VirtualBox

Ticket #15225: VBoxHardening.log

File VBoxHardening.log, 57.8 KB (added by Dzam, 9 years ago)

VBoxHardening.log

Line 
110f0.644: Log file opened: 5.0.16r105871 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
210f0.644: \SystemRoot\System32\ntdll.dll:
310f0.644: CreationTime: 2016-02-10T01:51:21.167950400Z
410f0.644: LastWriteTime: 2016-01-22T06:24:12.217581500Z
510f0.644: ChangeTime: 2016-02-14T17:13:12.062989500Z
610f0.644: FileAttributes: 0x20
710f0.644: Size: 0x1a73d8
810f0.644: NT Headers: 0xe0
910f0.644: Timestamp: 0x56a1c9c5
1010f0.644: Machine: 0x8664 - amd64
1110f0.644: Timestamp: 0x56a1c9c5
1210f0.644: Image Version: 6.1
1310f0.644: SizeOfImage: 0x1aa000 (1744896)
1410f0.644: Resource Dir: 0x14e000 LB 0x5a028
1510f0.644: ProductName: Microsoft® Windows® Operating System
1610f0.644: ProductVersion: 6.1.7601.19135
1710f0.644: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
1810f0.644: FileDescription: NT Layer DLL
1910f0.644: \SystemRoot\System32\kernel32.dll:
2010f0.644: CreationTime: 2016-02-10T01:51:19.351937500Z
2110f0.644: LastWriteTime: 2016-01-22T06:15:31.619000000Z
2210f0.644: ChangeTime: 2016-02-14T17:13:12.312590000Z
2310f0.644: FileAttributes: 0x20
2410f0.644: Size: 0x11c000
2510f0.644: NT Headers: 0xe8
2610f0.644: Timestamp: 0x56a1c9ab
2710f0.644: Machine: 0x8664 - amd64
2810f0.644: Timestamp: 0x56a1c9ab
2910f0.644: Image Version: 6.1
3010f0.644: SizeOfImage: 0x11f000 (1175552)
3110f0.644: Resource Dir: 0x116000 LB 0x528
3210f0.644: ProductName: Microsoft® Windows® Operating System
3310f0.644: ProductVersion: 6.1.7601.19135
3410f0.644: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
3510f0.644: FileDescription: Windows NT BASE API Client DLL
3610f0.644: \SystemRoot\System32\KernelBase.dll:
3710f0.644: CreationTime: 2016-02-10T01:51:20.807947700Z
3810f0.644: LastWriteTime: 2016-01-22T06:15:31.822000000Z
3910f0.644: ChangeTime: 2016-02-14T17:13:12.312590000Z
4010f0.644: FileAttributes: 0x20
4110f0.644: Size: 0x67200
4210f0.644: NT Headers: 0xe8
4310f0.644: Timestamp: 0x56a1c9ac
4410f0.644: Machine: 0x8664 - amd64
4510f0.644: Timestamp: 0x56a1c9ac
4610f0.644: Image Version: 6.1
4710f0.644: SizeOfImage: 0x6b000 (438272)
4810f0.644: Resource Dir: 0x69000 LB 0x530
4910f0.644: ProductName: Microsoft® Windows® Operating System
5010f0.644: ProductVersion: 6.1.7601.19135
5110f0.644: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
5210f0.644: FileDescription: Windows NT BASE API Client DLL
5310f0.644: \SystemRoot\System32\apisetschema.dll:
5410f0.644: CreationTime: 2016-02-10T01:51:11.224886700Z
5510f0.644: LastWriteTime: 2016-01-22T06:12:25.181000000Z
5610f0.644: ChangeTime: 2016-02-14T17:13:12.016189500Z
5710f0.644: FileAttributes: 0x20
5810f0.644: Size: 0x1a00
5910f0.644: NT Headers: 0xc0
6010f0.644: Timestamp: 0x56a1c890
6110f0.644: Machine: 0x8664 - amd64
6210f0.644: Timestamp: 0x56a1c890
6310f0.644: Image Version: 6.1
6410f0.644: SizeOfImage: 0x50000 (327680)
6510f0.644: Resource Dir: 0x30000 LB 0x3f8
6610f0.644: ProductName: Microsoft® Windows® Operating System
6710f0.644: ProductVersion: 6.1.7601.19135
6810f0.644: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
6910f0.644: FileDescription: ApiSet Schema DLL
7010f0.644: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7110f0.644: supR3HardenedWinFindAdversaries: 0x400
7210f0.644: \SystemRoot\System32\drivers\MpFilter.sys:
7310f0.644: CreationTime: 2015-11-13T07:50:26.000000000Z
7410f0.644: LastWriteTime: 2015-11-13T07:50:26.000000000Z
7510f0.644: ChangeTime: 2016-02-25T15:20:53.247049600Z
7610f0.644: FileAttributes: 0x20
7710f0.644: Size: 0x46960
7810f0.644: NT Headers: 0xe8
7910f0.644: Timestamp: 0x56330e4f
8010f0.644: Machine: 0x8664 - amd64
8110f0.644: Timestamp: 0x56330e4f
8210f0.644: Image Version: 6.3
8310f0.644: SizeOfImage: 0x44000 (278528)
8410f0.644: Resource Dir: 0x42000 LB 0xd90
8510f0.644: ProductName: Microsoft Malware Protection
8610f0.644: ProductVersion: 4.9.0210.0
8710f0.644: FileVersion: 4.9.0210.0
8810f0.644: FileDescription: Microsoft antimalware file system filter driver
8910f0.644: \SystemRoot\System32\drivers\NisDrvWFP.sys:
9010f0.644: CreationTime: 2015-03-04T16:34:52.000000000Z
9110f0.644: LastWriteTime: 2015-11-13T07:50:26.000000000Z
9210f0.644: ChangeTime: 2016-02-25T15:20:52.217447700Z
9310f0.644: FileAttributes: 0x20
9410f0.644: Size: 0x20ab8
9510f0.644: NT Headers: 0xe0
9610f0.644: Timestamp: 0x56330e8a
9710f0.644: Machine: 0x8664 - amd64
9810f0.644: Timestamp: 0x56330e8a
9910f0.644: Image Version: 6.3
10010f0.644: SizeOfImage: 0x1f000 (126976)
10110f0.644: Resource Dir: 0x1c000 LB 0x1b90
10210f0.644: ProductName: Microsoft Malware Protection
10310f0.644: ProductVersion: 4.9.0210.0
10410f0.644: FileVersion: 4.9.0210.0
10510f0.644: FileDescription: Microsoft Network Realtime Inspection Driver
10610f0.644: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
10710f0.644: Calling main()
10810f0.644: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
10910f0.644: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
11010f0.644: SUPR3HardenedMain: Respawn #1
11110f0.644: System32: \Device\HarddiskVolume4\Windows\System32
11210f0.644: WinSxS: \Device\HarddiskVolume4\Windows\winsxs
11310f0.644: KnownDllPath: C:\Windows\system32
11410f0.644: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
11510f0.644: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
11610f0.644: supR3HardNtEnableThreadCreation:
11710f0.644: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007778b170 pvNtTerminateThread=00000000777ad8e0
11810f0.644: supR3HardenedWinDoReSpawn(1): New child f48.1750 [kernel32].
