VirtualBox

Opened 2 years ago

Last modified 2 years ago

#20969 new defect

Failed to open a session for the virtual machine Kali-Linux-2022.2-virtualbox-amd64. The virtual machine 'Kali-Linux-2022.2-virtualbox-amd64' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\Computer\VirtualBox VMs\Kali-Linux-2022.2-virtualbox-amd64\Logs\VBoxHardening.log'. Result Code: E_FAIL (0x80004005) Component: MachineWrap Interface: IMachine {85632c68-b5bb-4316-a900-5eb28d3413df}

Reported by: Murdoch Owned by:
Component: other Version: VirtualBox 6.1.34
Keywords: hardening VBoxHardening Cc:
Guest type: Linux Host type: Windows

Description

Failed to open a session for the virtual machine Kali-Linux-2022.2-virtualbox-amd64.

The virtual machine 'Kali-Linux-2022.2-virtualbox-amd64' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\Computer\VirtualBox VMs\Kali-Linux-2022.2-virtualbox-amd64\Logs\VBoxHardening.log'.

Result Code: E_FAIL (0x80004005) Component: MachineWrap Interface: IMachine {85632c68-b5bb-4316-a900-5eb28d3413df}

VBoxHardening.log:

1c58.1e4c: Log file opened: 6.1.34r150636 g_hStartupLog=0000000000000084 g_uNtVerCombined=0xa04a6300
1c58.1e4c: \SystemRoot\System32\ntdll.dll:
1c58.1e4c:     CreationTime:    2022-05-13T09:37:24.962297600Z
1c58.1e4c:     LastWriteTime:   2022-05-13T09:37:25.011955800Z
1c58.1e4c:     ChangeTime:      2022-05-13T21:27:08.242392000Z
1c58.1e4c:     FileAttributes:  0x20
1c58.1e4c:     Size:            0x1eeb38
1c58.1e4c:     NT Headers:      0xe8
1c58.1e4c:     Timestamp:       0x7b5414ec
1c58.1e4c:     Machine:         0x8664 - amd64
1c58.1e4c:     Timestamp:       0x7b5414ec
1c58.1e4c:     Image Version:   10.0
1c58.1e4c:     SizeOfImage:     0x1f5000 (2052096)
1c58.1e4c:     Resource Dir:    0x184000 LB 0x6fff8
1c58.1e4c:     [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1c58.1e4c:     [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1c58.1e4c:     ProductName:     Microsoft® Windows® Operating System
1c58.1e4c:     ProductVersion:  10.0.19041.1682
1c58.1e4c:     FileVersion:     10.0.19041.1682 (WinBuild.160101.0800)
1c58.1e4c:     FileDescription: NT Layer DLL
1c58.1e4c: \SystemRoot\System32\kernel32.dll:
1c58.1e4c:     CreationTime:    2022-05-13T09:37:16.157371700Z
1c58.1e4c:     LastWriteTime:   2022-05-13T09:37:16.176080300Z
1c58.1e4c:     ChangeTime:      2022-05-13T21:27:08.008042100Z
1c58.1e4c:     FileAttributes:  0x20
1c58.1e4c:     Size:            0xbb058
1c58.1e4c:     NT Headers:      0xe8
1c58.1e4c:     Timestamp:       0x4e5c27cf
1c58.1e4c:     Machine:         0x8664 - amd64
1c58.1e4c:     Timestamp:       0x4e5c27cf
1c58.1e4c:     Image Version:   10.0
1c58.1e4c:     SizeOfImage:     0xbd000 (774144)
1c58.1e4c:     Resource Dir:    0xbb000 LB 0x520
1c58.1e4c:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
1c58.1e4c:     [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
1c58.1e4c:     ProductName:     Microsoft® Windows® Operating System
1c58.1e4c:     ProductVersion:  10.0.19041.1706
1c58.1e4c:     FileVersion:     10.0.19041.1706 (WinBuild.160101.0800)
1c58.1e4c:     FileDescription: Windows NT BASE API Client DLL
1c58.1e4c: \SystemRoot\System32\KernelBase.dll:
1c58.1e4c:     CreationTime:    2022-05-13T09:37:25.904947200Z
1c58.1e4c:     LastWriteTime:   2022-05-13T09:37:25.981546200Z
1c58.1e4c:     ChangeTime:      2022-05-13T21:27:08.226771300Z
1c58.1e4c:     FileAttributes:  0x20
1c58.1e4c:     Size:            0x2cf640
1c58.1e4c:     NT Headers:      0xf0
1c58.1e4c:     Timestamp:       0x458acb5b
1c58.1e4c:     Machine:         0x8664 - amd64
1c58.1e4c:     Timestamp:       0x458acb5b
1c58.1e4c:     Image Version:   10.0
1c58.1e4c:     SizeOfImage:     0x2cd000 (2936832)
1c58.1e4c:     Resource Dir:    0x2a4000 LB 0x548
1c58.1e4c:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
1c58.1e4c:     [Raw version resource data: 0x2a40b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
1c58.1e4c:     ProductName:     Microsoft® Windows® Operating System
1c58.1e4c:     ProductVersion:  10.0.19041.1706
1c58.1e4c:     FileVersion:     10.0.19041.1706 (WinBuild.160101.0800)
1c58.1e4c:     FileDescription: Windows NT BASE API Client DLL
1c58.1e4c: \SystemRoot\System32\apisetschema.dll:
1c58.1e4c:     CreationTime:    2019-12-07T09:08:13.518339400Z
1c58.1e4c:     LastWriteTime:   2019-12-07T09:08:13.518339400Z
1c58.1e4c:     ChangeTime:      2022-05-13T09:38:12.902031600Z
1c58.1e4c:     FileAttributes:  0x20
1c58.1e4c:     Size:            0x1f538
1c58.1e4c:     NT Headers:      0xd0
1c58.1e4c:     Timestamp:       0x31288ce0
1c58.1e4c:     Machine:         0x8664 - amd64
1c58.1e4c:     Timestamp:       0x31288ce0
1c58.1e4c:     Image Version:   10.0
1c58.1e4c:     SizeOfImage:     0x20000 (131072)
1c58.1e4c:     Resource Dir:    0x1f000 LB 0x408
1c58.1e4c:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1c58.1e4c:     [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
1c58.1e4c:     ProductName:     Microsoft® Windows® Operating System
1c58.1e4c:     ProductVersion:  10.0.19041.1
1c58.1e4c:     FileVersion:     10.0.19041.1 (WinBuild.160101.0800)
1c58.1e4c:     FileDescription: ApiSet Schema DLL
1c58.1e4c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
1c58.1e4c: supR3HardenedWinFindAdversaries: 0x800
1c58.1e4c: \SystemRoot\System32\drivers\cfrmd.sys:
1c58.1e4c:     CreationTime:    2014-06-26T05:33:42.000000000Z
1c58.1e4c:     LastWriteTime:   2014-06-26T05:33:42.000000000Z
1c58.1e4c:     ChangeTime:      2020-10-11T11:10:28.369648400Z
1c58.1e4c:     FileAttributes:  0x20
1c58.1e4c:     Size:            0x9d20
1c58.1e4c:     NT Headers:      0xe8
1c58.1e4c:     Timestamp:       0x5004f2a1
1c58.1e4c:     Machine:         0x8664 - amd64
1c58.1e4c:     Timestamp:       0x5004f2a1
1c58.1e4c:     Image Version:   6.1
1c58.1e4c:     SizeOfImage:     0xe000 (57344)
1c58.1e4c:     Resource Dir:    0xc000 LB 0x3e0
1c58.1e4c:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1c58.1e4c:     [Raw version resource data: 0xc060 LB 0x380, codepage 0x0 (reserved 0x0)]
1c58.1e4c:     ProductName:     Windows (R) Win 7 DDK driver
1c58.1e4c:     ProductVersion:  6.1.7600.16385
1c58.1e4c:     FileVersion:     6.1.7600.16385 built by: WinDDK
1c58.1e4c:     FileDescription: Safe Deletion Driver
1c58.1e4c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
1c58.1e4c: Calling main()
1c58.1e4c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
1c58.1e4c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
1c58.1e4c: SUPR3HardenedMain: Respawn #1
1c58.1e4c: System32:  \Device\HarddiskVolume4\Windows\System32
1c58.1e4c: WinSxS:    \Device\HarddiskVolume4\Windows\WinSxS
1c58.1e4c: KnownDllPath: C:\WINDOWS\System32
1c58.1e4c: supR3HardenedWinInit: Performing a limited self purification...
1c58.1e4c: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
1c58.1e4c:  *0000000000000000-000000000042ffff 0x0001/0x0000 0x0000000
1c58.1e4c:  *0000000000430000-000000000043ffff 0x0004/0x0004 0x0040000
1c58.1e4c:   0000000000440000-000000000044ffff 0x0001/0x0000 0x0000000
1c58.1e4c:  *0000000000450000-000000000046cfff 0x0002/0x0002 0x0040000
1c58.1e4c:   000000000046d000-000000000046ffff 0x0001/0x0000 0x0000000
1c58.1e4c:  *0000000000470000-0000000000520fff 0x0000/0x0004 0x0020000
1c58.1e4c:   0000000000521000-0000000000523fff 0x0104/0x0004 0x0020000
1c58.1e4c:   0000000000524000-000000000056ffff 0x0004/0x0004 0x0020000
1c58.1e4c:  *0000000000570000-0000000000573fff 0x0002/0x0002 0x0040000
1c58.1e4c:   0000000000574000-000000000057ffff 0x0001/0x0000 0x0000000
1c58.1e4c:  *0000000000580000-0000000000581fff 0x0004/0x0004 0x0020000
1c58.1e4c:   0000000000582000-000000000058ffff 0x0001/0x0000 0x0000000
1c58.1e4c:  *0000000000590000-0000000000591fff 0x0004/0x0004 0x0020000
1c58.1e4c:   0000000000592000-00000000005a9fff 0x0000/0x0004 0x0020000
1c58.1e4c:   00000000005aa000-00000000005fffff 0x0001/0x0000 0x0000000
1c58.1e4c:  *0000000000600000-00000000006affff 0x0000/0x0004 0x0020000
1c58.1e4c:   00000000006b0000-00000000006b2fff 0x0004/0x0004 0x0020000
1c58.1e4c:   00000000006b3000-00000000007fffff 0x0000/0x0004 0x0020000
1c58.1e4c:  *0000000000800000-00000000008c8fff 0x0002/0x0002 0x0040000
1c58.1e4c:   00000000008c9000-00000000008dffff 0x0001/0x0000 0x0000000
1c58.1e4c:  *00000000008e0000-00000000008e5fff 0x0004/0x0004 0x0020000
1c58.1e4c:   00000000008e6000-00000000009dffff 0x0000/0x0004 0x0020000
1c58.1e4c:  *00000000009e0000-0000000000a06fff 0x0004/0x0004 0x0020000
1c58.1e4c:   0000000000a07000-0000000000adffff 0x0000/0x0004 0x0020000
1c58.1e4c:   0000000000ae0000-0000000000b0ffff 0x0001/0x0000 0x0000000
1c58.1e4c:  *0000000000b10000-0000000000b1efff 0x0004/0x0004 0x0020000
1c58.1e4c:   0000000000b1f000-0000000000b1ffff 0x0000/0x0004 0x0020000
1c58.1e4c:  *0000000000b20000-0000000000b2afff 0x0000/0x0004 0x0020000
1c58.1e4c:   0000000000b2b000-0000000000d20fff 0x0004/0x0004 0x0020000
1c58.1e4c:   0000000000d21000-0000000000d21fff 0x0000/0x0004 0x0020000
1c58.1e4c:   0000000000d22000-000000007ffdffff 0x0001/0x0000 0x0000000
1c58.1e4c:  *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1c58.1e4c:   000000007ffe1000-000000007ffe2fff 0x0001/0x0000 0x0000000
1c58.1e4c:  *000000007ffe3000-000000007ffe3fff 0x0002/0x0002 0x0020000
1c58.1e4c:   000000007ffe4000-00007ff4407dffff 0x0001/0x0000 0x0000000
1c58.1e4c:  *00007ff4407e0000-00007ff4407e4fff 0x0002/0x0002 0x0040000
1c58.1e4c:   00007ff4407e5000-00007ff4408dffff 0x0000/0x0002 0x0040000
1c58.1e4c:  *00007ff4408e0000-00007ff5408fffff 0x0000/0x0004 0x0020000
1c58.1e4c:  *00007ff540900000-00007ff5428fffff 0x0000/0x0004 0x0020000
1c58.1e4c:   00007ff542900000-00007ff542900fff 0x0004/0x0004 0x0020000
1c58.1e4c:   00007ff542901000-00007ff54290ffff 0x0001/0x0000 0x0000000
1c58.1e4c:  *00007ff542910000-00007ff542910fff 0x0002/0x0002 0x0040000
1c58.1e4c:   00007ff542911000-00007ff54291ffff 0x0001/0x0000 0x0000000
1c58.1e4c:  *00007ff542920000-00007ff542942fff 0x0002/0x0002 0x0040000
1c58.1e4c:   00007ff542943000-00007ff7afb4ffff 0x0001/0x0000 0x0000000
1c58.1e4c:  *00007ff7afb50000-00007ff7afb50fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1c58.1e4c:   00007ff7afb51000-00007ff7afbc7fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1c58.1e4c:   00007ff7afbc8000-00007ff7afbc8fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1c58.1e4c:   00007ff7afbc9000-00007ff7afc11fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1c58.1e4c:   00007ff7afc12000-00007ff7afc14fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1c58.1e4c:   00007ff7afc15000-00007ff7afc17fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1c58.1e4c:   00007ff7afc18000-00007ff7afc1afff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1c58.1e4c:   00007ff7afc1b000-00007ff7afc1bfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1c58.1e4c:   00007ff7afc1c000-00007ff7afc1dfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1c58.1e4c:   00007ff7afc1e000-00007ff7afc1efff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1c58.1e4c:   00007ff7afc1f000-00007ff7afc67fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1c58.1e4c:   00007ff7afc68000-00007ffbe210ffff 0x0001/0x0000 0x0000000
1c58.1e4c:  *00007ffbe2110000-00007ffbe2110fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
1c58.1e4c:   00007ffbe2111000-00007ffbe2225fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
1c58.1e4c:   00007ffbe2226000-00007ffbe239efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
1c58.1e4c:   00007ffbe239f000-00007ffbe23a2fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
1c58.1e4c:   00007ffbe23a3000-00007ffbe23a3fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
1c58.1e4c:   00007ffbe23a4000-00007ffbe23dcfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
1c58.1e4c:   00007ffbe23dd000-00007ffbe3f1ffff 0x0001/0x0000 0x0000000
1c58.1e4c:  *00007ffbe3f20000-00007ffbe3f20fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1c58.1e4c:   00007ffbe3f21000-00007ffbe3f9efff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1c58.1e4c:   00007ffbe3f9f000-00007ffbe3fd1fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1c58.1e4c:   00007ffbe3fd2000-00007ffbe3fd2fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1c58.1e4c:   00007ffbe3fd3000-00007ffbe3fd3fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1c58.1e4c:   00007ffbe3fd4000-00007ffbe3fdcfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1c58.1e4c:   00007ffbe3fdd000-00007ffbe452ffff 0x0001/0x0000 0x0000000
1c58.1e4c:  *00007ffbe4530000-00007ffbe4530fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1c58.1e4c:   00007ffbe4531000-00007ffbe464bfff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1c58.1e4c:   00007ffbe464c000-00007ffbe4693fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1c58.1e4c:   00007ffbe4694000-00007ffbe4694fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1c58.1e4c:   00007ffbe4695000-00007ffbe4696fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1c58.1e4c:   00007ffbe4697000-00007ffbe469ffff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1c58.1e4c:   00007ffbe46a0000-00007ffbe4724fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1c58.1e4c:   00007ffbe4725000-00007ffffffeffff 0x0001/0x0000 0x0000000
1c58.1e4c: kernel32.dll: timestamp 0x4e5c27cf (rc=VINF_SUCCESS)
1c58.1e4c: kernelbase.dll: timestamp 0x458acb5b (rc=VINF_SUCCESS)
1c58.1e4c: VirtualBoxVM.exe: timestamp 0x623a5dfe (rc=VINF_SUCCESS)
1c58.1e4c: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
1c58.1e4c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1c58.1e4c: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
1c58.1e4c: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
1c58.1e4c: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
1c58.1e4c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1c58.1e4c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
1c58.1e4c: supR3HardNtEnableThreadCreationEx:
1c58.1e4c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbe45a4b00 pvNtTerminateThread=00007ffbe45cd790
1c58.1e4c: supR3HardenedWinDoReSpawn(1): New child 284c.3ce4 [kernel32].
1c58.1e4c: supR3HardNtChildGatherData: PebBaseAddress=0000000000a24000 cbPeb=0x388
1c58.1e4c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffbe4530000 uNtDllChildAddr=00007ffbe4530000
1c58.1e4c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffbe45a4b00
1c58.1e4c: supR3HardenedWinSetupChildInit: Initial context:
  rax=0000000000000000 rbx=0000000000000000 rcx=00007ff7afb57900 rdx=0000000000a24000
  rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
  r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
  r14=0000000000000000 r15=0000000000000000  P1=0000000000000000  P2=0000000000000000
  rip=00007ffbe4582630 rsp=00000000009bfe78 rbp=0000000000000000    ctxflags=0010001b
  cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000    eflags=00000200   mxcrx=00001f80
   P3=0000000000000000  P4=0000000000000000  P5=0000000000000000  P6=0000000000000000
  dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
  dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
  lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
1c58.1e4c: supR3HardenedWinSetupChildInit: Start child.
1c58.1e4c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
1c58.1e4c: supR3HardNtChildPurify: Startup delay kludge #1/0: 523 ms, 34 sleeps
1c58.1e4c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1c58.1e4c:  *0000000000000000-000000000087ffff 0x0001/0x0000 0x0000000
1c58.1e4c:  *0000000000880000-000000000089ffff 0x0004/0x0004 0x0020000
1c58.1e4c:  *00000000008a0000-00000000008bcfff 0x0002/0x0002 0x0040000
1c58.1e4c:   00000000008bd000-00000000008bffff 0x0001/0x0000 0x0000000
1c58.1e4c:  *00000000008c0000-00000000009bafff 0x0000/0x0004 0x0020000
1c58.1e4c:   00000000009bb000-00000000009bdfff 0x0104/0x0004 0x0020000
1c58.1e4c:   00000000009be000-00000000009bffff 0x0004/0x0004 0x0020000
1c58.1e4c:  *00000000009c0000-00000000009c3fff 0x0002/0x0002 0x0040000
1c58.1e4c:   00000000009c4000-00000000009cffff 0x0001/0x0000 0x0000000
1c58.1e4c:  *00000000009d0000-00000000009d1fff 0x0004/0x0004 0x0020000
1c58.1e4c:   00000000009d2000-00000000009fffff 0x0001/0x0000 0x0000000
1c58.1e4c:  *0000000000a00000-0000000000a23fff 0x0000/0x0004 0x0020000
1c58.1e4c:   0000000000a24000-0000000000a26fff 0x0004/0x0004 0x0020000
1c58.1e4c:   0000000000a27000-0000000000bfffff 0x0000/0x0004 0x0020000
1c58.1e4c:   0000000000c00000-000000007ffdffff 0x0001/0x0000 0x0000000
1c58.1e4c:  *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1c58.1e4c:   000000007ffe1000-000000007ffe2fff 0x0001/0x0000 0x0000000
1c58.1e4c:  *000000007ffe3000-000000007ffe3fff 0x0002/0x0002 0x0020000
1c58.1e4c:   000000007ffe4000-00007ff5ee77ffff 0x0001/0x0000 0x0000000
1c58.1e4c:  *00007ff5ee780000-00007ff5ee780fff 0x0002/0x0002 0x0040000
1c58.1e4c:   00007ff5ee781000-00007ff5ee78ffff 0x0001/0x0000 0x0000000
1c58.1e4c:  *00007ff5ee790000-00007ff5ee7b2fff 0x0002/0x0002 0x0040000
1c58.1e4c:   00007ff5ee7b3000-00007ff7afb4ffff 0x0001/0x0000 0x0000000
1c58.1e4c:  *00007ff7afb50000-00007ff7afb50fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1c58.1e4c:   00007ff7afb51000-00007ff7afbc7fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1c58.1e4c:   00007ff7afbc8000-00007ff7afbc8fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1c58.1e4c:   00007ff7afbc9000-00007ff7afc11fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1c58.1e4c:   00007ff7afc12000-00007ff7afc12fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1c58.1e4c:   00007ff7afc13000-00007ff7afc13fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1c58.1e4c:   00007ff7afc14000-00007ff7afc18fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1c58.1e4c:   00007ff7afc19000-00007ff7afc19fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1c58.1e4c:   00007ff7afc1a000-00007ff7afc1afff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1c58.1e4c:   00007ff7afc1b000-00007ff7afc1efff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1c58.1e4c:   00007ff7afc1f000-00007ff7afc67fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1c58.1e4c:   00007ff7afc68000-00007ffbe452ffff 0x0001/0x0000 0x0000000
1c58.1e4c:  *00007ffbe4530000-00007ffbe4530fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1c58.1e4c:   00007ffbe4531000-00007ffbe464bfff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1c58.1e4c:   00007ffbe464c000-00007ffbe4693fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1c58.1e4c:   00007ffbe4694000-00007ffbe469ffff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1c58.1e4c:   00007ffbe46a0000-00007ffbe46aefff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1c58.1e4c:   00007ffbe46af000-00007ffbe46affff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1c58.1e4c:   00007ffbe46b0000-00007ffbe46b2fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1c58.1e4c:   00007ffbe46b3000-00007ffbe4724fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1c58.1e4c:   00007ffbe4725000-00007ffffffeffff 0x0001/0x0000 0x0000000
1c58.1e4c: supR3HardNtChildPurify: Done after 526 ms and 0 fixes (loop #0).
284c.3ce4: Log file opened: 6.1.34r150636 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6300
284c.3ce4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffbe4530000 g_uNtVerCombined=0xa04a6300 (stack ~00000000009bf908)
284c.3ce4: ntdll.dll: timestamp 0x7b5414ec (rc=VINF_SUCCESS)
284c.3ce4: New simple heap: #1 0000000000d00000 LB 0x400000 (for 2052096 allocation)
1c58.1e4c: supR3HardNtEnableThreadCreationEx:
284c.3ce4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
284c.3ce4: System32:  \Device\HarddiskVolume4\Windows\System32
284c.3ce4: WinSxS:    \Device\HarddiskVolume4\Windows\WinSxS
284c.3ce4: KnownDllPath: C:\WINDOWS\System32
284c.3ce4: supR3HardenedVmProcessInit: Opening vboxdrv stub...
284c.3ce4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
284c.3ce4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
284c.3ce4: Registered Dll notification callback with NTDLL.
284c.3ce4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
284c.3ce4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
284c.3ce4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
284c.3ce4: supR3HardenedDllNotificationCallback: load   00007ffbe2110000 LB 0x002cd000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
284c.3ce4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
284c.3ce4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
284c.3ce4: supR3HardenedDllNotificationCallback: load   00007ffbe3f20000 LB 0x000bd000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
284c.3ce4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
284c.3ce4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3f20000 'C:\WINDOWS\System32\KERNEL32.DLL'
284c.3ce4: supR3HardenedDllNotificationCallback: load   00007ff7afb50000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
284c.3ce4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
284c.3ce4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
284c.3ce4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
284c.3ce4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
284c.3ce4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbe45a4b00 pvNtTerminateThread=00007ffbe45cd790
1c58.1e4c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 107 ms.
284c.3ce4: \SystemRoot\System32\ntdll.dll:
284c.3ce4:     CreationTime:    2022-05-13T09:37:24.962297600Z
284c.3ce4:     LastWriteTime:   2022-05-13T09:37:25.011955800Z
284c.3ce4:     ChangeTime:      2022-05-13T21:27:08.242392000Z
284c.3ce4:     FileAttributes:  0x20
284c.3ce4:     Size:            0x1eeb38
284c.3ce4:     NT Headers:      0xe8
284c.3ce4:     Timestamp:       0x7b5414ec
284c.3ce4:     Machine:         0x8664 - amd64
284c.3ce4:     Timestamp:       0x7b5414ec
284c.3ce4:     Image Version:   10.0
284c.3ce4:     SizeOfImage:     0x1f5000 (2052096)
284c.3ce4:     Resource Dir:    0x184000 LB 0x6fff8
284c.3ce4:     [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
284c.3ce4:     [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
284c.3ce4:     ProductName:     Microsoft® Windows® Operating System
284c.3ce4:     ProductVersion:  10.0.19041.1682
284c.3ce4:     FileVersion:     10.0.19041.1682 (WinBuild.160101.0800)
284c.3ce4:     FileDescription: NT Layer DLL
284c.3ce4: \SystemRoot\System32\kernel32.dll:
284c.3ce4:     CreationTime:    2022-05-13T09:37:16.157371700Z
284c.3ce4:     LastWriteTime:   2022-05-13T09:37:16.176080300Z
284c.3ce4:     ChangeTime:      2022-05-13T21:27:08.008042100Z
284c.3ce4:     FileAttributes:  0x20
284c.3ce4:     Size:            0xbb058
284c.3ce4:     NT Headers:      0xe8
284c.3ce4:     Timestamp:       0x4e5c27cf
284c.3ce4:     Machine:         0x8664 - amd64
284c.3ce4:     Timestamp:       0x4e5c27cf
284c.3ce4:     Image Version:   10.0
284c.3ce4:     SizeOfImage:     0xbd000 (774144)
284c.3ce4:     Resource Dir:    0xbb000 LB 0x520
284c.3ce4:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
284c.3ce4:     [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
284c.3ce4:     ProductName:     Microsoft® Windows® Operating System
284c.3ce4:     ProductVersion:  10.0.19041.1706
284c.3ce4:     FileVersion:     10.0.19041.1706 (WinBuild.160101.0800)
284c.3ce4:     FileDescription: Windows NT BASE API Client DLL
284c.3ce4: \SystemRoot\System32\KernelBase.dll:
284c.3ce4:     CreationTime:    2022-05-13T09:37:25.904947200Z
284c.3ce4:     LastWriteTime:   2022-05-13T09:37:25.981546200Z
284c.3ce4:     ChangeTime:      2022-05-13T21:27:08.226771300Z
284c.3ce4:     FileAttributes:  0x20
284c.3ce4:     Size:            0x2cf640
284c.3ce4:     NT Headers:      0xf0
284c.3ce4:     Timestamp:       0x458acb5b
284c.3ce4:     Machine:         0x8664 - amd64
284c.3ce4:     Timestamp:       0x458acb5b
284c.3ce4:     Image Version:   10.0
284c.3ce4:     SizeOfImage:     0x2cd000 (2936832)
284c.3ce4:     Resource Dir:    0x2a4000 LB 0x548
284c.3ce4:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
284c.3ce4:     [Raw version resource data: 0x2a40b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
284c.3ce4:     ProductName:     Microsoft® Windows® Operating System
284c.3ce4:     ProductVersion:  10.0.19041.1706
284c.3ce4:     FileVersion:     10.0.19041.1706 (WinBuild.160101.0800)
284c.3ce4:     FileDescription: Windows NT BASE API Client DLL
284c.3ce4: \SystemRoot\System32\apisetschema.dll:
284c.3ce4:     CreationTime:    2019-12-07T09:08:13.518339400Z
284c.3ce4:     LastWriteTime:   2019-12-07T09:08:13.518339400Z
284c.3ce4:     ChangeTime:      2022-05-13T09:38:12.902031600Z
284c.3ce4:     FileAttributes:  0x20
284c.3ce4:     Size:            0x1f538
284c.3ce4:     NT Headers:      0xd0
284c.3ce4:     Timestamp:       0x31288ce0
284c.3ce4:     Machine:         0x8664 - amd64
284c.3ce4:     Timestamp:       0x31288ce0
284c.3ce4:     Image Version:   10.0
284c.3ce4:     SizeOfImage:     0x20000 (131072)
284c.3ce4:     Resource Dir:    0x1f000 LB 0x408
284c.3ce4:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
284c.3ce4:     [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
284c.3ce4:     ProductName:     Microsoft® Windows® Operating System
284c.3ce4:     ProductVersion:  10.0.19041.1
284c.3ce4:     FileVersion:     10.0.19041.1 (WinBuild.160101.0800)
284c.3ce4:     FileDescription: ApiSet Schema DLL
284c.3ce4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
284c.3ce4: supR3HardenedWinFindAdversaries: 0x800
284c.3ce4: \SystemRoot\System32\drivers\cfrmd.sys:
284c.3ce4:     CreationTime:    2014-06-26T05:33:42.000000000Z
284c.3ce4:     LastWriteTime:   2014-06-26T05:33:42.000000000Z
284c.3ce4:     ChangeTime:      2020-10-11T11:10:28.369648400Z
284c.3ce4:     FileAttributes:  0x20
284c.3ce4:     Size:            0x9d20
284c.3ce4:     NT Headers:      0xe8
284c.3ce4:     Timestamp:       0x5004f2a1
284c.3ce4:     Machine:         0x8664 - amd64
284c.3ce4:     Timestamp:       0x5004f2a1
284c.3ce4:     Image Version:   6.1
284c.3ce4:     SizeOfImage:     0xe000 (57344)
284c.3ce4:     Resource Dir:    0xc000 LB 0x3e0
284c.3ce4:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
284c.3ce4:     [Raw version resource data: 0xc060 LB 0x380, codepage 0x0 (reserved 0x0)]
284c.3ce4:     ProductName:     Windows (R) Win 7 DDK driver
284c.3ce4:     ProductVersion:  6.1.7600.16385
284c.3ce4:     FileVersion:     6.1.7600.16385 built by: WinDDK
284c.3ce4:     FileDescription: Safe Deletion Driver
284c.3ce4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
284c.3ce4: Calling main()
284c.3ce4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
284c.3ce4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
284c.3ce4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
284c.3ce4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
284c.3ce4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
284c.3ce4: SUPR3HardenedMain: Respawn #2
284c.3ce4: supR3HardNtEnableThreadCreationEx:
284c.3ce4: supR3HardenedDllNotificationCallback: load   00007ffbe3970000 LB 0x00125000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
284c.3ce4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
284c.3ce4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
284c.3ce4: supR3HardenedDllNotificationCallback: load   00007ffbe2c30000 LB 0x0009c000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
284c.3ce4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
284c.3ce4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
284c.3ce4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
284c.3ce4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
284c.3ce4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
284c.3ce4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
284c.3ce4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
284c.3ce4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
284c.3ce4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
284c.3ce4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
284c.3ce4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe4530000 'C:\WINDOWS\System32\ntdll.dll'
284c.3ce4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbe45a4b00 pvNtTerminateThread=00007ffbe45cd790
284c.3ce4: supR3HardenedWinDoReSpawn(2): New child 255c.41c4 [kernel32].
284c.3ce4: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
284c.3ce4: supR3HardNtChildGatherData: PebBaseAddress=0000000000ccf000 cbPeb=0x388
284c.3ce4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffbe4530000 uNtDllChildAddr=00007ffbe4530000
284c.3ce4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffbe45a4b00
284c.3ce4: supR3HardenedWinSetupChildInit: Initial context:
  rax=0000000000000000 rbx=0000000000000000 rcx=00007ff7afb57900 rdx=0000000000ccf000
  rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
  r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
  r14=0000000000000000 r15=0000000000000000  P1=0000000000000000  P2=0000000000000000
  rip=00007ffbe4582630 rsp=0000000000b9fad8 rbp=0000000000000000    ctxflags=0010001b
  cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000    eflags=00000200   mxcrx=00001f80
   P3=0000000000000000  P4=0000000000000000  P5=0000000000000000  P6=0000000000000000
  dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
  dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
  lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
284c.3ce4: kernel32.dll: timestamp 0x4e5c27cf (rc=VINF_SUCCESS)
284c.3ce4: supR3HardenedWinSetupChildInit: Start child.
284c.3ce4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
284c.3ce4: supR3HardNtChildPurify: Startup delay kludge #1/0: 524 ms, 34 sleeps
284c.3ce4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
284c.3ce4:  *0000000000000000-0000000000a5ffff 0x0001/0x0000 0x0000000
284c.3ce4:  *0000000000a60000-0000000000a7ffff 0x0004/0x0004 0x0020000
284c.3ce4:  *0000000000a80000-0000000000a9cfff 0x0002/0x0002 0x0040000
284c.3ce4:   0000000000a9d000-0000000000a9ffff 0x0001/0x0000 0x0000000
284c.3ce4:  *0000000000aa0000-0000000000b9afff 0x0000/0x0004 0x0020000
284c.3ce4:   0000000000b9b000-0000000000b9dfff 0x0104/0x0004 0x0020000
284c.3ce4:   0000000000b9e000-0000000000b9ffff 0x0004/0x0004 0x0020000
284c.3ce4:  *0000000000ba0000-0000000000ba3fff 0x0002/0x0002 0x0040000
284c.3ce4:   0000000000ba4000-0000000000baffff 0x0001/0x0000 0x0000000
284c.3ce4:  *0000000000bb0000-0000000000bb1fff 0x0004/0x0004 0x0020000
284c.3ce4:   0000000000bb2000-0000000000bfffff 0x0001/0x0000 0x0000000
284c.3ce4:  *0000000000c00000-0000000000ccefff 0x0000/0x0004 0x0020000
284c.3ce4:   0000000000ccf000-0000000000cd1fff 0x0004/0x0004 0x0020000
284c.3ce4:   0000000000cd2000-0000000000dfffff 0x0000/0x0004 0x0020000
284c.3ce4:   0000000000e00000-000000007ffdffff 0x0001/0x0000 0x0000000
284c.3ce4:  *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
284c.3ce4:   000000007ffe1000-000000007ffe2fff 0x0001/0x0000 0x0000000
284c.3ce4:  *000000007ffe3000-000000007ffe3fff 0x0002/0x0002 0x0020000
284c.3ce4:   000000007ffe4000-00007ff55706ffff 0x0001/0x0000 0x0000000
284c.3ce4:  *00007ff557070000-00007ff557070fff 0x0002/0x0002 0x0040000
284c.3ce4:   00007ff557071000-00007ff55707ffff 0x0001/0x0000 0x0000000
284c.3ce4:  *00007ff557080000-00007ff5570a2fff 0x0002/0x0002 0x0040000
284c.3ce4:   00007ff5570a3000-00007ff7afb4ffff 0x0001/0x0000 0x0000000
284c.3ce4:  *00007ff7afb50000-00007ff7afb50fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
284c.3ce4:   00007ff7afb51000-00007ff7afbc7fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
284c.3ce4:   00007ff7afbc8000-00007ff7afbc8fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
284c.3ce4:   00007ff7afbc9000-00007ff7afc11fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
284c.3ce4:   00007ff7afc12000-00007ff7afc12fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
284c.3ce4:   00007ff7afc13000-00007ff7afc13fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
284c.3ce4:   00007ff7afc14000-00007ff7afc18fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
284c.3ce4:   00007ff7afc19000-00007ff7afc19fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
284c.3ce4:   00007ff7afc1a000-00007ff7afc1afff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
284c.3ce4:   00007ff7afc1b000-00007ff7afc1efff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
284c.3ce4:   00007ff7afc1f000-00007ff7afc67fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
284c.3ce4:   00007ff7afc68000-00007ffbe452ffff 0x0001/0x0000 0x0000000
284c.3ce4:  *00007ffbe4530000-00007ffbe4530fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
284c.3ce4:   00007ffbe4531000-00007ffbe464bfff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
284c.3ce4:   00007ffbe464c000-00007ffbe4693fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
284c.3ce4:   00007ffbe4694000-00007ffbe469ffff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
284c.3ce4:   00007ffbe46a0000-00007ffbe46aefff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
284c.3ce4:   00007ffbe46af000-00007ffbe46affff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
284c.3ce4:   00007ffbe46b0000-00007ffbe46b2fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
284c.3ce4:   00007ffbe46b3000-00007ffbe4724fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
284c.3ce4:   00007ffbe4725000-00007ffffffeffff 0x0001/0x0000 0x0000000
284c.3ce4: VirtualBoxVM.exe: timestamp 0x623a5dfe (rc=VINF_SUCCESS)
284c.3ce4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
284c.3ce4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
284c.3ce4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
284c.3ce4: supR3HardNtChildPurify: Done after 566 ms and 0 fixes (loop #0).
284c.3ce4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000d00000 LB 0x400000)
255c.41c4: Log file opened: 6.1.34r150636 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6300
255c.41c4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffbe4530000 g_uNtVerCombined=0xa04a6300 (stack ~0000000000b9f568)
284c.3ce4: supR3HardNtEnableThreadCreationEx:
255c.41c4: ntdll.dll: timestamp 0x7b5414ec (rc=VINF_SUCCESS)
255c.41c4: New simple heap: #1 0000000000f00000 LB 0x400000 (for 2052096 allocation)
255c.41c4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
255c.41c4: System32:  \Device\HarddiskVolume4\Windows\System32
255c.41c4: WinSxS:    \Device\HarddiskVolume4\Windows\WinSxS
255c.41c4: KnownDllPath: C:\WINDOWS\System32
255c.41c4: supR3HardenedVmProcessInit: Opening vboxdrv...
255c.41c4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
255c.41c4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
255c.41c4: Registered Dll notification callback with NTDLL.
255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
255c.41c4: supR3HardenedDllNotificationCallback: load   00007ffbe2110000 LB 0x002cd000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
255c.41c4: supR3HardenedDllNotificationCallback: load   00007ffbe3f20000 LB 0x000bd000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3f20000 'C:\WINDOWS\System32\KERNEL32.DLL'
255c.41c4: supR3HardenedDllNotificationCallback: load   00007ff7afb50000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
255c.41c4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
255c.41c4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
255c.41c4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
255c.41c4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbe45a4b00 pvNtTerminateThread=00007ffbe45cd790
284c.3ce4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 125 ms.
255c.41c4: \SystemRoot\System32\ntdll.dll:
255c.41c4:     CreationTime:    2022-05-13T09:37:24.962297600Z
255c.41c4:     LastWriteTime:   2022-05-13T09:37:25.011955800Z
255c.41c4:     ChangeTime:      2022-05-13T21:27:08.242392000Z
255c.41c4:     FileAttributes:  0x20
255c.41c4:     Size:            0x1eeb38
255c.41c4:     NT Headers:      0xe8
255c.41c4:     Timestamp:       0x7b5414ec
255c.41c4:     Machine:         0x8664 - amd64
255c.41c4:     Timestamp:       0x7b5414ec
255c.41c4:     Image Version:   10.0
255c.41c4:     SizeOfImage:     0x1f5000 (2052096)
255c.41c4:     Resource Dir:    0x184000 LB 0x6fff8
255c.41c4:     [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
255c.41c4:     [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)]
255c.41c4:     ProductName:     Microsoft® Windows® Operating System
255c.41c4:     ProductVersion:  10.0.19041.1682
255c.41c4:     FileVersion:     10.0.19041.1682 (WinBuild.160101.0800)
255c.41c4:     FileDescription: NT Layer DLL
255c.41c4: \SystemRoot\System32\kernel32.dll:
255c.41c4:     CreationTime:    2022-05-13T09:37:16.157371700Z
255c.41c4:     LastWriteTime:   2022-05-13T09:37:16.176080300Z
255c.41c4:     ChangeTime:      2022-05-13T21:27:08.008042100Z
255c.41c4:     FileAttributes:  0x20
255c.41c4:     Size:            0xbb058
255c.41c4:     NT Headers:      0xe8
255c.41c4:     Timestamp:       0x4e5c27cf
255c.41c4:     Machine:         0x8664 - amd64
255c.41c4:     Timestamp:       0x4e5c27cf
255c.41c4:     Image Version:   10.0
255c.41c4:     SizeOfImage:     0xbd000 (774144)
255c.41c4:     Resource Dir:    0xbb000 LB 0x520
255c.41c4:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
255c.41c4:     [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
255c.41c4:     ProductName:     Microsoft® Windows® Operating System
255c.41c4:     ProductVersion:  10.0.19041.1706
255c.41c4:     FileVersion:     10.0.19041.1706 (WinBuild.160101.0800)
255c.41c4:     FileDescription: Windows NT BASE API Client DLL
255c.41c4: \SystemRoot\System32\KernelBase.dll:
255c.41c4:     CreationTime:    2022-05-13T09:37:25.904947200Z
255c.41c4:     LastWriteTime:   2022-05-13T09:37:25.981546200Z
255c.41c4:     ChangeTime:      2022-05-13T21:27:08.226771300Z
255c.41c4:     FileAttributes:  0x20
255c.41c4:     Size:            0x2cf640
255c.41c4:     NT Headers:      0xf0
255c.41c4:     Timestamp:       0x458acb5b
255c.41c4:     Machine:         0x8664 - amd64
255c.41c4:     Timestamp:       0x458acb5b
255c.41c4:     Image Version:   10.0
255c.41c4:     SizeOfImage:     0x2cd000 (2936832)
255c.41c4:     Resource Dir:    0x2a4000 LB 0x548
255c.41c4:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
255c.41c4:     [Raw version resource data: 0x2a40b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
255c.41c4:     ProductName:     Microsoft® Windows® Operating System
255c.41c4:     ProductVersion:  10.0.19041.1706
255c.41c4:     FileVersion:     10.0.19041.1706 (WinBuild.160101.0800)
255c.41c4:     FileDescription: Windows NT BASE API Client DLL
255c.41c4: \SystemRoot\System32\apisetschema.dll:
255c.41c4:     CreationTime:    2019-12-07T09:08:13.518339400Z
255c.41c4:     LastWriteTime:   2019-12-07T09:08:13.518339400Z
255c.41c4:     ChangeTime:      2022-05-13T09:38:12.902031600Z
255c.41c4:     FileAttributes:  0x20
255c.41c4:     Size:            0x1f538
255c.41c4:     NT Headers:      0xd0
255c.41c4:     Timestamp:       0x31288ce0
255c.41c4:     Machine:         0x8664 - amd64
255c.41c4:     Timestamp:       0x31288ce0
255c.41c4:     Image Version:   10.0
255c.41c4:     SizeOfImage:     0x20000 (131072)
255c.41c4:     Resource Dir:    0x1f000 LB 0x408
255c.41c4:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
255c.41c4:     [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
255c.41c4:     ProductName:     Microsoft® Windows® Operating System
255c.41c4:     ProductVersion:  10.0.19041.1
255c.41c4:     FileVersion:     10.0.19041.1 (WinBuild.160101.0800)
255c.41c4:     FileDescription: ApiSet Schema DLL
255c.41c4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
255c.41c4: supR3HardenedWinFindAdversaries: 0x800
255c.41c4: \SystemRoot\System32\drivers\cfrmd.sys:
255c.41c4:     CreationTime:    2014-06-26T05:33:42.000000000Z
255c.41c4:     LastWriteTime:   2014-06-26T05:33:42.000000000Z
255c.41c4:     ChangeTime:      2020-10-11T11:10:28.369648400Z
255c.41c4:     FileAttributes:  0x20
255c.41c4:     Size:            0x9d20
255c.41c4:     NT Headers:      0xe8
255c.41c4:     Timestamp:       0x5004f2a1
255c.41c4:     Machine:         0x8664 - amd64
255c.41c4:     Timestamp:       0x5004f2a1
255c.41c4:     Image Version:   6.1
255c.41c4:     SizeOfImage:     0xe000 (57344)
255c.41c4:     Resource Dir:    0xc000 LB 0x3e0
255c.41c4:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
255c.41c4:     [Raw version resource data: 0xc060 LB 0x380, codepage 0x0 (reserved 0x0)]
255c.41c4:     ProductName:     Windows (R) Win 7 DDK driver
255c.41c4:     ProductVersion:  6.1.7600.16385
255c.41c4:     FileVersion:     6.1.7600.16385 built by: WinDDK
255c.41c4:     FileDescription: Safe Deletion Driver
255c.41c4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
255c.41c4: Calling main()
255c.41c4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
255c.41c4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
255c.41c4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
255c.41c4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
255c.41c4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
255c.41c4: SUPR3HardenedMain: Final process, opening VBoxDrv...
255c.41c4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000f00000 LB 0x400000)
255c.41c4: supR3HardNtEnableThreadCreationEx:
255c.41c4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202
255c.41c4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
255c.41c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
255c.41c4: supR3HardenedDllNotificationCallback: load   00007ffbdcfb0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdcfb0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdcfb0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdcfb0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
255c.41c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
255c.41c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'.
255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
255c.41c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
255c.41c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
255c.41c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
255c.41c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
255c.41c4: supR3HardenedDllNotificationCallback: load   00007ffbe26a0000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
255c.41c4: supR3HardenedDllNotificationCallback: load   00007ffbe3970000 LB 0x00125000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
255c.41c4: supR3HardenedDllNotificationCallback: load   00007ffbe2510000 LB 0x00068000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
255c.41c4: supR3HardenedDllNotificationCallback: load   00007ffbe1c70000 LB 0x00100000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll)
255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
255c.41c4: supR3HardenedDllNotificationCallback: load   00007ffbe1d70000 LB 0x00156000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
255c.41c4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2110000 'api-ms-win-core-synch-l1-2-0'
255c.41c4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2110000 'api-ms-win-core-fibers-l1-1-1'
255c.41c4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2110000 'api-ms-win-core-fibers-l1-1-1'
255c.41c4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2110000 'api-ms-win-core-synch-l1-2-0'
255c.41c4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2110000 'api-ms-win-core-localization-l1-2-1'
255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
255c.41c4: supR3HardenedDllNotificationCallback: load   00007ffbe1830000 LB 0x00012000 C:\WINDOWS\SYSTEM32\MSASN1.dll [fFlags=0x0]
255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2510000 'C:\WINDOWS\system32\Wintrust.dll'
255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
255c.41c4: supR3HardenedDllNotificationCallback: load   00007ffbe1c40000 LB 0x00027000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe1c40000 'C:\WINDOWS\system32\bcrypt.dll'
255c.41c4: bcrypt.dll loaded at 00007ffbe1c40000, BCryptOpenAlgorithmProvider at 00007ffbe1c451e0, preloading providers:
255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
255c.41c4: supR3HardenedDllNotificationCallback: load   00007ffbe23e0000 LB 0x00082000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0]
255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe23e0000 'C:\WINDOWS\system32\bcryptprimitives.dll'
255c.41c4:     BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000014417e0)
255c.41c4:     BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000001441e60)
255c.41c4:     BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000001442180)
255c.41c4:     BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000014434b0)
255c.41c4:     BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000014437d0)
255c.41c4:     BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000001443af0)
255c.41c4:     BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000001443e10)
255c.41c4:     BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000001444130)
255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
255c.41c4: supR3HardenedDllNotificationCallback: load   00007ffbe15f0000 LB 0x00018000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
255c.41c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
255c.41c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
255c.41c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
255c.41c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
255c.41c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
255c.41c4: supR3HardenedDllNotificationCallback: load   00007ffbe0cb0000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe0cb0000 'C:\WINDOWS\system32\rsaenh.dll'
255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
255c.41c4: supR3HardenedDllNotificationCallback: load   00007ffbe1610000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3f20000 'C:\WINDOWS\System32\kernel32.dll'
255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2510000 'C:\WINDOWS\System32\WINTRUST.DLL'
255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe1d70000 'C:\WINDOWS\System32\CRYPT32.dll'
255c.41c4: supR3HardenedDllNotificationCallback: load   00007ffbe4280000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0]
255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe0cb0000 'C:\WINDOWS\system32\rsaenh.dll'
255c.41c4: supR3HardenedDllNotificationCallback: load   00007ffbe2c30000 LB 0x0009c000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
255c.41c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
255c.41c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
255c.41c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
255c.41c4: supR3HardenedDllNotificationCallback: load   00007ffbe0510000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
255c.41c4: supR3HardenedDllNotificationCallback: load   00007ffbe1b80000 LB 0x0001f000 C:\WINDOWS\SYSTEM32\profapi.dll [fFlags=0x0]
255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll [lacks WinVerifyTrust]
255c.41c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
255c.41c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
255c.41c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
255c.41c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
255c.41c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
255c.41c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
255c.41c4: supR3HardenedWin

Attachments (1)

VBoxHardening.log (183.7 KB ) - added by Murdoch 2 years ago.
VBoxHardening Log

Download all attachments as: .zip

Change History (2)

by Murdoch, 2 years ago

Attachment: VBoxHardening.log added

VBoxHardening Log

comment:1 by Murdoch, 2 years ago

Please provide a solution to this because I cannot use VirtualBox at all. I have tried all the solutions proposed on google and in the forums but none of them have worked on this. I think this is a major issue because it completely disables the program and there's no obvious way to fix it. Even uninstalling and reinstalling doesn't work.

Note: See TracTickets for help on using tickets.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy