VirtualBox

Ticket #16821: VBoxHardening.log

File VBoxHardening.log, 35.9 KB (added by jdoe3618, 7 years ago)

Log file

Line 
11760.35f0: Log file opened: 5.1.22r115126 g_hStartupLog=00000000000000c0 g_uNtVerCombined=0x611db110
21760.35f0: \SystemRoot\System32\ntdll.dll:
31760.35f0: CreationTime: 2017-06-02T21:21:41.201214000Z
41760.35f0: LastWriteTime: 2017-06-02T21:21:41.217214000Z
51760.35f0: ChangeTime: 2017-06-06T12:49:21.306808700Z
61760.35f0: FileAttributes: 0x20
71760.35f0: Size: 0x1a7100
81760.35f0: NT Headers: 0xe0
91760.35f0: Timestamp: 0x590296ce
101760.35f0: Machine: 0x8664 - amd64
111760.35f0: Timestamp: 0x590296ce
121760.35f0: Image Version: 6.1
131760.35f0: SizeOfImage: 0x1aa000 (1744896)
141760.35f0: Resource Dir: 0x14e000 LB 0x5a028
151760.35f0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
161760.35f0: [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
171760.35f0: ProductName: Microsoft® Windows® Operating System
181760.35f0: ProductVersion: 6.1.7601.23796
191760.35f0: FileVersion: 6.1.7601.23796 (win7sp1_ldr.170427-1518)
201760.35f0: FileDescription: NT Layer DLL
211760.35f0: \SystemRoot\System32\kernel32.dll:
221760.35f0: CreationTime: 2017-06-02T21:21:41.299214000Z
231760.35f0: LastWriteTime: 2017-06-02T21:21:41.309214000Z
241760.35f0: ChangeTime: 2017-06-06T12:49:21.462809000Z
251760.35f0: FileAttributes: 0x20
261760.35f0: Size: 0x11c000
271760.35f0: NT Headers: 0xe0
281760.35f0: Timestamp: 0x59029713
291760.35f0: Machine: 0x8664 - amd64
301760.35f0: Timestamp: 0x59029713
311760.35f0: Image Version: 6.1
321760.35f0: SizeOfImage: 0x11f000 (1175552)
331760.35f0: Resource Dir: 0x116000 LB 0x528
341760.35f0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
351760.35f0: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
361760.35f0: ProductName: Microsoft® Windows® Operating System
371760.35f0: ProductVersion: 6.1.7601.23796
381760.35f0: FileVersion: 6.1.7601.23796 (win7sp1_ldr.170427-1518)
391760.35f0: FileDescription: Windows NT BASE API Client DLL
401760.35f0: \SystemRoot\System32\KernelBase.dll:
411760.35f0: CreationTime: 2017-06-02T21:21:41.451214000Z
421760.35f0: LastWriteTime: 2017-06-02T21:21:41.458214000Z
431760.35f0: ChangeTime: 2017-06-06T12:49:21.462809000Z
441760.35f0: FileAttributes: 0x20
451760.35f0: Size: 0x66800
461760.35f0: NT Headers: 0xe8
471760.35f0: Timestamp: 0x59029714
481760.35f0: Machine: 0x8664 - amd64
491760.35f0: Timestamp: 0x59029714
501760.35f0: Image Version: 6.1
511760.35f0: SizeOfImage: 0x6a000 (434176)
521760.35f0: Resource Dir: 0x68000 LB 0x530
531760.35f0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
541760.35f0: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
551760.35f0: ProductName: Microsoft® Windows® Operating System
561760.35f0: ProductVersion: 6.1.7601.23796
571760.35f0: FileVersion: 6.1.7601.23796 (win7sp1_ldr.170427-1518)
581760.35f0: FileDescription: Windows NT BASE API Client DLL
591760.35f0: \SystemRoot\System32\apisetschema.dll:
601760.35f0: CreationTime: 2017-06-02T21:21:41.231214000Z
611760.35f0: LastWriteTime: 2017-06-02T21:21:41.235214000Z
621760.35f0: ChangeTime: 2017-06-06T12:49:21.291208600Z
631760.35f0: FileAttributes: 0x20
641760.35f0: Size: 0x1a00
651760.35f0: NT Headers: 0xc0
661760.35f0: Timestamp: 0x590296af
671760.35f0: Machine: 0x8664 - amd64
681760.35f0: Timestamp: 0x590296af
691760.35f0: Image Version: 6.1
701760.35f0: SizeOfImage: 0x50000 (327680)
711760.35f0: Resource Dir: 0x30000 LB 0x3f8
721760.35f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
731760.35f0: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
741760.35f0: ProductName: Microsoft® Windows® Operating System
751760.35f0: ProductVersion: 6.1.7601.23796
761760.35f0: FileVersion: 6.1.7601.23796 (win7sp1_ldr.170427-1518)
771760.35f0: FileDescription: ApiSet Schema DLL
781760.35f0: supR3HardenedWinFindAdversaries: 0x0
791760.35f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
801760.35f0: Calling main()
811760.35f0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
821760.35f0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
831760.35f0: SUPR3HardenedMain: Respawn #1
841760.35f0: System32: \Device\HarddiskVolume2\Windows\System32
851760.35f0: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
861760.35f0: KnownDllPath: C:\Windows\system32
871760.35f0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
881760.35f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
891760.35f0: supR3HardNtEnableThreadCreation:
901760.35f0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076e4a360 pvNtTerminateThread=0000000076e6c260
911760.35f0: supR3HardenedWinDoReSpawn(1): New child 34ac.3550 [kernel32].
921760.35f0: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
931760.35f0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076e20000 uNtDllChildAddr=0000000076e20000
941760.35f0: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076e4a360
951760.35f0: supR3HardenedWinSetupChildInit: Start child.
961760.35f0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
971760.35f0: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps
981760.35f0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
991760.35f0: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
1001760.35f0: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
1011760.35f0: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
1021760.35f0: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
1031760.35f0: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
1041760.35f0: 0000000000041000-00000000001fffff 0x0001/0x0000 0x0000000
1051760.35f0: *0000000000200000-00000000002fbfff 0x0000/0x0004 0x0020000
1061760.35f0: 00000000002fc000-00000000002fdfff 0x0104/0x0004 0x0020000
1071760.35f0: 00000000002fe000-00000000002fffff 0x0004/0x0004 0x0020000
1081760.35f0: 0000000000300000-0000000076e1ffff 0x0001/0x0000 0x0000000
1091760.35f0: *0000000076e20000-0000000076e20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1101760.35f0: 0000000076e21000-0000000076f1dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1111760.35f0: 0000000076f1e000-0000000076f4cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1121760.35f0: 0000000076f4d000-0000000076f56fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1131760.35f0: 0000000076f57000-0000000076f57fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1141760.35f0: 0000000076f58000-0000000076f5afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1151760.35f0: 0000000076f5b000-0000000076fc9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1161760.35f0: 0000000076fca000-000000007efdffff 0x0001/0x0000 0x0000000
1171760.35f0: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
1181760.35f0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1191760.35f0: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
1201760.35f0: 000000007fff0000-000000013fdfffff 0x0001/0x0000 0x0000000
1211760.35f0: *000000013fe00000-000000013fe00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1221760.35f0: 000000013fe01000-000000013fe70fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1231760.35f0: 000000013fe71000-000000013fe71fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1241760.35f0: 000000013fe72000-000000013feb6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1251760.35f0: 000000013feb7000-000000013feb7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1261760.35f0: 000000013feb8000-000000013feb8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1271760.35f0: 000000013feb9000-000000013febdfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1281760.35f0: 000000013febe000-000000013febefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1291760.35f0: 000000013febf000-000000013febffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1301760.35f0: 000000013fec0000-000000013fec3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1311760.35f0: 000000013fec4000-000000013ff0bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1321760.35f0: 000000013ff0c000-000007feff13ffff 0x0001/0x0000 0x0000000
1331760.35f0: *000007feff140000-000007feff140fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
1341760.35f0: 000007feff141000-000007fffffaffff 0x0001/0x0000 0x0000000
1351760.35f0: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
1361760.35f0: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
1371760.35f0: *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000
1381760.35f0: *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000
1391760.35f0: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
1401760.35f0: apisetschema.dll: timestamp 0x590296af (rc=VINF_SUCCESS)
1411760.35f0: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
1421760.35f0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1431760.35f0: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
1441760.35f0: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
1451760.35f0: supR3HardNtChildPurify: Done after 285 ms and 0 fixes (loop #0).
