| 1 | 4450.f0: Log file opened: 6.1.3r135953 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa047bb00
|
|---|
| 2 | 4450.f0: \SystemRoot\System32\ntdll.dll:
|
|---|
| 3 | 4450.f0: CreationTime: 2019-10-27T23:38:04.014947000Z
|
|---|
| 4 | 4450.f0: LastWriteTime: 2019-10-27T23:38:04.046887300Z
|
|---|
| 5 | 4450.f0: ChangeTime: 2020-02-04T03:37:11.433723100Z
|
|---|
| 6 | 4450.f0: FileAttributes: 0x20
|
|---|
| 7 | 4450.f0: Size: 0x1e8528
|
|---|
| 8 | 4450.f0: NT Headers: 0xd8
|
|---|
| 9 | 4450.f0: Timestamp: 0x99ca0526
|
|---|
| 10 | 4450.f0: Machine: 0x8664 - amd64
|
|---|
| 11 | 4450.f0: Timestamp: 0x99ca0526
|
|---|
| 12 | 4450.f0: Image Version: 10.0
|
|---|
| 13 | 4450.f0: SizeOfImage: 0x1f0000 (2031616)
|
|---|
| 14 | 4450.f0: Resource Dir: 0x17f000 LB 0x6f310
|
|---|
| 15 | 4450.f0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 16 | 4450.f0: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
|
|---|
| 17 | 4450.f0: ProductName: Microsoft® Windows® Operating System
|
|---|
| 18 | 4450.f0: ProductVersion: 10.0.18362.418
|
|---|
| 19 | 4450.f0: FileVersion: 10.0.18362.418 (WinBuild.160101.0800)
|
|---|
| 20 | 4450.f0: FileDescription: NT Layer DLL
|
|---|
| 21 | 4450.f0: \SystemRoot\System32\kernel32.dll:
|
|---|
| 22 | 4450.f0: CreationTime: 2019-09-28T12:01:55.207004900Z
|
|---|
| 23 | 4450.f0: LastWriteTime: 2019-09-28T12:01:55.220963400Z
|
|---|
| 24 | 4450.f0: ChangeTime: 2020-02-04T03:37:11.322022000Z
|
|---|
| 25 | 4450.f0: FileAttributes: 0x20
|
|---|
| 26 | 4450.f0: Size: 0xb0570
|
|---|
| 27 | 4450.f0: NT Headers: 0xe8
|
|---|
| 28 | 4450.f0: Timestamp: 0xd0cecc10
|
|---|
| 29 | 4450.f0: Machine: 0x8664 - amd64
|
|---|
| 30 | 4450.f0: Timestamp: 0xd0cecc10
|
|---|
| 31 | 4450.f0: Image Version: 10.0
|
|---|
| 32 | 4450.f0: SizeOfImage: 0xb2000 (729088)
|
|---|
| 33 | 4450.f0: Resource Dir: 0xb0000 LB 0x520
|
|---|
| 34 | 4450.f0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 35 | 4450.f0: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
|
|---|
| 36 | 4450.f0: ProductName: Microsoft® Windows® Operating System
|
|---|
| 37 | 4450.f0: ProductVersion: 10.0.18362.329
|
|---|
| 38 | 4450.f0: FileVersion: 10.0.18362.329 (WinBuild.160101.0800)
|
|---|
| 39 | 4450.f0: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 40 | 4450.f0: \SystemRoot\System32\KernelBase.dll:
|
|---|
| 41 | 4450.f0: CreationTime: 2020-02-04T03:36:46.614802600Z
|
|---|
| 42 | 4450.f0: LastWriteTime: 2020-02-04T03:36:46.661722200Z
|
|---|
| 43 | 4450.f0: ChangeTime: 2020-02-04T03:39:47.062345400Z
|
|---|
| 44 | 4450.f0: FileAttributes: 0x20
|
|---|
| 45 | 4450.f0: Size: 0x2a3508
|
|---|
| 46 | 4450.f0: NT Headers: 0xf0
|
|---|
| 47 | 4450.f0: Timestamp: 0xf96f12ee
|
|---|
| 48 | 4450.f0: Machine: 0x8664 - amd64
|
|---|
| 49 | 4450.f0: Timestamp: 0xf96f12ee
|
|---|
| 50 | 4450.f0: Image Version: 10.0
|
|---|
| 51 | 4450.f0: SizeOfImage: 0x2a3000 (2764800)
|
|---|
| 52 | 4450.f0: Resource Dir: 0x27d000 LB 0x548
|
|---|
| 53 | 4450.f0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 54 | 4450.f0: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
|
|---|
| 55 | 4450.f0: ProductName: Microsoft® Windows® Operating System
|
|---|
| 56 | 4450.f0: ProductVersion: 10.0.18362.628
|
|---|
| 57 | 4450.f0: FileVersion: 10.0.18362.628 (WinBuild.160101.0800)
|
|---|
| 58 | 4450.f0: FileDescription: Windows NT BASE API Client DLL
|
|---|
| 59 | 4450.f0: \SystemRoot\System32\apisetschema.dll:
|
|---|
| 60 | 4450.f0: CreationTime: 2019-03-19T04:43:54.837151500Z
|
|---|
| 61 | 4450.f0: LastWriteTime: 2019-03-19T04:43:54.837151500Z
|
|---|
| 62 | 4450.f0: ChangeTime: 2020-02-04T03:37:11.317035600Z
|
|---|
| 63 | 4450.f0: FileAttributes: 0x20
|
|---|
| 64 | 4450.f0: Size: 0x1d028
|
|---|
| 65 | 4450.f0: NT Headers: 0xc8
|
|---|
| 66 | 4450.f0: Timestamp: 0xd6ced080
|
|---|
| 67 | 4450.f0: Machine: 0x8664 - amd64
|
|---|
| 68 | 4450.f0: Timestamp: 0xd6ced080
|
|---|
| 69 | 4450.f0: Image Version: 10.0
|
|---|
| 70 | 4450.f0: SizeOfImage: 0x1e000 (122880)
|
|---|
| 71 | 4450.f0: Resource Dir: 0x1d000 LB 0x408
|
|---|
| 72 | 4450.f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
|
|---|
| 73 | 4450.f0: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
|
|---|
| 74 | 4450.f0: ProductName: Microsoft® Windows® Operating System
|
|---|
| 75 | 4450.f0: ProductVersion: 10.0.18362.1
|
|---|
| 76 | 4450.f0: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
|
|---|
| 77 | 4450.f0: FileDescription: ApiSet Schema DLL
|
|---|
| 78 | 4450.f0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
|
|---|
| 79 | 4450.f0: supR3HardenedWinFindAdversaries: 0x0
|
|---|
| 80 | 4450.f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
|
|---|
| 81 | 4450.f0: Calling main()
|
|---|
| 82 | 4450.f0: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
|
|---|
| 83 | 4450.f0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
|
|---|
| 84 | 4450.f0: SUPR3HardenedMain: Respawn #1
|
|---|
| 85 | 4450.f0: System32: \Device\HarddiskVolume4\Windows\System32
|
|---|
| 86 | 4450.f0: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
|
|---|
| 87 | 4450.f0: KnownDllPath: C:\WINDOWS\System32
|
|---|
| 88 | 4450.f0: supR3HardenedWinInit: Performing a limited self purification...
|
|---|
| 89 | 4450.f0: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
|
|---|
| 90 | 4450.f0: *0000000000000000-0000000000b1ffff 0x0001/0x0000 0x0000000
|
|---|
| 91 | 4450.f0: *0000000000b20000-0000000000b2ffff 0x0004/0x0004 0x0040000
|
|---|
| 92 | 4450.f0: 0000000000b30000-0000000000b3ffff 0x0001/0x0000 0x0000000
|
|---|
| 93 | 4450.f0: *0000000000b40000-0000000000b5afff 0x0002/0x0002 0x0040000
|
|---|
| 94 | 4450.f0: 0000000000b5b000-0000000000b5ffff 0x0001/0x0000 0x0000000
|
|---|
| 95 | 4450.f0: *0000000000b60000-0000000000b63fff 0x0002/0x0002 0x0040000
|
|---|
| 96 | 4450.f0: 0000000000b64000-0000000000b6ffff 0x0001/0x0000 0x0000000
|
|---|
| 97 | 4450.f0: *0000000000b70000-0000000000b71fff 0x0004/0x0004 0x0020000
|
|---|
| 98 | 4450.f0: 0000000000b72000-0000000000bbffff 0x0001/0x0000 0x0000000
|
|---|
| 99 | 4450.f0: *0000000000bc0000-0000000000bcefff 0x0004/0x0004 0x0020000
|
|---|
| 100 | 4450.f0: 0000000000bcf000-0000000000bcffff 0x0000/0x0004 0x0020000
|
|---|
| 101 | 4450.f0: 0000000000bd0000-0000000000bfffff 0x0001/0x0000 0x0000000
|
|---|
| 102 | 4450.f0: *0000000000c00000-0000000000ddcfff 0x0000/0x0004 0x0020000
|
|---|
| 103 | 4450.f0: 0000000000ddd000-0000000000ddffff 0x0004/0x0004 0x0020000
|
|---|
| 104 | 4450.f0: 0000000000de0000-0000000000dfffff 0x0000/0x0004 0x0020000
|
|---|
| 105 | 4450.f0: *0000000000e00000-0000000000eb8fff 0x0000/0x0004 0x0020000
|
|---|
| 106 | 4450.f0: 0000000000eb9000-0000000000ebbfff 0x0104/0x0004 0x0020000
|
|---|
| 107 | 4450.f0: 0000000000ebc000-0000000000efffff 0x0004/0x0004 0x0020000
|
|---|
| 108 | 4450.f0: *0000000000f00000-0000000000fc6fff 0x0002/0x0002 0x0040000
|
|---|
| 109 | 4450.f0: 0000000000fc7000-0000000000fcffff 0x0001/0x0000 0x0000000
|
|---|
| 110 | 4450.f0: *0000000000fd0000-0000000000fd1fff 0x0004/0x0004 0x0020000
|
|---|
| 111 | 4450.f0: 0000000000fd2000-0000000001031fff 0x0000/0x0004 0x0020000
|
|---|
| 112 | 4450.f0: 0000000001032000-00000000010effff 0x0001/0x0000 0x0000000
|
|---|
| 113 | 4450.f0: *00000000010f0000-00000000010f4fff 0x0004/0x0004 0x0020000
|
|---|
| 114 | 4450.f0: 00000000010f5000-00000000011effff 0x0000/0x0004 0x0020000
|
|---|
| 115 | 4450.f0: *00000000011f0000-00000000013e0fff 0x0004/0x0004 0x0020000
|
|---|
| 116 | 4450.f0: 00000000013e1000-00000000013e1fff 0x0000/0x0004 0x0020000
|
|---|
| 117 | 4450.f0: 00000000013e2000-00000000013effff 0x0001/0x0000 0x0000000
|
|---|
| 118 | 4450.f0: *00000000013f0000-000000000140cfff 0x0004/0x0004 0x0020000
|
|---|
| 119 | 4450.f0: 000000000140d000-00000000014effff 0x0000/0x0004 0x0020000
|
|---|
| 120 | 4450.f0: 00000000014f0000-000000007ffdffff 0x0001/0x0000 0x0000000
|
|---|
| 121 | 4450.f0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
|
|---|
| 122 | 4450.f0: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000
|
|---|
| 123 | 4450.f0: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000
|
|---|
| 124 | 4450.f0: 000000007ffe3000-00007ff435e9ffff 0x0001/0x0000 0x0000000
|
|---|
| 125 | 4450.f0: *00007ff435ea0000-00007ff435ea4fff 0x0002/0x0002 0x0040000
|
|---|
| 126 | 4450.f0: 00007ff435ea5000-00007ff435f9ffff 0x0000/0x0002 0x0040000
|
|---|
| 127 | 4450.f0: *00007ff435fa0000-00007ff535fbffff 0x0000/0x0004 0x0020000
|
|---|
| 128 | 4450.f0: *00007ff535fc0000-00007ff537fbffff 0x0000/0x0004 0x0020000
|
|---|
| 129 | 4450.f0: 00007ff537fc0000-00007ff537fc0fff 0x0004/0x0004 0x0020000
|
|---|
| 130 | 4450.f0: 00007ff537fc1000-00007ff537fcffff 0x0001/0x0000 0x0000000
|
|---|
| 131 | 4450.f0: *00007ff537fd0000-00007ff537fd0fff 0x0002/0x0002 0x0040000
|
|---|
| 132 | 4450.f0: 00007ff537fd1000-00007ff537fdffff 0x0001/0x0000 0x0000000
|
|---|
| 133 | 4450.f0: *00007ff537fe0000-00007ff538012fff 0x0002/0x0002 0x0040000
|
|---|
| 134 | 4450.f0: 00007ff538013000-00007ff622f6ffff 0x0001/0x0000 0x0000000
|
|---|
| 135 | 4450.f0: *00007ff622f70000-00007ff622f70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 136 | 4450.f0: 00007ff622f71000-00007ff622fe6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 137 | 4450.f0: 00007ff622fe7000-00007ff622fe7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 138 | 4450.f0: 00007ff622fe8000-00007ff62302ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 139 | 4450.f0: 00007ff623030000-00007ff623032fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 140 | 4450.f0: 00007ff623033000-00007ff623035fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 141 | 4450.f0: 00007ff623036000-00007ff623038fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 142 | 4450.f0: 00007ff623039000-00007ff623039fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 143 | 4450.f0: 00007ff62303a000-00007ff62303bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 144 | 4450.f0: 00007ff62303c000-00007ff62303cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 145 | 4450.f0: 00007ff62303d000-00007ff623085fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 146 | 4450.f0: 00007ff623086000-00007ff8031fffff 0x0001/0x0000 0x0000000
|
|---|
| 147 | 4450.f0: *00007ff803200000-00007ff803200fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
|
|---|
| 148 | 4450.f0: 00007ff803201000-00007ff803305fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
|
|---|
| 149 | 4450.f0: 00007ff803306000-00007ff803467fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
|
|---|
| 150 | 4450.f0: 00007ff803468000-00007ff80346bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
|
|---|
| 151 | 4450.f0: 00007ff80346c000-00007ff80346cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
|
|---|
| 152 | 4450.f0: 00007ff80346d000-00007ff8034a2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
|
|---|
| 153 | 4450.f0: 00007ff8034a3000-00007ff8052dffff 0x0001/0x0000 0x0000000
|
|---|
| 154 | 4450.f0: *00007ff8052e0000-00007ff8052e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
|
|---|
| 155 | 4450.f0: 00007ff8052e1000-00007ff805355fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
|
|---|
| 156 | 4450.f0: 00007ff805356000-00007ff805387fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
|
|---|
| 157 | 4450.f0: 00007ff805388000-00007ff805388fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
|
|---|
| 158 | 4450.f0: 00007ff805389000-00007ff805389fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
|
|---|
| 159 | 4450.f0: 00007ff80538a000-00007ff805391fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll
|
|---|
| 160 | 4450.f0: 00007ff805392000-00007ff8053fffff 0x0001/0x0000 0x0000000
|
|---|
| 161 | 4450.f0: *00007ff805400000-00007ff805400fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 162 | 4450.f0: 00007ff805401000-00007ff805517fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 163 | 4450.f0: 00007ff805518000-00007ff80555efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 164 | 4450.f0: 00007ff80555f000-00007ff80555ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 165 | 4450.f0: 00007ff805560000-00007ff805561fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 166 | 4450.f0: 00007ff805562000-00007ff80556afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 167 | 4450.f0: 00007ff80556b000-00007ff8055effff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 168 | 4450.f0: 00007ff8055f0000-00007ffffffeffff 0x0001/0x0000 0x0000000
|
|---|
| 169 | 4450.f0: kernel32.dll: timestamp 0xd0cecc10 (rc=VINF_SUCCESS)
|
|---|
| 170 | 4450.f0: kernelbase.dll: timestamp 0xf96f12ee (rc=VINF_SUCCESS)
|
|---|
| 171 | 4450.f0: VirtualBoxVM.exe: timestamp 0x5e34e3cb (rc=VINF_SUCCESS)
|
|---|
| 172 | 4450.f0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 173 | 4450.f0: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
|
|---|
| 174 | 4450.f0: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
|
|---|
| 175 | 4450.f0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
|
|---|
| 176 | 4450.f0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
|
|---|
| 177 | 4450.f0: supR3HardNtEnableThreadCreationEx:
|
|---|
| 178 | 4450.f0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8054717f0 pvNtTerminateThread=00007ff80549cb10
|
|---|
| 179 | 4450.f0: supR3HardenedWinDoReSpawn(1): New child 4044.ad4 [kernel32].
|
|---|
| 180 | 4450.f0: supR3HardNtChildGatherData: PebBaseAddress=00000000010a8000 cbPeb=0x388
|
|---|
| 181 | 4450.f0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff805400000 uNtDllChildAddr=00007ff805400000
|
|---|
| 182 | 4450.f0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff8054717f0
|
|---|
| 183 | 4450.f0: supR3HardenedWinSetupChildInit: Initial context:
|
|---|
| 184 | rax=0000000000000000 rbx=0000000000000000 rcx=00007ff622f77900 rdx=00000000010a8000
|
|---|
| 185 | rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
|
|---|
| 186 | r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
|
|---|
| 187 | r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
|
|---|
| 188 | rip=00007ff80546ceb0 rsp=000000000131fb98 rbp=0000000000000000 ctxflags=0010001b
|
|---|
| 189 | cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
|
|---|
| 190 | P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
|
|---|
| 191 | dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
|
|---|
| 192 | dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
|
|---|
| 193 | lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
|
|---|
| 194 | 4450.f0: supR3HardenedWinSetupChildInit: Start child.
|
|---|
| 195 | 4450.f0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
|
|---|
| 196 | 4450.f0: supR3HardNtChildPurify: Startup delay kludge #1/0: 257 ms, 29 sleeps
|
|---|
| 197 | 4450.f0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
|
|---|
| 198 | 4450.f0: *0000000000000000-0000000000fcffff 0x0001/0x0000 0x0000000
|
|---|
| 199 | 4450.f0: *0000000000fd0000-0000000000feffff 0x0004/0x0004 0x0020000
|
|---|
| 200 | 4450.f0: *0000000000ff0000-0000000000ff3fff 0x0002/0x0002 0x0040000
|
|---|
| 201 | 4450.f0: 0000000000ff4000-0000000000ffffff 0x0001/0x0000 0x0000000
|
|---|
| 202 | 4450.f0: *0000000001000000-00000000010a7fff 0x0000/0x0004 0x0020000
|
|---|
| 203 | 4450.f0: 00000000010a8000-00000000010aafff 0x0004/0x0004 0x0020000
|
|---|
| 204 | 4450.f0: 00000000010ab000-00000000011fffff 0x0000/0x0004 0x0020000
|
|---|
| 205 | 4450.f0: *0000000001200000-000000000121afff 0x0002/0x0002 0x0040000
|
|---|
| 206 | 4450.f0: 000000000121b000-000000000121ffff 0x0001/0x0000 0x0000000
|
|---|
| 207 | 4450.f0: *0000000001220000-000000000131afff 0x0000/0x0004 0x0020000
|
|---|
| 208 | 4450.f0: 000000000131b000-000000000131dfff 0x0104/0x0004 0x0020000
|
|---|
| 209 | 4450.f0: 000000000131e000-000000000131ffff 0x0004/0x0004 0x0020000
|
|---|
| 210 | 4450.f0: *0000000001320000-0000000001321fff 0x0004/0x0004 0x0020000
|
|---|
| 211 | 4450.f0: 0000000001322000-000000007ffdffff 0x0001/0x0000 0x0000000
|
|---|
| 212 | 4450.f0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
|
|---|
| 213 | 4450.f0: 000000007ffe1000-000000007ffe1fff 0x0001/0x0000 0x0000000
|
|---|
| 214 | 4450.f0: *000000007ffe2000-000000007ffe2fff 0x0002/0x0002 0x0020000
|
|---|
| 215 | 4450.f0: 000000007ffe3000-00007ff5cb47ffff 0x0001/0x0000 0x0000000
|
|---|
| 216 | 4450.f0: *00007ff5cb480000-00007ff5cb480fff 0x0002/0x0002 0x0040000
|
|---|
| 217 | 4450.f0: 00007ff5cb481000-00007ff5cb48ffff 0x0001/0x0000 0x0000000
|
|---|
| 218 | 4450.f0: *00007ff5cb490000-00007ff5cb4c2fff 0x0002/0x0002 0x0040000
|
|---|
| 219 | 4450.f0: 00007ff5cb4c3000-00007ff622f6ffff 0x0001/0x0000 0x0000000
|
|---|
| 220 | 4450.f0: *00007ff622f70000-00007ff622f70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 221 | 4450.f0: 00007ff622f71000-00007ff622fe6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 222 | 4450.f0: 00007ff622fe7000-00007ff622fe7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 223 | 4450.f0: 00007ff622fe8000-00007ff62302ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 224 | 4450.f0: 00007ff623030000-00007ff623030fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 225 | 4450.f0: 00007ff623031000-00007ff623031fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 226 | 4450.f0: 00007ff623032000-00007ff623036fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 227 | 4450.f0: 00007ff623037000-00007ff623037fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 228 | 4450.f0: 00007ff623038000-00007ff623038fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 229 | 4450.f0: 00007ff623039000-00007ff62303cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 230 | 4450.f0: 00007ff62303d000-00007ff623085fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
|
|---|
| 231 | 4450.f0: 00007ff623086000-00007ff8053fffff 0x0001/0x0000 0x0000000
|
|---|
| 232 | 4450.f0: *00007ff805400000-00007ff805400fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 233 | 4450.f0: 00007ff805401000-00007ff805517fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 234 | 4450.f0: 00007ff805518000-00007ff80555efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 235 | 4450.f0: 00007ff80555f000-00007ff80556afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 236 | 4450.f0: 00007ff80556b000-00007ff805579fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 237 | 4450.f0: 00007ff80557a000-00007ff80557afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 238 | 4450.f0: 00007ff80557b000-00007ff80557dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 239 | 4450.f0: 00007ff80557e000-00007ff8055effff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
|
|---|
| 240 | 4450.f0: 00007ff8055f0000-00007ffffffeffff 0x0001/0x0000 0x0000000
|
|---|
| 241 | 4450.f0: supR3HardNtChildPurify: Done after 264 ms and 0 fixes (loop #0).
|
|---|
| 242 | 4044.ad4: Log file opened: 6.1.3r135953 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047bb00
|
|---|
| 243 | 4044.ad4: supR3HardenedVmProcessInit: uNtDllAddr=00007ff805400000 g_uNtVerCombined=0xa047bb00 (stack ~000000000131f628)
|
|---|
| 244 | 4044.ad4: ntdll.dll: timestamp 0x99ca0526 (rc=VINF_SUCCESS)
|
|---|
| 245 | 4044.ad4: New simple heap: #1 0000000001430000 LB 0x400000 (for 2031616 allocation)
|
|---|
| 246 | 4044.ad4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
|
|---|
| 247 | 4044.ad4: System32: \Device\HarddiskVolume4\Windows\System32
|
|---|
| 248 | 4044.ad4: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
|
|---|
| 249 | 4450.f0: supR3HardNtEnableThreadCreationEx:
|
|---|
| 250 | 4044.ad4: KnownDllPath: C:\WINDOWS\System32
|
|---|
| 251 | 4044.ad4: supR3HardenedVmProcessInit: Opening vboxdrv stub...
|
|---|
| 252 | 4044.ad4: Error opening VBoxDrvStub: STATUS_OBJECT_NAME_NOT_FOUND
|
|---|
| 253 | 4044.ad4: supR3HardenedWinReadErrorInfoDevice: NtCreateFile -> 0xc0000034
|
|---|
| 254 | 4044.ad4: Error -101 in supR3HardenedWinReSpawn! (enmWhat=3)
|
|---|
| 255 | 4044.ad4: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries)
|
|---|
| 256 |
|
|---|
| 257 | Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.
|
|---|
| 258 | 4450.f0: supR3HardenedWinCheckChild: enmRequest=2 rc=-101 enmWhat=3 supR3HardenedWinReSpawn: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries)
|
|---|
| 259 |
|
|---|
| 260 | Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.
|
|---|
| 261 | 4044.ad4: KiUserExceptionDispatcher: 0xc0000005 (0000000000000001, 0000000000000024) @ 00007ff8054072a6 (flags=0x0)
|
|---|
| 262 | rax=0000000000000000 rbx=00007ff8055652c0 rcx=00007ff8055652c0 rdx=00000000fffffffa
|
|---|
| 263 | rsi=0000000000000000 rdi=00007ff805564f00 r8 =0000000000000000 r9 =00007ff805565200
|
|---|
| 264 | r10=0000000000000000 r11=0000000001318ec0 r12=0000000000000000 r13=00000000010a9000
|
|---|
| 265 | r14=0000000000000001 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
|
|---|
| 266 | rip=00007ff8054072a6 rsp=0000000001318d20 rbp=00000000ffffff00 ctxflags=0010005f
|
|---|
| 267 | cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b eflags=00010213 mxcrx=00001f80
|
|---|
| 268 | P3=0000000000000000 P4=0000000000000000 P5=0000000001318670 P6=0000000000000000
|
|---|
| 269 | dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
|
|---|
| 270 | dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
|
|---|
| 271 | lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
|
|---|
| 272 | 4450.f0: Error -101 in supR3HardenedWinReSpawn! (enmWhat=3)
|
|---|
| 273 | 4450.f0: NtCreateFile(\Device\VBoxDrvStub) failed: 0xc0000034 STATUS_OBJECT_NAME_NOT_FOUND (0 retries)
|
|---|
| 274 |
|
|---|
| 275 | Driver is probably stuck stopping/starting. Try 'sc.exe query vboxdrv' to get more information about its state. Rebooting may actually help.
|
|---|