4c0.107c: Log file opened: 5.2.18r124319 g_hStartupLog=00000070 g_uNtVerCombined=0xa0455900 4c0.107c: \SystemRoot\System32\ntdll.dll: 4c0.107c: CreationTime: 2018-09-04T09:38:31.360660600Z 4c0.107c: LastWriteTime: 2018-09-04T09:38:31.360660600Z 4c0.107c: ChangeTime: 2018-09-04T19:43:05.803429100Z 4c0.107c: FileAttributes: 0x20 4c0.107c: Size: 0x193858 4c0.107c: NT Headers: 0xf0 4c0.107c: Timestamp: 0x902254cc 4c0.107c: Machine: 0x14c - i386 4c0.107c: Timestamp: 0x902254cc 4c0.107c: Image Version: 10.0 4c0.107c: SizeOfImage: 0x198000 (1671168) 4c0.107c: Resource Dir: 0x124000 LB 0x6ea08 4c0.107c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 4c0.107c: [Raw version resource data: 0x1240f0 LB 0x380, codepage 0x0 (reserved 0x0)] 4c0.107c: ProductName: Microsoft® Windows® Operating System 4c0.107c: ProductVersion: 10.0.17753.1001 4c0.107c: FileVersion: 10.0.17753.1001 (WinBuild.160101.0800) 4c0.107c: FileDescription: NT Layer DLL 4c0.107c: \SystemRoot\System32\kernel32.dll: 4c0.107c: CreationTime: 2018-09-04T09:38:12.250901800Z 4c0.107c: LastWriteTime: 2018-09-04T09:38:12.250901800Z 4c0.107c: ChangeTime: 2018-09-04T19:43:05.850306800Z 4c0.107c: FileAttributes: 0x20 4c0.107c: Size: 0x9a708 4c0.107c: NT Headers: 0xf0 4c0.107c: Timestamp: 0x92463ca8 4c0.107c: Machine: 0x14c - i386 4c0.107c: Timestamp: 0x92463ca8 4c0.107c: Image Version: 10.0 4c0.107c: SizeOfImage: 0x98000 (622592) 4c0.107c: Resource Dir: 0x92000 LB 0x520 4c0.107c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 4c0.107c: [Raw version resource data: 0x920b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 4c0.107c: ProductName: Microsoft® Windows® Operating System 4c0.107c: ProductVersion: 10.0.17753.1001 4c0.107c: FileVersion: 10.0.17753.1001 (WinBuild.160101.0800) 4c0.107c: FileDescription: Windows NT BASE API Client DLL 4c0.107c: \SystemRoot\System32\KernelBase.dll: 4c0.107c: CreationTime: 2018-09-04T09:38:31.282534700Z 4c0.107c: LastWriteTime: 2018-09-04T09:38:31.282534700Z 4c0.107c: ChangeTime: 2018-09-04T19:43:05.990928900Z 4c0.107c: FileAttributes: 0x20 4c0.107c: Size: 0x1f0b48 4c0.107c: NT Headers: 0xf0 4c0.107c: Timestamp: 0xc4ea60db 4c0.107c: Machine: 0x14c - i386 4c0.107c: Timestamp: 0xc4ea60db 4c0.107c: Image Version: 10.0 4c0.107c: SizeOfImage: 0x1f1000 (2035712) 4c0.107c: Resource Dir: 0x1c6000 LB 0x548 4c0.107c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 4c0.107c: [Raw version resource data: 0x1c60b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 4c0.107c: ProductName: Microsoft® Windows® Operating System 4c0.107c: ProductVersion: 10.0.17753.1001 4c0.107c: FileVersion: 10.0.17753.1001 (WinBuild.160101.0800) 4c0.107c: FileDescription: Windows NT BASE API Client DLL 4c0.107c: \SystemRoot\System32\apisetschema.dll: 4c0.107c: CreationTime: 2018-09-04T09:38:08.172697300Z 4c0.107c: LastWriteTime: 2018-09-04T09:38:08.172697300Z 4c0.107c: ChangeTime: 2018-09-04T19:26:33.413548100Z 4c0.107c: FileAttributes: 0x20 4c0.107c: Size: 0x1b730 4c0.107c: NT Headers: 0xd0 4c0.107c: Timestamp: 0xcae43134 4c0.107c: Machine: 0x14c - i386 4c0.107c: Timestamp: 0xcae43134 4c0.107c: Image Version: 10.0 4c0.107c: SizeOfImage: 0x1d000 (118784) 4c0.107c: Resource Dir: 0x1c000 LB 0x408 4c0.107c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 4c0.107c: [Raw version resource data: 0x1c060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 4c0.107c: ProductName: Microsoft® Windows® Operating System 4c0.107c: ProductVersion: 10.0.17753.1001 4c0.107c: FileVersion: 10.0.17753.1001 (WinBuild.160101.0800) 4c0.107c: FileDescription: ApiSet Schema DLL 4c0.107c: NtOpenDirectoryObject failed on \Driver: 0xc0000022 4c0.107c: supR3HardenedWinFindAdversaries: 0x0 4c0.107c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 4c0.107c: Calling main() 4c0.107c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 