1461760.35f0: supR3HardNtEnableThreadCreation:
14734ac.3550: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
14834ac.3550: supR3HardenedVmProcessInit: uNtDllAddr=0000000076e20000 g_uNtVerCombined=0x611db100
14934ac.3550: ntdll.dll: timestamp 0x590296ce (rc=VINF_SUCCESS)
15034ac.3550: New simple heap: #1 0000000000300000 LB 0x400000 (for 1744896 allocation)
15134ac.3550: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
15234ac.3550: System32: \Device\HarddiskVolume2\Windows\System32
15334ac.3550: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
15434ac.3550: KnownDllPath: C:\Windows\system32
15534ac.3550: supR3HardenedVmProcessInit: Opening vboxdrv stub...
15634ac.3550: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
15734ac.3550: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
15834ac.3550: Registered Dll notification callback with NTDLL.
15934ac.3550: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
16034ac.3550: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
16134ac.3550: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
16234ac.3550: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1631760.35f0: Error (rc=258):
1641760.35f0: Timed out after 60001 ms waiting for child request #1 (CloseEvents).
1651760.35f0: Error 258 in supR3HardNtChildWaitFor! (enmWhat=5)
1661760.35f0: Timed out after 60001 ms waiting for child request #1 (CloseEvents).
16731dc.1428: Log file opened: 5.1.22r115126 g_hStartupLog=00000000000000c0 g_uNtVerCombined=0x611db110
16831dc.1428: \SystemRoot\System32\ntdll.dll:
16931dc.1428: CreationTime: 2017-06-02T21:21:41.201214000Z
17031dc.1428: LastWriteTime: 2017-06-02T21:21:41.217214000Z
17131dc.1428: ChangeTime: 2017-06-06T12:49:21.306808700Z
17231dc.1428: FileAttributes: 0x20
17331dc.1428: Size: 0x1a7100
17431dc.1428: NT Headers: 0xe0
17531dc.1428: Timestamp: 0x590296ce
17631dc.1428: Machine: 0x8664 - amd64
17731dc.1428: Timestamp: 0x590296ce
17831dc.1428: Image Version: 6.1
17931dc.1428: SizeOfImage: 0x1aa000 (1744896)
18031dc.1428: Resource Dir: 0x14e000 LB 0x5a028
18131dc.1428: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
18231dc.1428: [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
18331dc.1428: ProductName: Microsoft® Windows® Operating System
18431dc.1428: ProductVersion: 6.1.7601.23796
18531dc.1428: FileVersion: 6.1.7601.23796 (win7sp1_ldr.170427-1518)
18631dc.1428: FileDescription: NT Layer DLL
18731dc.1428: \SystemRoot\System32\kernel32.dll:
18831dc.1428: CreationTime: 2017-06-02T21:21:41.299214000Z
18931dc.1428: LastWriteTime: 2017-06-02T21:21:41.309214000Z
19031dc.1428: ChangeTime: 2017-06-06T12:49:21.462809000Z
19131dc.1428: FileAttributes: 0x20
19231dc.1428: Size: 0x11c000
19331dc.1428: NT Headers: 0xe0
19431dc.1428: Timestamp: 0x59029713
19531dc.1428: Machine: 0x8664 - amd64
19631dc.1428: Timestamp: 0x59029713
19731dc.1428: Image Version: 6.1
19831dc.1428: SizeOfImage: 0x11f000 (1175552)
19931dc.1428: Resource Dir: 0x116000 LB 0x528
20031dc.1428: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
20131dc.1428: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
20231dc.1428: ProductName: Microsoft® Windows® Operating System
20331dc.1428: ProductVersion: 6.1.7601.23796
20431dc.1428: FileVersion: 6.1.7601.23796 (win7sp1_ldr.170427-1518)
20531dc.1428: FileDescription: Windows NT BASE API Client DLL
20631dc.1428: \SystemRoot\System32\KernelBase.dll:
20731dc.1428: CreationTime: 2017-06-02T21:21:41.451214000Z
20831dc.1428: LastWriteTime: 2017-06-02T21:21:41.458214000Z
20931dc.1428: ChangeTime: 2017-06-06T12:49:21.462809000Z
21031dc.1428: FileAttributes: 0x20
21131dc.1428: Size: 0x66800
21231dc.1428: NT Headers: 0xe8
21331dc.1428: Timestamp: 0x59029714
21431dc.1428: Machine: 0x8664 - amd64
21531dc.1428: Timestamp: 0x59029714
21631dc.1428: Image Version: 6.1
21731dc.1428: SizeOfImage: 0x6a000 (434176)
21831dc.1428: Resource Dir: 0x68000 LB 0x530
21931dc.1428: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
22031dc.1428: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
22131dc.1428: ProductName: Microsoft® Windows® Operating System
22231dc.1428: ProductVersion: 6.1.7601.23796
22331dc.1428: FileVersion: 6.1.7601.23796 (win7sp1_ldr.170427-1518)
22431dc.1428: FileDescription: Windows NT BASE API Client DLL
22531dc.1428: \SystemRoot\System32\apisetschema.dll:
22631dc.1428: CreationTime: 2017-06-02T21:21:41.231214000Z
22731dc.1428: LastWriteTime: 2017-06-02T21:21:41.235214000Z
22831dc.1428: ChangeTime: 2017-06-06T12:49:21.291208600Z
22931dc.1428: FileAttributes: 0x20
23031dc.1428: Size: 0x1a00
23131dc.1428: NT Headers: 0xc0
23231dc.1428: Timestamp: 0x590296af
23331dc.1428: Machine: 0x8664 - amd64
23431dc.1428: Timestamp: 0x590296af
23531dc.1428: Image Version: 6.1
23631dc.1428: SizeOfImage: 0x50000 (327680)
23731dc.1428: Resource Dir: 0x30000 LB 0x3f8
23831dc.1428: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
23931dc.1428: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
24031dc.1428: ProductName: Microsoft® Windows® Operating System
24131dc.1428: ProductVersion: 6.1.7601.23796
24231dc.1428: FileVersion: 6.1.7601.23796 (win7sp1_ldr.170427-1518)
24331dc.1428: FileDescription: ApiSet Schema DLL
24431dc.1428: supR3HardenedWinFindAdversaries: 0x0
24531dc.1428: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
24631dc.1428: Calling main()
24731dc.1428: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
24831dc.1428: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
24931dc.1428: SUPR3HardenedMain: Respawn #1
25031dc.1428: System32: \Device\HarddiskVolume2\Windows\System32
25131dc.1428: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
25231dc.1428: KnownDllPath: C:\Windows\system32
25331dc.1428: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
25431dc.1428: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
25531dc.1428: supR3HardNtEnableThreadCreation:
25631dc.1428: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076e4a360 pvNtTerminateThread=0000000076e6c260
25731dc.1428: supR3HardenedWinDoReSpawn(1): New child 2b4c.1f8c [kernel32].
25831dc.1428: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdb000 cbPeb=0x380
25931dc.1428: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076e20000 uNtDllChildAddr=0000000076e20000
26031dc.1428: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076e4a360
26131dc.1428: supR3HardenedWinSetupChildInit: Start child.
26231dc.1428: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
26331dc.1428: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps
26431dc.1428: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
26531dc.1428: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
26631dc.1428: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
26731dc.1428: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
26831dc.1428: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
26931dc.1428: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
27031dc.1428: 0000000000041000-00000000000dffff 0x0001/0x0000 0x0000000
27131dc.1428: *00000000000e0000-00000000001dbfff 0x0000/0x0004 0x0020000
27231dc.1428: 00000000001dc000-00000000001ddfff 0x0104/0x0004 0x0020000
27331dc.1428: 00000000001de000-00000000001dffff 0x0004/0x0004 0x0020000
27431dc.1428: 00000000001e0000-0000000076e1ffff 0x0001/0x0000 0x0000000
27531dc.1428: *0000000076e20000-0000000076e20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
27631dc.1428: 0000000076e21000-0000000076f1dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
27731dc.1428: 0000000076f1e000-0000000076f4cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
27831dc.1428: 0000000076f4d000-0000000076f56fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
27931dc.1428: 0000000076f57000-0000000076f57fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
28031dc.1428: 0000000076f58000-0000000076f5afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
28131dc.1428: 0000000076f5b000-0000000076fc9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
28231dc.1428: 0000000076fca000-000000007efdffff 0x0001/0x0000 0x0000000
28331dc.1428: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
28431dc.1428: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
28531dc.1428: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
28631dc.1428: 000000007fff0000-000000013fdfffff 0x0001/0x0000 0x0000000
28731dc.1428: *000000013fe00000-000000013fe00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
28831dc.1428: 000000013fe01000-000000013fe70fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
28931dc.1428: 000000013fe71000-000000013fe71fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
29031dc.1428: 000000013fe72000-000000013feb6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
29131dc.1428: 000000013feb7000-000000013feb7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
29231dc.1428: 000000013feb8000-000000013feb8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
29331dc.1428: 000000013feb9000-000000013febdfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
29431dc.1428: 000000013febe000-000000013febefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
29531dc.1428: 000000013febf000-000000013febffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
29631dc.1428: 000000013fec0000-000000013fec3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
29731dc.1428: 000000013fec4000-000000013ff0bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
29831dc.1428: 000000013ff0c000-000007feff13ffff 0x0001/0x0000 0x0000000
29931dc.1428: *000007feff140000-000007feff140fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
30031dc.1428: 000007feff141000-000007fffffaffff 0x0001/0x0000 0x0000000
30131dc.1428: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
30231dc.1428: 000007fffffd3000-000007fffffdafff 0x0001/0x0000 0x0000000
30331dc.1428: *000007fffffdb000-000007fffffdbfff 0x0004/0x0004 0x0020000
30431dc.1428: 000007fffffdc000-000007fffffddfff 0x0001/0x0000 0x0000000
30531dc.1428: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
30631dc.1428: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
30731dc.1428: apisetschema.dll: timestamp 0x590296af (rc=VINF_SUCCESS)
30831dc.1428: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
30931dc.1428: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
31031dc.1428: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
31131dc.1428: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
31231dc.1428: supR3HardNtChildPurify: Done after 284 ms and 0 fixes (loop #0).
31331dc.1428: supR3HardNtEnableThreadCreation:
3142b4c.1f8c: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
3152b4c.1f8c: supR3HardenedVmProcessInit: uNtDllAddr=0000000076e20000 g_uNtVerCombined=0x611db100
3162b4c.1f8c: ntdll.dll: timestamp 0x590296ce (rc=VINF_SUCCESS)
3172b4c.1f8c: New simple heap: #1 00000000002e0000 LB 0x400000 (for 1744896 allocation)
3182b4c.1f8c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3192b4c.1f8c: System32: \Device\HarddiskVolume2\Windows\System32
3202b4c.1f8c: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
3212b4c.1f8c: KnownDllPath: C:\Windows\system32
3222b4c.1f8c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
3232b4c.1f8c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3242b4c.1f8c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3252b4c.1f8c: Registered Dll notification callback with NTDLL.
3262b4c.1f8c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
3272b4c.1f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3282b4c.1f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
3292b4c.1f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
33031dc.1428: Error (rc=258):
33131dc.1428: Timed out after 60001 ms waiting for child request #1 (CloseEvents).
33231dc.1428: Error 258 in supR3HardNtChildWaitFor! (enmWhat=5)
33331dc.1428: Timed out after 60001 ms waiting for child request #1 (CloseEvents).
3342df8.17b8: Log file opened: 5.1.22r115126 g_hStartupLog=00000000000000c0 g_uNtVerCombined=0x611db110
3352df8.17b8: \SystemRoot\System32\ntdll.dll:
3362df8.17b8: CreationTime: 2017-06-02T21:21:41.201214000Z
3372df8.17b8: LastWriteTime: 2017-06-02T21:21:41.217214000Z
3382df8.17b8: ChangeTime: 2017-06-06T12:49:21.306808700Z
3392df8.17b8: FileAttributes: 0x20
3402df8.17b8: Size: 0x1a7100
3412df8.17b8: NT Headers: 0xe0
3422df8.17b8: Timestamp: 0x590296ce
3432df8.17b8: Machine: 0x8664 - amd64
3442df8.17b8: Timestamp: 0x590296ce
3452df8.17b8: Image Version: 6.1
3462df8.17b8: SizeOfImage: 0x1aa000 (1744896)
3472df8.17b8: Resource Dir: 0x14e000 LB 0x5a028
3482df8.17b8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
3492df8.17b8: [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
3502df8.17b8: ProductName: Microsoft® Windows® Operating System
3512df8.17b8: ProductVersion: 6.1.7601.23796
3522df8.17b8: FileVersion: 6.1.7601.23796 (win7sp1_ldr.170427-1518)
3532df8.17b8: FileDescription: NT Layer DLL
3542df8.17b8: \SystemRoot\System32\kernel32.dll:
3552df8.17b8: CreationTime: 2017-06-02T21:21:41.299214000Z
3562df8.17b8: LastWriteTime: 2017-06-02T21:21:41.309214000Z
3572df8.17b8: ChangeTime: 2017-06-06T12:49:21.462809000Z
3582df8.17b8: FileAttributes: 0x20
3592df8.17b8: Size: 0x11c000
3602df8.17b8: NT Headers: 0xe0
3612df8.17b8: Timestamp: 0x59029713
3622df8.17b8: Machine: 0x8664 - amd64
3632df8.17b8: Timestamp: 0x59029713
3642df8.17b8: Image Version: 6.1
3652df8.17b8: SizeOfImage: 0x11f000 (1175552)
3662df8.17b8: Resource Dir: 0x116000 LB 0x528
3672df8.17b8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3682df8.17b8: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3692df8.17b8: ProductName: Microsoft® Windows® Operating System
3702df8.17b8: ProductVersion: 6.1.7601.23796
3712df8.17b8: FileVersion: 6.1.7601.23796 (win7sp1_ldr.170427-1518)
3722df8.17b8: FileDescription: Windows NT BASE API Client DLL
3732df8.17b8: \SystemRoot\System32\KernelBase.dll:
3742df8.17b8: CreationTime: 2017-06-02T21:21:41.451214000Z
3752df8.17b8: LastWriteTime: 2017-06-02T21:21:41.458214000Z
3762df8.17b8: ChangeTime: 2017-06-06T12:49:21.462809000Z
3772df8.17b8: FileAttributes: 0x20
3782df8.17b8: Size: 0x66800
3792df8.17b8: NT Headers: 0xe8
3802df8.17b8: Timestamp: 0x59029714
3812df8.17b8: Machine: 0x8664 - amd64
3822df8.17b8: Timestamp: 0x59029714
3832df8.17b8: Image Version: 6.1
3842df8.17b8: SizeOfImage: 0x6a000 (434176)
3852df8.17b8: Resource Dir: 0x68000 LB 0x530
3862df8.17b8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3872df8.17b8: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
3882df8.17b8: ProductName: Microsoft® Windows® Operating System
3892df8.17b8: ProductVersion: 6.1.7601.23796
3902df8.17b8: FileVersion: 6.1.7601.23796 (win7sp1_ldr.170427-1518)
3912df8.17b8: FileDescription: Windows NT BASE API Client DLL
3922df8.17b8: \SystemRoot\System32\apisetschema.dll:
3932df8.17b8: CreationTime: 2017-06-02T21:21:41.231214000Z
3942df8.17b8: LastWriteTime: 2017-06-02T21:21:41.235214000Z
3952df8.17b8: ChangeTime: 2017-06-06T12:49:21.291208600Z
3962df8.17b8: FileAttributes: 0x20
3972df8.17b8: Size: 0x1a00
3982df8.17b8: NT Headers: 0xc0
3992df8.17b8: Timestamp: 0x590296af
4002df8.17b8: Machine: 0x8664 - amd64
4012df8.17b8: Timestamp: 0x590296af
4022df8.17b8: Image Version: 6.1
4032df8.17b8: SizeOfImage: 0x50000 (327680)
4042df8.17b8: Resource Dir: 0x30000 LB 0x3f8
4052df8.17b8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4062df8.17b8: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
4072df8.17b8: ProductName: Microsoft® Windows® Operating System
4082df8.17b8: ProductVersion: 6.1.7601.23796
4092df8.17b8: FileVersion: 6.1.7601.23796 (win7sp1_ldr.170427-1518)
4102df8.17b8: FileDescription: ApiSet Schema DLL
4112df8.17b8: supR3HardenedWinFindAdversaries: 0x0
4122df8.17b8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4132df8.17b8: Calling main()
4142df8.17b8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
4152df8.17b8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4162df8.17b8: SUPR3HardenedMain: Respawn #1
4172df8.17b8: System32: \Device\HarddiskVolume2\Windows\System32
4182df8.17b8: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
4192df8.17b8: KnownDllPath: C:\Windows\system32
4202df8.17b8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4212df8.17b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4222df8.17b8: supR3HardNtEnableThreadCreation:
4232df8.17b8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076e4a360 pvNtTerminateThread=0000000076e6c260
4242df8.17b8: supR3HardenedWinDoReSpawn(1): New child aa8.3404 [kernel32].
4252df8.17b8: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd8000 cbPeb=0x380
4262df8.17b8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076e20000 uNtDllChildAddr=0000000076e20000
4272df8.17b8: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076e4a360
4282df8.17b8: supR3HardenedWinSetupChildInit: Start child.