11910f0.644: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd9000 cbPeb=0x380
12010f0.644: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077760000 uNtDllChildAddr=0000000077760000
12110f0.644: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007778b170
12210f0.644: supR3HardenedWinSetupChildInit: Start child.
12310f0.644: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 50 ms.
12410f0.644: supR3HardNtChildPurify: Startup delay kludge #1/0: 522 ms, 63 sleeps
12510f0.644: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
12610f0.644: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
12710f0.644: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
12810f0.644: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
12910f0.644: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
13010f0.644: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
13110f0.644: 0000000000041000-fffffffffff41fff 0x0001/0x0000 0x0000000
13210f0.644: *0000000000140000-0000000000043fff 0x0000/0x0004 0x0020000
13310f0.644: 000000000023c000-0000000000238fff 0x0104/0x0004 0x0020000
13410f0.644: 000000000023f000-000000000023dfff 0x0004/0x0004 0x0020000
13510f0.644: 0000000000240000-ffffffff88d1ffff 0x0001/0x0000 0x0000000
13610f0.644: *0000000077760000-0000000077760fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
13710f0.644: 0000000077761000-000000007785ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
13810f0.644: 0000000077860000-000000007788efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
13910f0.644: 000000007788f000-0000000077896fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14010f0.644: 0000000077897000-0000000077897fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14110f0.644: 0000000077898000-000000007789afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14210f0.644: 000000007789b000-0000000077909fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14310f0.644: 000000007790a000-0000000070233fff 0x0001/0x0000 0x0000000
14410f0.644: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
14510f0.644: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
14610f0.644: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
14710f0.644: 000000007fff0000-ffffffffc0deffff 0x0001/0x0000 0x0000000
14810f0.644: *000000013f1f0000-000000013f1f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
14910f0.644: 000000013f1f1000-000000013f277fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
15010f0.644: 000000013f278000-000000013f278fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
15110f0.644: 000000013f279000-000000013f2c3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
15210f0.644: 000000013f2c4000-000000013f2c4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
15310f0.644: 000000013f2c5000-000000013f2c5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
15410f0.644: 000000013f2c6000-000000013f2cafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
15510f0.644: 000000013f2cb000-000000013f2cbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
15610f0.644: 000000013f2cc000-000000013f2ccfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
15710f0.644: 000000013f2cd000-000000013f2d0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
15810f0.644: 000000013f2d1000-000000013f31bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
15910f0.644: 000000013f31c000-fffff8037ebb7fff 0x0001/0x0000 0x0000000
16010f0.644: *000007feffa80000-000007feffa80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\apisetschema.dll
16110f0.644: 000007feffa81000-000007fdff551fff 0x0001/0x0000 0x0000000
16210f0.644: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
16310f0.644: 000007fffffd3000-000007fffffccfff 0x0001/0x0000 0x0000000
16410f0.644: *000007fffffd9000-000007fffffd7fff 0x0004/0x0004 0x0020000
16510f0.644: 000007fffffda000-000007fffffd5fff 0x0001/0x0000 0x0000000
16610f0.644: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
16710f0.644: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
16810f0.644: apisetschema.dll: timestamp 0x56a1c890 (rc=VINF_SUCCESS)
16910f0.644: VirtualBox.exe: timestamp 0x56d9b7eb (rc=VINF_SUCCESS)
17010f0.644: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
17110f0.644: '\Device\HarddiskVolume4\Windows\System32\apisetschema.dll' has no imports
17210f0.644: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
17310f0.644: supR3HardNtChildPurify: Done after 552 ms and 0 fixes (loop #0).
174f48.1750: Log file opened: 5.0.16r105871 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
175f48.1750: supR3HardenedVmProcessInit: uNtDllAddr=0000000077760000 g_uNtVerCombined=0x611db100
176f48.1750: ntdll.dll: timestamp 0x56a1c9c5 (rc=VINF_SUCCESS)
177f48.1750: New simple heap: #1 0000000000340000 LB 0x400000 (for 1744896 allocation)
17810f0.644: supR3HardNtEnableThreadCreation:
179f48.1750: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
180f48.1750: System32: \Device\HarddiskVolume4\Windows\System32
181f48.1750: WinSxS: \Device\HarddiskVolume4\Windows\winsxs
182f48.1750: KnownDllPath: C:\Windows\system32
183f48.1750: supR3HardenedVmProcessInit: Opening vboxdrv stub...
