gradle-6.5\bin [calling]
-.1484: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6d60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
-.1484: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6d60000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
-.1484: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
-.1484: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dl