20c8.1664: Log file opened: 6.0.10r132072 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa047ba00 20c8.1664: \SystemRoot\System32\ntdll.dll: 20c8.1664: CreationTime: 2019-08-15T16:59:08.887803400Z 20c8.1664: LastWriteTime: 2019-08-15T16:59:08.936034800Z 20c8.1664: ChangeTime: 2019-08-21T20:12:13.531869000Z 20c8.1664: FileAttributes: 0x20 20c8.1664: Size: 0x1e8320 20c8.1664: NT Headers: 0xd8 20c8.1664: Timestamp: 0xc00f8a30 20c8.1664: Machine: 0x8664 - amd64 20c8.1664: Timestamp: 0xc00f8a30 20c8.1664: Image Version: 10.0 20c8.1664: SizeOfImage: 0x1f0000 (2031616) 20c8.1664: Resource Dir: 0x17f000 LB 0x6f1d8 20c8.1664: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 20c8.1664: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)] 20c8.1664: ProductName: Microsoft® Windows® Operating System 20c8.1664: ProductVersion: 10.0.18362.267 20c8.1664: FileVersion: 10.0.18362.267 (WinBuild.160101.0800) 20c8.1664: FileDescription: NT Layer DLL 20c8.1664: \SystemRoot\System32\kernel32.dll: 20c8.1664: CreationTime: 2019-07-10T17:27:27.183520100Z 20c8.1664: LastWriteTime: 2019-07-10T17:27:27.198510000Z 20c8.1664: ChangeTime: 2019-08-15T17:00:07.527946600Z 20c8.1664: FileAttributes: 0x20 20c8.1664: Size: 0xb0498 20c8.1664: NT Headers: 0xe8 20c8.1664: Timestamp: 0xd12f214a 20c8.1664: Machine: 0x8664 - amd64 20c8.1664: Timestamp: 0xd12f214a 20c8.1664: Image Version: 10.0 20c8.1664: SizeOfImage: 0xb2000 (729088) 20c8.1664: Resource Dir: 0xb0000 LB 0x520 20c8.1664: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 20c8.1664: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 20c8.1664: ProductName: Microsoft® Windows® Operating System 20c8.1664: ProductVersion: 10.0.18362.86 20c8.1664: FileVersion: 10.0.18362.86 (WinBuild.160101.0800) 20c8.1664: FileDescription: Windows NT BASE API Client DLL 20c8.1664: \SystemRoot\System32\KernelBase.dll: 20c8.1664: CreationTime: 2019-08-15T16:59:09.529742900Z 20c8.1664: LastWriteTime: 2019-08-15T16:59:09.609609700Z 20c8.1664: ChangeTime: 2019-08-21T20:12:12.063222700Z 20c8.1664: FileAttributes: 0x20 20c8.1664: Size: 0x2a2d08 20c8.1664: NT Headers: 0x100 20c8.1664: Timestamp: 0xf09944f9 20c8.1664: Machine: 0x8664 - amd64 20c8.1664: Timestamp: 0xf09944f9 20c8.1664: Image Version: 10.0 20c8.1664: SizeOfImage: 0x2a3000 (2764800) 20c8.1664: Resource Dir: 0x27d000 LB 0x548 20c8.1664: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 20c8.1664: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 20c8.1664: ProductName: Microsoft® Windows® Operating System 20c8.1664: ProductVersion: 10.0.18362.267 20c8.1664: FileVersion: 10.0.18362.267 (WinBuild.160101.0800) 20c8.1664: FileDescription: Windows NT BASE API Client DLL 20c8.1664: \SystemRoot\System32\apisetschema.dll: 20c8.1664: CreationTime: 2019-03-19T04:43:54.837151500Z 20c8.1664: LastWriteTime: 2019-03-19T04:43:54.837151500Z 20c8.1664: ChangeTime: 2019-08-15T17:00:07.511955400Z 20c8.1664: FileAttributes: 0x20 20c8.1664: Size: 0x1d028 20c8.1664: NT Headers: 0xc8 20c8.1664: Timestamp: 0xd6ced080 20c8.1664: Machine: 0x8664 - amd64 20c8.1664: Timestamp: 0xd6ced080 20c8.1664: Image Version: 10.0 20c8.1664: SizeOfImage: 0x1e000 (122880) 20c8.1664: Resource Dir: 0x1d000 LB 0x408 20c8.1664: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 20c8.1664: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 20c8.1664: ProductName: Microsoft® Windows® Operating System 20c8.1664: ProductVersion: 10.0.18362.1 20c8.1664: FileVersion: 10.0.18362.1 (WinBuild.160101.0800) 20c8.1664: FileDescription: ApiSet Schema DLL 20c8.1664: NtOpenDirectoryObject failed on \Driver: 0xc0000022 20c8.1664: supR3HardenedWinFindAdversaries: 0x0 20c8.1664: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 20c8.1664: Calling main() 20c8.1664: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 20c8.1664: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 20c8.1664: SUPR3HardenedMain: Respawn #1 20c8.1664: System32: \Device\HarddiskVolume4\Windows\System32 20c8.1664: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS 20c8.1664: KnownDllPath: C:\WINDOWS\System32 20c8.1664: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 20c8.1664: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 20c8.1664: supR3HardNtEnableThreadCreation: 20c8.1664: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffff3a11790 pvNtTerminateThread=00007ffff3a3cab0 20c8.1664: supR3HardenedWinDoReSpawn(1): New child b34.9f4 [kernel32]. 20c8.1664: supR3HardNtChildGatherData: PebBaseAddress=000000000045c000 cbPeb=0x388 20c8.1664: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffff39a0000 uNtDllChildAddr=00007ffff39a0000 20c8.1664: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffff3a11790 20c8.1664: supR3HardenedWinSetupChildInit: Start child. 20c8.1664: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 20c8.1664: supR3HardNtChildPurify: Startup delay kludge #1/0: 260 ms, 30 sleeps 20c8.1664: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 20c8.1664: *0000000000000000-00000000002affff 0x0001/0x0000 0x0000000 20c8.1664: *00000000002b0000-00000000002cffff 0x0004/0x0004 0x0020000 20c8.1664: *00000000002d0000-00000000002eafff 0x0002/0x0002 0x0040000 20c8.1664: 00000000002eb000-00000000002effff 0x0001/0x0000 0x0000000 20c8.1664: *00000000002f0000-00000000003eafff 0x0000/0x0004 0x0020000 20c8.1664: 00000000003eb000-00000000003edfff 0x0104/0x0004 0x0020000 20c8.1664: 00000000003ee000-00000000003effff 0x0004/0x0004 0x0020000 20c8.1664: *00000000003f0000-00000000003f3fff 0x0002/0x0002 0x0040000 20c8.1664: 00000000003f4000-00000000003fffff 0x0001/0x0000 0x0000000 20c8.1664: *0000000000400000-000000000045bfff 0x0000/0x0004 0x0020000 20c8.1664: 000000000045c000-000000000045efff 0x0004/0x0004 0x0020000 20c8.1664: 000000000045f000-00000000005fffff 0x0000/0x0004 0x0020000 20c8.1664: *0000000000600000-0000000000601fff 0x0004/0x0004 0x0020000 20c8.1664: 0000000000602000-00000000007fffff 0x0001/0x0000 0x0000000 20c8.1664: *0000000000800000-0000000000803fff 0x0004/0x0004 0x0020000 20c8.1664: 0000000000804000-000000007ffdffff 0x0001/0x0000 0x0000000 20c8.1664: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 20c8.1664: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000 20c8.1664: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000 20c8.1664: 000000007ffe6000-00007ff5fea7ffff 0x0001/0x0000 0x0000000 20c8.1664: *00007ff5fea80000-00007ff5fea80fff 0x0002/0x0002 0x0040000 20c8.1664: 00007ff5fea81000-00007ff5fea8ffff 0x0001/0x0000 0x0000000 20c8.1664: *00007ff5fea90000-00007ff5feab2fff 0x0002/0x0002 0x0040000 20c8.1664: 00007ff5feab3000-00007ff754ccffff 0x0001/0x0000 0x0000000 20c8.1664: *00007ff754cd0000-00007ff754cd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 20c8.1664: 00007ff754cd1000-00007ff754d45fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 20c8.1664: 00007ff754d46000-00007ff754d46fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 20c8.1664: 00007ff754d47000-00007ff754d8dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 20c8.1664: 00007ff754d8e000-00007ff754d8efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 20c8.1664: 00007ff754d8f000-00007ff754d8ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 20c8.1664: 00007ff754d90000-00007ff754d94fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 20c8.1664: 00007ff754d95000-00007ff754d95fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 20c8.1664: 00007ff754d96000-00007ff754d96fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 20c8.1664: 00007ff754d97000-00007ff754d9afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 20c8.1664: 00007ff754d9b000-00007ff754de3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 20c8.1664: 00007ff754de4000-00007ffff394ffff 0x0001/0x0000 0x0000000 20c8.1664: *00007ffff3950000-00007ffff3950fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\Itcspea.Dll 20c8.1664: supHardNtVpScanVirtualMemory: Unmapping image mem at 00007ffff3950000 (00007ffff3950000 LB 0x1000) - 'Itcspea.Dll' 20c8.1664: 00007ffff3951000-00007ffff399ffff 0x0001/0x0000 0x0000000 20c8.1664: *00007ffff39a0000-00007ffff39a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 20c8.1664: 00007ffff39a1000-00007ffff3ab7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 20c8.1664: 00007ffff3ab8000-00007ffff3afefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 20c8.1664: 00007ffff3aff000-00007ffff3b0afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 20c8.1664: 00007ffff3b0b000-00007ffff3b19fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 20c8.1664: 00007ffff3b1a000-00007ffff3b1afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 20c8.1664: 00007ffff3b1b000-00007ffff3b1dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 20c8.1664: 00007ffff3b1e000-00007ffff3b8ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 20c8.1664: 00007ffff3b90000-00007ffffffeffff 0x0001/0x0000 0x0000000 20c8.1664: VirtualBoxVM.exe: timestamp 0x5d284665 (rc=VINF_SUCCESS) 20c8.1664: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 20c8.1664: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports 20c8.1664: supR3HardNtChildPurify: Done after 320 ms and 0 fixes (loop #0). b34.9f4: Log file opened: 6.0.10r132072 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00 b34.9f4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffff39a0000 g_uNtVerCombined=0xa047ba00 b34.9f4: ntdll.dll: timestamp 0xc00f8a30 (rc=VINF_SUCCESS) b34.9f4: New simple heap: #1 0000000000810000 LB 0x400000 (for 2031616 allocation) 20c8.1664: supR3HardNtEnableThreadCreation: b34.9f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' b34.9f4: System32: \Device\HarddiskVolume4\Windows\System32 b34.9f4: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS b34.9f4: KnownDllPath: C:\WINDOWS\System32 b34.9f4: supR3HardenedVmProcessInit: Opening vboxdrv stub... b34.9f4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... b34.9f4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... b34.9f4: Registered Dll notification callback with NTDLL. b34.9f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll) b34.9f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll b34.9f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] b34.9f4: supR3HardenedDllNotificationCallback: load 00007ffff0ee0000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] b34.9f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll) b34.9f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll b34.9f4: supR3HardenedDllNotificationCallback: load 00007ffff37d0000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] b34.9f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust] b34.9f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff37d0000 'C:\WINDOWS\System32\KERNEL32.DLL' b34.9f4: supR3HardenedDllNotificationCallback: load 00007ff754cd0000 LB 0x00114000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0] b34.9f4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports b34.9f4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) b34.9f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b34.9f4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffff3a11790 pvNtTerminateThread=00007ffff3a3cab0 20c8.1664: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 102 ms. b34.9f4: \SystemRoot\System32\ntdll.dll: b34.9f4: CreationTime: 2019-08-15T16:59:08.887803400Z b34.9f4: LastWriteTime: 2019-08-15T16:59:08.936034800Z b34.9f4: ChangeTime: 2019-08-21T20:12:13.531869000Z b34.9f4: FileAttributes: 0x20 b34.9f4: Size: 0x1e8320 b34.9f4: NT Headers: 0xd8 b34.9f4: Timestamp: 0xc00f8a30 b34.9f4: Machine: 0x8664 - amd64 b34.9f4: Timestamp: 0xc00f8a30 b34.9f4: Image Version: 10.0 b34.9f4: SizeOfImage: 0x1f0000 (2031616) b34.9f4: Resource Dir: 0x17f000 LB 0x6f1d8 b34.9f4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] b34.9f4: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)] b34.9f4: ProductName: Microsoft® Windows® Operating System b34.9f4: ProductVersion: 10.0.18362.267 b34.9f4: FileVersion: 10.0.18362.267 (WinBuild.160101.0800) b34.9f4: FileDescription: NT Layer DLL b34.9f4: \SystemRoot\System32\kernel32.dll: b34.9f4: CreationTime: 2019-07-10T17:27:27.183520100Z b34.9f4: LastWriteTime: 2019-07-10T17:27:27.198510000Z b34.9f4: ChangeTime: 2019-08-15T17:00:07.527946600Z b34.9f4: FileAttributes: 0x20 b34.9f4: Size: 0xb0498 b34.9f4: NT Headers: 0xe8 b34.9f4: Timestamp: 0xd12f214a b34.9f4: Machine: 0x8664 - amd64 b34.9f4: Timestamp: 0xd12f214a b34.9f4: Image Version: 10.0 b34.9f4: SizeOfImage: 0xb2000 (729088) b34.9f4: Resource Dir: 0xb0000 LB 0x520 b34.9f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] b34.9f4: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] b34.9f4: ProductName: Microsoft® Windows® Operating System b34.9f4: ProductVersion: 10.0.18362.86 b34.9f4: FileVersion: 10.0.18362.86 (WinBuild.160101.0800) b34.9f4: FileDescription: Windows NT BASE API Client DLL b34.9f4: \SystemRoot\System32\KernelBase.dll: b34.9f4: CreationTime: 2019-08-15T16:59:09.529742900Z b34.9f4: LastWriteTime: 2019-08-15T16:59:09.609609700Z b34.9f4: ChangeTime: 2019-08-21T20:12:12.063222700Z b34.9f4: FileAttributes: 0x20 b34.9f4: Size: 0x2a2d08 b34.9f4: NT Headers: 0x100 b34.9f4: Timestamp: 0xf09944f9 b34.9f4: Machine: 0x8664 - amd64 b34.9f4: Timestamp: 0xf09944f9 b34.9f4: Image Version: 10.0 b34.9f4: SizeOfImage: 0x2a3000 (2764800) b34.9f4: Resource Dir: 0x27d000 LB 0x548 b34.9f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] b34.9f4: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] b34.9f4: ProductName: Microsoft® Windows® Operating System b34.9f4: ProductVersion: 10.0.18362.267 b34.9f4: FileVersion: 10.0.18362.267 (WinBuild.160101.0800) b34.9f4: FileDescription: Windows NT BASE API Client DLL b34.9f4: \SystemRoot\System32\apisetschema.dll: b34.9f4: CreationTime: 2019-03-19T04:43:54.837151500Z b34.9f4: LastWriteTime: 2019-03-19T04:43:54.837151500Z b34.9f4: ChangeTime: 2019-08-15T17:00:07.511955400Z b34.9f4: FileAttributes: 0x20 b34.9f4: Size: 0x1d028 b34.9f4: NT Headers: 0xc8 b34.9f4: Timestamp: 0xd6ced080 b34.9f4: Machine: 0x8664 - amd64 b34.9f4: Timestamp: 0xd6ced080 b34.9f4: Image Version: 10.0 b34.9f4: SizeOfImage: 0x1e000 (122880) b34.9f4: Resource Dir: 0x1d000 LB 0x408 b34.9f4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] b34.9f4: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)] b34.9f4: ProductName: Microsoft® Windows® Operating System b34.9f4: ProductVersion: 10.0.18362.1 b34.9f4: FileVersion: 10.0.18362.1 (WinBuild.160101.0800) b34.9f4: FileDescription: ApiSet Schema DLL b34.9f4: NtOpenDirectoryObject failed on \Driver: 0xc0000022 b34.9f4: supR3HardenedWinFindAdversaries: 0x0 b34.9f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' b34.9f4: Calling main() b34.9f4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 b34.9f4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' b34.9f4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports b34.9f4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) b34.9f4: SUPR3HardenedMain: Respawn #2 b34.9f4: supR3HardNtEnableThreadCreation: b34.9f4: supR3HardenedDllNotificationCallback: load 00007ffff1d50000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0] b34.9f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll) b34.9f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll b34.9f4: supR3HardenedDllNotificationCallback: load 00007ffff1ba0000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0] b34.9f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. b34.9f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll) b34.9f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll b34.9f4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports b34.9f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll) b34.9f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll b34.9f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... b34.9f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] b34.9f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] b34.9f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] b34.9f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff39a0000 'C:\WINDOWS\System32\ntdll.dll' b34.9f4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffff3a11790 pvNtTerminateThread=00007ffff3a3cab0 b34.9f4: supR3HardenedWinDoReSpawn(2): New child f0.f4 [kernel32]. b34.9f4: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) b34.9f4: supR3HardNtChildGatherData: PebBaseAddress=0000000001045000 cbPeb=0x388 b34.9f4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffff39a0000 uNtDllChildAddr=00007ffff39a0000 b34.9f4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffff3a11790 b34.9f4: supR3HardenedWinSetupChildInit: Start child. b34.9f4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. b34.9f4: supR3HardNtChildPurify: Startup delay kludge #1/0: 263 ms, 31 sleeps b34.9f4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION b34.9f4: *0000000000000000-0000000000e6ffff 0x0001/0x0000 0x0000000 b34.9f4: *0000000000e70000-0000000000e8ffff 0x0004/0x0004 0x0020000 b34.9f4: *0000000000e90000-0000000000eaafff 0x0002/0x0002 0x0040000 b34.9f4: 0000000000eab000-0000000000eaffff 0x0001/0x0000 0x0000000 b34.9f4: *0000000000eb0000-0000000000faafff 0x0000/0x0004 0x0020000 b34.9f4: 0000000000fab000-0000000000fadfff 0x0104/0x0004 0x0020000 b34.9f4: 0000000000fae000-0000000000faffff 0x0004/0x0004 0x0020000 b34.9f4: *0000000000fb0000-0000000000fb3fff 0x0002/0x0002 0x0040000 b34.9f4: 0000000000fb4000-0000000000fbffff 0x0001/0x0000 0x0000000 b34.9f4: *0000000000fc0000-0000000000fc1fff 0x0004/0x0004 0x0020000 b34.9f4: 0000000000fc2000-0000000000ffffff 0x0001/0x0000 0x0000000 b34.9f4: *0000000001000000-0000000001044fff 0x0000/0x0004 0x0020000 b34.9f4: 0000000001045000-0000000001047fff 0x0004/0x0004 0x0020000 b34.9f4: 0000000001048000-00000000011fffff 0x0000/0x0004 0x0020000 b34.9f4: 0000000001200000-000000000124ffff 0x0001/0x0000 0x0000000 b34.9f4: *0000000001250000-0000000001253fff 0x0004/0x0004 0x0020000 b34.9f4: 0000000001254000-000000007ffdffff 0x0001/0x0000 0x0000000 b34.9f4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 b34.9f4: 000000007ffe1000-000000007ffe4fff 0x0001/0x0000 0x0000000 b34.9f4: *000000007ffe5000-000000007ffe5fff 0x0002/0x0002 0x0020000 b34.9f4: 000000007ffe6000-00007ff560d9ffff 0x0001/0x0000 0x0000000 b34.9f4: *00007ff560da0000-00007ff560da0fff 0x0002/0x0002 0x0040000 b34.9f4: 00007ff560da1000-00007ff560daffff 0x0001/0x0000 0x0000000 b34.9f4: *00007ff560db0000-00007ff560dd2fff 0x0002/0x0002 0x0040000 b34.9f4: 00007ff560dd3000-00007ff754ccffff 0x0001/0x0000 0x0000000 b34.9f4: *00007ff754cd0000-00007ff754cd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b34.9f4: 00007ff754cd1000-00007ff754d45fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b34.9f4: 00007ff754d46000-00007ff754d46fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b34.9f4: 00007ff754d47000-00007ff754d8dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b34.9f4: 00007ff754d8e000-00007ff754d8efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b34.9f4: 00007ff754d8f000-00007ff754d8ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b34.9f4: 00007ff754d90000-00007ff754d94fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b34.9f4: 00007ff754d95000-00007ff754d95fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b34.9f4: 00007ff754d96000-00007ff754d96fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b34.9f4: 00007ff754d97000-00007ff754d9afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b34.9f4: 00007ff754d9b000-00007ff754de3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe b34.9f4: 00007ff754de4000-00007ffff394ffff 0x0001/0x0000 0x0000000 b34.9f4: *00007ffff3950000-00007ffff3950fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\Itcspea.Dll b34.9f4: supHardNtVpScanVirtualMemory: Unmapping image mem at 00007ffff3950000 (00007ffff3950000 LB 0x1000) - 'Itcspea.Dll' b34.9f4: 00007ffff3951000-00007ffff399ffff 0x0001/0x0000 0x0000000 b34.9f4: *00007ffff39a0000-00007ffff39a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll b34.9f4: 00007ffff39a1000-00007ffff3ab7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll b34.9f4: 00007ffff3ab8000-00007ffff3afefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll b34.9f4: 00007ffff3aff000-00007ffff3b0afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll b34.9f4: 00007ffff3b0b000-00007ffff3b19fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll b34.9f4: 00007ffff3b1a000-00007ffff3b1afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll b34.9f4: 00007ffff3b1b000-00007ffff3b1dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll b34.9f4: 00007ffff3b1e000-00007ffff3b8ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll b34.9f4: 00007ffff3b90000-00007ffffffeffff 0x0001/0x0000 0x0000000 b34.9f4: VirtualBoxVM.exe: timestamp 0x5d284665 (rc=VINF_SUCCESS) b34.9f4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports b34.9f4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports b34.9f4: supR3HardNtChildPurify: Done after 327 ms and 0 fixes (loop #0). f0.f4: Log file opened: 6.0.10r132072 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00 f0.f4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffff39a0000 g_uNtVerCombined=0xa047ba00 b34.9f4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000810000 LB 0x400000) f0.f4: ntdll.dll: timestamp 0xc00f8a30 (rc=VINF_SUCCESS) f0.f4: New simple heap: #1 0000000001360000 LB 0x400000 (for 2031616 allocation) b34.9f4: supR3HardNtEnableThreadCreation: f0.f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' f0.f4: System32: \Device\HarddiskVolume4\Windows\System32 f0.f4: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS f0.f4: KnownDllPath: C:\WINDOWS\System32 f0.f4: supR3HardenedVmProcessInit: Opening vboxdrv... f0.f4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... f0.f4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... f0.f4: Registered Dll notification callback with NTDLL. f0.f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll) f0.f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll f0.f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] f0.f4: supR3HardenedDllNotificationCallback: load 00007ffff0ee0000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] f0.f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll) f0.f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll f0.f4: supR3HardenedDllNotificationCallback: load 00007ffff37d0000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] f0.f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust] f0.f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff37d0000 'C:\WINDOWS\System32\KERNEL32.DLL' f0.f4: supR3HardenedDllNotificationCallback: load 00007ff754cd0000 LB 0x00114000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0] f0.f4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports f0.f4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) f0.f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe f0.f4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffff3a11790 pvNtTerminateThread=00007ffff3a3cab0 b34.9f4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 124 ms. f0.f4: \SystemRoot\System32\ntdll.dll: f0.f4: CreationTime: 2019-08-15T16:59:08.887803400Z f0.f4: LastWriteTime: 2019-08-15T16:59:08.936034800Z f0.f4: ChangeTime: 2019-08-21T20:12:13.531869000Z f0.f4: FileAttributes: 0x20 f0.f4: Size: 0x1e8320 f0.f4: NT Headers: 0xd8 f0.f4: Timestamp: 0xc00f8a30 f0.f4: Machine: 0x8664 - amd64 f0.f4: Timestamp: 0xc00f8a30 f0.f4: Image Version: 10.0 f0.f4: SizeOfImage: 0x1f0000 (2031616) f0.f4: Resource Dir: 0x17f000 LB 0x6f1d8 f0.f4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] f0.f4: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)] f0.f4: ProductName: Microsoft® Windows® Operating System f0.f4: ProductVersion: 10.0.18362.267 f0.f4: FileVersion: 10.0.18362.267 (WinBuild.160101.0800) f0.f4: FileDescription: NT Layer DLL f0.f4: \SystemRoot\System32\kernel32.dll: f0.f4: CreationTime: 2019-07-10T17:27:27.183520100Z f0.f4: LastWriteTime: 2019-07-10T17:27:27.198510000Z f0.f4: ChangeTime: 2019-08-15T17:00:07.527946600Z f0.f4: FileAttributes: 0x20 f0.f4: Size: 0xb0498 f0.f4: NT Headers: 0xe8 f0.f4: Timestamp: 0xd12f214a f0.f4: Machine: 0x8664 - amd64 f0.f4: Timestamp: 0xd12f214a f0.f4: Image Version: 10.0 f0.f4: SizeOfImage: 0xb2000 (729088) f0.f4: Resource Dir: 0xb0000 LB 0x520 f0.f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] f0.f4: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] f0.f4: ProductName: Microsoft® Windows® Operating System f0.f4: ProductVersion: 10.0.18362.86 f0.f4: FileVersion: 10.0.18362.86 (WinBuild.160101.0800) f0.f4: FileDescription: Windows NT BASE API Client DLL f0.f4: \SystemRoot\System32\KernelBase.dll: f0.f4: CreationTime: 2019-08-15T16:59:09.529742900Z f0.f4: LastWriteTime: 2019-08-15T16:59:09.609609700Z f0.f4: ChangeTime: 2019-08-21T20:12:12.063222700Z f0.f4: FileAttributes: 0x20 f0.f4: Size: 0x2a2d08 f0.f4: NT Headers: 0x100 f0.f4: Timestamp: 0xf09944f9 f0.f4: Machine: 0x8664 - amd64 f0.f4: Timestamp: 0xf09944f9 f0.f4: Image Version: 10.0 f0.f4: SizeOfImage: 0x2a3000 (2764800) f0.f4: Resource Dir: 0x27d000 LB 0x548 f0.f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] f0.f4: [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] f0.f4: ProductName: Microsoft® Windows® Operating System f0.f4: ProductVersion: 10.0.18362.267 f0.f4: FileVersion: 10.0.18362.267 (WinBuild.160101.0800) f0.f4: FileDescription: Windows NT BASE API Client DLL f0.f4: \SystemRoot\System32\apisetschema.dll: f0.f4: CreationTime: 2019-03-19T04:43:54.837151500Z f0.f4: LastWriteTime: 2019-03-19T04:43:54.837151500Z f0.f4: ChangeTime: 2019-08-15T17:00:07.511955400Z f0.f4: FileAttributes: 0x20 f0.f4: Size: 0x1d028 f0.f4: NT Headers: 0xc8 f0.f4: Timestamp: 0xd6ced080 f0.f4: Machine: 0x8664 - amd64 f0.f4: Timestamp: 0xd6ced080 f0.f4: Image Version: 10.0 f0.f4: SizeOfImage: 0x1e000 (122880) f0.f4: Resource Dir: 0x1d000 LB 0x408 f0.f4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] f0.f4: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)] f0.f4: ProductName: Microsoft® Windows® Operating System f0.f4: ProductVersion: 10.0.18362.1 f0.f4: FileVersion: 10.0.18362.1 (WinBuild.160101.0800) f0.f4: FileDescription: ApiSet Schema DLL f0.f4: NtOpenDirectoryObject failed on \Driver: 0xc0000022 f0.f4: supR3HardenedWinFindAdversaries: 0x0 f0.f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' f0.f4: Calling main() f0.f4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 f0.f4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' f0.f4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports f0.f4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) f0.f4: SUPR3HardenedMain: Final process, opening VBoxDrv... f0.f4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001360000 LB 0x400000) f0.f4: supR3HardNtEnableThreadCreation: f0.f4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) f0.f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll f0.f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] f0.f4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] f0.f4: supR3HardenedDllNotificationCallback: load 00007fffebc30000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] f0.f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] f0.f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] f0.f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] f0.f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffebc30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' f0.f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] f0.f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] f0.f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffebc30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' f0.f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007fffebc30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' f0.f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. f0.f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'. f0.f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'. f0.f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'. f0.f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll) f0.f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll f0.f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... f0.f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] f0.f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll) f0.f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll f0.f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... f0.f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] f0.f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'msasn1.dll'. f0.f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll) f0.f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll f0.f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... f0.f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] f0.f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll) f0.f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll f0.f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... f0.f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] f0.f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll) f0.f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll f0.f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... f0.f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] f0.f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust] f0.f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] f0.f4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-kernel32-errorhandling-l1-1-0.dll) -> 0x0, fPresent=1 f0.f4: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-kernel32-errorhandling-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] f0.f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff37d0000 'ext-ms-win-kernel32-errorhandling-l1-1-0.dll' f0.f4: supR3HardenedDllNotificationCallback: load 00007ffff1d50000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0] f0.f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] f0.f4: supR3HardenedDllNotificationCallback: load 00007ffff1ba0000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0] f0.f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. f0.f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll) f0.f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll f0.f4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports f0.f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll) f0.f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll f0.f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... f0.f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] f0.f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] f0.f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] f0.f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffff39a0000 'C:\WINDOWS\System32\ntdll.dll' b34.9f4: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 9541 ms, the end); 20c8.1664: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 10082 ms, the end);