184f48.1750: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
185f48.1750: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
186f48.1750: Registered Dll notification callback with NTDLL.
187f48.1750: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
188f48.1750: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
189f48.1750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
190f48.1750: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
19110f0.644: Error (rc=258):
19210f0.644: Timed out after 60010 ms waiting for child request #1 (CloseEvents).
19310f0.644: Error 258 in supR3HardNtChildWaitFor! (enmWhat=5)
19410f0.644: Timed out after 60010 ms waiting for child request #1 (CloseEvents).
195724.11c4: Log file opened: 5.0.16r105871 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
196724.11c4: \SystemRoot\System32\ntdll.dll:
197724.11c4: CreationTime: 2016-02-10T01:51:21.167950400Z
198724.11c4: LastWriteTime: 2016-01-22T06:24:12.217581500Z
199724.11c4: ChangeTime: 2016-02-14T17:13:12.062989500Z
200724.11c4: FileAttributes: 0x20
201724.11c4: Size: 0x1a73d8
202724.11c4: NT Headers: 0xe0
203724.11c4: Timestamp: 0x56a1c9c5
204724.11c4: Machine: 0x8664 - amd64
205724.11c4: Timestamp: 0x56a1c9c5
206724.11c4: Image Version: 6.1
207724.11c4: SizeOfImage: 0x1aa000 (1744896)
208724.11c4: Resource Dir: 0x14e000 LB 0x5a028
209724.11c4: ProductName: Microsoft® Windows® Operating System
210724.11c4: ProductVersion: 6.1.7601.19135
211724.11c4: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
212724.11c4: FileDescription: NT Layer DLL
213724.11c4: \SystemRoot\System32\kernel32.dll:
214724.11c4: CreationTime: 2016-02-10T01:51:19.351937500Z
215724.11c4: LastWriteTime: 2016-01-22T06:15:31.619000000Z
216724.11c4: ChangeTime: 2016-02-14T17:13:12.312590000Z
217724.11c4: FileAttributes: 0x20
218724.11c4: Size: 0x11c000
219724.11c4: NT Headers: 0xe8
220724.11c4: Timestamp: 0x56a1c9ab
221724.11c4: Machine: 0x8664 - amd64
222724.11c4: Timestamp: 0x56a1c9ab
223724.11c4: Image Version: 6.1
224724.11c4: SizeOfImage: 0x11f000 (1175552)
225724.11c4: Resource Dir: 0x116000 LB 0x528
226724.11c4: ProductName: Microsoft® Windows® Operating System
227724.11c4: ProductVersion: 6.1.7601.19135
228724.11c4: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
229724.11c4: FileDescription: Windows NT BASE API Client DLL
230724.11c4: \SystemRoot\System32\KernelBase.dll:
231724.11c4: CreationTime: 2016-02-10T01:51:20.807947700Z
232724.11c4: LastWriteTime: 2016-01-22T06:15:31.822000000Z
233724.11c4: ChangeTime: 2016-02-14T17:13:12.312590000Z
234724.11c4: FileAttributes: 0x20
235724.11c4: Size: 0x67200
236724.11c4: NT Headers: 0xe8
237724.11c4: Timestamp: 0x56a1c9ac
238724.11c4: Machine: 0x8664 - amd64
239724.11c4: Timestamp: 0x56a1c9ac
240724.11c4: Image Version: 6.1
241724.11c4: SizeOfImage: 0x6b000 (438272)
242724.11c4: Resource Dir: 0x69000 LB 0x530
243724.11c4: ProductName: Microsoft® Windows® Operating System
244724.11c4: ProductVersion: 6.1.7601.19135
245724.11c4: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
246724.11c4: FileDescription: Windows NT BASE API Client DLL
247724.11c4: \SystemRoot\System32\apisetschema.dll:
248724.11c4: CreationTime: 2016-02-10T01:51:11.224886700Z
249724.11c4: LastWriteTime: 2016-01-22T06:12:25.181000000Z
250724.11c4: ChangeTime: 2016-02-14T17:13:12.016189500Z
251724.11c4: FileAttributes: 0x20
252724.11c4: Size: 0x1a00
253724.11c4: NT Headers: 0xc0
254724.11c4: Timestamp: 0x56a1c890
255724.11c4: Machine: 0x8664 - amd64
256724.11c4: Timestamp: 0x56a1c890
257724.11c4: Image Version: 6.1
258724.11c4: SizeOfImage: 0x50000 (327680)
259724.11c4: Resource Dir: 0x30000 LB 0x3f8
260724.11c4: ProductName: Microsoft® Windows® Operating System
261724.11c4: ProductVersion: 6.1.7601.19135
262724.11c4: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
263724.11c4: FileDescription: ApiSet Schema DLL
264724.11c4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
265724.11c4: supR3HardenedWinFindAdversaries: 0x400
266724.11c4: \SystemRoot\System32\drivers\MpFilter.sys:
267724.11c4: CreationTime: 2015-11-13T07:50:26.000000000Z
268724.11c4: LastWriteTime: 2015-11-13T07:50:26.000000000Z
269724.11c4: ChangeTime: 2016-02-25T15:20:53.247049600Z
270724.11c4: FileAttributes: 0x20
271724.11c4: Size: 0x46960
272724.11c4: NT Headers: 0xe8
273724.11c4: Timestamp: 0x56330e4f
274724.11c4: Machine: 0x8664 - amd64
275724.11c4: Timestamp: 0x56330e4f
276724.11c4: Image Version: 6.3
277724.11c4: SizeOfImage: 0x44000 (278528)
278724.11c4: Resource Dir: 0x42000 LB 0xd90
279724.11c4: ProductName: Microsoft Malware Protection
280724.11c4: ProductVersion: 4.9.0210.0
281724.11c4: FileVersion: 4.9.0210.0
282724.11c4: FileDescription: Microsoft antimalware file system filter driver
283724.11c4: \SystemRoot\System32\drivers\NisDrvWFP.sys:
284724.11c4: CreationTime: 2015-03-04T16:34:52.000000000Z
285724.11c4: LastWriteTime: 2015-11-13T07:50:26.000000000Z
286724.11c4: ChangeTime: 2016-02-25T15:20:52.217447700Z
287724.11c4: FileAttributes: 0x20
288724.11c4: Size: 0x20ab8
289724.11c4: NT Headers: 0xe0
290724.11c4: Timestamp: 0x56330e8a
291724.11c4: Machine: 0x8664 - amd64
292724.11c4: Timestamp: 0x56330e8a
293724.11c4: Image Version: 6.3
294724.11c4: SizeOfImage: 0x1f000 (126976)
295724.11c4: Resource Dir: 0x1c000 LB 0x1b90
296724.11c4: ProductName: Microsoft Malware Protection
297724.11c4: ProductVersion: 4.9.0210.0
298724.11c4: FileVersion: 4.9.0210.0
299724.11c4: FileDescription: Microsoft Network Realtime Inspection Driver
300724.11c4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
301724.11c4: Calling main()
302724.11c4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
303724.11c4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
304724.11c4: SUPR3HardenedMain: Respawn #1
305724.11c4: System32: \Device\HarddiskVolume4\Windows\System32
306724.11c4: WinSxS: \Device\HarddiskVolume4\Windows\winsxs
307724.11c4: KnownDllPath: C:\Windows\system32
308724.11c4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
309724.11c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
310724.11c4: supR3HardNtEnableThreadCreation:
311724.11c4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007778b170 pvNtTerminateThread=00000000777ad8e0
312724.11c4: supR3HardenedWinDoReSpawn(1): New child 14d8.1a04 [kernel32].
313724.11c4: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
314724.11c4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077760000 uNtDllChildAddr=0000000077760000
315724.11c4: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007778b170
316724.11c4: supR3HardenedWinSetupChildInit: Start child.
317724.11c4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 2 ms.
318724.11c4: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 59 sleeps
319724.11c4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
320724.11c4: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
321724.11c4: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
322724.11c4: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
323724.11c4: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
324724.11c4: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
325724.11c4: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000
326724.11c4: *0000000000050000-fffffffffff53fff 0x0000/0x0004 0x0020000
327724.11c4: 000000000014c000-0000000000148fff 0x0104/0x0004 0x0020000
328724.11c4: 000000000014f000-000000000014dfff 0x0004/0x0004 0x0020000
329724.11c4: 0000000000150000-ffffffff88b3ffff 0x0001/0x0000 0x0000000
330724.11c4: *0000000077760000-0000000077760fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
331724.11c4: 0000000077761000-000000007785ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
332724.11c4: 0000000077860000-000000007788efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
333724.11c4: 000000007788f000-0000000077896fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
334724.11c4: 0000000077897000-0000000077897fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
335724.11c4: 0000000077898000-000000007789afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
336724.11c4: 000000007789b000-0000000077909fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
337724.11c4: 000000007790a000-0000000070233fff 0x0001/0x0000 0x0000000
338724.11c4: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
339724.11c4: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
340724.11c4: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
341724.11c4: 000000007fff0000-ffffffffc0deffff 0x0001/0x0000 0x0000000
342724.11c4: *000000013f1f0000-000000013f1f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
343724.11c4: 000000013f1f1000-000000013f277fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
344724.11c4: 000000013f278000-000000013f278fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
345724.11c4: 000000013f279000-000000013f2c3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
346724.11c4: 000000013f2c4000-000000013f2c4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
347724.11c4: 000000013f2c5000-000000013f2c5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
348724.11c4: 000000013f2c6000-000000013f2cafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
349724.11c4: 000000013f2cb000-000000013f2cbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
350724.11c4: 000000013f2cc000-000000013f2ccfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
351724.11c4: 000000013f2cd000-000000013f2d0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
352724.11c4: 000000013f2d1000-000000013f31bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
353724.11c4: 000000013f31c000-fffff8037ebb7fff 0x0001/0x0000 0x0000000
354724.11c4: *000007feffa80000-000007feffa80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\apisetschema.dll
355724.11c4: 000007feffa81000-000007fdff551fff 0x0001/0x0000 0x0000000
356724.11c4: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
357724.11c4: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
358724.11c4: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000
359724.11c4: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000
360724.11c4: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
361724.11c4: apisetschema.dll: timestamp 0x56a1c890 (rc=VINF_SUCCESS)
362724.11c4: VirtualBox.exe: timestamp 0x56d9b7eb (rc=VINF_SUCCESS)
363724.11c4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
364724.11c4: '\Device\HarddiskVolume4\Windows\System32\apisetschema.dll' has no imports
365724.11c4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
366724.11c4: supR3HardNtChildPurify: Done after 550 ms and 0 fixes (loop #0).
36714d8.1a04: Log file opened: 5.0.16r105871 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
36814d8.1a04: supR3HardenedVmProcessInit: uNtDllAddr=0000000077760000 g_uNtVerCombined=0x611db100
36914d8.1a04: ntdll.dll: timestamp 0x56a1c9c5 (rc=VINF_SUCCESS)
37014d8.1a04: New simple heap: #1 0000000000250000 LB 0x400000 (for 1744896 allocation)
371724.11c4: supR3HardNtEnableThreadCreation:
37214d8.1a04: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
37314d8.1a04: System32: \Device\HarddiskVolume4\Windows\System32
37414d8.1a04: WinSxS: \Device\HarddiskVolume4\Windows\winsxs
37514d8.1a04: KnownDllPath: C:\Windows\system32
37614d8.1a04: supR3HardenedVmProcessInit: Opening vboxdrv stub...
37714d8.1a04: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
37814d8.1a04: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
37914d8.1a04: Registered Dll notification callback with NTDLL.
38014d8.1a04: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
38114d8.1a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
38214d8.1a04: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
38314d8.1a04: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
384724.11c4: Error (rc=258):
385724.11c4: Timed out after 60001 ms waiting for child request #1 (CloseEvents).
386724.11c4: Error 258 in supR3HardNtChildWaitFor! (enmWhat=5)
387724.11c4: Timed out after 60001 ms waiting for child request #1 (CloseEvents).
388410.1820: Log file opened: 5.0.16r105871 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
389410.1820: \SystemRoot\System32\ntdll.dll:
390410.1820: CreationTime: 2016-02-10T01:51:21.167950400Z
391410.1820: LastWriteTime: 2016-01-22T06:24:12.217581500Z
392410.1820: ChangeTime: 2016-02-14T17:13:12.062989500Z
393410.1820: FileAttributes: 0x20
394410.1820: Size: 0x1a73d8
395410.1820: NT Headers: 0xe0
396410.1820: Timestamp: 0x56a1c9c5
397410.1820: Machine: 0x8664 - amd64
398410.1820: Timestamp: 0x56a1c9c5
399410.1820: Image Version: 6.1
400410.1820: SizeOfImage: 0x1aa000 (1744896)
401410.1820: Resource Dir: 0x14e000 LB 0x5a028
402410.1820: ProductName: Microsoft® Windows® Operating System
403410.1820: ProductVersion: 6.1.7601.19135
404410.1820: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
405410.1820: FileDescription: NT Layer DLL
406410.1820: \SystemRoot\System32\kernel32.dll:
407410.1820: CreationTime: 2016-02-10T01:51:19.351937500Z
408410.1820: LastWriteTime: 2016-01-22T06:15:31.619000000Z
409410.1820: ChangeTime: 2016-02-14T17:13:12.312590000Z
410410.1820: FileAttributes: 0x20
411410.1820: Size: 0x11c000
412410.1820: NT Headers: 0xe8
413410.1820: Timestamp: 0x56a1c9ab
414410.1820: Machine: 0x8664 - amd64
415410.1820: Timestamp: 0x56a1c9ab
416410.1820: Image Version: 6.1
417410.1820: SizeOfImage: 0x11f000 (1175552)
418410.1820: Resource Dir: 0x116000 LB 0x528
419410.1820: ProductName: Microsoft® Windows® Operating System
420410.1820: ProductVersion: 6.1.7601.19135
421410.1820: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
422410.1820: FileDescription: Windows NT BASE API Client DLL
423410.1820: \SystemRoot\System32\KernelBase.dll:
424410.1820: CreationTime: 2016-02-10T01:51:20.807947700Z
425410.1820: LastWriteTime: 2016-01-22T06:15:31.822000000Z
426410.1820: ChangeTime: 2016-02-14T17:13:12.312590000Z
427410.1820: FileAttributes: 0x20
428410.1820: Size: 0x67200
429410.1820: NT Headers: 0xe8
430410.1820: Timestamp: 0x56a1c9ac
431410.1820: Machine: 0x8664 - amd64
432410.1820: Timestamp: 0x56a1c9ac
433410.1820: Image Version: 6.1
434410.1820: SizeOfImage: 0x6b000 (438272)
435410.1820: Resource Dir: 0x69000 LB 0x530
436410.1820: ProductName: Microsoft® Windows® Operating System
437410.1820: ProductVersion: 6.1.7601.19135
438410.1820: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
439410.1820: FileDescription: Windows NT BASE API Client DLL
440410.1820: \SystemRoot\System32\apisetschema.dll:
441410.1820: CreationTime: 2016-02-10T01:51:11.224886700Z
442410.1820: LastWriteTime: 2016-01-22T06:12:25.181000000Z
443410.1820: ChangeTime: 2016-02-14T17:13:12.016189500Z
444410.1820: FileAttributes: 0x20
445410.1820: Size: 0x1a00
446410.1820: NT Headers: 0xc0
447410.1820: Timestamp: 0x56a1c890
448410.1820: Machine: 0x8664 - amd64
449410.1820: Timestamp: 0x56a1c890
450410.1820: Image Version: 6.1
451410.1820: SizeOfImage: 0x50000 (327680)
452410.1820: Resource Dir: 0x30000 LB 0x3f8
453410.1820: ProductName: Microsoft® Windows® Operating System
454410.1820: ProductVersion: 6.1.7601.19135
455410.1820: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
456410.1820: FileDescription: ApiSet Schema DLL
457410.1820: NtOpenDirectoryObject failed on \Driver: 0xc0000022
458410.1820: supR3HardenedWinFindAdversaries: 0x400
459410.1820: \SystemRoot\System32\drivers\MpFilter.sys:
460410.1820: CreationTime: 2015-11-13T07:50:26.000000000Z
461410.1820: LastWriteTime: 2015-11-13T07:50:26.000000000Z
462410.1820: ChangeTime: 2016-02-25T15:20:53.247049600Z
463410.1820: FileAttributes: 0x20
464410.1820: Size: 0x46960
465410.1820: NT Headers: 0xe8
466410.1820: Timestamp: 0x56330e4f
467410.1820: Machine: 0x8664 - amd64
468410.1820: Timestamp: 0x56330e4f
469410.1820: Image Version: 6.3
470410.1820: SizeOfImage: 0x44000 (278528)
471410.1820: Resource Dir: 0x42000 LB 0xd90
472410.1820: ProductName: Microsoft Malware Protection
473410.1820: ProductVersion: 4.9.0210.0
474410.1820: FileVersion: 4.9.0210.0
475410.1820: FileDescription: Microsoft antimalware file system filter driver
476410.1820: \SystemRoot\System32\drivers\NisDrvWFP.sys:
477410.1820: CreationTime: 2015-03-04T16:34:52.000000000Z
478410.1820: LastWriteTime: 2015-11-13T07:50:26.000000000Z
479410.1820: ChangeTime: 2016-02-25T15:20:52.217447700Z
480410.1820: FileAttributes: 0x20
481410.1820: Size: 0x20ab8
482410.1820: NT Headers: 0xe0
483410.1820: Timestamp: 0x56330e8a
484410.1820: Machine: 0x8664 - amd64
485410.1820: Timestamp: 0x56330e8a
486410.1820: Image Version: 6.3
487410.1820: SizeOfImage: 0x1f000 (126976)
488410.1820: Resource Dir: 0x1c000 LB 0x1b90
489410.1820: ProductName: Microsoft Malware Protection
490410.1820: ProductVersion: 4.9.0210.0
491410.1820: FileVersion: 4.9.0210.0
492410.1820: FileDescription: Microsoft Network Realtime Inspection Driver
493410.1820: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
494410.1820: Calling main()
495410.1820: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x3
496410.1820: supR3HardenedWinInitAppBin(0x3): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
497410.1820: System32: \Device\HarddiskVolume4\Windows\System32
498410.1820: WinSxS: \Device\HarddiskVolume4\Windows\winsxs
499410.1820: KnownDllPath: C:\Windows\system32
500410.1820: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
501410.1820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
502410.1820: supR3HardNtEnableThreadCreation:
503410.1820: bcrypt.dll loaded at 000007fefce10000, BCryptOpenAlgorithmProvider at 000007fefce12640, preloading providers:
504410.1820: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000003337e0)
505410.1820: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000333d50)
506410.1820: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000333e70)
507410.1820: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000334130)
508410.1820: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000333f90)
509410.1820: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000334a50)
510410.1820: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000334c90)
511410.1820: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000334db0)
512410.1820: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