4292df8.17b8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
4302df8.17b8: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps
4312df8.17b8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
4322df8.17b8: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
4332df8.17b8: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
4342df8.17b8: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
4352df8.17b8: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
4362df8.17b8: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
4372df8.17b8: 0000000000041000-000000000005ffff 0x0001/0x0000 0x0000000
4382df8.17b8: *0000000000060000-000000000015bfff 0x0000/0x0004 0x0020000
4392df8.17b8: 000000000015c000-000000000015dfff 0x0104/0x0004 0x0020000
4402df8.17b8: 000000000015e000-000000000015ffff 0x0004/0x0004 0x0020000
4412df8.17b8: 0000000000160000-0000000076e1ffff 0x0001/0x0000 0x0000000
4422df8.17b8: *0000000076e20000-0000000076e20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4432df8.17b8: 0000000076e21000-0000000076f1dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4442df8.17b8: 0000000076f1e000-0000000076f4cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4452df8.17b8: 0000000076f4d000-0000000076f56fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4462df8.17b8: 0000000076f57000-0000000076f57fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4472df8.17b8: 0000000076f58000-0000000076f5afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4482df8.17b8: 0000000076f5b000-0000000076fc9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4492df8.17b8: 0000000076fca000-000000007efdffff 0x0001/0x0000 0x0000000
4502df8.17b8: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
4512df8.17b8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
4522df8.17b8: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
4532df8.17b8: 000000007fff0000-000000013fdfffff 0x0001/0x0000 0x0000000
4542df8.17b8: *000000013fe00000-000000013fe00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4552df8.17b8: 000000013fe01000-000000013fe70fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4562df8.17b8: 000000013fe71000-000000013fe71fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4572df8.17b8: 000000013fe72000-000000013feb6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4582df8.17b8: 000000013feb7000-000000013feb7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4592df8.17b8: 000000013feb8000-000000013feb8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4602df8.17b8: 000000013feb9000-000000013febdfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4612df8.17b8: 000000013febe000-000000013febefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4622df8.17b8: 000000013febf000-000000013febffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4632df8.17b8: 000000013fec0000-000000013fec3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4642df8.17b8: 000000013fec4000-000000013ff0bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4652df8.17b8: 000000013ff0c000-000007feff13ffff 0x0001/0x0000 0x0000000
4662df8.17b8: *000007feff140000-000007feff140fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
4672df8.17b8: 000007feff141000-000007fffffaffff 0x0001/0x0000 0x0000000
4682df8.17b8: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
4692df8.17b8: 000007fffffd3000-000007fffffd7fff 0x0001/0x0000 0x0000000
4702df8.17b8: *000007fffffd8000-000007fffffd8fff 0x0004/0x0004 0x0020000
4712df8.17b8: 000007fffffd9000-000007fffffddfff 0x0001/0x0000 0x0000000
4722df8.17b8: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
4732df8.17b8: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
4742df8.17b8: apisetschema.dll: timestamp 0x590296af (rc=VINF_SUCCESS)
4752df8.17b8: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
4762df8.17b8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4772df8.17b8: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
4782df8.17b8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
4792df8.17b8: supR3HardNtChildPurify: Done after 285 ms and 0 fixes (loop #0).
4802df8.17b8: supR3HardNtEnableThreadCreation:
481aa8.3404: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
482aa8.3404: supR3HardenedVmProcessInit: uNtDllAddr=0000000076e20000 g_uNtVerCombined=0x611db100
483aa8.3404: ntdll.dll: timestamp 0x590296ce (rc=VINF_SUCCESS)
484aa8.3404: New simple heap: #1 0000000000260000 LB 0x400000 (for 1744896 allocation)
485aa8.3404: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
486aa8.3404: System32: \Device\HarddiskVolume2\Windows\System32
487aa8.3404: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
488aa8.3404: KnownDllPath: C:\Windows\system32
489aa8.3404: supR3HardenedVmProcessInit: Opening vboxdrv stub...
490aa8.3404: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
491aa8.3404: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
492aa8.3404: Registered Dll notification callback with NTDLL.
493aa8.3404: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
494aa8.3404: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
495aa8.3404: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
496aa8.3404: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4972df8.17b8: Error (rc=258):
4982df8.17b8: Timed out after 60001 ms waiting for child request #1 (CloseEvents).
4992df8.17b8: Error 258 in supR3HardNtChildWaitFor! (enmWhat=5)
5002df8.17b8: Timed out after 60001 ms waiting for child request #1 (CloseEvents).

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy