VirtualBox

Ticket #18861: VBoxHardening.log

File VBoxHardening.log, 39.7 KB (added by bxz, 5 years ago)

log

Line 
120c8.1664: Log file opened: 6.0.10r132072 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa047ba00
220c8.1664: \SystemRoot\System32\ntdll.dll:
320c8.1664: CreationTime: 2019-08-15T16:59:08.887803400Z
420c8.1664: LastWriteTime: 2019-08-15T16:59:08.936034800Z
520c8.1664: ChangeTime: 2019-08-21T20:12:13.531869000Z
620c8.1664: FileAttributes: 0x20
720c8.1664: Size: 0x1e8320
820c8.1664: NT Headers: 0xd8
920c8.1664: Timestamp: 0xc00f8a30
1020c8.1664: Machine: 0x8664 - amd64
1120c8.1664: Timestamp: 0xc00f8a30
1220c8.1664: Image Version: 10.0
1320c8.1664: SizeOfImage: 0x1f0000 (2031616)
1420c8.1664: Resource Dir: 0x17f000 LB 0x6f1d8
1520c8.1664: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1620c8.1664: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1720c8.1664: ProductName: Microsoft® Windows® Operating System
1820c8.1664: ProductVersion: 10.0.18362.267
1920c8.1664: FileVersion: 10.0.18362.267 (WinBuild.160101.0800)
2020c8.1664: FileDescription: NT Layer DLL
2120c8.1664: \SystemRoot\System32\kernel32.dll:
2220c8.1664: CreationTime: 2019-07-10T17:27:27.183520100Z
2320c8.1664: LastWriteTime: 2019-07-10T17:27:27.198510000Z
2420c8.1664: ChangeTime: 2019-08-15T17:00:07.527946600Z
2520c8.1664: FileAttributes: 0x20
2620c8.1664: Size: 0xb0498
2720c8.1664: NT Headers: 0xe8
2820c8.1664: Timestamp: 0xd12f214a
2920c8.1664: Machine: 0x8664 - amd64
3020c8.1664: Timestamp: 0xd12f214a
3120c8.1664: Image Version: 10.0
3220c8.1664: SizeOfImage: 0xb2000 (729088)
3320c8.1664: Resource Dir: 0xb0000 LB 0x520
3420c8.1664: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3520c8.1664: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3620c8.1664: ProductName: Microsoft® Windows® Operating System
3720c8.1664: ProductVersion: 10.0.18362.86
3820c8.1664: FileVersion: 10.0.18362.86 (WinBuild.160101.0800)
3920c8.1664: FileDescription: Windows NT BASE API Client DLL
4020c8.1664: \SystemRoot\System32\KernelBase.dll:
4120c8.1664: CreationTime: 2019-08-15T16:59:09.529742900Z
4220c8.1664: LastWriteTime: 2019-08-15T16:59:09.609609700Z
4320c8.1664: ChangeTime: 2019-08-21T20:12:12.063222700Z
4420c8.1664: FileAttributes: 0x20
4520c8.1664: Size: 0x2a2d08
4620c8.1664: NT Headers: 0x100
4720c8.1664: Timestamp: 0xf09944f9
4820c8.1664: Machine: 0x8664 - amd64
4920c8.1664: Timestamp: 0xf09944f9
5020c8.1664: Image Version: 10.0
5120c8.1664: SizeOfImage: 0x2a3000 (2764800)
5220c8.1664: Resource Dir: 0x27d000 LB 0x548
5320c8.1664: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5420c8.1664: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
5520c8.1664: ProductName: Microsoft® Windows® Operating System
5620c8.1664: ProductVersion: 10.0.18362.267
5720c8.1664: FileVersion: 10.0.18362.267 (WinBuild.160101.0800)
5820c8.1664: FileDescription: Windows NT BASE API Client DLL
5920c8.1664: \SystemRoot\System32\apisetschema.dll:
6020c8.1664: CreationTime: 2019-03-19T04:43:54.837151500Z
6120c8.1664: LastWriteTime: 2019-03-19T04:43:54.837151500Z
6220c8.1664: ChangeTime: 2019-08-15T17:00:07.511955400Z
6320c8.1664: FileAttributes: 0x20
6420c8.1664: Size: 0x1d028
6520c8.1664: NT Headers: 0xc8
6620c8.1664: Timestamp: 0xd6ced080
6720c8.1664: Machine: 0x8664 - amd64
6820c8.1664: Timestamp: 0xd6ced080
6920c8.1664: Image Version: 10.0
7020c8.1664: SizeOfImage: 0x1e000 (122880)
7120c8.1664: Resource Dir: 0x1d000 LB 0x408