513410.1820: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000031fd8d0
514410.1820: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031fd8d0
515410.1820: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=881FA305C5390C7D979151AFB211130389B9E066
516410.1820: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_88_for_KB3126587~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\SystemRoot\System32\ntdll.dll'
517410.1820: g_pfnWinVerifyTrust=000007fefd671010
518410.1820: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000430 pwszName=\Device\HarddiskVolume4\Windows\System32\crypt32.dll
519410.1820: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031fd8d0
520410.1820: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031fd8d0
521410.1820: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BFD41401EDEBD4D914977D62B588ECABEE60CFD3
522410.1820: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
523410.1820: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
524410.1820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
525410.1820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
526410.1820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll) WinVerifyTrust
527410.1820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
528410.1820: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000450 pwszName=\Device\HarddiskVolume4\Windows\System32\wintrust.dll
529410.1820: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031fd8d0
530410.1820: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031fd8d0
531410.1820: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E1BBE4EB6D114F50142F24E2E2749EFD81021486
532410.1820: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
533410.1820: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
534410.1820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
535410.1820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
536410.1820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
537410.1820: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
538410.1820: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll) WinVerifyTrust
539410.1820: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
540410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
541410.1820: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=US, O=Thawte, Inc., CN=Thawte SGC CA - G2
542410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
543410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
544410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
545410.1820: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=US, O=Thawte, Inc., CN=Thawte Code Signing CA - G2
546410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
547410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
548410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
549410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
550410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
551410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
552410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x91e3728b8b40d000 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority
553410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
554410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
555410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
556410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
557410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
558410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
559410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
560410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x6e864c7a8071ba00 C=ES, O=FNMT-RCM, OU=AC RAIZ FNMT-RCM
561410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
562410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x20a3c30cad008000 C=ES, O=DIRECCION GENERAL DE LA POLICIA, OU=DNIE, CN=AC RAIZ DNIE
563410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
564410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
565410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
566410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
567410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
568410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
569410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
570410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
571410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
572410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
573410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x802b3770cb00af00 C=EU, L=Madrid (see current address at www.camerfirma.com/address)
574410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
575410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
576410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
577410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
578410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
579410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
580410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
581410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
582410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
583410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
584410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
585410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
586410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
587410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x20b7075b3689b600 C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2
588410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x4297e24fc722b300 C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), OU=Serveis Publics de Certificacio, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Jerarquia Entitats de Certificacio Catalanes, CN=EC-ACC
589410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
590410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
591410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
592410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
593410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
594410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
595410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
596410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
597410.1820: supR3HardenedWinIsDesiredRootCA: Adding 0xf03913fae404bc00 C=KR, O=KISA, OU=Korea Certification Authority Central, CN=KISA RootCA 1
598410.1820: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=56
599410.1820: SUPR3HardenedMain: Load Runtime...
600410.1820: SUPR3HardenedMain: Load TrustedMain...
601410.1820: SUPR3HardenedMain: Calling TrustedMain (000007fed9dc10f0)...