4c0.107c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 4c0.107c: SUPR3HardenedMain: Respawn #1 4c0.107c: System32: \Device\HarddiskVolume2\Windows\System32 4c0.107c: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS 4c0.107c: KnownDllPath: C:\Windows\System32 4c0.107c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 4c0.107c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 4c0.107c: supR3HardNtEnableThreadCreation: 4c0.107c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77d473c0 pvNtTerminateThread=77d7d0d0 4c0.107c: supR3HardenedWinDoReSpawn(1): New child 26e0.2308 [kernel32]. 4c0.107c: supR3HardNtChildGatherData: PebBaseAddress=00b35000 cbPeb=0x250 4c0.107c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=77cf0000 uNtDllChildAddr=77cf0000 4c0.107c: supR3HardenedWinSetupChildInit: uLdrInitThunk=77d473c0 4c0.107c: supR3HardenedWinSetupChildInit: Start child. 4c0.107c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 4c0.107c: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 0 sleeps 4c0.107c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 4c0.107c: *00000000-0091ffff 0x0001/0x0000 0x0000000 4c0.107c: *00920000-0093ffff 0x0004/0x0004 0x0020000 4c0.107c: *00940000-00959fff 0x0002/0x0002 0x0040000 4c0.107c: 0095a000-0095ffff 0x0001/0x0000 0x0000000 4c0.107c: *00960000-00963fff 0x0002/0x0002 0x0040000 4c0.107c: 00964000-0096ffff 0x0001/0x0000 0x0000000 4c0.107c: *00970000-00971fff 0x0004/0x0004 0x0020000 4c0.107c: 00972000-009fffff 0x0001/0x0000 0x0000000 4c0.107c: *00a00000-00b34fff 0x0000/0x0004 0x0020000 4c0.107c: 00b35000-00b36fff 0x0004/0x0004 0x0020000 4c0.107c: 00b37000-00bfffff 0x0000/0x0004 0x0020000 4c0.107c: *00c00000-00cfbfff 0x0000/0x0004 0x0020000 4c0.107c: 00cfc000-00cfdfff 0x0104/0x0004 0x0020000 4c0.107c: 00cfe000-00cfffff 0x0004/0x0004 0x0020000 4c0.107c: 00d00000-00d3ffff 0x0001/0x0000 0x0000000 4c0.107c: *00d40000-00d40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 4c0.107c: 00d41000-00da6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 4c0.107c: 00da7000-00da7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 4c0.107c: 00da8000-00de1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 4c0.107c: 00de2000-00de2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 4c0.107c: 00de3000-00de3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 4c0.107c: 00de4000-00de4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 4c0.107c: 00de5000-00de5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 4c0.107c: 00de6000-00deafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 4c0.107c: 00deb000-00dedfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 4c0.107c: 00dee000-00e31fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 4c0.107c: 00e32000-77ceffff 0x0001/0x0000 0x0000000 4c0.107c: *77cf0000-77cf0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 4c0.107c: 77cf1000-77e09fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 4c0.107c: 77e0a000-77e0ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 4c0.107c: 77e10000-77e10fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 4c0.107c: 77e11000-77e12fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 4c0.107c: 77e13000-77e87fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 4c0.107c: 77e88000-7f15ffff 0x0001/0x0000 0x0000000 4c0.107c: *7f160000-7f160fff 0x0002/0x0002 0x0040000 4c0.107c: 7f161000-7f16ffff 0x0001/0x0000 0x0000000 4c0.107c: *7f170000-7f192fff 0x0002/0x0002 0x0040000 4c0.107c: 7f193000-7ffdffff 0x0001/0x0000 0x0000000 4c0.107c: *7ffe0000-7ffe0fff 0x0002/0x0002 0x0020000 4c0.107c: 7ffe1000-7ffebfff 0x0001/0x0000 0x0000000 4c0.107c: *7ffec000-7ffecfff 0x0002/0x0002 0x0020000 4c0.107c: 7ffed000-7ffeffff 0x0001/0x0000 0x0000000 4c0.107c: VirtualBox.exe: timestamp 0x5b72c58d (rc=VINF_SUCCESS) 4c0.107c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 4c0.107c: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x902254cc; retrying against current time: 0x5b8ee2dc. 4c0.107c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 4c0.107c: supR3HardNtChildPurify: Done after 343 ms and 0 fixes (loop #0). 26e0.2308: Log file opened: 5.2.18r124319 g_hStartupLog=00000004 g_uNtVerCombined=0xa0455900 26e0.2308: supR3HardenedVmProcessInit: uNtDllAddr=77cf0000 g_uNtVerCombined=0xa0455900 4c0.107c: supR3HardNtEnableThreadCreation: 26e0.2308: ntdll.dll: timestamp 0x902254cc (rc=VINF_SUCCESS) 26e0.2308: New simple heap: #1 00f40000 LB 0x400000 (for 1671168 allocation) 26e0.2308: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 26e0.2308: System32: \Device\HarddiskVolume2\Windows\System32 26e0.2308: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS 26e0.2308: KnownDllPath: C:\Windows\System32 26e0.2308: supR3HardenedVmProcessInit: Opening vboxdrv stub... 26e0.2308: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 26e0.2308: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 26e0.2308: Registered Dll notification callback with NTDLL. 26e0.2308: \Device\HarddiskVolume2\Windows\System32\kernel32.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x92463ca8; retrying against current time: 0x5b8ee2dc. 26e0.2308: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 26e0.2308: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 26e0.2308: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00004001: [calling] 26e0.2308: supR3HardenedDllNotificationCallback: load 74f80000 LB 0x001f1000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0] 26e0.2308: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xc4ea60db; retrying against current time: 0x5b8ee2dd. 26e0.2308: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) 26e0.2308: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 26e0.2308: supR3HardenedDllNotificationCallback: load 75970000 LB 0x00098000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0] 26e0.2308: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 26e0.2308: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75970000 'C:\Windows\System32\KERNEL32.DLL' 26e0.2308: supR3HardenedDllNotificationCallback: load 00d40000 LB 0x000f2000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 26e0.2308: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 26e0.2308: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 26e0.2308: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 26e0.2308: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77d473c0 pvNtTerminateThread=77d7d0d0 4c0.107c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 219 ms. 26e0.2308: \SystemRoot\System32\ntdll.dll: 26e0.2308: CreationTime: 2018-09-04T09:38:31.360660600Z 26e0.2308: LastWriteTime: 2018-09-04T09:38:31.360660600Z 26e0.2308: ChangeTime: 2018-09-04T19:43:05.803429100Z 26e0.2308: FileAttributes: 0x20 26e0.2308: Size: 0x193858 26e0.2308: NT Headers: 0xf0 26e0.2308: Timestamp: 0x902254cc 26e0.2308: Machine: 0x14c - i386 26e0.2308: Timestamp: 0x902254cc 26e0.2308: Image Version: 10.0 26e0.2308: SizeOfImage: 0x198000 (1671168) 26e0.2308: Resource Dir: 0x124000 LB 0x6ea08 26e0.2308: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 26e0.2308: [Raw version resource data: 0x1240f0 LB 0x380, codepage 0x0 (reserved 0x0)] 26e0.2308: ProductName: Microsoft® Windows® Operating System 26e0.2308: ProductVersion: 10.0.17753.1001 26e0.2308: FileVersion: 10.0.17753.1001 (WinBuild.160101.0800) 26e0.2308: FileDescription: NT Layer DLL 26e0.2308: \SystemRoot\System32\kernel32.dll: 26e0.2308: CreationTime: 2018-09-04T09:38:12.250901800Z 26e0.2308: LastWriteTime: 2018-09-04T09:38:12.250901800Z 26e0.2308: ChangeTime: 2018-09-04T19:43:05.850306800Z 26e0.2308: FileAttributes: 0x20 26e0.2308: Size: 0x9a708 26e0.2308: NT Headers: 0xf0 26e0.2308: Timestamp: 0x92463ca8 26e0.2308: Machine: 0x14c - i386 26e0.2308: Timestamp: 0x92463ca8 26e0.2308: Image Version: 10.0 26e0.2308: SizeOfImage: 0x98000 (622592) 26e0.2308: Resource Dir: 0x92000 LB 0x520 26e0.2308: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 26e0.2308: [Raw version resource data: 0x920b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 26e0.2308: ProductName: Microsoft® Windows® Operating System 26e0.2308: ProductVersion: 10.0.17753.1001 26e0.2308: FileVersion: 10.0.17753.1001 (WinBuild.160101.0800) 26e0.2308: FileDescription: Windows NT BASE API Client DLL 26e0.2308: \SystemRoot\System32\KernelBase.dll: 26e0.2308: CreationTime: 2018-09-04T09:38:31.282534700Z 26e0.2308: LastWriteTime: 2018-09-04T09:38:31.282534700Z 26e0.2308: ChangeTime: 2018-09-04T19:43:05.990928900Z 26e0.2308: FileAttributes: 0x20 26e0.2308: Size: 0x1f0b48 26e0.2308: NT Headers: 0xf0 26e0.2308: Timestamp: 0xc4ea60db 26e0.2308: Machine: 0x14c - i386 26e0.2308: Timestamp: 0xc4ea60db 26e0.2308: Image Version: 10.0 26e0.2308: SizeOfImage: 0x1f1000 (2035712) 26e0.2308: Resource Dir: 0x1c6000 LB 0x548 26e0.2308: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 26e0.2308: [Raw version resource data: 0x1c60b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 26e0.2308: ProductName: Microsoft® Windows® Operating System 26e0.2308: ProductVersion: 10.0.17753.1001 26e0.2308: FileVersion: 10.0.17753.1001 (WinBuild.160101.0800) 26e0.2308: FileDescription: Windows NT BASE API Client DLL 26e0.2308: \SystemRoot\System32\apisetschema.dll: 26e0.2308: CreationTime: 2018-09-04T09:38:08.172697300Z 26e0.2308: LastWriteTime: 2018-09-04T09:38:08.172697300Z 26e0.2308: ChangeTime: 2018-09-04T19:26:33.413548100Z 26e0.2308: FileAttributes: 0x20 26e0.2308: Size: 0x1b730 26e0.2308: NT Headers: 0xd0 26e0.2308: Timestamp: 0xcae43134 26e0.2308: Machine: 0x14c - i386 26e0.2308: Timestamp: 0xcae43134 26e0.2308: Image Version: 10.0 26e0.2308: SizeOfImage: 0x1d000 (118784) 26e0.2308: Resource Dir: 0x1c000 LB 0x408 26e0.2308: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 26e0.2308: [Raw version resource data: 0x1c060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 26e0.2308: ProductName: Microsoft® Windows® Operating System 26e0.2308: ProductVersion: 10.0.17753.1001 26e0.2308: FileVersion: 10.0.17753.1001 (WinBuild.160101.0800) 26e0.2308: FileDescription: ApiSet Schema DLL 26e0.2308: NtOpenDirectoryObject failed on \Driver: 0xc0000022 26e0.2308: supR3HardenedWinFindAdversaries: 0x0 26e0.2308: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 26e0.2308: Calling main() 26e0.2308: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 26e0.2308: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 26e0.2308: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 26e0.2308: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 26e0.2308: SUPR3HardenedMain: Respawn #2 26e0.2308: supR3HardNtEnableThreadCreation: 26e0.2308: supR3HardenedDllNotificationCallback: load 75ae0000 LB 0x000bf000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0] 26e0.2308: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x2ebf0dbf; retrying against current time: 0x5b8ee2dd. 26e0.2308: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll) 26e0.2308: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll 26e0.2308: supR3HardenedDllNotificationCallback: load 75750000 LB 0x00079000 C:\Windows\System32\sechost.dll [fFlags=0x0] 26e0.2308: \Device\HarddiskVolume2\Windows\System32\sechost.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xec52cb01; retrying against current time: 0x5b8ee2dd. 26e0.2308: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. 26e0.2308: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll) 26e0.2308: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll 26e0.2308: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x902254cc; retrying against current time: 0x5b8ee2dd. 26e0.2308: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 26e0.2308: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll) 26e0.2308: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll 26e0.2308: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 26e0.2308: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 26e0.2308: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 26e0.2308: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000801: [calling] 26e0.2308: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77cf0000 'C:\Windows\System32\ntdll.dll' 26e0.2308: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77d473c0 pvNtTerminateThread=77d7d0d0 26e0.2308: supR3HardenedWinDoReSpawn(2): New child f50.274c [kernel32]. 26e0.2308: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) 26e0.2308: supR3HardNtChildGatherData: PebBaseAddress=00286000 cbPeb=0x250 26e0.2308: supR3HardNtPuChFindNtdll: uNtDllParentAddr=77cf0000 uNtDllChildAddr=77cf0000 26e0.2308: supR3HardenedWinSetupChildInit: uLdrInitThunk=77d473c0 26e0.2308: supR3HardenedWinSetupChildInit: Start child. 26e0.2308: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 26e0.2308: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 0 sleeps 26e0.2308: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 26e0.2308: *00000000-0016ffff 0x0001/0x0000 0x0000000 26e0.2308: *00170000-0018ffff 0x0004/0x0004 0x0020000 26e0.2308: *00190000-001a9fff 0x0002/0x0002 0x0040000 26e0.2308: 001aa000-001affff 0x0001/0x0000 0x0000000 26e0.2308: *001b0000-001b3fff 0x0002/0x0002 0x0040000 26e0.2308: 001b4000-001bffff 0x0001/0x0000 0x0000000 26e0.2308: *001c0000-001c1fff 0x0004/0x0004 0x0020000 26e0.2308: 001c2000-001fffff 0x0001/0x0000 0x0000000 26e0.2308: *00200000-00285fff 0x0000/0x0004 0x0020000 26e0.2308: 00286000-00287fff 0x0004/0x0004 0x0020000 26e0.2308: 00288000-003fffff 0x0000/0x0004 0x0020000 26e0.2308: *00400000-004fbfff 0x0000/0x0004 0x0020000 26e0.2308: 004fc000-004fdfff 0x0104/0x0004 0x0020000 26e0.2308: 004fe000-004fffff 0x0004/0x0004 0x0020000 26e0.2308: 00500000-00d3ffff 0x0001/0x0000 0x0000000 26e0.2308: *00d40000-00d40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 26e0.2308: 00d41000-00da6fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 26e0.2308: 00da7000-00da7fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 26e0.2308: 00da8000-00de1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 26e0.2308: 00de2000-00de2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 26e0.2308: 00de3000-00de3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 26e0.2308: 00de4000-00de4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 26e0.2308: 00de5000-00de5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 26e0.2308: 00de6000-00deafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 26e0.2308: 00deb000-00dedfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 26e0.2308: 00dee000-00e31fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 26e0.2308: 00e32000-77ceffff 0x0001/0x0000 0x0000000 26e0.2308: *77cf0000-77cf0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 26e0.2308: 77cf1000-77e09fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 26e0.2308: 77e0a000-77e0ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 26e0.2308: 77e10000-77e10fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 26e0.2308: 77e11000-77e12fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 26e0.2308: 77e13000-77e87fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 26e0.2308: 77e88000-7fb1ffff 0x0001/0x0000 0x0000000 26e0.2308: *7fb20000-7fb20fff 0x0002/0x0002 0x0040000 26e0.2308: 7fb21000-7fb2ffff 0x0001/0x0000 0x0000000 26e0.2308: *7fb30000-7fb52fff 0x0002/0x0002 0x0040000 26e0.2308: 7fb53000-7ffdffff 0x0001/0x0000 0x0000000 26e0.2308: *7ffe0000-7ffe0fff 0x0002/0x0002 0x0020000 26e0.2308: 7ffe1000-7ffebfff 0x0001/0x0000 0x0000000 26e0.2308: *7ffec000-7ffecfff 0x0002/0x0002 0x0020000 26e0.2308: 7ffed000-7ffeffff 0x0001/0x0000 0x0000000 26e0.2308: VirtualBox.exe: timestamp 0x5b72c58d (rc=VINF_SUCCESS) 26e0.2308: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 26e0.2308: \Device\HarddiskVolume2\Windows\System32\ntdll.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x902254cc; retrying against current time: 0x5b8ee2dd. 26e0.2308: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 26e0.2308: supR3HardNtChildPurify: Done after 343 ms and 0 fixes (loop #0). f50.274c: Log file opened: 5.2.18r124319 g_hStartupLog=00000004 g_uNtVerCombined=0xa0455900 f50.274c: supR3HardenedVmProcessInit: uNtDllAddr=77cf0000 g_uNtVerCombined=0xa0455900 26e0.2308: supR3HardenedEarlyCompact: Removed heap 1 (0xf40000 LB 0x400000) 26e0.2308: supR3HardNtEnableThreadCreation: f50.274c: ntdll.dll: timestamp 0x902254cc (rc=VINF_SUCCESS) f50.274c: New simple heap: #1 00600000 LB 0x400000 (for 1671168 allocation) f50.274c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' f50.274c: System32: \Device\HarddiskVolume2\Windows\System32 f50.274c: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS f50.274c: KnownDllPath: C:\Windows\System32 f50.274c: supR3HardenedVmProcessInit: Opening vboxdrv... f50.274c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... f50.274c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... f50.274c: Registered Dll notification callback with NTDLL. f50.274c: \Device\HarddiskVolume2\Windows\System32\kernel32.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x92463ca8; retrying against current time: 0x5b8ee2dd. f50.274c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) f50.274c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll f50.274c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00004001: [calling] f50.274c: supR3HardenedDllNotificationCallback: load 74f80000 LB 0x001f1000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0] f50.274c: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xc4ea60db; retrying against current time: 0x5b8ee2dd. f50.274c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) f50.274c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll f50.274c: supR3HardenedDllNotificationCallback: load 75970000 LB 0x00098000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0] f50.274c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] f50.274c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75970000 'C:\Windows\System32\KERNEL32.DLL' f50.274c: supR3HardenedDllNotificationCallback: load 00d40000 LB 0x000f2000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] f50.274c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports f50.274c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) f50.274c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe f50.274c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77d473c0 pvNtTerminateThread=77d7d0d0 26e0.2308: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 219 ms. f50.274c: \SystemRoot\System32\ntdll.dll: f50.274c: CreationTime: 2018-09-04T09:38:31.360660600Z f50.274c: LastWriteTime: 2018-09-04T09:38:31.360660600Z f50.274c: ChangeTime: 2018-09-04T19:43:05.803429100Z f50.274c: FileAttributes: 0x20 f50.274c: Size: 0x193858 f50.274c: NT Headers: 0xf0 f50.274c: Timestamp: 0x902254cc f50.274c: Machine: 0x14c - i386 f50.274c: Timestamp: 0x902254cc f50.274c: Image Version: 10.0 f50.274c: SizeOfImage: 0x198000 (1671168) f50.274c: Resource Dir: 0x124000 LB 0x6ea08 f50.274c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] f50.274c: [Raw version resource data: 0x1240f0 LB 0x380, codepage 0x0 (reserved 0x0)] f50.274c: ProductName: Microsoft® Windows® Operating System f50.274c: ProductVersion: 10.0.17753.1001 f50.274c: FileVersion: 10.0.17753.1001 (WinBuild.160101.0800) f50.274c: FileDescription: NT Layer DLL f50.274c: \SystemRoot\System32\kernel32.dll: f50.274c: CreationTime: 2018-09-04T09:38:12.250901800Z f50.274c: LastWriteTime: 2018-09-04T09:38:12.250901800Z f50.274c: ChangeTime: 2018-09-04T19:43:05.850306800Z f50.274c: FileAttributes: 0x20 f50.274c: Size: 0x9a708 f50.274c: NT Headers: 0xf0 f50.274c: Timestamp: 0x92463ca8 f50.274c: Machine: 0x14c - i386 f50.274c: Timestamp: 0x92463ca8 f50.274c: Image Version: 10.0 f50.274c: SizeOfImage: 0x98000 (622592) f50.274c: Resource Dir: 0x92000 LB 0x520 f50.274c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] f50.274c: [Raw version resource data: 0x920b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] f50.274c: ProductName: Microsoft® Windows® Operating System f50.274c: ProductVersion: 10.0.17753.1001 f50.274c: FileVersion: 10.0.17753.1001 (WinBuild.160101.0800) f50.274c: FileDescription: Windows NT BASE API Client DLL f50.274c: \SystemRoot\System32\KernelBase.dll: f50.274c: CreationTime: 2018-09-04T09:38:31.282534700Z f50.274c: LastWriteTime: 2018-09-04T09:38:31.282534700Z f50.274c: ChangeTime: 2018-09-04T19:43:05.990928900Z f50.274c: FileAttributes: 0x20 f50.274c: Size: 0x1f0b48 f50.274c: NT Headers: 0xf0 f50.274c: Timestamp: 0xc4ea60db f50.274c: Machine: 0x14c - i386 f50.274c: Timestamp: 0xc4ea60db f50.274c: Image Version: 10.0 f50.274c: SizeOfImage: 0x1f1000 (2035712) f50.274c: Resource Dir: 0x1c6000 LB 0x548 f50.274c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] f50.274c: [Raw version resource data: 0x1c60b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] f50.274c: ProductName: Microsoft® Windows® Operating System f50.274c: ProductVersion: 10.0.17753.1001 f50.274c: FileVersion: 10.0.17753.1001 (WinBuild.160101.0800) f50.274c: FileDescription: Windows NT BASE API Client DLL f50.274c: \SystemRoot\System32\apisetschema.dll: f50.274c: CreationTime: 2018-09-04T09:38:08.172697300Z f50.274c: LastWriteTime: 2018-09-04T09:38:08.172697300Z f50.274c: ChangeTime: 2018-09-04T19:26:33.413548100Z f50.274c: FileAttributes: 0x20 f50.274c: Size: 0x1b730 f50.274c: NT Headers: 0xd0 f50.274c: Timestamp: 0xcae43134 f50.274c: Machine: 0x14c - i386 f50.274c: Timestamp: 0xcae43134 f50.274c: Image Version: 10.0 f50.274c: SizeOfImage: 0x1d000 (118784) f50.274c: Resource Dir: 0x1c000 LB 0x408 f50.274c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] f50.274c: [Raw version resource data: 0x1c060 LB 0x3a8, codepage 0x0 (reserved 0x0)] f50.274c: ProductName: Microsoft® Windows® Operating System f50.274c: ProductVersion: 10.0.17753.1001 f50.274c: FileVersion: 10.0.17753.1001 (WinBuild.160101.0800) f50.274c: FileDescription: ApiSet Schema DLL f50.274c: NtOpenDirectoryObject failed on \Driver: 0xc0000022 f50.274c: supR3HardenedWinFindAdversaries: 0x0 f50.274c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' f50.274c: Calling main() f50.274c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 f50.274c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' f50.274c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports f50.274c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) f50.274c: SUPR3HardenedMain: Final process, opening VBoxDrv... f50.274c: supR3HardenedEarlyCompact: Removed heap 1 (0x600000 LB 0x400000) f50.274c: supR3HardNtEnableThreadCreation: f50.274c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) f50.274c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll f50.274c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000801: [calling] f50.274c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] f50.274c: supR3HardenedDllNotificationCallback: load 67b40000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] f50.274c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] f50.274c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] f50.274c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] f50.274c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=67b40000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' f50.274c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] f50.274c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] f50.274c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=67b40000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' f50.274c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=67b40000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' f50.274c: \Device\HarddiskVolume2\Windows\System32\wintrust.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xf75972a6; retrying against current time: 0x5b8ee2dd. f50.274c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f50.274c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'. f50.274c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'. f50.274c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. f50.274c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll) f50.274c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll f50.274c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... f50.274c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] f50.274c: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x2ebf0dbf; retrying against current time: 0x5b8ee2dd. f50.274c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll) f50.274c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll f50.274c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... f50.274c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] f50.274c: supHardenedWinVerifyImageByHandle: -> -626 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll) f50.274c: Error (rc=0): f50.274c: supR3HardenedScreenImage/Imports: rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Windows\System32\crypt32.dll: Grown load config (160 to 164 bytes) includes non-zero bytes: 44 0a f1 5c f50.274c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll f50.274c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... f50.274c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] f50.274c: \Device\HarddiskVolume2\Windows\System32\msasn1.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x44dedcbb; retrying against current time: 0x5b8ee2dd. f50.274c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll) f50.274c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll f50.274c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f50.274c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f50.274c: supHardenedWinVerifyImageByHandle: -> -626 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll) f50.274c: Error (rc=0): f50.274c: supR3HardenedScreenImage/Imports: rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Windows\System32\msvcrt.dll: Grown load config (160 to 164 bytes) includes non-zero bytes: ec ef 12 10 f50.274c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll f50.274c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000801: [calling] f50.274c: supR3HardenedDllNotificationCallback: load 772a0000 LB 0x000c0000 C:\Windows\System32\msvcrt.dll [fFlags=0x0] f50.274c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -626 (0xfffffd8e)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] f50.274c: Error (rc=0): f50.274c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume2\Windows\System32\msvcrt.dll f50.274c: Fatal error: f50.274c: supR3HardenedDllNotificationCallback: supR3HardenedScreenImage failed on 'C:\Windows\System32\msvcrt.dll' / '\??\C:\Windows\System32\msvcrt.dll': 0xc0000190 26e0.2308: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 125 ms, the end); 4c0.107c: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 891 ms, the end);