7220c8.1664: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7320c8.1664: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
7420c8.1664: ProductName: Microsoft® Windows® Operating System
7520c8.1664: ProductVersion: 10.0.18362.1
7620c8.1664: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
7720c8.1664: FileDescription: ApiSet Schema DLL
7820c8.1664: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7920c8.1664: supR3HardenedWinFindAdversaries: 0x0
8020c8.1664: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
8120c8.1664: Calling main()
8220c8.1664: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
8320c8.1664: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
8420c8.1664: SUPR3HardenedMain: Respawn #1
8520c8.1664: System32: \Device\HarddiskVolume4\Windows\System32
8620c8.1664: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
8720c8.1664: KnownDllPath: C:\WINDOWS\System32
8820c8.1664: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
8920c8.1664: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
9020c8.1664: supR3HardNtEnableThreadCreation:
9120c8.1664: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffff3a11790 pvNtTerminateThread=00007ffff3a3cab0
9220c8.1664: supR3HardenedWinDoReSpawn(1): New child b34.9f4 [kernel32].
9320c8.1664: supR3HardNtChildGatherData: PebBaseAddress=000000000045c000 cbPeb=0x388
9420c8.1664: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffff39a0000 uNtDllChildAddr=00007ffff39a0000
9520c8.1664: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffff3a11790
9620c8.1664: supR3HardenedWinSetupChildInit: Start child.
9720c8.1664: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
9820c8.1664: supR3HardNtChildPurify: Startup delay kludge #1/0: 260 ms, 30 sleeps
9920c8.1664: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
10020c8.1664: *0000000000000000-00000000002affff 0x0001/0x0000 0x0000000
10120c8.1664: *00000000002b0000-00000000002cffff 0x0004/0x0004 0x0020000
10220c8.1664: *00000000002d0000-00000000002eafff 0x0002/0x0002 0x0040000
10320c8.1664: 00000000002eb000-00000000002effff 0x0001/0x0000 0x0000000
10420c8.1664: *00000000002f0000-00000000003eafff 0x0000/0x0004 0x0020000
10520c8.1664: 00000000003eb000-00000000003edfff 0x0104/0x0004 0x0020000
10620c8.1664: 00000000003ee000-00000000003effff 0x0004/0x0004 0x0020000
10720c8.1664: *00000000003f0000-00000000003f3fff 0x0002/0x0002 0x0040000
10820c8.1664: 00000000003f4000-00000000003fffff 0x0001/0x0000 0x0000000
10920c8.1664: *0000000000400000-000000000045bfff 0x0000/0x0004 0x0020000
11020c8.1664: 000000000045c000-000000000045efff 0x0004/0x0004 0x0020000
11120c8.1664: 000000000045f000-00000000005fffff 0x0000/0x0004 0x0020000
11220c8.1664: *0000000000600000-0000000000601fff 0x0004/0x0004 0x0020000
11320c8.1664: 0000000000602000-00000000007fffff 0x0001/0x0000 0x0000000
11420c8.1664: *0000000000800000-0000000000803fff 0x0004/0x0004 0x0020000
11520c8.1664: 0000000000804000-000000007ffdffff 0x0001/0x0000 0x0000000
11620c8.1664: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
11720c8.1664: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000
11820c8.1664: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000
11920c8.1664: 000000007ffe6000-00007ff5fea7ffff 0x0001/0x0000 0x0000000
12020c8.1664: *00007ff5fea80000-00007ff5fea80fff 0x0002/0x0002 0x0040000
12120c8.1664: 00007ff5fea81000-00007ff5fea8ffff 0x0001/0x0000 0x0000000
12220c8.1664: *00007ff5fea90000-00007ff5feab2fff 0x0002/0x0002 0x0040000
12320c8.1664: 00007ff5feab3000-00007ff754ccffff 0x0001/0x0000 0x0000000