60211d8.14e8: Log file opened: 5.0.16r105871 g_hStartupLog=0000000000000020 g_uNtVerCombined=0x611db110
60311d8.14e8: \SystemRoot\System32\ntdll.dll:
60411d8.14e8: CreationTime: 2016-02-10T01:51:21.167950400Z
60511d8.14e8: LastWriteTime: 2016-01-22T06:24:12.217581500Z
60611d8.14e8: ChangeTime: 2016-02-14T17:13:12.062989500Z
60711d8.14e8: FileAttributes: 0x20
60811d8.14e8: Size: 0x1a73d8
60911d8.14e8: NT Headers: 0xe0
61011d8.14e8: Timestamp: 0x56a1c9c5
61111d8.14e8: Machine: 0x8664 - amd64
61211d8.14e8: Timestamp: 0x56a1c9c5
61311d8.14e8: Image Version: 6.1
61411d8.14e8: SizeOfImage: 0x1aa000 (1744896)
61511d8.14e8: Resource Dir: 0x14e000 LB 0x5a028
61611d8.14e8: ProductName: Microsoft® Windows® Operating System
61711d8.14e8: ProductVersion: 6.1.7601.19135
61811d8.14e8: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
61911d8.14e8: FileDescription: NT Layer DLL
62011d8.14e8: \SystemRoot\System32\kernel32.dll:
62111d8.14e8: CreationTime: 2016-02-10T01:51:19.351937500Z
62211d8.14e8: LastWriteTime: 2016-01-22T06:15:31.619000000Z
62311d8.14e8: ChangeTime: 2016-02-14T17:13:12.312590000Z
62411d8.14e8: FileAttributes: 0x20
62511d8.14e8: Size: 0x11c000
62611d8.14e8: NT Headers: 0xe8
62711d8.14e8: Timestamp: 0x56a1c9ab
62811d8.14e8: Machine: 0x8664 - amd64
62911d8.14e8: Timestamp: 0x56a1c9ab
63011d8.14e8: Image Version: 6.1
63111d8.14e8: SizeOfImage: 0x11f000 (1175552)
63211d8.14e8: Resource Dir: 0x116000 LB 0x528
63311d8.14e8: ProductName: Microsoft® Windows® Operating System
63411d8.14e8: ProductVersion: 6.1.7601.19135
63511d8.14e8: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
63611d8.14e8: FileDescription: Windows NT BASE API Client DLL
63711d8.14e8: \SystemRoot\System32\KernelBase.dll:
63811d8.14e8: CreationTime: 2016-02-10T01:51:20.807947700Z
63911d8.14e8: LastWriteTime: 2016-01-22T06:15:31.822000000Z
64011d8.14e8: ChangeTime: 2016-02-14T17:13:12.312590000Z
64111d8.14e8: FileAttributes: 0x20
64211d8.14e8: Size: 0x67200
64311d8.14e8: NT Headers: 0xe8
64411d8.14e8: Timestamp: 0x56a1c9ac
64511d8.14e8: Machine: 0x8664 - amd64
64611d8.14e8: Timestamp: 0x56a1c9ac
64711d8.14e8: Image Version: 6.1
64811d8.14e8: SizeOfImage: 0x6b000 (438272)
64911d8.14e8: Resource Dir: 0x69000 LB 0x530
65011d8.14e8: ProductName: Microsoft® Windows® Operating System
65111d8.14e8: ProductVersion: 6.1.7601.19135
65211d8.14e8: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
65311d8.14e8: FileDescription: Windows NT BASE API Client DLL
65411d8.14e8: \SystemRoot\System32\apisetschema.dll:
65511d8.14e8: CreationTime: 2016-02-10T01:51:11.224886700Z
65611d8.14e8: LastWriteTime: 2016-01-22T06:12:25.181000000Z
65711d8.14e8: ChangeTime: 2016-02-14T17:13:12.016189500Z
65811d8.14e8: FileAttributes: 0x20
65911d8.14e8: Size: 0x1a00
66011d8.14e8: NT Headers: 0xc0
66111d8.14e8: Timestamp: 0x56a1c890
66211d8.14e8: Machine: 0x8664 - amd64
66311d8.14e8: Timestamp: 0x56a1c890
66411d8.14e8: Image Version: 6.1
66511d8.14e8: SizeOfImage: 0x50000 (327680)
66611d8.14e8: Resource Dir: 0x30000 LB 0x3f8
66711d8.14e8: ProductName: Microsoft® Windows® Operating System
66811d8.14e8: ProductVersion: 6.1.7601.19135
66911d8.14e8: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
67011d8.14e8: FileDescription: ApiSet Schema DLL
67111d8.14e8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
67211d8.14e8: supR3HardenedWinFindAdversaries: 0x400
67311d8.14e8: \SystemRoot\System32\drivers\MpFilter.sys:
67411d8.14e8: CreationTime: 2015-11-13T07:50:26.000000000Z
67511d8.14e8: LastWriteTime: 2015-11-13T07:50:26.000000000Z
67611d8.14e8: ChangeTime: 2016-02-25T15:20:53.247049600Z
67711d8.14e8: FileAttributes: 0x20
67811d8.14e8: Size: 0x46960
67911d8.14e8: NT Headers: 0xe8
68011d8.14e8: Timestamp: 0x56330e4f
68111d8.14e8: Machine: 0x8664 - amd64
68211d8.14e8: Timestamp: 0x56330e4f
68311d8.14e8: Image Version: 6.3
68411d8.14e8: SizeOfImage: 0x44000 (278528)
68511d8.14e8: Resource Dir: 0x42000 LB 0xd90
68611d8.14e8: ProductName: Microsoft Malware Protection
68711d8.14e8: ProductVersion: 4.9.0210.0
68811d8.14e8: FileVersion: 4.9.0210.0
68911d8.14e8: FileDescription: Microsoft antimalware file system filter driver
69011d8.14e8: \SystemRoot\System32\drivers\NisDrvWFP.sys:
69111d8.14e8: CreationTime: 2015-03-04T16:34:52.000000000Z
69211d8.14e8: LastWriteTime: 2015-11-13T07:50:26.000000000Z
69311d8.14e8: ChangeTime: 2016-02-25T15:20:52.217447700Z
69411d8.14e8: FileAttributes: 0x20
69511d8.14e8: Size: 0x20ab8
69611d8.14e8: NT Headers: 0xe0
69711d8.14e8: Timestamp: 0x56330e8a
69811d8.14e8: Machine: 0x8664 - amd64
69911d8.14e8: Timestamp: 0x56330e8a
70011d8.14e8: Image Version: 6.3
70111d8.14e8: SizeOfImage: 0x1f000 (126976)
70211d8.14e8: Resource Dir: 0x1c000 LB 0x1b90
70311d8.14e8: ProductName: Microsoft Malware Protection
70411d8.14e8: ProductVersion: 4.9.0210.0
70511d8.14e8: FileVersion: 4.9.0210.0
70611d8.14e8: FileDescription: Microsoft Network Realtime Inspection Driver
70711d8.14e8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
70811d8.14e8: Calling main()
70911d8.14e8: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
71011d8.14e8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
71111d8.14e8: SUPR3HardenedMain: Respawn #1
71211d8.14e8: System32: \Device\HarddiskVolume4\Windows\System32
71311d8.14e8: WinSxS: \Device\HarddiskVolume4\Windows\winsxs
71411d8.14e8: KnownDllPath: C:\Windows\system32
71511d8.14e8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
71611d8.14e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
71711d8.14e8: supR3HardNtEnableThreadCreation:
71811d8.14e8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007778b170 pvNtTerminateThread=00000000777ad8e0
71911d8.14e8: supR3HardenedWinDoReSpawn(1): New child dd0.1804 [kernel32].
72011d8.14e8: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
72111d8.14e8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077760000 uNtDllChildAddr=0000000077760000
72211d8.14e8: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007778b170
72311d8.14e8: supR3HardenedWinSetupChildInit: Start child.
72411d8.14e8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
72511d8.14e8: supR3HardNtChildPurify: Startup delay kludge #1/0: 522 ms, 52 sleeps
72611d8.14e8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
72711d8.14e8: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
72811d8.14e8: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
72911d8.14e8: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
73011d8.14e8: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
73111d8.14e8: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
73211d8.14e8: 0000000000041000-ffffffffffe81fff 0x0001/0x0000 0x0000000
73311d8.14e8: *0000000000200000-0000000000103fff 0x0000/0x0004 0x0020000
73411d8.14e8: 00000000002fc000-00000000002f8fff 0x0104/0x0004 0x0020000
73511d8.14e8: 00000000002ff000-00000000002fdfff 0x0004/0x0004 0x0020000
73611d8.14e8: 0000000000300000-ffffffff88e9ffff 0x0001/0x0000 0x0000000
73711d8.14e8: *0000000077760000-0000000077760fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
73811d8.14e8: 0000000077761000-000000007785ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
73911d8.14e8: 0000000077860000-000000007788efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
74011d8.14e8: 000000007788f000-0000000077896fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
74111d8.14e8: 0000000077897000-0000000077897fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
74211d8.14e8: 0000000077898000-000000007789afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
74311d8.14e8: 000000007789b000-0000000077909fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
74411d8.14e8: 000000007790a000-0000000070233fff 0x0001/0x0000 0x0000000
74511d8.14e8: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
74611d8.14e8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
74711d8.14e8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
74811d8.14e8: 000000007fff0000-ffffffffc09cffff 0x0001/0x0000 0x0000000
74911d8.14e8: *000000013f610000-000000013f610fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
75011d8.14e8: 000000013f611000-000000013f697fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
75111d8.14e8: 000000013f698000-000000013f698fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
75211d8.14e8: 000000013f699000-000000013f6e3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
75311d8.14e8: 000000013f6e4000-000000013f6e4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
75411d8.14e8: 000000013f6e5000-000000013f6e5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
75511d8.14e8: 000000013f6e6000-000000013f6eafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
75611d8.14e8: 000000013f6eb000-000000013f6ebfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
75711d8.14e8: 000000013f6ec000-000000013f6ecfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
75811d8.14e8: 000000013f6ed000-000000013f6f0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
75911d8.14e8: 000000013f6f1000-000000013f73bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
76011d8.14e8: 000000013f73c000-fffff8037f3f7fff 0x0001/0x0000 0x0000000
76111d8.14e8: *000007feffa80000-000007feffa80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\apisetschema.dll
76211d8.14e8: 000007feffa81000-000007fdff551fff 0x0001/0x0000 0x0000000
76311d8.14e8: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
76411d8.14e8: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
76511d8.14e8: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000
76611d8.14e8: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000
76711d8.14e8: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
76811d8.14e8: apisetschema.dll: timestamp 0x56a1c890 (rc=VINF_SUCCESS)
76911d8.14e8: VBoxHeadless.exe: timestamp 0x56d9b7eb (rc=VINF_SUCCESS)
77011d8.14e8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
77111d8.14e8: '\Device\HarddiskVolume4\Windows\System32\apisetschema.dll' has no imports
77211d8.14e8: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
77311d8.14e8: supR3HardNtChildPurify: Done after 552 ms and 0 fixes (loop #0).
774dd0.1804: Log file opened: 5.0.16r105871 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
775dd0.1804: supR3HardenedVmProcessInit: uNtDllAddr=0000000077760000 g_uNtVerCombined=0x611db100
776dd0.1804: ntdll.dll: timestamp 0x56a1c9c5 (rc=VINF_SUCCESS)
777dd0.1804: New simple heap: #1 0000000000300000 LB 0x400000 (for 1744896 allocation)
77811d8.14e8: supR3HardNtEnableThreadCreation:
779dd0.1804: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
780dd0.1804: System32: \Device\HarddiskVolume4\Windows\System32
781dd0.1804: WinSxS: \Device\HarddiskVolume4\Windows\winsxs
782dd0.1804: KnownDllPath: C:\Windows\system32
783dd0.1804: supR3HardenedVmProcessInit: Opening vboxdrv stub...
784dd0.1804: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
785dd0.1804: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
786dd0.1804: Registered Dll notification callback with NTDLL.
787dd0.1804: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
788dd0.1804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
789dd0.1804: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
790dd0.1804: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
79111d8.14e8: Error (rc=258):
79211d8.14e8: Timed out after 60001 ms waiting for child request #1 (CloseEvents).
79311d8.14e8: Error 258 in supR3HardNtChildWaitFor! (enmWhat=5)
79411d8.14e8: Timed out after 60001 ms waiting for child request #1 (CloseEvents).
795410.1820: Terminating the normal way: rcExit=0

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy