VirtualBox

Opened 9 years ago

Last modified 4 years ago

#15193 reopened defect

Errors when I start a virtual machine (Virtual Box Version 5.0.14 r105127, Windows 8 - 64 bit)

Reported by: haiphungvan Owned by:
Component: other Version: VirtualBox 5.0.14
Keywords: Cc:
Guest type: all Host type: Windows

Description

I installed Virtual Box Version 5.0.14 r105127 on Windows 8 - 64 bit

An error dialog appears when I start a virtual machine. The error message is:

Failed to open a session for the virtual machine MacOSXYO.

The virtual machine 'MacOSXYO' has terminated unexpectedly during startup with exit code 1 (0x1).  More details may be available in 'C:\Users\haipv87\VirtualBox VMs\New group\MacOSXYO\Logs\VBoxHardening.log'.

Result Code: E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine {f30138d4-e5ea-4b3a-8858-a059de4c93fd}

The error log is with content:

f18.940: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SKU-Foundation-Package-avcore~31bf3856ad364e35~amd64~~6.2.9200.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'
f18.940: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
f18.940: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winmmbase.dll'
f18.940: Fatal error:
f18.940: supR3HardenedMainGetTrustedMain: LoadLibrary "C:\Program Files\Oracle\VirtualBox/VirtualBox.dll" failed, rc=1790
618.c3c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 984 ms, the end);
fb0.f10: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1350 ms, the end);

I found some people has the similar problem, but all suggestion not work with my case.

Best Reguard.

Attachments (1)

VBoxHardening.log (199.5 KB ) - added by alex37region 4 years ago.
VBoxHardening.log

Download all attachments as: .zip

Change History (4)

comment:1 by Frank Mehnert, 9 years ago

Please attach the complete VBox.log file and the complete VBoxHardening.log file.

comment:2 by Frank Mehnert, 8 years ago

Resolution: invalid
Status: newclosed

comment:3 by alex37region, 4 years ago

Resolution: invalid
Status: closedreopened

same problem on windows 10 64 bit.

The virtual machine 'WinXP' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'D:\VMBOX\WinXP\WinXP\Logs\VBoxHardening.log'.

Код ошибки: 
E_FAIL (0x80004005)
Компонент: 
MachineWrap
Интерфейс: 
IMachine {85632c68-b5bb-4316-a900-5eb28d3413df}

VBoxHardening.log

3f50.3ee0: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000074 g_uNtVerCombined=0xa047ba00
3f50.3ee0: \SystemRoot\System32\ntdll.dll:
3f50.3ee0:     CreationTime:    2019-10-15T01:27:38.187278500Z
3f50.3ee0:     LastWriteTime:   2019-10-15T01:27:38.258088700Z
3f50.3ee0:     ChangeTime:      2019-12-10T23:38:02.237850100Z
3f50.3ee0:     FileAttributes:  0x20
3f50.3ee0:     Size:            0x1e8528
3f50.3ee0:     NT Headers:      0xd8
3f50.3ee0:     Timestamp:       0x99ca0526
3f50.3ee0:     Machine:         0x8664 - amd64
3f50.3ee0:     Timestamp:       0x99ca0526
3f50.3ee0:     Image Version:   10.0
3f50.3ee0:     SizeOfImage:     0x1f0000 (2031616)
3f50.3ee0:     Resource Dir:    0x17f000 LB 0x6f310
3f50.3ee0:     [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
3f50.3ee0:     [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
3f50.3ee0:     ProductName:     Microsoft® Windows® Operating System
3f50.3ee0:     ProductVersion:  10.0.18362.418
3f50.3ee0:     FileVersion:     10.0.18362.418 (WinBuild.160101.0800)
3f50.3ee0:     FileDescription: NT Layer DLL
3f50.3ee0: \SystemRoot\System32\kernel32.dll:
3f50.3ee0:     CreationTime:    2019-10-14T21:52:08.880289300Z
3f50.3ee0:     LastWriteTime:   2019-10-14T21:52:08.895892800Z
3f50.3ee0:     ChangeTime:      2019-12-10T23:38:01.396101400Z
3f50.3ee0:     FileAttributes:  0x20
3f50.3ee0:     Size:            0xb0570
3f50.3ee0:     NT Headers:      0xe8
3f50.3ee0:     Timestamp:       0xd0cecc10
3f50.3ee0:     Machine:         0x8664 - amd64
3f50.3ee0:     Timestamp:       0xd0cecc10
3f50.3ee0:     Image Version:   10.0
3f50.3ee0:     SizeOfImage:     0xb2000 (729088)
3f50.3ee0:     Resource Dir:    0xb0000 LB 0x520
3f50.3ee0:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3f50.3ee0:     [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3f50.3ee0:     ProductName:     Microsoft® Windows® Operating System
3f50.3ee0:     ProductVersion:  10.0.18362.329
3f50.3ee0:     FileVersion:     10.0.18362.329 (WinBuild.160101.0800)
3f50.3ee0:     FileDescription: Windows NT BASE API Client DLL
3f50.3ee0: \SystemRoot\System32\KernelBase.dll:
3f50.3ee0:     CreationTime:    2019-12-10T23:37:24.476465800Z
3f50.3ee0:     LastWriteTime:   2019-12-10T23:37:24.592153100Z
3f50.3ee0:     ChangeTime:      2019-12-11T09:32:25.829231400Z
3f50.3ee0:     FileAttributes:  0x20
3f50.3ee0:     Size:            0x2a2638
3f50.3ee0:     NT Headers:      0xf0
3f50.3ee0:     Timestamp:       0x50cc8d5a
3f50.3ee0:     Machine:         0x8664 - amd64
3f50.3ee0:     Timestamp:       0x50cc8d5a
3f50.3ee0:     Image Version:   10.0
3f50.3ee0:     SizeOfImage:     0x2a3000 (2764800)
3f50.3ee0:     Resource Dir:    0x27d000 LB 0x548
3f50.3ee0:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3f50.3ee0:     [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
3f50.3ee0:     ProductName:     Microsoft® Windows® Operating System
3f50.3ee0:     ProductVersion:  10.0.18362.535
3f50.3ee0:     FileVersion:     10.0.18362.535 (WinBuild.160101.0800)
3f50.3ee0:     FileDescription: Windows NT BASE API Client DLL
3f50.3ee0: \SystemRoot\System32\apisetschema.dll:
3f50.3ee0:     CreationTime:    2019-03-19T04:43:54.837151500Z
3f50.3ee0:     LastWriteTime:   2019-03-19T04:43:54.837151500Z
3f50.3ee0:     ChangeTime:      2019-12-10T23:38:01.351221300Z
3f50.3ee0:     FileAttributes:  0x20
3f50.3ee0:     Size:            0x1d028
3f50.3ee0:     NT Headers:      0xc8
3f50.3ee0:     Timestamp:       0xd6ced080
3f50.3ee0:     Machine:         0x8664 - amd64
3f50.3ee0:     Timestamp:       0xd6ced080
3f50.3ee0:     Image Version:   10.0
3f50.3ee0:     SizeOfImage:     0x1e000 (122880)
3f50.3ee0:     Resource Dir:    0x1d000 LB 0x408
3f50.3ee0:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3f50.3ee0:     [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
3f50.3ee0:     ProductName:     Microsoft® Windows® Operating System
3f50.3ee0:     ProductVersion:  10.0.18362.1
3f50.3ee0:     FileVersion:     10.0.18362.1 (WinBuild.160101.0800)
3f50.3ee0:     FileDescription: ApiSet Schema DLL
3f50.3ee0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3f50.3ee0: supR3HardenedWinFindAdversaries: 0x40
3f50.3ee0: \SystemRoot\System32\drivers\klflt.sys:
3f50.3ee0:     CreationTime:    2019-10-29T19:14:39.888045400Z
3f50.3ee0:     LastWriteTime:   2020-04-13T10:51:55.718184300Z
3f50.3ee0:     ChangeTime:      2020-04-13T10:51:55.718184300Z
3f50.3ee0:     FileAttributes:  0x20
3f50.3ee0:     Size:            0x3d798
3f50.3ee0:     NT Headers:      0x100
3f50.3ee0:     Timestamp:       0x70232f61
3f50.3ee0:     Machine:         0x8664 - amd64
3f50.3ee0:     Timestamp:       0x70232f61
3f50.3ee0:     Image Version:   6.1
3f50.3ee0:     SizeOfImage:     0x4a000 (303104)
3f50.3ee0:     Resource Dir:    0x47000 LB 0x418
3f50.3ee0:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3f50.3ee0:     [Raw version resource data: 0x47060 LB 0x3b8, codepage 0x0 (reserved 0x0)]
3f50.3ee0:     ProductName:     Coretech Delivery
3f50.3ee0:     ProductVersion:  30.347.47.0
3f50.3ee0:     FileVersion:     30.347.47.0
3f50.3ee0:     FileDescription: Filter Core [fre_win7_amd64]
3f50.3ee0: \SystemRoot\System32\drivers\klif.sys:
3f50.3ee0:     CreationTime:    2019-10-29T19:14:40.127821000Z
3f50.3ee0:     LastWriteTime:   2020-04-13T10:51:55.865790400Z
3f50.3ee0:     ChangeTime:      2020-04-13T10:51:55.865790400Z
3f50.3ee0:     FileAttributes:  0x20
3f50.3ee0:     Size:            0xf3b98
3f50.3ee0:     NT Headers:      0xf8
3f50.3ee0:     Timestamp:       0x5e6be381
3f50.3ee0:     Machine:         0x8664 - amd64
3f50.3ee0:     Timestamp:       0x5e6be381
3f50.3ee0:     Image Version:   6.1
3f50.3ee0:     SizeOfImage:     0xf4000 (999424)
3f50.3ee0:     Resource Dir:    0xeb000 LB 0x33f8
3f50.3ee0:     [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)]
3f50.3ee0:     [Raw version resource data: 0xee028 LB 0x3d0, codepage 0x0 (reserved 0x0)]
3f50.3ee0:     ProductName:     Coretech Delivery
3f50.3ee0:     ProductVersion:  30.347.47.0
3f50.3ee0:     FileVersion:     30.347.47.0
3f50.3ee0:     FileDescription: Core System Interceptors [fre_win7_amd64]
3f50.3ee0: \SystemRoot\System32\drivers\klim6.sys:
3f50.3ee0:     CreationTime:    2019-03-19T04:21:06.000000000Z
3f50.3ee0:     LastWriteTime:   2019-03-19T04:21:06.000000000Z
3f50.3ee0:     ChangeTime:      2019-10-29T19:15:00.994361000Z
3f50.3ee0:     FileAttributes:  0x20
3f50.3ee0:     Size:            0xe350
3f50.3ee0:     NT Headers:      0xe0
3f50.3ee0:     Timestamp:       0x54ad405e
3f50.3ee0:     Machine:         0x8664 - amd64
3f50.3ee0:     Timestamp:       0x54ad405e
3f50.3ee0:     Image Version:   6.1
3f50.3ee0:     SizeOfImage:     0xb000 (45056)
3f50.3ee0:     Resource Dir:    0x9000 LB 0x430
3f50.3ee0:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3f50.3ee0:     [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
3f50.3ee0:     ProductName:     Coretech Delivery
3f50.3ee0:     ProductVersion:  30.0.3724.0
3f50.3ee0:     FileVersion:     30.0.3724.0
3f50.3ee0:     FileDescription: Packet Network Filter [fre_win7_amd64]
3f50.3ee0: \SystemRoot\System32\drivers\klkbdflt.sys:
3f50.3ee0:     CreationTime:    2019-03-17T23:11:30.000000000Z
3f50.3ee0:     LastWriteTime:   2020-04-13T10:51:55.931614300Z
3f50.3ee0:     ChangeTime:      2020-04-13T10:51:55.931614300Z
3f50.3ee0:     FileAttributes:  0x20
3f50.3ee0:     Size:            0x13790
3f50.3ee0:     NT Headers:      0xf8
3f50.3ee0:     Timestamp:       0x6193eeca
3f50.3ee0:     Machine:         0x8664 - amd64
3f50.3ee0:     Timestamp:       0x6193eeca
3f50.3ee0:     Image Version:   6.1
3f50.3ee0:     SizeOfImage:     0x12000 (73728)
3f50.3ee0:     Resource Dir:    0x10000 LB 0x440
3f50.3ee0:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3f50.3ee0:     [Raw version resource data: 0x10060 LB 0x3dc, codepage 0x0 (reserved 0x0)]
3f50.3ee0:     ProductName:     Coretech Delivery
3f50.3ee0:     ProductVersion:  30.256.110.0
3f50.3ee0:     FileVersion:     30.256.110.0
3f50.3ee0:     FileDescription: Keyboard Device Filter [fre_win7_amd64]
3f50.3ee0: \SystemRoot\System32\drivers\klmouflt.sys:
3f50.3ee0:     CreationTime:    2019-03-17T22:50:34.000000000Z
3f50.3ee0:     LastWriteTime:   2019-03-17T22:50:34.000000000Z
3f50.3ee0:     ChangeTime:      2019-10-29T19:15:00.619448000Z
3f50.3ee0:     FileAttributes:  0x20
3f50.3ee0:     Size:            0xe878
3f50.3ee0:     NT Headers:      0xe8
3f50.3ee0:     Timestamp:       0xab7b625
3f50.3ee0:     Machine:         0x8664 - amd64
3f50.3ee0:     Timestamp:       0xab7b625
3f50.3ee0:     Image Version:   6.1
3f50.3ee0:     SizeOfImage:     0xe000 (57344)
3f50.3ee0:     Resource Dir:    0xc000 LB 0x430
3f50.3ee0:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3f50.3ee0:     [Raw version resource data: 0xc060 LB 0x3d0, codepage 0x0 (reserved 0x0)]
3f50.3ee0:     ProductName:     Coretech Delivery
3f50.3ee0:     ProductVersion:  30.0.3716.0
3f50.3ee0:     FileVersion:     30.0.3716.0
3f50.3ee0:     FileDescription: Mouse Device Filter [fre_win7_amd64]
3f50.3ee0: \SystemRoot\System32\drivers\kneps.sys:
3f50.3ee0:     CreationTime:    2019-03-18T23:31:38.000000000Z
3f50.3ee0:     LastWriteTime:   2020-04-13T10:51:56.055282500Z
3f50.3ee0:     ChangeTime:      2020-04-13T10:51:56.055282500Z
3f50.3ee0:     FileAttributes:  0x20
3f50.3ee0:     Size:            0x38b98
3f50.3ee0:     NT Headers:      0x108
3f50.3ee0:     Timestamp:       0xe34c73f4
3f50.3ee0:     Machine:         0x8664 - amd64
3f50.3ee0:     Timestamp:       0xe34c73f4
3f50.3ee0:     Image Version:   6.1
3f50.3ee0:     SizeOfImage:     0x38000 (229376)
3f50.3ee0:     Resource Dir:    0x35000 LB 0x428
3f50.3ee0:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3f50.3ee0:     [Raw version resource data: 0x35060 LB 0x3c4, codepage 0x0 (reserved 0x0)]
3f50.3ee0:     ProductName:     Coretech Delivery
3f50.3ee0:     ProductVersion:  30.347.28.0
3f50.3ee0:     FileVersion:     30.347.28.0
3f50.3ee0:     FileDescription: Network Processor [fre_win7_amd64]
3f50.3ee0: \SystemRoot\System32\klfphc.dll:
3f50.3ee0:     CreationTime:    2019-10-29T19:14:58.573052500Z
3f50.3ee0:     LastWriteTime:   2013-05-06T05:13:26.000000000Z
3f50.3ee0:     ChangeTime:      2019-10-29T19:14:46.750433600Z
3f50.3ee0:     FileAttributes:  0x20
3f50.3ee0:     Size:            0x1ae60
3f50.3ee0:     NT Headers:      0xe8
3f50.3ee0:     Timestamp:       0x51873bf2
3f50.3ee0:     Machine:         0x8664 - amd64
3f50.3ee0:     Timestamp:       0x51873bf2
3f50.3ee0:     Image Version:   0.0
3f50.3ee0:     SizeOfImage:     0x1d000 (118784)
3f50.3ee0:     Resource Dir:    0x18000 LB 0x3c80
3f50.3ee0:     [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)]
3f50.3ee0:     [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)]
3f50.3ee0:     ProductName:     Kaspersky™ Anti-Virus ®
3f50.3ee0:     ProductVersion:  1.0.0.12
3f50.3ee0:     FileVersion:     1.0.0.12
3f50.3ee0:     FileDescription: Filtering Platform Helper Class
3f50.3ee0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
3f50.3ee0: Calling main()
3f50.3ee0: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
3f50.3ee0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
3f50.3ee0: SUPR3HardenedMain: Respawn #1
3f50.3ee0: System32:  \Device\HarddiskVolume5\Windows\System32
3f50.3ee0: WinSxS:    \Device\HarddiskVolume5\Windows\WinSxS
3f50.3ee0: KnownDllPath: C:\WINDOWS\System32
3f50.3ee0: supR3HardenedWinInit: Performing a limited self purification...
3f50.3ee0: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
3f50.3ee0:  *0000000000000000-0000000000a7ffff 0x0001/0x0000 0x0000000
3f50.3ee0:  *0000000000a80000-0000000000a8ffff 0x0004/0x0004 0x0040000
3f50.3ee0:  *0000000000a90000-0000000000a9efff 0x0004/0x0004 0x0020000
3f50.3ee0:   0000000000a9f000-0000000000a9ffff 0x0000/0x0004 0x0020000
3f50.3ee0:  *0000000000aa0000-0000000000abafff 0x0002/0x0002 0x0040000
3f50.3ee0:   0000000000abb000-0000000000abffff 0x0001/0x0000 0x0000000
3f50.3ee0:  *0000000000ac0000-0000000000b70fff 0x0000/0x0004 0x0020000
3f50.3ee0:   0000000000b71000-0000000000b73fff 0x0104/0x0004 0x0020000
3f50.3ee0:   0000000000b74000-0000000000bbffff 0x0004/0x0004 0x0020000
3f50.3ee0:  *0000000000bc0000-0000000000bc3fff 0x0002/0x0002 0x0040000
3f50.3ee0:   0000000000bc4000-0000000000bcffff 0x0001/0x0000 0x0000000
3f50.3ee0:  *0000000000bd0000-0000000000bd1fff 0x0004/0x0004 0x0020000
3f50.3ee0:   0000000000bd2000-0000000000bdffff 0x0001/0x0000 0x0000000
3f50.3ee0:  *0000000000be0000-0000000000be1fff 0x0004/0x0004 0x0020000
3f50.3ee0:   0000000000be2000-0000000000bf9fff 0x0000/0x0004 0x0020000
3f50.3ee0:   0000000000bfa000-0000000000bfffff 0x0001/0x0000 0x0000000
3f50.3ee0:  *0000000000c00000-0000000000ccafff 0x0000/0x0004 0x0020000
3f50.3ee0:   0000000000ccb000-0000000000ccdfff 0x0004/0x0004 0x0020000
3f50.3ee0:   0000000000cce000-0000000000dfffff 0x0000/0x0004 0x0020000
3f50.3ee0:  *0000000000e00000-0000000000ec6fff 0x0002/0x0002 0x0040000
3f50.3ee0:   0000000000ec7000-0000000000f8ffff 0x0001/0x0000 0x0000000
3f50.3ee0:  *0000000000f90000-0000000000f95fff 0x0004/0x0004 0x0020000
3f50.3ee0:   0000000000f96000-000000000108ffff 0x0000/0x0004 0x0020000
3f50.3ee0:  *0000000001090000-0000000001090fff 0x0000/0x0004 0x0020000
3f50.3ee0:   0000000001091000-0000000001281fff 0x0004/0x0004 0x0020000
3f50.3ee0:   0000000001282000-0000000001282fff 0x0000/0x0004 0x0020000
3f50.3ee0:   0000000001283000-000000000128ffff 0x0001/0x0000 0x0000000
3f50.3ee0:  *0000000001290000-00000000012acfff 0x0004/0x0004 0x0020000
3f50.3ee0:   00000000012ad000-000000000138ffff 0x0000/0x0004 0x0020000
3f50.3ee0:   0000000001390000-000000007ffdffff 0x0001/0x0000 0x0000000
3f50.3ee0:  *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
3f50.3ee0:   000000007ffe1000-000000007ffe3fff 0x0001/0x0000 0x0000000
3f50.3ee0:  *000000007ffe4000-000000007ffe4fff 0x0002/0x0002 0x0020000
3f50.3ee0:   000000007ffe5000-00007ff47768ffff 0x0001/0x0000 0x0000000
3f50.3ee0:  *00007ff477690000-00007ff477694fff 0x0002/0x0002 0x0040000
3f50.3ee0:   00007ff477695000-00007ff47778ffff 0x0000/0x0002 0x0040000
3f50.3ee0:  *00007ff477790000-00007ff5777affff 0x0000/0x0004 0x0020000
3f50.3ee0:  *00007ff5777b0000-00007ff5797affff 0x0000/0x0004 0x0020000
3f50.3ee0:   00007ff5797b0000-00007ff5797b0fff 0x0004/0x0004 0x0020000
3f50.3ee0:   00007ff5797b1000-00007ff5797bffff 0x0001/0x0000 0x0000000
3f50.3ee0:  *00007ff5797c0000-00007ff5797c0fff 0x0002/0x0002 0x0040000
3f50.3ee0:   00007ff5797c1000-00007ff5797cffff 0x0001/0x0000 0x0000000
3f50.3ee0:  *00007ff5797d0000-00007ff5797f2fff 0x0002/0x0002 0x0040000
3f50.3ee0:   00007ff5797f3000-00007ff6c39bffff 0x0001/0x0000 0x0000000
3f50.3ee0:  *00007ff6c39c0000-00007ff6c39c0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3f50.3ee0:   00007ff6c39c1000-00007ff6c3a36fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3f50.3ee0:   00007ff6c3a37000-00007ff6c3a37fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3f50.3ee0:   00007ff6c3a38000-00007ff6c3a7ffff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3f50.3ee0:   00007ff6c3a80000-00007ff6c3a82fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3f50.3ee0:   00007ff6c3a83000-00007ff6c3a85fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3f50.3ee0:   00007ff6c3a86000-00007ff6c3a88fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3f50.3ee0:   00007ff6c3a89000-00007ff6c3a89fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3f50.3ee0:   00007ff6c3a8a000-00007ff6c3a8bfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3f50.3ee0:   00007ff6c3a8c000-00007ff6c3a8cfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3f50.3ee0:   00007ff6c3a8d000-00007ff6c3ad5fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3f50.3ee0:   00007ff6c3ad6000-00007ff9f32bffff 0x0001/0x0000 0x0000000
3f50.3ee0:  *00007ff9f32c0000-00007ff9f32c0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
3f50.3ee0:   00007ff9f32c1000-00007ff9f33c5fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
3f50.3ee0:   00007ff9f33c6000-00007ff9f3527fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
3f50.3ee0:   00007ff9f3528000-00007ff9f352bfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
3f50.3ee0:   00007ff9f352c000-00007ff9f352cfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
3f50.3ee0:   00007ff9f352d000-00007ff9f3562fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
3f50.3ee0:   00007ff9f3563000-00007ff9f558ffff 0x0001/0x0000 0x0000000
3f50.3ee0:  *00007ff9f5590000-00007ff9f5590fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\kernel32.dll
3f50.3ee0:   00007ff9f5591000-00007ff9f5605fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\kernel32.dll
3f50.3ee0:   00007ff9f5606000-00007ff9f5637fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\kernel32.dll
3f50.3ee0:   00007ff9f5638000-00007ff9f5638fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\kernel32.dll
3f50.3ee0:   00007ff9f5639000-00007ff9f5639fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\kernel32.dll
3f50.3ee0:   00007ff9f563a000-00007ff9f5641fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\kernel32.dll
3f50.3ee0:   00007ff9f5642000-00007ff9f593ffff 0x0001/0x0000 0x0000000
3f50.3ee0:  *00007ff9f5940000-00007ff9f5940fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
3f50.3ee0:   00007ff9f5941000-00007ff9f5a57fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
3f50.3ee0:   00007ff9f5a58000-00007ff9f5a9efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
3f50.3ee0:   00007ff9f5a9f000-00007ff9f5a9ffff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
3f50.3ee0:   00007ff9f5aa0000-00007ff9f5aa1fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
3f50.3ee0:   00007ff9f5aa2000-00007ff9f5aaafff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
3f50.3ee0:   00007ff9f5aab000-00007ff9f5b2ffff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
3f50.3ee0:   00007ff9f5b30000-00007ffffffeffff 0x0001/0x0000 0x0000000
3f50.3ee0: kernel32.dll: timestamp 0xd0cecc10 (rc=VINF_SUCCESS)
3f50.3ee0: kernelbase.dll: timestamp 0x50cc8d5a (rc=VINF_SUCCESS)
3f50.3ee0: VirtualBoxVM.exe: timestamp 0x5ed9201b (rc=VINF_SUCCESS)
3f50.3ee0: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3f50.3ee0: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports
3f50.3ee0: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
3f50.3ee0: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3f50.3ee0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
3f50.3ee0: supR3HardNtEnableThreadCreationEx:
3f50.3ee0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9f59b17f0 pvNtTerminateThread=00007ff9f59dcb10
3f50.3ee0: supR3HardenedWinDoReSpawn(1): New child 16dc.a34 [kernel32].
3f50.3ee0: supR3HardNtChildGatherData: PebBaseAddress=00000000005e3000 cbPeb=0x388
3f50.3ee0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff9f5940000 uNtDllChildAddr=00007ff9f5940000
3f50.3ee0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9f59b17f0
3f50.3ee0: supR3HardenedWinSetupChildInit: Initial context:
  rax=0000000000000000 rbx=0000000000000000 rcx=00007ff6c39c7900 rdx=00000000005e3000
  rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
  r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
  r14=0000000000000000 r15=0000000000000000  P1=0000000000000000  P2=0000000000000000
  rip=00007ff9f59aceb0 rsp=000000000071f948 rbp=0000000000000000    ctxflags=0010001b
  cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000    eflags=00000200   mxcrx=00001f80
   P3=0000000000000000  P4=0000000000000000  P5=0000000000000000  P6=0000000000000000
  dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
  dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
  lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
3f50.3ee0: supR3HardenedWinSetupChildInit: Start child.
3f50.3ee0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
3f50.3ee0: supR3HardNtChildPurify: Startup delay kludge #1/0: 519 ms, 58 sleeps
3f50.3ee0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3f50.3ee0:  *0000000000000000-00000000003dffff 0x0001/0x0000 0x0000000
3f50.3ee0:  *00000000003e0000-00000000003fffff 0x0004/0x0004 0x0020000
3f50.3ee0:  *0000000000400000-00000000005e2fff 0x0000/0x0004 0x0020000
3f50.3ee0:   00000000005e3000-00000000005e5fff 0x0004/0x0004 0x0020000
3f50.3ee0:   00000000005e6000-00000000005fffff 0x0000/0x0004 0x0020000
3f50.3ee0:  *0000000000600000-000000000061afff 0x0002/0x0002 0x0040000
3f50.3ee0:   000000000061b000-000000000061ffff 0x0001/0x0000 0x0000000
3f50.3ee0:  *0000000000620000-000000000071afff 0x0000/0x0004 0x0020000
3f50.3ee0:   000000000071b000-000000000071dfff 0x0104/0x0004 0x0020000
3f50.3ee0:   000000000071e000-000000000071ffff 0x0004/0x0004 0x0020000
3f50.3ee0:  *0000000000720000-0000000000723fff 0x0002/0x0002 0x0040000
3f50.3ee0:   0000000000724000-000000000072ffff 0x0001/0x0000 0x0000000
3f50.3ee0:  *0000000000730000-0000000000731fff 0x0004/0x0004 0x0020000
3f50.3ee0:   0000000000732000-000000007ffdffff 0x0001/0x0000 0x0000000
3f50.3ee0:  *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
3f50.3ee0:   000000007ffe1000-000000007ffe3fff 0x0001/0x0000 0x0000000
3f50.3ee0:  *000000007ffe4000-000000007ffe4fff 0x0002/0x0002 0x0020000
3f50.3ee0:   000000007ffe5000-00007ff522adffff 0x0001/0x0000 0x0000000
3f50.3ee0:  *00007ff522ae0000-00007ff522ae0fff 0x0002/0x0002 0x0040000
3f50.3ee0:   00007ff522ae1000-00007ff522aeffff 0x0001/0x0000 0x0000000
3f50.3ee0:  *00007ff522af0000-00007ff522b12fff 0x0002/0x0002 0x0040000
3f50.3ee0:   00007ff522b13000-00007ff6c39bffff 0x0001/0x0000 0x0000000
3f50.3ee0:  *00007ff6c39c0000-00007ff6c39c0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3f50.3ee0:   00007ff6c39c1000-00007ff6c3a36fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3f50.3ee0:   00007ff6c3a37000-00007ff6c3a37fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3f50.3ee0:   00007ff6c3a38000-00007ff6c3a7ffff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3f50.3ee0:   00007ff6c3a80000-00007ff6c3a80fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3f50.3ee0:   00007ff6c3a81000-00007ff6c3a81fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3f50.3ee0:   00007ff6c3a82000-00007ff6c3a86fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3f50.3ee0:   00007ff6c3a87000-00007ff6c3a87fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3f50.3ee0:   00007ff6c3a88000-00007ff6c3a88fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3f50.3ee0:   00007ff6c3a89000-00007ff6c3a8cfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3f50.3ee0:   00007ff6c3a8d000-00007ff6c3ad5fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3f50.3ee0:   00007ff6c3ad6000-00007ff9f593ffff 0x0001/0x0000 0x0000000
3f50.3ee0:  *00007ff9f5940000-00007ff9f5940fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
3f50.3ee0:   00007ff9f5941000-00007ff9f5a57fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
3f50.3ee0:   00007ff9f5a58000-00007ff9f5a9efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
3f50.3ee0:   00007ff9f5a9f000-00007ff9f5aaafff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
3f50.3ee0:   00007ff9f5aab000-00007ff9f5ab9fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
3f50.3ee0:   00007ff9f5aba000-00007ff9f5abafff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
3f50.3ee0:   00007ff9f5abb000-00007ff9f5abdfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
3f50.3ee0:   00007ff9f5abe000-00007ff9f5b2ffff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
3f50.3ee0:   00007ff9f5b30000-00007ffffffeffff 0x0001/0x0000 0x0000000
3f50.3ee0: supR3HardNtChildPurify: Done after 523 ms and 0 fixes (loop #0).
16dc.a34: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00
16dc.a34: supR3HardenedVmProcessInit: uNtDllAddr=00007ff9f5940000 g_uNtVerCombined=0xa047ba00 (stack ~000000000071f3d8)
16dc.a34: ntdll.dll: timestamp 0x99ca0526 (rc=VINF_SUCCESS)
16dc.a34: New simple heap: #1 0000000000840000 LB 0x400000 (for 2031616 allocation)
16dc.a34: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
3f50.3ee0: supR3HardNtEnableThreadCreationEx:
16dc.a34: System32:  \Device\HarddiskVolume5\Windows\System32
16dc.a34: WinSxS:    \Device\HarddiskVolume5\Windows\WinSxS
16dc.a34: KnownDllPath: C:\WINDOWS\System32
16dc.a34: supR3HardenedVmProcessInit: Opening vboxdrv stub...
16dc.a34: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
16dc.a34: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
16dc.a34: Registered Dll notification callback with NTDLL.
16dc.a34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll)
16dc.a34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll
16dc.a34: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
16dc.a34: supR3HardenedDllNotificationCallback: load   00007ff9f32c0000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
16dc.a34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll)
16dc.a34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
16dc.a34: supR3HardenedDllNotificationCallback: load   00007ff9f5590000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
16dc.a34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
16dc.a34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5590000 'C:\WINDOWS\System32\KERNEL32.DLL'
16dc.a34: supR3HardenedDllNotificationCallback: load   00007ff6c39c0000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
16dc.a34: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
16dc.a34: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
16dc.a34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
16dc.a34: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9f59b17f0 pvNtTerminateThread=00007ff9f59dcb10
3f50.3ee0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 103 ms.
16dc.a34: \SystemRoot\System32\ntdll.dll:
16dc.a34:     CreationTime:    2019-10-15T01:27:38.187278500Z
16dc.a34:     LastWriteTime:   2019-10-15T01:27:38.258088700Z
16dc.a34:     ChangeTime:      2019-12-10T23:38:02.237850100Z
16dc.a34:     FileAttributes:  0x20
16dc.a34:     Size:            0x1e8528
16dc.a34:     NT Headers:      0xd8
16dc.a34:     Timestamp:       0x99ca0526
16dc.a34:     Machine:         0x8664 - amd64
16dc.a34:     Timestamp:       0x99ca0526
16dc.a34:     Image Version:   10.0
16dc.a34:     SizeOfImage:     0x1f0000 (2031616)
16dc.a34:     Resource Dir:    0x17f000 LB 0x6f310
16dc.a34:     [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16dc.a34:     [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
16dc.a34:     ProductName:     Microsoft® Windows® Operating System
16dc.a34:     ProductVersion:  10.0.18362.418
16dc.a34:     FileVersion:     10.0.18362.418 (WinBuild.160101.0800)
16dc.a34:     FileDescription: NT Layer DLL
16dc.a34: \SystemRoot\System32\kernel32.dll:
16dc.a34:     CreationTime:    2019-10-14T21:52:08.880289300Z
16dc.a34:     LastWriteTime:   2019-10-14T21:52:08.895892800Z
16dc.a34:     ChangeTime:      2019-12-10T23:38:01.396101400Z
16dc.a34:     FileAttributes:  0x20
16dc.a34:     Size:            0xb0570
16dc.a34:     NT Headers:      0xe8
16dc.a34:     Timestamp:       0xd0cecc10
16dc.a34:     Machine:         0x8664 - amd64
16dc.a34:     Timestamp:       0xd0cecc10
16dc.a34:     Image Version:   10.0
16dc.a34:     SizeOfImage:     0xb2000 (729088)
16dc.a34:     Resource Dir:    0xb0000 LB 0x520
16dc.a34:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
16dc.a34:     [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
16dc.a34:     ProductName:     Microsoft® Windows® Operating System
16dc.a34:     ProductVersion:  10.0.18362.329
16dc.a34:     FileVersion:     10.0.18362.329 (WinBuild.160101.0800)
16dc.a34:     FileDescription: Windows NT BASE API Client DLL
16dc.a34: \SystemRoot\System32\KernelBase.dll:
16dc.a34:     CreationTime:    2019-12-10T23:37:24.476465800Z
16dc.a34:     LastWriteTime:   2019-12-10T23:37:24.592153100Z
16dc.a34:     ChangeTime:      2019-12-11T09:32:25.829231400Z
16dc.a34:     FileAttributes:  0x20
16dc.a34:     Size:            0x2a2638
16dc.a34:     NT Headers:      0xf0
16dc.a34:     Timestamp:       0x50cc8d5a
16dc.a34:     Machine:         0x8664 - amd64
16dc.a34:     Timestamp:       0x50cc8d5a
16dc.a34:     Image Version:   10.0
16dc.a34:     SizeOfImage:     0x2a3000 (2764800)
16dc.a34:     Resource Dir:    0x27d000 LB 0x548
16dc.a34:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
16dc.a34:     [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
16dc.a34:     ProductName:     Microsoft® Windows® Operating System
16dc.a34:     ProductVersion:  10.0.18362.535
16dc.a34:     FileVersion:     10.0.18362.535 (WinBuild.160101.0800)
16dc.a34:     FileDescription: Windows NT BASE API Client DLL
16dc.a34: \SystemRoot\System32\apisetschema.dll:
16dc.a34:     CreationTime:    2019-03-19T04:43:54.837151500Z
16dc.a34:     LastWriteTime:   2019-03-19T04:43:54.837151500Z
16dc.a34:     ChangeTime:      2019-12-10T23:38:01.351221300Z
16dc.a34:     FileAttributes:  0x20
16dc.a34:     Size:            0x1d028
16dc.a34:     NT Headers:      0xc8
16dc.a34:     Timestamp:       0xd6ced080
16dc.a34:     Machine:         0x8664 - amd64
16dc.a34:     Timestamp:       0xd6ced080
16dc.a34:     Image Version:   10.0
16dc.a34:     SizeOfImage:     0x1e000 (122880)
16dc.a34:     Resource Dir:    0x1d000 LB 0x408
16dc.a34:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
16dc.a34:     [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
16dc.a34:     ProductName:     Microsoft® Windows® Operating System
16dc.a34:     ProductVersion:  10.0.18362.1
16dc.a34:     FileVersion:     10.0.18362.1 (WinBuild.160101.0800)
16dc.a34:     FileDescription: ApiSet Schema DLL
16dc.a34: NtOpenDirectoryObject failed on \Driver: 0xc0000022
16dc.a34: supR3HardenedWinFindAdversaries: 0x40
16dc.a34: \SystemRoot\System32\drivers\klflt.sys:
16dc.a34:     CreationTime:    2019-10-29T19:14:39.888045400Z
16dc.a34:     LastWriteTime:   2020-04-13T10:51:55.718184300Z
16dc.a34:     ChangeTime:      2020-04-13T10:51:55.718184300Z
16dc.a34:     FileAttributes:  0x20
16dc.a34:     Size:            0x3d798
16dc.a34:     NT Headers:      0x100
16dc.a34:     Timestamp:       0x70232f61
16dc.a34:     Machine:         0x8664 - amd64
16dc.a34:     Timestamp:       0x70232f61
16dc.a34:     Image Version:   6.1
16dc.a34:     SizeOfImage:     0x4a000 (303104)
16dc.a34:     Resource Dir:    0x47000 LB 0x418
16dc.a34:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
16dc.a34:     [Raw version resource data: 0x47060 LB 0x3b8, codepage 0x0 (reserved 0x0)]
16dc.a34:     ProductName:     Coretech Delivery
16dc.a34:     ProductVersion:  30.347.47.0
16dc.a34:     FileVersion:     30.347.47.0
16dc.a34:     FileDescription: Filter Core [fre_win7_amd64]
16dc.a34: \SystemRoot\System32\drivers\klif.sys:
16dc.a34:     CreationTime:    2019-10-29T19:14:40.127821000Z
16dc.a34:     LastWriteTime:   2020-04-13T10:51:55.865790400Z
16dc.a34:     ChangeTime:      2020-04-13T10:51:55.865790400Z
16dc.a34:     FileAttributes:  0x20
16dc.a34:     Size:            0xf3b98
16dc.a34:     NT Headers:      0xf8
16dc.a34:     Timestamp:       0x5e6be381
16dc.a34:     Machine:         0x8664 - amd64
16dc.a34:     Timestamp:       0x5e6be381
16dc.a34:     Image Version:   6.1
16dc.a34:     SizeOfImage:     0xf4000 (999424)
16dc.a34:     Resource Dir:    0xeb000 LB 0x33f8
16dc.a34:     [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)]
16dc.a34:     [Raw version resource data: 0xee028 LB 0x3d0, codepage 0x0 (reserved 0x0)]
16dc.a34:     ProductName:     Coretech Delivery
16dc.a34:     ProductVersion:  30.347.47.0
16dc.a34:     FileVersion:     30.347.47.0
16dc.a34:     FileDescription: Core System Interceptors [fre_win7_amd64]
16dc.a34: \SystemRoot\System32\drivers\klim6.sys:
16dc.a34:     CreationTime:    2019-03-19T04:21:06.000000000Z
16dc.a34:     LastWriteTime:   2019-03-19T04:21:06.000000000Z
16dc.a34:     ChangeTime:      2019-10-29T19:15:00.994361000Z
16dc.a34:     FileAttributes:  0x20
16dc.a34:     Size:            0xe350
16dc.a34:     NT Headers:      0xe0
16dc.a34:     Timestamp:       0x54ad405e
16dc.a34:     Machine:         0x8664 - amd64
16dc.a34:     Timestamp:       0x54ad405e
16dc.a34:     Image Version:   6.1
16dc.a34:     SizeOfImage:     0xb000 (45056)
16dc.a34:     Resource Dir:    0x9000 LB 0x430
16dc.a34:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
16dc.a34:     [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
16dc.a34:     ProductName:     Coretech Delivery
16dc.a34:     ProductVersion:  30.0.3724.0
16dc.a34:     FileVersion:     30.0.3724.0
16dc.a34:     FileDescription: Packet Network Filter [fre_win7_amd64]
16dc.a34: \SystemRoot\System32\drivers\klkbdflt.sys:
16dc.a34:     CreationTime:    2019-03-17T23:11:30.000000000Z
16dc.a34:     LastWriteTime:   2020-04-13T10:51:55.931614300Z
16dc.a34:     ChangeTime:      2020-04-13T10:51:55.931614300Z
16dc.a34:     FileAttributes:  0x20
16dc.a34:     Size:            0x13790
16dc.a34:     NT Headers:      0xf8
16dc.a34:     Timestamp:       0x6193eeca
16dc.a34:     Machine:         0x8664 - amd64
16dc.a34:     Timestamp:       0x6193eeca
16dc.a34:     Image Version:   6.1
16dc.a34:     SizeOfImage:     0x12000 (73728)
16dc.a34:     Resource Dir:    0x10000 LB 0x440
16dc.a34:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
16dc.a34:     [Raw version resource data: 0x10060 LB 0x3dc, codepage 0x0 (reserved 0x0)]
16dc.a34:     ProductName:     Coretech Delivery
16dc.a34:     ProductVersion:  30.256.110.0
16dc.a34:     FileVersion:     30.256.110.0
16dc.a34:     FileDescription: Keyboard Device Filter [fre_win7_amd64]
16dc.a34: \SystemRoot\System32\drivers\klmouflt.sys:
16dc.a34:     CreationTime:    2019-03-17T22:50:34.000000000Z
16dc.a34:     LastWriteTime:   2019-03-17T22:50:34.000000000Z
16dc.a34:     ChangeTime:      2019-10-29T19:15:00.619448000Z
16dc.a34:     FileAttributes:  0x20
16dc.a34:     Size:            0xe878
16dc.a34:     NT Headers:      0xe8
16dc.a34:     Timestamp:       0xab7b625
16dc.a34:     Machine:         0x8664 - amd64
16dc.a34:     Timestamp:       0xab7b625
16dc.a34:     Image Version:   6.1
16dc.a34:     SizeOfImage:     0xe000 (57344)
16dc.a34:     Resource Dir:    0xc000 LB 0x430
16dc.a34:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
16dc.a34:     [Raw version resource data: 0xc060 LB 0x3d0, codepage 0x0 (reserved 0x0)]
16dc.a34:     ProductName:     Coretech Delivery
16dc.a34:     ProductVersion:  30.0.3716.0
16dc.a34:     FileVersion:     30.0.3716.0
16dc.a34:     FileDescription: Mouse Device Filter [fre_win7_amd64]
16dc.a34: \SystemRoot\System32\drivers\kneps.sys:
16dc.a34:     CreationTime:    2019-03-18T23:31:38.000000000Z
16dc.a34:     LastWriteTime:   2020-04-13T10:51:56.055282500Z
16dc.a34:     ChangeTime:      2020-04-13T10:51:56.055282500Z
16dc.a34:     FileAttributes:  0x20
16dc.a34:     Size:            0x38b98
16dc.a34:     NT Headers:      0x108
16dc.a34:     Timestamp:       0xe34c73f4
16dc.a34:     Machine:         0x8664 - amd64
16dc.a34:     Timestamp:       0xe34c73f4
16dc.a34:     Image Version:   6.1
16dc.a34:     SizeOfImage:     0x38000 (229376)
16dc.a34:     Resource Dir:    0x35000 LB 0x428
16dc.a34:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
16dc.a34:     [Raw version resource data: 0x35060 LB 0x3c4, codepage 0x0 (reserved 0x0)]
16dc.a34:     ProductName:     Coretech Delivery
16dc.a34:     ProductVersion:  30.347.28.0
16dc.a34:     FileVersion:     30.347.28.0
16dc.a34:     FileDescription: Network Processor [fre_win7_amd64]
16dc.a34: \SystemRoot\System32\klfphc.dll:
16dc.a34:     CreationTime:    2019-10-29T19:14:58.573052500Z
16dc.a34:     LastWriteTime:   2013-05-06T05:13:26.000000000Z
16dc.a34:     ChangeTime:      2019-10-29T19:14:46.750433600Z
16dc.a34:     FileAttributes:  0x20
16dc.a34:     Size:            0x1ae60
16dc.a34:     NT Headers:      0xe8
16dc.a34:     Timestamp:       0x51873bf2
16dc.a34:     Machine:         0x8664 - amd64
16dc.a34:     Timestamp:       0x51873bf2
16dc.a34:     Image Version:   0.0
16dc.a34:     SizeOfImage:     0x1d000 (118784)
16dc.a34:     Resource Dir:    0x18000 LB 0x3c80
16dc.a34:     [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)]
16dc.a34:     [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)]
16dc.a34:     ProductName:     Kaspersky™ Anti-Virus ®
16dc.a34:     ProductVersion:  1.0.0.12
16dc.a34:     FileVersion:     1.0.0.12
16dc.a34:     FileDescription: Filtering Platform Helper Class
16dc.a34: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
16dc.a34: Calling main()
16dc.a34: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
16dc.a34: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
16dc.a34: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
16dc.a34: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
16dc.a34: SUPR3HardenedMain: Respawn #2
16dc.a34: supR3HardNtEnableThreadCreationEx:
16dc.a34: supR3HardenedDllNotificationCallback: load   00007ff9f4940000 LB 0x00120000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
16dc.a34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll)
16dc.a34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
16dc.a34: supR3HardenedDllNotificationCallback: load   00007ff9f4760000 LB 0x00097000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
16dc.a34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
16dc.a34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\sechost.dll)
16dc.a34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sechost.dll
16dc.a34: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports
16dc.a34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ntdll.dll)
16dc.a34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ntdll.dll
16dc.a34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16dc.a34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16dc.a34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
16dc.a34: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
16dc.a34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5940000 'C:\WINDOWS\System32\ntdll.dll'
16dc.a34: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9f59b17f0 pvNtTerminateThread=00007ff9f59dcb10
16dc.a34: supR3HardenedWinDoReSpawn(2): New child 3d54.3aa8 [kernel32].
16dc.a34: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
16dc.a34: supR3HardNtChildGatherData: PebBaseAddress=0000000000e5f000 cbPeb=0x388
16dc.a34: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff9f5940000 uNtDllChildAddr=00007ff9f5940000
16dc.a34: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9f59b17f0
16dc.a34: supR3HardenedWinSetupChildInit: Initial context:
  rax=0000000000000000 rbx=0000000000000000 rcx=00007ff6c39c7900 rdx=0000000000e5f000
  rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
  r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
  r14=0000000000000000 r15=0000000000000000  P1=0000000000000000  P2=0000000000000000
  rip=00007ff9f59aceb0 rsp=000000000113f948 rbp=0000000000000000    ctxflags=0010001b
  cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000    eflags=00000200   mxcrx=00001f80
   P3=0000000000000000  P4=0000000000000000  P5=0000000000000000  P6=0000000000000000
  dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
  dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
  lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
16dc.a34: kernel32.dll: timestamp 0xd0cecc10 (rc=VINF_SUCCESS)
16dc.a34: supR3HardenedWinSetupChildInit: Start child.
16dc.a34: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
16dc.a34: supR3HardNtChildPurify: Startup delay kludge #1/0: 521 ms, 58 sleeps
16dc.a34: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
16dc.a34:  *0000000000000000-0000000000deffff 0x0001/0x0000 0x0000000
16dc.a34:  *0000000000df0000-0000000000df3fff 0x0002/0x0002 0x0040000
16dc.a34:   0000000000df4000-0000000000dfffff 0x0001/0x0000 0x0000000
16dc.a34:  *0000000000e00000-0000000000e5efff 0x0000/0x0004 0x0020000
16dc.a34:   0000000000e5f000-0000000000e61fff 0x0004/0x0004 0x0020000
16dc.a34:   0000000000e62000-0000000000ffffff 0x0000/0x0004 0x0020000
16dc.a34:  *0000000001000000-000000000101ffff 0x0004/0x0004 0x0020000
16dc.a34:  *0000000001020000-000000000103afff 0x0002/0x0002 0x0040000
16dc.a34:   000000000103b000-000000000103ffff 0x0001/0x0000 0x0000000
16dc.a34:  *0000000001040000-000000000113afff 0x0000/0x0004 0x0020000
16dc.a34:   000000000113b000-000000000113dfff 0x0104/0x0004 0x0020000
16dc.a34:   000000000113e000-000000000113ffff 0x0004/0x0004 0x0020000
16dc.a34:  *0000000001140000-0000000001141fff 0x0004/0x0004 0x0020000
16dc.a34:   0000000001142000-000000007ffdffff 0x0001/0x0000 0x0000000
16dc.a34:  *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
16dc.a34:   000000007ffe1000-000000007ffe3fff 0x0001/0x0000 0x0000000
16dc.a34:  *000000007ffe4000-000000007ffe4fff 0x0002/0x0002 0x0020000
16dc.a34:   000000007ffe5000-00007ff5588bffff 0x0001/0x0000 0x0000000
16dc.a34:  *00007ff5588c0000-00007ff5588c0fff 0x0002/0x0002 0x0040000
16dc.a34:   00007ff5588c1000-00007ff5588cffff 0x0001/0x0000 0x0000000
16dc.a34:  *00007ff5588d0000-00007ff5588f2fff 0x0002/0x0002 0x0040000
16dc.a34:   00007ff5588f3000-00007ff6c39bffff 0x0001/0x0000 0x0000000
16dc.a34:  *00007ff6c39c0000-00007ff6c39c0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
16dc.a34:   00007ff6c39c1000-00007ff6c3a36fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
16dc.a34:   00007ff6c3a37000-00007ff6c3a37fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
16dc.a34:   00007ff6c3a38000-00007ff6c3a7ffff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
16dc.a34:   00007ff6c3a80000-00007ff6c3a80fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
16dc.a34:   00007ff6c3a81000-00007ff6c3a81fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
16dc.a34:   00007ff6c3a82000-00007ff6c3a86fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
16dc.a34:   00007ff6c3a87000-00007ff6c3a87fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
16dc.a34:   00007ff6c3a88000-00007ff6c3a88fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
16dc.a34:   00007ff6c3a89000-00007ff6c3a8cfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
16dc.a34:   00007ff6c3a8d000-00007ff6c3ad5fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
16dc.a34:   00007ff6c3ad6000-00007ff9f593ffff 0x0001/0x0000 0x0000000
16dc.a34:  *00007ff9f5940000-00007ff9f5940fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
16dc.a34:   00007ff9f5941000-00007ff9f5a57fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
16dc.a34:   00007ff9f5a58000-00007ff9f5a9efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
16dc.a34:   00007ff9f5a9f000-00007ff9f5aaafff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
16dc.a34:   00007ff9f5aab000-00007ff9f5ab9fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
16dc.a34:   00007ff9f5aba000-00007ff9f5abafff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
16dc.a34:   00007ff9f5abb000-00007ff9f5abdfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
16dc.a34:   00007ff9f5abe000-00007ff9f5b2ffff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume5\Windows\System32\ntdll.dll
16dc.a34:   00007ff9f5b30000-00007ffffffeffff 0x0001/0x0000 0x0000000
16dc.a34: VirtualBoxVM.exe: timestamp 0x5ed9201b (rc=VINF_SUCCESS)
16dc.a34: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
16dc.a34: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports
16dc.a34: supR3HardNtChildPurify: Done after 565 ms and 0 fixes (loop #0).
3d54.3aa8: Log file opened: 6.1.10r138449 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa047ba00
3d54.3aa8: supR3HardenedVmProcessInit: uNtDllAddr=00007ff9f5940000 g_uNtVerCombined=0xa047ba00 (stack ~000000000113f3d8)
3d54.3aa8: ntdll.dll: timestamp 0x99ca0526 (rc=VINF_SUCCESS)
3d54.3aa8: New simple heap: #1 0000000001250000 LB 0x400000 (for 2031616 allocation)
16dc.a34: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000840000 LB 0x400000)
16dc.a34: supR3HardNtEnableThreadCreationEx:
3d54.3aa8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
3d54.3aa8: System32:  \Device\HarddiskVolume5\Windows\System32
3d54.3aa8: WinSxS:    \Device\HarddiskVolume5\Windows\WinSxS
3d54.3aa8: KnownDllPath: C:\WINDOWS\System32
3d54.3aa8: supR3HardenedVmProcessInit: Opening vboxdrv...
3d54.3aa8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3d54.3aa8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3d54.3aa8: Registered Dll notification callback with NTDLL.
3d54.3aa8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll)
3d54.3aa8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll
3d54.3aa8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
3d54.3aa8: supR3HardenedDllNotificationCallback: load   00007ff9f32c0000 LB 0x002a3000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
3d54.3aa8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll)
3d54.3aa8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
3d54.3aa8: supR3HardenedDllNotificationCallback: load   00007ff9f5590000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
3d54.3aa8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3d54.3aa8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5590000 'C:\WINDOWS\System32\KERNEL32.DLL'
3d54.3aa8: supR3HardenedDllNotificationCallback: load   00007ff6c39c0000 LB 0x00116000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
3d54.3aa8: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3d54.3aa8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
3d54.3aa8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3d54.3aa8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9f59b17f0 pvNtTerminateThread=00007ff9f59dcb10
16dc.a34: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 131 ms.
3d54.3aa8: \SystemRoot\System32\ntdll.dll:
3d54.3aa8:     CreationTime:    2019-10-15T01:27:38.187278500Z
3d54.3aa8:     LastWriteTime:   2019-10-15T01:27:38.258088700Z
3d54.3aa8:     ChangeTime:      2019-12-10T23:38:02.237850100Z
3d54.3aa8:     FileAttributes:  0x20
3d54.3aa8:     Size:            0x1e8528
3d54.3aa8:     NT Headers:      0xd8
3d54.3aa8:     Timestamp:       0x99ca0526
3d54.3aa8:     Machine:         0x8664 - amd64
3d54.3aa8:     Timestamp:       0x99ca0526
3d54.3aa8:     Image Version:   10.0
3d54.3aa8:     SizeOfImage:     0x1f0000 (2031616)
3d54.3aa8:     Resource Dir:    0x17f000 LB 0x6f310
3d54.3aa8:     [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
3d54.3aa8:     [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
3d54.3aa8:     ProductName:     Microsoft® Windows® Operating System
3d54.3aa8:     ProductVersion:  10.0.18362.418
3d54.3aa8:     FileVersion:     10.0.18362.418 (WinBuild.160101.0800)
3d54.3aa8:     FileDescription: NT Layer DLL
3d54.3aa8: \SystemRoot\System32\kernel32.dll:
3d54.3aa8:     CreationTime:    2019-10-14T21:52:08.880289300Z
3d54.3aa8:     LastWriteTime:   2019-10-14T21:52:08.895892800Z
3d54.3aa8:     ChangeTime:      2019-12-10T23:38:01.396101400Z
3d54.3aa8:     FileAttributes:  0x20
3d54.3aa8:     Size:            0xb0570
3d54.3aa8:     NT Headers:      0xe8
3d54.3aa8:     Timestamp:       0xd0cecc10
3d54.3aa8:     Machine:         0x8664 - amd64
3d54.3aa8:     Timestamp:       0xd0cecc10
3d54.3aa8:     Image Version:   10.0
3d54.3aa8:     SizeOfImage:     0xb2000 (729088)
3d54.3aa8:     Resource Dir:    0xb0000 LB 0x520
3d54.3aa8:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3d54.3aa8:     [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3d54.3aa8:     ProductName:     Microsoft® Windows® Operating System
3d54.3aa8:     ProductVersion:  10.0.18362.329
3d54.3aa8:     FileVersion:     10.0.18362.329 (WinBuild.160101.0800)
3d54.3aa8:     FileDescription: Windows NT BASE API Client DLL
3d54.3aa8: \SystemRoot\System32\KernelBase.dll:
3d54.3aa8:     CreationTime:    2019-12-10T23:37:24.476465800Z
3d54.3aa8:     LastWriteTime:   2019-12-10T23:37:24.592153100Z
3d54.3aa8:     ChangeTime:      2019-12-11T09:32:25.829231400Z
3d54.3aa8:     FileAttributes:  0x20
3d54.3aa8:     Size:            0x2a2638
3d54.3aa8:     NT Headers:      0xf0
3d54.3aa8:     Timestamp:       0x50cc8d5a
3d54.3aa8:     Machine:         0x8664 - amd64
3d54.3aa8:     Timestamp:       0x50cc8d5a
3d54.3aa8:     Image Version:   10.0
3d54.3aa8:     SizeOfImage:     0x2a3000 (2764800)
3d54.3aa8:     Resource Dir:    0x27d000 LB 0x548
3d54.3aa8:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3d54.3aa8:     [Raw version resource data: 0x27d0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
3d54.3aa8:     ProductName:     Microsoft® Windows® Operating System
3d54.3aa8:     ProductVersion:  10.0.18362.535
3d54.3aa8:     FileVersion:     10.0.18362.535 (WinBuild.160101.0800)
3d54.3aa8:     FileDescription: Windows NT BASE API Client DLL
3d54.3aa8: \SystemRoot\System32\apisetschema.dll:
3d54.3aa8:     CreationTime:    2019-03-19T04:43:54.837151500Z
3d54.3aa8:     LastWriteTime:   2019-03-19T04:43:54.837151500Z
3d54.3aa8:     ChangeTime:      2019-12-10T23:38:01.351221300Z
3d54.3aa8:     FileAttributes:  0x20
3d54.3aa8:     Size:            0x1d028
3d54.3aa8:     NT Headers:      0xc8
3d54.3aa8:     Timestamp:       0xd6ced080
3d54.3aa8:     Machine:         0x8664 - amd64
3d54.3aa8:     Timestamp:       0xd6ced080
3d54.3aa8:     Image Version:   10.0
3d54.3aa8:     SizeOfImage:     0x1e000 (122880)
3d54.3aa8:     Resource Dir:    0x1d000 LB 0x408
3d54.3aa8:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3d54.3aa8:     [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
3d54.3aa8:     ProductName:     Microsoft® Windows® Operating System
3d54.3aa8:     ProductVersion:  10.0.18362.1
3d54.3aa8:     FileVersion:     10.0.18362.1 (WinBuild.160101.0800)
3d54.3aa8:     FileDescription: ApiSet Schema DLL
3d54.3aa8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3d54.3aa8: supR3HardenedWinFindAdversaries: 0x40
3d54.3aa8: \SystemRoot\System32\drivers\klflt.sys:
3d54.3aa8:     CreationTime:    2019-10-29T19:14:39.888045400Z
3d54.3aa8:     LastWriteTime:   2020-04-13T10:51:55.718184300Z
3d54.3aa8:     ChangeTime:      2020-04-13T10:51:55.718184300Z
3d54.3aa8:     FileAttributes:  0x20
3d54.3aa8:     Size:            0x3d798
3d54.3aa8:     NT Headers:      0x100
3d54.3aa8:     Timestamp:       0x70232f61
3d54.3aa8:     Machine:         0x8664 - amd64
3d54.3aa8:     Timestamp:       0x70232f61
3d54.3aa8:     Image Version:   6.1
3d54.3aa8:     SizeOfImage:     0x4a000 (303104)
3d54.3aa8:     Resource Dir:    0x47000 LB 0x418
3d54.3aa8:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3d54.3aa8:     [Raw version resource data: 0x47060 LB 0x3b8, codepage 0x0 (reserved 0x0)]
3d54.3aa8:     ProductName:     Coretech Delivery
3d54.3aa8:     ProductVersion:  30.347.47.0
3d54.3aa8:     FileVersion:     30.347.47.0
3d54.3aa8:     FileDescription: Filter Core [fre_win7_amd64]
3d54.3aa8: \SystemRoot\System32\drivers\klif.sys:
3d54.3aa8:     CreationTime:    2019-10-29T19:14:40.127821000Z
3d54.3aa8:     LastWriteTime:   2020-04-13T10:51:55.865790400Z
3d54.3aa8:     ChangeTime:      2020-04-13T10:51:55.865790400Z
3d54.3aa8:     FileAttributes:  0x20
3d54.3aa8:     Size:            0xf3b98
3d54.3aa8:     NT Headers:      0xf8
3d54.3aa8:     Timestamp:       0x5e6be381
3d54.3aa8:     Machine:         0x8664 - amd64
3d54.3aa8:     Timestamp:       0x5e6be381
3d54.3aa8:     Image Version:   6.1
3d54.3aa8:     SizeOfImage:     0xf4000 (999424)
3d54.3aa8:     Resource Dir:    0xeb000 LB 0x33f8
3d54.3aa8:     [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)]
3d54.3aa8:     [Raw version resource data: 0xee028 LB 0x3d0, codepage 0x0 (reserved 0x0)]
3d54.3aa8:     ProductName:     Coretech Delivery
3d54.3aa8:     ProductVersion:  30.347.47.0
3d54.3aa8:     FileVersion:     30.347.47.0
3d54.3aa8:     FileDescription: Core System Interceptors [fre_win7_amd64]
3d54.3aa8: \SystemRoot\System32\drivers\klim6.sys:
3d54.3aa8:     CreationTime:    2019-03-19T04:21:06.000000000Z
3d54.3aa8:     LastWriteTime:   2019-03-19T04:21:06.000000000Z
3d54.3aa8:     ChangeTime:      2019-10-29T19:15:00.994361000Z
3d54.3aa8:     FileAttributes:  0x20
3d54.3aa8:     Size:            0xe350
3d54.3aa8:     NT Headers:      0xe0
3d54.3aa8:     Timestamp:       0x54ad405e
3d54.3aa8:     Machine:         0x8664 - amd64
3d54.3aa8:     Timestamp:       0x54ad405e
3d54.3aa8:     Image Version:   6.1
3d54.3aa8:     SizeOfImage:     0xb000 (45056)
3d54.3aa8:     Resource Dir:    0x9000 LB 0x430
3d54.3aa8:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3d54.3aa8:     [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
3d54.3aa8:     ProductName:     Coretech Delivery
3d54.3aa8:     ProductVersion:  30.0.3724.0
3d54.3aa8:     FileVersion:     30.0.3724.0
3d54.3aa8:     FileDescription: Packet Network Filter [fre_win7_amd64]
3d54.3aa8: \SystemRoot\System32\drivers\klkbdflt.sys:
3d54.3aa8:     CreationTime:    2019-03-17T23:11:30.000000000Z
3d54.3aa8:     LastWriteTime:   2020-04-13T10:51:55.931614300Z
3d54.3aa8:     ChangeTime:      2020-04-13T10:51:55.931614300Z
3d54.3aa8:     FileAttributes:  0x20
3d54.3aa8:     Size:            0x13790
3d54.3aa8:     NT Headers:      0xf8
3d54.3aa8:     Timestamp:       0x6193eeca
3d54.3aa8:     Machine:         0x8664 - amd64
3d54.3aa8:     Timestamp:       0x6193eeca
3d54.3aa8:     Image Version:   6.1
3d54.3aa8:     SizeOfImage:     0x12000 (73728)
3d54.3aa8:     Resource Dir:    0x10000 LB 0x440
3d54.3aa8:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3d54.3aa8:     [Raw version resource data: 0x10060 LB 0x3dc, codepage 0x0 (reserved 0x0)]
3d54.3aa8:     ProductName:     Coretech Delivery
3d54.3aa8:     ProductVersion:  30.256.110.0
3d54.3aa8:     FileVersion:     30.256.110.0
3d54.3aa8:     FileDescription: Keyboard Device Filter [fre_win7_amd64]
3d54.3aa8: \SystemRoot\System32\drivers\klmouflt.sys:
3d54.3aa8:     CreationTime:    2019-03-17T22:50:34.000000000Z
3d54.3aa8:     LastWriteTime:   2019-03-17T22:50:34.000000000Z
3d54.3aa8:     ChangeTime:      2019-10-29T19:15:00.619448000Z
3d54.3aa8:     FileAttributes:  0x20
3d54.3aa8:     Size:            0xe878
3d54.3aa8:     NT Headers:      0xe8
3d54.3aa8:     Timestamp:       0xab7b625
3d54.3aa8:     Machine:         0x8664 - amd64
3d54.3aa8:     Timestamp:       0xab7b625
3d54.3aa8:     Image Version:   6.1
3d54.3aa8:     SizeOfImage:     0xe000 (57344)
3d54.3aa8:     Resource Dir:    0xc000 LB 0x430
3d54.3aa8:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3d54.3aa8:     [Raw version resource data: 0xc060 LB 0x3d0, codepage 0x0 (reserved 0x0)]
3d54.3aa8:     ProductName:     Coretech Delivery
3d54.3aa8:     ProductVersion:  30.0.3716.0
3d54.3aa8:     FileVersion:     30.0.3716.0
3d54.3aa8:     FileDescription: Mouse Device Filter [fre_win7_amd64]
3d54.3aa8: \SystemRoot\System32\drivers\kneps.sys:
3d54.3aa8:     CreationTime:    2019-03-18T23:31:38.000000000Z
3d54.3aa8:     LastWriteTime:   2020-04-13T10:51:56.055282500Z
3d54.3aa8:     ChangeTime:      2020-04-13T10:51:56.055282500Z
3d54.3aa8:     FileAttributes:  0x20
3d54.3aa8:     Size:            0x38b98
3d54.3aa8:     NT Headers:      0x108
3d54.3aa8:     Timestamp:       0xe34c73f4
3d54.3aa8:     Machine:         0x8664 - amd64
3d54.3aa8:     Timestamp:       0xe34c73f4
3d54.3aa8:     Image Version:   6.1
3d54.3aa8:     SizeOfImage:     0x38000 (229376)
3d54.3aa8:     Resource Dir:    0x35000 LB 0x428
3d54.3aa8:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3d54.3aa8:     [Raw version resource data: 0x35060 LB 0x3c4, codepage 0x0 (reserved 0x0)]
3d54.3aa8:     ProductName:     Coretech Delivery
3d54.3aa8:     ProductVersion:  30.347.28.0
3d54.3aa8:     FileVersion:     30.347.28.0
3d54.3aa8:     FileDescription: Network Processor [fre_win7_amd64]
3d54.3aa8: \SystemRoot\System32\klfphc.dll:
3d54.3aa8:     CreationTime:    2019-10-29T19:14:58.573052500Z
3d54.3aa8:     LastWriteTime:   2013-05-06T05:13:26.000000000Z
3d54.3aa8:     ChangeTime:      2019-10-29T19:14:46.750433600Z
3d54.3aa8:     FileAttributes:  0x20
3d54.3aa8:     Size:            0x1ae60
3d54.3aa8:     NT Headers:      0xe8
3d54.3aa8:     Timestamp:       0x51873bf2
3d54.3aa8:     Machine:         0x8664 - amd64
3d54.3aa8:     Timestamp:       0x51873bf2
3d54.3aa8:     Image Version:   0.0
3d54.3aa8:     SizeOfImage:     0x1d000 (118784)
3d54.3aa8:     Resource Dir:    0x18000 LB 0x3c80
3d54.3aa8:     [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)]
3d54.3aa8:     [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)]
3d54.3aa8:     ProductName:     Kaspersky™ Anti-Virus ®
3d54.3aa8:     ProductVersion:  1.0.0.12
3d54.3aa8:     FileVersion:     1.0.0.12
3d54.3aa8:     FileDescription: Filtering Platform Helper Class
3d54.3aa8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
3d54.3aa8: Calling main()
3d54.3aa8: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
3d54.3aa8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
3d54.3aa8: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3d54.3aa8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
3d54.3aa8: SUPR3HardenedMain: Final process, opening VBoxDrv...
3d54.3aa8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001250000 LB 0x400000)
3d54.3aa8: supR3HardNtEnableThreadCreationEx:
3d54.3aa8: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
3d54.3aa8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
3d54.3aa8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Or
Version 0, edited 4 years ago by alex37region (next)

by alex37region, 4 years ago

Attachment: VBoxHardening.log added

VBoxHardening.log

Note: See TracTickets for help on using tickets.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy