11c8.1630: Log file opened: 5.0.17r106359 g_hStartupLog=00000074 g_uNtVerCombined=0xa037ec00 11c8.1630: \SystemRoot\System32\ntdll.dll: 11c8.1630: CreationTime: 2016-04-03T13:21:15.750408500Z 11c8.1630: LastWriteTime: 2016-04-03T13:21:15.750408500Z 11c8.1630: ChangeTime: 2016-04-07T01:03:06.853744400Z 11c8.1630: FileAttributes: 0x20 11c8.1630: Size: 0x17df00 11c8.1630: NT Headers: 0xe8 11c8.1630: Timestamp: 0x5700c526 11c8.1630: Machine: 0x14c - i386 11c8.1630: Timestamp: 0x5700c526 11c8.1630: Image Version: 10.0 11c8.1630: SizeOfImage: 0x180000 (1572864) 11c8.1630: Resource Dir: 0x114000 LB 0x66db0 11c8.1630: ProductName: Microsoft® Windows® Operating System 11c8.1630: ProductVersion: 10.0.14316.1000 11c8.1630: FileVersion: 10.0.14316.1000 (rs1_release.160402-2217) 11c8.1630: FileDescription: NT Layer DLL 11c8.1630: \SystemRoot\System32\kernel32.dll: 11c8.1630: CreationTime: 2016-04-03T13:20:42.562986900Z 11c8.1630: LastWriteTime: 2016-04-03T13:20:42.562986900Z 11c8.1630: ChangeTime: 2016-04-07T01:03:02.775611800Z 11c8.1630: FileAttributes: 0x20 11c8.1630: Size: 0x996a8 11c8.1630: NT Headers: 0xf8 11c8.1630: Timestamp: 0x5700c53e 11c8.1630: Machine: 0x14c - i386 11c8.1630: Timestamp: 0x5700c53e 11c8.1630: Image Version: 10.0 11c8.1630: SizeOfImage: 0x97000 (618496) 11c8.1630: Resource Dir: 0x91000 LB 0x528 11c8.1630: ProductName: Microsoft® Windows® Operating System 11c8.1630: ProductVersion: 10.0.14316.1000 11c8.1630: FileVersion: 10.0.14316.1000 (rs1_release.160402-2217) 11c8.1630: FileDescription: Windows NT BASE API Client DLL 11c8.1630: \SystemRoot\System32\KernelBase.dll: 11c8.1630: CreationTime: 2016-04-03T13:21:15.859783900Z 11c8.1630: LastWriteTime: 2016-04-03T13:21:15.859783900Z 11c8.1630: ChangeTime: 2016-04-07T01:03:02.838111300Z 11c8.1630: FileAttributes: 0x20 11c8.1630: Size: 0x1982d0 11c8.1630: NT Headers: 0x100 11c8.1630: Timestamp: 0x5700c56a 11c8.1630: Machine: 0x14c - i386 11c8.1630: Timestamp: 0x5700c56a 11c8.1630: Image Version: 10.0 11c8.1630: SizeOfImage: 0x19b000 (1683456) 11c8.1630: Resource Dir: 0x179000 LB 0x540 11c8.1630: ProductName: Microsoft® Windows® Operating System 11c8.1630: ProductVersion: 10.0.14316.1000 11c8.1630: FileVersion: 10.0.14316.1000 (rs1_release.160402-2217) 11c8.1630: FileDescription: Windows NT BASE API Client DLL 11c8.1630: \SystemRoot\System32\apisetschema.dll: 11c8.1630: CreationTime: 2016-04-03T13:20:59.125447700Z 11c8.1630: LastWriteTime: 2016-04-03T13:20:59.141072800Z 11c8.1630: ChangeTime: 2016-04-07T01:02:51.041211000Z 11c8.1630: FileAttributes: 0x20 11c8.1630: Size: 0x17310 11c8.1630: NT Headers: 0xc8 11c8.1630: Timestamp: 0x5700c83a 11c8.1630: Machine: 0x14c - i386 11c8.1630: Timestamp: 0x5700c83a 11c8.1630: Image Version: 10.0 11c8.1630: SizeOfImage: 0x19000 (102400) 11c8.1630: Resource Dir: 0x18000 LB 0x400 11c8.1630: ProductName: Microsoft® Windows® Operating System 11c8.1630: ProductVersion: 10.0.14316.1000 11c8.1630: FileVersion: 10.0.14316.1000 (rs1_release.160402-2217) 11c8.1630: FileDescription: ApiSet Schema DLL 11c8.1630: NtOpenDirectoryObject failed on \Driver: 0xc0000022 11c8.1630: supR3HardenedWinFindAdversaries: 0x0 11c8.1630: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 11c8.1630: Calling main() 11c8.1630: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0 11c8.1630: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 11c8.1630: SUPR3HardenedMain: Respawn #1 11c8.1630: System32: \Device\HarddiskVolume1\Windows\System32 11c8.1630: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS 11c8.1630: KnownDllPath: C:\WINDOWS\system32 11c8.1630: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 11c8.1630: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe) 11c8.1630: supR3HardNtEnableThreadCreation: 11c8.1630: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77811470 pvNtTerminateThread=7787e080 11c8.1630: supR3HardenedWinDoReSpawn(1): New child 1704.163c [kernel32]. 11c8.1630: supR3HardNtChildGatherData: PebBaseAddress=003bf000 cbPeb=0x250 11c8.1630: supR3HardNtPuChFindNtdll: uNtDllParentAddr=777f0000 uNtDllChildAddr=777f0000 11c8.1630: supR3HardenedWinSetupChildInit: uLdrInitThunk=77811470 11c8.1630: supR3HardenedWinSetupChildInit: Start child. 11c8.1630: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 11c8.1630: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 0 sleeps 11c8.1630: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 11c8.1630: *00000000-fffeffff 0x0001/0x0000 0x0000000 11c8.1630: *00010000-fffeffff 0x0004/0x0004 0x0020000 11c8.1630: *00030000-00019fff 0x0002/0x0002 0x0040000 11c8.1630: 00046000-0003bfff 0x0001/0x0000 0x0000000 11c8.1630: *00050000-fff52fff 0x0000/0x0004 0x0020000 11c8.1630: 0014d000-0014afff 0x0104/0x0004 0x0020000 11c8.1630: 0014f000-0014dfff 0x0004/0x0004 0x0020000 11c8.1630: *00150000-0014bfff 0x0002/0x0002 0x0040000 11c8.1630: 00154000-00147fff 0x0001/0x0000 0x0000000 11c8.1630: *00160000-0015dfff 0x0004/0x0004 0x0020000 11c8.1630: 00162000-000c3fff 0x0001/0x0000 0x0000000 11c8.1630: *00200000-00040fff 0x0000/0x0004 0x0020000 11c8.1630: 003bf000-003bcfff 0x0004/0x0004 0x0020000 11c8.1630: 003c1000-00381fff 0x0000/0x0004 0x0020000 11c8.1630: 00400000-ff70ffff 0x0001/0x0000 0x0000000 11c8.1630: *010f0000-010f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 11c8.1630: 010f1000-01167fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 11c8.1630: 01168000-01168fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 11c8.1630: 01169000-011a2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 11c8.1630: 011a3000-011a3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 11c8.1630: 011a4000-011a4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 11c8.1630: 011a5000-011a5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 11c8.1630: 011a6000-011a6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 11c8.1630: 011a7000-011abfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 11c8.1630: 011ac000-011aefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 11c8.1630: 011af000-011f2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 11c8.1630: 011f3000-8abf5fff 0x0001/0x0000 0x0000000 11c8.1630: *777f0000-777f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 11c8.1630: 777f1000-778fcfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 11c8.1630: 778fd000-77900fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 11c8.1630: 77901000-77901fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 11c8.1630: 77902000-77903fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 11c8.1630: 77904000-7796ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 11c8.1630: 77970000-7004ffff 0x0001/0x0000 0x0000000 11c8.1630: *7f290000-7f26cfff 0x0002/0x0002 0x0040000 11c8.1630: 7f2b3000-7e585fff 0x0001/0x0000 0x0000000 11c8.1630: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000 11c8.1630: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000 11c8.1630: VBoxHeadless.exe: timestamp 0x570229fe (rc=VINF_SUCCESS) 11c8.1630: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 11c8.1630: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports 11c8.1630: supR3HardNtChildPurify: Done after 343 ms and 0 fixes (loop #0). 1704.163c: Log file opened: 5.0.17r106359 g_hStartupLog=00000008 g_uNtVerCombined=0xa037ec00 1704.163c: supR3HardenedVmProcessInit: uNtDllAddr=777f0000 g_uNtVerCombined=0xa037ec00 1704.163c: ntdll.dll: timestamp 0x5700c526 (rc=VINF_SUCCESS) 1704.163c: New simple heap: #1 00500000 LB 0x400000 (for 1572864 allocation) 11c8.1630: supR3HardNtEnableThreadCreation: 1704.163c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 1704.163c: System32: \Device\HarddiskVolume1\Windows\System32 1704.163c: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS 1704.163c: KnownDllPath: C:\WINDOWS\system32 1704.163c: supR3HardenedVmProcessInit: Opening vboxdrv stub... 1704.163c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 1704.163c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 1704.163c: Registered Dll notification callback with NTDLL. 1704.163c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll) 1704.163c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll 1704.163c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000801: [calling] 1704.163c: supR3HardenedDllNotificationCallback: load 74760000 LB 0x0019b000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0] 1704.163c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll) 1704.163c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll 1704.163c: supR3HardenedDllNotificationCallback: load 77650000 LB 0x00097000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0] 1704.163c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1704.163c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77650000 'C:\WINDOWS\system32\KERNEL32.DLL' 1704.163c: supR3HardenedDllNotificationCallback: load 010f0000 LB 0x00103000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0] 1704.163c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 1704.163c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe) 1704.163c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 1704.163c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77811470 pvNtTerminateThread=7787e080 1704.163c: \SystemRoot\System32\ntdll.dll: 1704.163c: CreationTime: 2016-04-03T13:21:15.750408500Z 1704.163c: LastWriteTime: 2016-04-03T13:21:15.750408500Z 1704.163c: ChangeTime: 2016-04-07T01:03:06.853744400Z 1704.163c: FileAttributes: 0x20 1704.163c: Size: 0x17df00 1704.163c: NT Headers: 0xe8 1704.163c: Timestamp: 0x5700c526 1704.163c: Machine: 0x14c - i386 1704.163c: Timestamp: 0x5700c526 1704.163c: Image Version: 10.0 1704.163c: SizeOfImage: 0x180000 (1572864) 1704.163c: Resource Dir: 0x114000 LB 0x66db0 1704.163c: ProductName: Microsoft® Windows® Operating System 1704.163c: ProductVersion: 10.0.14316.1000 1704.163c: FileVersion: 10.0.14316.1000 (rs1_release.160402-2217) 1704.163c: FileDescription: NT Layer DLL 1704.163c: \SystemRoot\System32\kernel32.dll: 1704.163c: CreationTime: 2016-04-03T13:20:42.562986900Z 1704.163c: LastWriteTime: 2016-04-03T13:20:42.562986900Z 1704.163c: ChangeTime: 2016-04-07T01:03:02.775611800Z 1704.163c: FileAttributes: 0x20 1704.163c: Size: 0x996a8 1704.163c: NT Headers: 0xf8 1704.163c: Timestamp: 0x5700c53e 1704.163c: Machine: 0x14c - i386 1704.163c: Timestamp: 0x5700c53e 1704.163c: Image Version: 10.0 1704.163c: SizeOfImage: 0x97000 (618496) 1704.163c: Resource Dir: 0x91000 LB 0x528 1704.163c: ProductName: Microsoft® Windows® Operating System 1704.163c: ProductVersion: 10.0.14316.1000 1704.163c: FileVersion: 10.0.14316.1000 (rs1_release.160402-2217) 1704.163c: FileDescription: Windows NT BASE API Client DLL 1704.163c: \SystemRoot\System32\KernelBase.dll: 1704.163c: CreationTime: 2016-04-03T13:21:15.859783900Z 1704.163c: LastWriteTime: 2016-04-03T13:21:15.859783900Z 1704.163c: ChangeTime: 2016-04-07T01:03:02.838111300Z 1704.163c: FileAttributes: 0x20 1704.163c: Size: 0x1982d0 1704.163c: NT Headers: 0x100 1704.163c: Timestamp: 0x5700c56a 1704.163c: Machine: 0x14c - i386 1704.163c: Timestamp: 0x5700c56a 1704.163c: Image Version: 10.0 1704.163c: SizeOfImage: 0x19b000 (1683456) 1704.163c: Resource Dir: 0x179000 LB 0x540 1704.163c: ProductName: Microsoft® Windows® Operating System 1704.163c: ProductVersion: 10.0.14316.1000 1704.163c: FileVersion: 10.0.14316.1000 (rs1_release.160402-2217) 1704.163c: FileDescription: Windows NT BASE API Client DLL 1704.163c: \SystemRoot\System32\apisetschema.dll: 1704.163c: CreationTime: 2016-04-03T13:20:59.125447700Z 1704.163c: LastWriteTime: 2016-04-03T13:20:59.141072800Z 1704.163c: ChangeTime: 2016-04-07T01:02:51.041211000Z 1704.163c: FileAttributes: 0x20 1704.163c: Size: 0x17310 1704.163c: NT Headers: 0xc8 1704.163c: Timestamp: 0x5700c83a 1704.163c: Machine: 0x14c - i386 1704.163c: Timestamp: 0x5700c83a 1704.163c: Image Version: 10.0 1704.163c: SizeOfImage: 0x19000 (102400) 1704.163c: Resource Dir: 0x18000 LB 0x400 1704.163c: ProductName: Microsoft® Windows® Operating System 1704.163c: ProductVersion: 10.0.14316.1000 1704.163c: FileVersion: 10.0.14316.1000 (rs1_release.160402-2217) 1704.163c: FileDescription: ApiSet Schema DLL 1704.163c: NtOpenDirectoryObject failed on \Driver: 0xc0000022 11c8.1630: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 172 ms. 1704.163c: supR3HardenedWinFindAdversaries: 0x0 1704.163c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 1704.163c: Calling main() 1704.163c: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0 1704.163c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 1704.163c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 1704.163c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe) 1704.163c: SUPR3HardenedMain: Respawn #2 1704.163c: supR3HardNtEnableThreadCreation: 1704.163c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77811470 pvNtTerminateThread=7787e080 1704.163c: supR3HardenedWinDoReSpawn(2): New child 17f4.10ec [kernel32]. 1704.163c: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) 1704.163c: supR3HardNtChildGatherData: PebBaseAddress=0035e000 cbPeb=0x250 1704.163c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=777f0000 uNtDllChildAddr=777f0000 1704.163c: supR3HardenedWinSetupChildInit: uLdrInitThunk=77811470 1704.163c: supR3HardenedWinSetupChildInit: Start child. 1704.163c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 1704.163c: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 0 sleeps 1704.163c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 1704.163c: *00000000-fffeffff 0x0001/0x0000 0x0000000 1704.163c: *00010000-fffeffff 0x0004/0x0004 0x0020000 1704.163c: *00030000-00019fff 0x0002/0x0002 0x0040000 1704.163c: 00046000-0003bfff 0x0001/0x0000 0x0000000 1704.163c: *00050000-fff52fff 0x0000/0x0004 0x0020000 1704.163c: 0014d000-0014afff 0x0104/0x0004 0x0020000 1704.163c: 0014f000-0014dfff 0x0004/0x0004 0x0020000 1704.163c: *00150000-0014bfff 0x0002/0x0002 0x0040000 1704.163c: 00154000-00147fff 0x0001/0x0000 0x0000000 1704.163c: *00160000-0015dfff 0x0004/0x0004 0x0020000 1704.163c: 00162000-000c3fff 0x0001/0x0000 0x0000000 1704.163c: *00200000-000a1fff 0x0000/0x0004 0x0020000 1704.163c: 0035e000-0035bfff 0x0004/0x0004 0x0020000 1704.163c: 00360000-002bffff 0x0000/0x0004 0x0020000 1704.163c: 00400000-ff70ffff 0x0001/0x0000 0x0000000 1704.163c: *010f0000-010f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 1704.163c: 010f1000-01167fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 1704.163c: 01168000-01168fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 1704.163c: 01169000-011a2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 1704.163c: 011a3000-011a3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 1704.163c: 011a4000-011a4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 1704.163c: 011a5000-011a5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 1704.163c: 011a6000-011a6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 1704.163c: 011a7000-011abfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 1704.163c: 011ac000-011aefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 1704.163c: 011af000-011f2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 1704.163c: 011f3000-8abf5fff 0x0001/0x0000 0x0000000 1704.163c: *777f0000-777f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 1704.163c: 777f1000-778fcfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 1704.163c: 778fd000-77900fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 1704.163c: 77901000-77901fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 1704.163c: 77902000-77903fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 1704.163c: 77904000-7796ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 1704.163c: 77970000-6f3fffff 0x0001/0x0000 0x0000000 1704.163c: *7fee0000-7febcfff 0x0002/0x0002 0x0040000 1704.163c: 7ff03000-7fe25fff 0x0001/0x0000 0x0000000 1704.163c: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000 1704.163c: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000 1704.163c: VBoxHeadless.exe: timestamp 0x570229fe (rc=VINF_SUCCESS) 1704.163c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 1704.163c: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports 1704.163c: supR3HardNtChildPurify: Done after 359 ms and 0 fixes (loop #0). 17f4.10ec: Log file opened: 5.0.17r106359 g_hStartupLog=00000008 g_uNtVerCombined=0xa037ec00 17f4.10ec: supR3HardenedVmProcessInit: uNtDllAddr=777f0000 g_uNtVerCombined=0xa037ec00 17f4.10ec: ntdll.dll: timestamp 0x5700c526 (rc=VINF_SUCCESS) 17f4.10ec: New simple heap: #1 00500000 LB 0x400000 (for 1572864 allocation) 1704.163c: supR3HardenedEarlyCompact: Removed heap 1 (0x500000 LB 0x400000) 1704.163c: supR3HardNtEnableThreadCreation: 17f4.10ec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 17f4.10ec: System32: \Device\HarddiskVolume1\Windows\System32 17f4.10ec: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS 17f4.10ec: KnownDllPath: C:\WINDOWS\system32 17f4.10ec: supR3HardenedVmProcessInit: Opening vboxdrv... 17f4.10ec: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 17f4.10ec: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 17f4.10ec: Registered Dll notification callback with NTDLL. 17f4.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll) 17f4.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll 17f4.10ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000801: [calling] 17f4.10ec: supR3HardenedDllNotificationCallback: load 74760000 LB 0x0019b000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0] 17f4.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll) 17f4.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll 17f4.10ec: supR3HardenedDllNotificationCallback: load 77650000 LB 0x00097000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0] 17f4.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 17f4.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77650000 'C:\WINDOWS\system32\KERNEL32.DLL' 17f4.10ec: supR3HardenedDllNotificationCallback: load 010f0000 LB 0x00103000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0] 17f4.10ec: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 17f4.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe) 17f4.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 17f4.10ec: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77811470 pvNtTerminateThread=7787e080 1704.163c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 188 ms. 17f4.10ec: \SystemRoot\System32\ntdll.dll: 17f4.10ec: CreationTime: 2016-04-03T13:21:15.750408500Z 17f4.10ec: LastWriteTime: 2016-04-03T13:21:15.750408500Z 17f4.10ec: ChangeTime: 2016-04-07T01:03:06.853744400Z 17f4.10ec: FileAttributes: 0x20 17f4.10ec: Size: 0x17df00 17f4.10ec: NT Headers: 0xe8 17f4.10ec: Timestamp: 0x5700c526 17f4.10ec: Machine: 0x14c - i386 17f4.10ec: Timestamp: 0x5700c526 17f4.10ec: Image Version: 10.0 17f4.10ec: SizeOfImage: 0x180000 (1572864) 17f4.10ec: Resource Dir: 0x114000 LB 0x66db0 17f4.10ec: ProductName: Microsoft® Windows® Operating System 17f4.10ec: ProductVersion: 10.0.14316.1000 17f4.10ec: FileVersion: 10.0.14316.1000 (rs1_release.160402-2217) 17f4.10ec: FileDescription: NT Layer DLL 17f4.10ec: \SystemRoot\System32\kernel32.dll: 17f4.10ec: CreationTime: 2016-04-03T13:20:42.562986900Z 17f4.10ec: LastWriteTime: 2016-04-03T13:20:42.562986900Z 17f4.10ec: ChangeTime: 2016-04-07T01:03:02.775611800Z 17f4.10ec: FileAttributes: 0x20 17f4.10ec: Size: 0x996a8 17f4.10ec: NT Headers: 0xf8 17f4.10ec: Timestamp: 0x5700c53e 17f4.10ec: Machine: 0x14c - i386 17f4.10ec: Timestamp: 0x5700c53e 17f4.10ec: Image Version: 10.0 17f4.10ec: SizeOfImage: 0x97000 (618496) 17f4.10ec: Resource Dir: 0x91000 LB 0x528 17f4.10ec: ProductName: Microsoft® Windows® Operating System 17f4.10ec: ProductVersion: 10.0.14316.1000 17f4.10ec: FileVersion: 10.0.14316.1000 (rs1_release.160402-2217) 17f4.10ec: FileDescription: Windows NT BASE API Client DLL 17f4.10ec: \SystemRoot\System32\KernelBase.dll: 17f4.10ec: CreationTime: 2016-04-03T13:21:15.859783900Z 17f4.10ec: LastWriteTime: 2016-04-03T13:21:15.859783900Z 17f4.10ec: ChangeTime: 2016-04-07T01:03:02.838111300Z 17f4.10ec: FileAttributes: 0x20 17f4.10ec: Size: 0x1982d0 17f4.10ec: NT Headers: 0x100 17f4.10ec: Timestamp: 0x5700c56a 17f4.10ec: Machine: 0x14c - i386 17f4.10ec: Timestamp: 0x5700c56a 17f4.10ec: Image Version: 10.0 17f4.10ec: SizeOfImage: 0x19b000 (1683456) 17f4.10ec: Resource Dir: 0x179000 LB 0x540 17f4.10ec: ProductName: Microsoft® Windows® Operating System 17f4.10ec: ProductVersion: 10.0.14316.1000 17f4.10ec: FileVersion: 10.0.14316.1000 (rs1_release.160402-2217) 17f4.10ec: FileDescription: Windows NT BASE API Client DLL 17f4.10ec: \SystemRoot\System32\apisetschema.dll: 17f4.10ec: CreationTime: 2016-04-03T13:20:59.125447700Z 17f4.10ec: LastWriteTime: 2016-04-03T13:20:59.141072800Z 17f4.10ec: ChangeTime: 2016-04-07T01:02:51.041211000Z 17f4.10ec: FileAttributes: 0x20 17f4.10ec: Size: 0x17310 17f4.10ec: NT Headers: 0xc8 17f4.10ec: Timestamp: 0x5700c83a 17f4.10ec: Machine: 0x14c - i386 17f4.10ec: Timestamp: 0x5700c83a 17f4.10ec: Image Version: 10.0 17f4.10ec: SizeOfImage: 0x19000 (102400) 17f4.10ec: Resource Dir: 0x18000 LB 0x400 17f4.10ec: ProductName: Microsoft® Windows® Operating System 17f4.10ec: ProductVersion: 10.0.14316.1000 17f4.10ec: FileVersion: 10.0.14316.1000 (rs1_release.160402-2217) 17f4.10ec: FileDescription: ApiSet Schema DLL 17f4.10ec: NtOpenDirectoryObject failed on \Driver: 0xc0000022 17f4.10ec: supR3HardenedWinFindAdversaries: 0x0 17f4.10ec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 17f4.10ec: Calling main() 17f4.10ec: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0 17f4.10ec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 17f4.10ec: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 17f4.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxHeadless.exe) 17f4.10ec: SUPR3HardenedMain: Final process, opening VBoxDrv... 17f4.10ec: supR3HardenedEarlyCompact: Removed heap 1 (0x500000 LB 0x400000) 17f4.10ec: supR3HardNtEnableThreadCreation: 17f4.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) 17f4.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll 17f4.10ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000801: [calling] 17f4.10ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 17f4.10ec: supR3HardenedDllNotificationCallback: load 6dc30000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] 17f4.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 17f4.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 17f4.10ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] 17f4.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6dc30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 17f4.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 17f4.10ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] 17f4.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6dc30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 17f4.10ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6dc30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 17f4.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 17f4.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'. 17f4.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'. 17f4.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'. 17f4.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wintrust.dll) 17f4.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wintrust.dll 17f4.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 17f4.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 17f4.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll) 17f4.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll 17f4.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 17f4.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 17f4.10ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'msasn1.dll'. 17f4.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\crypt32.dll) 17f4.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\crypt32.dll 17f4.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 17f4.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 17f4.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msasn1.dll) 17f4.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msasn1.dll 17f4.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 17f4.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 17f4.10ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll) 17f4.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll 17f4.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 17f4.10ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 17f4.10ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 17f4.10ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000801: [calling] 17f4.10ec: supR3HardenedDllNotificationCallback: load 76b80000 LB 0x000be000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0] 17f4.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 17f4.10ec: supR3HardenedDllNotificationCallback: load 74440000 LB 0x0000e000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0] 17f4.10ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 17f4.10ec: supR3HardenedDllNotificationCallback: load 74500000 LB 0x000df000 C:\WINDOWS\system32\ucrtbase.dll [fFlags=0x0] 17f4.10ec: supHardenedWinVerifyImageByHandle: -> -626 (\Device\HarddiskVolume1\Windows\System32\ucrtbase.dll) 17f4.10ec: Error (rc=0): 17f4.10ec: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume1\Windows\System32\ucrtbase.dll: Load config header vs directory size mismatch: 0x78 vs 0x40 17f4.10ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ucrtbase.dll 17f4.10ec: Fatal error: 17f4.10ec: supR3HardenedDllNotificationCallback: supR3HardenedScreenImage failed on 'C:\WINDOWS\system32\ucrtbase.dll' / '\??\C:\WINDOWS\system32\ucrtbase.dll': 0xc0000190 1704.163c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 172 ms, the end); 11c8.1630: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 750 ms, the end);