12420c8.1664: *00007ff754cd0000-00007ff754cd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
12520c8.1664: 00007ff754cd1000-00007ff754d45fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
12620c8.1664: 00007ff754d46000-00007ff754d46fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
12720c8.1664: 00007ff754d47000-00007ff754d8dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
12820c8.1664: 00007ff754d8e000-00007ff754d8efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
12920c8.1664: 00007ff754d8f000-00007ff754d8ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
13020c8.1664: 00007ff754d90000-00007ff754d94fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
13120c8.1664: 00007ff754d95000-00007ff754d95fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
13220c8.1664: 00007ff754d96000-00007ff754d96fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
13320c8.1664: 00007ff754d97000-00007ff754d9afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
13420c8.1664: 00007ff754d9b000-00007ff754de3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
13520c8.1664: 00007ff754de4000-00007ffff394ffff 0x0001/0x0000 0x0000000
13620c8.1664: *00007ffff3950000-00007ffff3950fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\Itcspea.Dll
13720c8.1664: supHardNtVpScanVirtualMemory: Unmapping image mem at 00007ffff3950000 (00007ffff3950000 LB 0x1000) - 'Itcspea.Dll'
13820c8.1664: 00007ffff3951000-00007ffff399ffff 0x0001/0x0000 0x0000000
13920c8.1664: *00007ffff39a0000-00007ffff39a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14020c8.1664: 00007ffff39a1000-00007ffff3ab7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14120c8.1664: 00007ffff3ab8000-00007ffff3afefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14220c8.1664: 00007ffff3aff000-00007ffff3b0afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14320c8.1664: 00007ffff3b0b000-00007ffff3b19fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14420c8.1664: 00007ffff3b1a000-00007ffff3b1afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14520c8.1664: 00007ffff3b1b000-00007ffff3b1dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14620c8.1664: 00007ffff3b1e000-00007ffff3b8ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14720c8.1664: 00007ffff3b90000-00007ffffffeffff 0x0001/0x0000 0x0000000
14820c8.1664: VirtualBoxVM.exe: timestamp 0x5d284665 (rc=VINF_SUCCESS)
14920c8.1664: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
15020c8.1664: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
15120c8.1664: supR3HardNtChildPurify: Done after 320 ms and 0 fixes (loop #0).
152b34.9f4: Log file opened: 6.0.10r132072 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00
153b34.9f4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffff39a0000 g_uNtVerCombined=0xa047ba00
154b34.9f4: ntdll.dll: timestamp 0xc00f8a30 (rc=VINF_SUCCESS)
155b34.9f4: New simple heap: #1 0000000000810000 LB 0x400000 (for 2031616 allocation)
15620c8.1664: supR3HardNtEnableThreadCreation:
157b34.9f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
158b34.9f4: System32: \Device\HarddiskVolume4\Windows\System32
159b34.9f4: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
160b34.9f4: KnownDllPath: C:\WINDOWS\System32
161b34.9f4: supR3HardenedVmProcessInit: Opening vboxdrv stub...
162b34.9f4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
163b34.9f4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
164b34.9f4: Registered Dll notification callback with NTDLL.
165b34.9f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
166b34.9f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
167b34.9f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
168b34.9f4: supR3HardenedDllNotificationCallback: load 00007ffff0ee0000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
169b34.9f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
170b34.9f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
171b34.9f4: supR3HardenedDllNotificationCallback: load 00007ffff37d0000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
172b34.9f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
173b34.9f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff37d0000 'C:\WINDOWS\System32\KERNEL32.DLL'
174b34.9f4: supR3HardenedDllNotificationCallback: load 00007ff754cd0000 LB 0x00114000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
175b34.9f4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
176b34.9f4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
177b34.9f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
178b34.9f4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffff3a11790 pvNtTerminateThread=00007ffff3a3cab0
17920c8.1664: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 102 ms.
180b34.9f4: \SystemRoot\System32\ntdll.dll:
181b34.9f4: CreationTime: 2019-08-15T16:59:08.887803400Z
182b34.9f4: LastWriteTime: 2019-08-15T16:59:08.936034800Z
183b34.9f4: ChangeTime: 2019-08-21T20:12:13.531869000Z
184b34.9f4: FileAttributes: 0x20
185b34.9f4: Size: 0x1e8320
186b34.9f4: NT Headers: 0xd8
187b34.9f4: Timestamp: 0xc00f8a30
188b34.9f4: Machine: 0x8664 - amd64
189b34.9f4: Timestamp: 0xc00f8a30
190b34.9f4: Image Version: 10.0
191b34.9f4: SizeOfImage: 0x1f0000 (2031616)
192b34.9f4: Resource Dir: 0x17f000 LB 0x6f1d8
193b34.9f4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
194b34.9f4: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
195b34.9f4: ProductName: Microsoft® Windows® Operating System
196b34.9f4: ProductVersion: 10.0.18362.267
197b34.9f4: FileVersion: 10.0.18362.267 (WinBuild.160101.0800)
198b34.9f4: FileDescription: NT Layer DLL
199b34.9f4: \SystemRoot\System32\kernel32.dll:
200b34.9f4: CreationTime: 2019-07-10T17:27:27.183520100Z
201b34.9f4: LastWriteTime: 2019-07-10T17:27:27.198510000Z
202b34.9f4: ChangeTime: 2019-08-15T17:00:07.527946600Z
203b34.9f4: FileAttributes: 0x20
204b34.9f4: Size: 0xb0498
205b34.9f4: NT Headers: 0xe8
206b34.9f4: Timestamp: 0xd12f214a
207b34.9f4: Machine: 0x8664 - amd64
208b34.9f4: Timestamp: 0xd12f214a
209b34.9f4: Image Version: 10.0
210b34.9f4: SizeOfImage: 0xb2000 (729088)
211b34.9f4: Resource Dir: 0xb0000 LB 0x520
212b34.9f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
213b34.9f4: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
214b34.9f4: ProductName: Microsoft® Windows® Operating System
215b34.9f4: ProductVersion: 10.0.18362.86
216b34.9f4: FileVersion: 10.0.18362.86 (WinBuild.160101.0800)
217b34.9f4: FileDescription: Windows NT BASE API Client DLL
218b34.9f4: \SystemRoot\System32\KernelBase.dll:
219b34.9f4: CreationTime: 2019-08-15T16:59:09.529742900Z
220b34.9f4: LastWriteTime: 2019-08-15T16:59:09.609609700Z
221b34.9f4: ChangeTime: 2019-08-21T20:12:12.063222700Z
222b34.9f4: FileAttributes: 0x20
223b34.9f4: Size: 0x2a2d08
224b34.9f4: NT Headers: 0x100
225b34.9f4: Timestamp: 0xf09944f9
226b34.9f4: Machine: 0x8664 - amd64
227b34.9f4: Timestamp: 0xf09944f9
228b34.9f4: Image Version: 10.0
229b34.9f4: SizeOfImage: 0x2a3000 (2764800)
230b34.9f4: Resource Dir: 0x27d000 LB 0x548
231b34.9f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
232b34.9f4: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
233b34.9f4: ProductName: Microsoft® Windows® Operating System
234b34.9f4: ProductVersion: 10.0.18362.267
235b34.9f4: FileVersion: 10.0.18362.267 (WinBuild.160101.0800)
236b34.9f4: FileDescription: Windows NT BASE API Client DLL
237b34.9f4: \SystemRoot\System32\apisetschema.dll:
238b34.9f4: CreationTime: 2019-03-19T04:43:54.837151500Z
239b34.9f4: LastWriteTime: 2019-03-19T04:43:54.837151500Z
240b34.9f4: ChangeTime: 2019-08-15T17:00:07.511955400Z
241b34.9f4: FileAttributes: 0x20
242b34.9f4: Size: 0x1d028
243b34.9f4: NT Headers: 0xc8
244b34.9f4: Timestamp: 0xd6ced080
245b34.9f4: Machine: 0x8664 - amd64
246b34.9f4: Timestamp: 0xd6ced080
247b34.9f4: Image Version: 10.0
248b34.9f4: SizeOfImage: 0x1e000 (122880)
249b34.9f4: Resource Dir: 0x1d000 LB 0x408
250b34.9f4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
251b34.9f4: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
252b34.9f4: ProductName: Microsoft® Windows® Operating System
253b34.9f4: ProductVersion: 10.0.18362.1
254b34.9f4: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
255b34.9f4: FileDescription: ApiSet Schema DLL
256b34.9f4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
257b34.9f4: supR3HardenedWinFindAdversaries: 0x0
258b34.9f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
259b34.9f4: Calling main()
260b34.9f4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
261b34.9f4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
262b34.9f4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
263b34.9f4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
264b34.9f4: SUPR3HardenedMain: Respawn #2
265b34.9f4: supR3HardNtEnableThreadCreation:
266b34.9f4: supR3HardenedDllNotificationCallback: load 00007ffff1d50000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
267b34.9f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
268b34.9f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
269b34.9f4: supR3HardenedDllNotificationCallback: load 00007ffff1ba0000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
270b34.9f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
271b34.9f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
272b34.9f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
273b34.9f4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
274b34.9f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
275b34.9f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
276b34.9f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
277b34.9f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
278b34.9f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
279b34.9f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
280b34.9f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff39a0000 'C:\WINDOWS\System32\ntdll.dll'
281b34.9f4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffff3a11790 pvNtTerminateThread=00007ffff3a3cab0
282b34.9f4: supR3HardenedWinDoReSpawn(2): New child f0.f4 [kernel32].
283b34.9f4: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
284b34.9f4: supR3HardNtChildGatherData: PebBaseAddress=0000000001045000 cbPeb=0x388
285b34.9f4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffff39a0000 uNtDllChildAddr=00007ffff39a0000
286b34.9f4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffff3a11790
287b34.9f4: supR3HardenedWinSetupChildInit: Start child.
288b34.9f4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
289b34.9f4: supR3HardNtChildPurify: Startup delay kludge #1/0: 263 ms, 31 sleeps
290b34.9f4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
291b34.9f4: *0000000000000000-0000000000e6ffff 0x0001/0x0000 0x0000000
292b34.9f4: *0000000000e70000-0000000000e8ffff 0x0004/0x0004 0x0020000
293b34.9f4: *0000000000e90000-0000000000eaafff 0x0002/0x0002 0x0040000
294b34.9f4: 0000000000eab000-0000000000eaffff 0x0001/0x0000 0x0000000
295b34.9f4: *0000000000eb0000-0000000000faafff 0x0000/0x0004 0x0020000
296b34.9f4: 0000000000fab000-0000000000fadfff 0x0104/0x0004 0x0020000
297b34.9f4: 0000000000fae000-0000000000faffff 0x0004/0x0004 0x0020000
298b34.9f4: *0000000000fb0000-0000000000fb3fff 0x0002/0x0002 0x0040000
299b34.9f4: 0000000000fb4000-0000000000fbffff 0x0001/0x0000 0x0000000
300b34.9f4: *0000000000fc0000-0000000000fc1fff 0x0004/0x0004 0x0020000
301b34.9f4: 0000000000fc2000-0000000000ffffff 0x0001/0x0000 0x0000000
302b34.9f4: *0000000001000000-0000000001044fff 0x0000/0x0004 0x0020000
303b34.9f4: 0000000001045000-0000000001047fff 0x0004/0x0004 0x0020000
304b34.9f4: 0000000001048000-00000000011fffff 0x0000/0x0004 0x0020000
305b34.9f4: 0000000001200000-000000000124ffff 0x0001/0x0000 0x0000000
306b34.9f4: *0000000001250000-0000000001253fff 0x0004/0x0004 0x0020000
307b34.9f4: 0000000001254000-000000007ffdffff 0x0001/0x0000 0x0000000
308b34.9f4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
309b34.9f4: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000
310b34.9f4: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000
311b34.9f4: 000000007ffe6000-00007ff560d9ffff 0x0001/0x0000 0x0000000
312b34.9f4: *00007ff560da0000-00007ff560da0fff 0x0002/0x0002 0x0040000
313b34.9f4: 00007ff560da1000-00007ff560daffff 0x0001/0x0000 0x0000000
314b34.9f4: *00007ff560db0000-00007ff560dd2fff 0x0002/0x0002 0x0040000
315b34.9f4: 00007ff560dd3000-00007ff754ccffff 0x0001/0x0000 0x0000000
316b34.9f4: *00007ff754cd0000-00007ff754cd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
317b34.9f4: 00007ff754cd1000-00007ff754d45fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
318b34.9f4: 00007ff754d46000-00007ff754d46fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
319b34.9f4: 00007ff754d47000-00007ff754d8dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
320b34.9f4: 00007ff754d8e000-00007ff754d8efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
321b34.9f4: 00007ff754d8f000-00007ff754d8ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
322b34.9f4: 00007ff754d90000-00007ff754d94fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
323b34.9f4: 00007ff754d95000-00007ff754d95fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
324b34.9f4: 00007ff754d96000-00007ff754d96fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
325b34.9f4: 00007ff754d97000-00007ff754d9afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
326b34.9f4: 00007ff754d9b000-00007ff754de3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
327b34.9f4: 00007ff754de4000-00007ffff394ffff 0x0001/0x0000 0x0000000
328b34.9f4: *00007ffff3950000-00007ffff3950fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\Itcspea.Dll
329b34.9f4: supHardNtVpScanVirtualMemory: Unmapping image mem at 00007ffff3950000 (00007ffff3950000 LB 0x1000) - 'Itcspea.Dll'
330b34.9f4: 00007ffff3951000-00007ffff399ffff 0x0001/0x0000 0x0000000
331b34.9f4: *00007ffff39a0000-00007ffff39a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
332b34.9f4: 00007ffff39a1000-00007ffff3ab7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
333b34.9f4: 00007ffff3ab8000-00007ffff3afefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
334b34.9f4: 00007ffff3aff000-00007ffff3b0afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
335b34.9f4: 00007ffff3b0b000-00007ffff3b19fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
336b34.9f4: 00007ffff3b1a000-00007ffff3b1afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
337b34.9f4: 00007ffff3b1b000-00007ffff3b1dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
338b34.9f4: 00007ffff3b1e000-00007ffff3b8ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
339b34.9f4: 00007ffff3b90000-00007ffffffeffff 0x0001/0x0000 0x0000000
340b34.9f4: VirtualBoxVM.exe: timestamp 0x5d284665 (rc=VINF_SUCCESS)
341b34.9f4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
342b34.9f4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
343b34.9f4: supR3HardNtChildPurify: Done after 327 ms and 0 fixes (loop #0).
344f0.f4: Log file opened: 6.0.10r132072 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00
345f0.f4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffff39a0000 g_uNtVerCombined=0xa047ba00
346b34.9f4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000810000 LB 0x400000)
347f0.f4: ntdll.dll: timestamp 0xc00f8a30 (rc=VINF_SUCCESS)
348f0.f4: New simple heap: #1 0000000001360000 LB 0x400000 (for 2031616 allocation)
349b34.9f4: supR3HardNtEnableThreadCreation:
350f0.f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
351f0.f4: System32: \Device\HarddiskVolume4\Windows\System32
352f0.f4: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
353f0.f4: KnownDllPath: C:\WINDOWS\System32
354f0.f4: supR3HardenedVmProcessInit: Opening vboxdrv...
355f0.f4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
356f0.f4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
357f0.f4: Registered Dll notification callback with NTDLL.
358f0.f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
359f0.f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
360f0.f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
361f0.f4: supR3HardenedDllNotificationCallback: load 00007ffff0ee0000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
362f0.f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
363f0.f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
364f0.f4: supR3HardenedDllNotificationCallback: load 00007ffff37d0000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
365f0.f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
366f0.f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff37d0000 'C:\WINDOWS\System32\KERNEL32.DLL'
367f0.f4: supR3HardenedDllNotificationCallback: load 00007ff754cd0000 LB 0x00114000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
368f0.f4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
369f0.f4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
370f0.f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
371f0.f4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffff3a11790 pvNtTerminateThread=00007ffff3a3cab0
372b34.9f4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 124 ms.
373f0.f4: \SystemRoot\System32\ntdll.dll:
374f0.f4: CreationTime: 2019-08-15T16:59:08.887803400Z
375f0.f4: LastWriteTime: 2019-08-15T16:59:08.936034800Z
376f0.f4: ChangeTime: 2019-08-21T20:12:13.531869000Z
377f0.f4: FileAttributes: 0x20
378f0.f4: Size: 0x1e8320
379f0.f4: NT Headers: 0xd8
380f0.f4: Timestamp: 0xc00f8a30
381f0.f4: Machine: 0x8664 - amd64
382f0.f4: Timestamp: 0xc00f8a30
383f0.f4: Image Version: 10.0
384f0.f4: SizeOfImage: 0x1f0000 (2031616)
385f0.f4: Resource Dir: 0x17f000 LB 0x6f1d8
386f0.f4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
387f0.f4: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
388f0.f4: ProductName: Microsoft® Windows® Operating System
389f0.f4: ProductVersion: 10.0.18362.267
390f0.f4: FileVersion: 10.0.18362.267 (WinBuild.160101.0800)
391f0.f4: FileDescription: NT Layer DLL
392f0.f4: \SystemRoot\System32\kernel32.dll:
393f0.f4: CreationTime: 2019-07-10T17:27:27.183520100Z
394f0.f4: LastWriteTime: 2019-07-10T17:27:27.198510000Z
395f0.f4: ChangeTime: 2019-08-15T17:00:07.527946600Z
396f0.f4: FileAttributes: 0x20
397f0.f4: Size: 0xb0498
398f0.f4: NT Headers: 0xe8
399f0.f4: Timestamp: 0xd12f214a
400f0.f4: Machine: 0x8664 - amd64
401f0.f4: Timestamp: 0xd12f214a
402f0.f4: Image Version: 10.0
403f0.f4: SizeOfImage: 0xb2000 (729088)
404f0.f4: Resource Dir: 0xb0000 LB 0x520
405f0.f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
406f0.f4: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
407f0.f4: ProductName: Microsoft® Windows® Operating System
408f0.f4: ProductVersion: 10.0.18362.86
409f0.f4: FileVersion: 10.0.18362.86 (WinBuild.160101.0800)
410f0.f4: FileDescription: Windows NT BASE API Client DLL
411f0.f4: \SystemRoot\System32\KernelBase.dll:
412f0.f4: CreationTime: 2019-08-15T16:59:09.529742900Z
413f0.f4: LastWriteTime: 2019-08-15T16:59:09.609609700Z
414f0.f4: ChangeTime: 2019-08-21T20:12:12.063222700Z
415f0.f4: FileAttributes: 0x20
416f0.f4: Size: 0x2a2d08
417f0.f4: NT Headers: 0x100
418f0.f4: Timestamp: 0xf09944f9
419f0.f4: Machine: 0x8664 - amd64
420f0.f4: Timestamp: 0xf09944f9
421f0.f4: Image Version: 10.0
422f0.f4: SizeOfImage: 0x2a3000 (2764800)
423f0.f4: Resource Dir: 0x27d000 LB 0x548
424f0.f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
425f0.f4: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
426f0.f4: ProductName: Microsoft® Windows® Operating System
427f0.f4: ProductVersion: 10.0.18362.267
428f0.f4: FileVersion: 10.0.18362.267 (WinBuild.160101.0800)
429f0.f4: FileDescription: Windows NT BASE API Client DLL
430f0.f4: \SystemRoot\System32\apisetschema.dll:
431f0.f4: CreationTime: 2019-03-19T04:43:54.837151500Z
432f0.f4: LastWriteTime: 2019-03-19T04:43:54.837151500Z
433f0.f4: ChangeTime: 2019-08-15T17:00:07.511955400Z
434f0.f4: FileAttributes: 0x20
435f0.f4: Size: 0x1d028
436f0.f4: NT Headers: 0xc8
437f0.f4: Timestamp: 0xd6ced080
438f0.f4: Machine: 0x8664 - amd64
439f0.f4: Timestamp: 0xd6ced080
440f0.f4: Image Version: 10.0
441f0.f4: SizeOfImage: 0x1e000 (122880)
442f0.f4: Resource Dir: 0x1d000 LB 0x408
443f0.f4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
444f0.f4: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
445f0.f4: ProductName: Microsoft® Windows® Operating System
446f0.f4: ProductVersion: 10.0.18362.1
447f0.f4: FileVersion: 10.0.18362.1 (WinBuild.160101.0800)
448f0.f4: FileDescription: ApiSet Schema DLL
449f0.f4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
450f0.f4: supR3HardenedWinFindAdversaries: 0x0
451f0.f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
452f0.f4: Calling main()
453f0.f4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
454f0.f4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
455f0.f4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
456f0.f4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
457f0.f4: SUPR3HardenedMain: Final process, opening VBoxDrv...
458f0.f4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001360000 LB 0x400000)
459f0.f4: supR3HardNtEnableThreadCreation:
460f0.f4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
461f0.f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
462f0.f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
463f0.f4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
464f0.f4: supR3HardenedDllNotificationCallback: load 00007fffebc30000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
465f0.f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
466f0.f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
467f0.f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
468f0.f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffebc30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
469f0.f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
470f0.f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
471f0.f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffebc30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
472f0.f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffebc30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
473f0.f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
474f0.f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
475f0.f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
476f0.f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
477f0.f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
478f0.f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
479f0.f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
480f0.f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
481f0.f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
482f0.f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
483f0.f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
484f0.f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
485f0.f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'msasn1.dll'.
486f0.f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
487f0.f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
488f0.f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
489f0.f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
490f0.f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
491f0.f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
492f0.f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
493f0.f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
494f0.f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
495f0.f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
496f0.f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
497f0.f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
498f0.f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
499f0.f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
500f0.f4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-kernel32-errorhandling-l1-1-0.dll) -> 0x0, fPresent=1
501f0.f4: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-kernel32-errorhandling-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
502f0.f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff37d0000 'ext-ms-win-kernel32-errorhandling-l1-1-0.dll'
503f0.f4: supR3HardenedDllNotificationCallback: load 00007ffff1d50000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
504f0.f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
505f0.f4: supR3HardenedDllNotificationCallback: load 00007ffff1ba0000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
506f0.f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
507f0.f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
508f0.f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
509f0.f4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
510f0.f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
511f0.f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
512f0.f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
513f0.f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
514f0.f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
515f0.f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
516f0.f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff39a0000 'C:\WINDOWS\System32\ntdll.dll'
517b34.9f4: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 9541 ms, the end);
51820c8.1664: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 10082 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy