Opened 2 years ago
Closed 23 months ago
#20970 closed defect (duplicate)
Failed to open a session for the virtual machine Kali-Linux-2022.2-virtualbox-amd64. The virtual machine 'Kali-Linux-2022.2-virtualbox-amd64' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\Computer\VirtualBox VMs\Kali-Linux-2022.2-virtualbox-amd64\Logs\VBoxHardening.log'. Result Code: E_FAIL (0x80004005) Component: MachineWrap Interface: IMachine {85632c68-b5bb-4316-a900-5eb28d3413df}
| Reported by: | Murdoch | Owned by: | |
|---|---|---|---|
| Component: | other | Version: | VirtualBox 6.1.34 |
| Keywords: | hardening VBoxHardening | Cc: | |
| Guest type: | Linux | Host type: | Windows |
Description
Failed to open a session for the virtual machine Kali-Linux-2022.2-virtualbox-amd64.
The virtual machine 'Kali-Linux-2022.2-virtualbox-amd64' has terminated unexpectedly during startup with exit code 1 (0x1). More details may be available in 'C:\Users\Computer\VirtualBox VMs\Kali-Linux-2022.2-virtualbox-amd64\Logs\VBoxHardening.log'.
Result Code: E_FAIL (0x80004005) Component: MachineWrap Interface: IMachine {85632c68-b5bb-4316-a900-5eb28d3413df}
VBoxHardening.log:
1c58.1e4c: Log file opened: 6.1.34r150636 g_hStartupLog=0000000000000084 g_uNtVerCombined=0xa04a6300 1c58.1e4c: \SystemRoot\System32\ntdll.dll: 1c58.1e4c: CreationTime: 2022-05-13T09:37:24.962297600Z 1c58.1e4c: LastWriteTime: 2022-05-13T09:37:25.011955800Z 1c58.1e4c: ChangeTime: 2022-05-13T21:27:08.242392000Z 1c58.1e4c: FileAttributes: 0x20 1c58.1e4c: Size: 0x1eeb38 1c58.1e4c: NT Headers: 0xe8 1c58.1e4c: Timestamp: 0x7b5414ec 1c58.1e4c: Machine: 0x8664 - amd64 1c58.1e4c: Timestamp: 0x7b5414ec 1c58.1e4c: Image Version: 10.0 1c58.1e4c: SizeOfImage: 0x1f5000 (2052096) 1c58.1e4c: Resource Dir: 0x184000 LB 0x6fff8 1c58.1e4c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 1c58.1e4c: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)] 1c58.1e4c: ProductName: Microsoft® Windows® Operating System 1c58.1e4c: ProductVersion: 10.0.19041.1682 1c58.1e4c: FileVersion: 10.0.19041.1682 (WinBuild.160101.0800) 1c58.1e4c: FileDescription: NT Layer DLL 1c58.1e4c: \SystemRoot\System32\kernel32.dll: 1c58.1e4c: CreationTime: 2022-05-13T09:37:16.157371700Z 1c58.1e4c: LastWriteTime: 2022-05-13T09:37:16.176080300Z 1c58.1e4c: ChangeTime: 2022-05-13T21:27:08.008042100Z 1c58.1e4c: FileAttributes: 0x20 1c58.1e4c: Size: 0xbb058 1c58.1e4c: NT Headers: 0xe8 1c58.1e4c: Timestamp: 0x4e5c27cf 1c58.1e4c: Machine: 0x8664 - amd64 1c58.1e4c: Timestamp: 0x4e5c27cf 1c58.1e4c: Image Version: 10.0 1c58.1e4c: SizeOfImage: 0xbd000 (774144) 1c58.1e4c: Resource Dir: 0xbb000 LB 0x520 1c58.1e4c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 1c58.1e4c: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 1c58.1e4c: ProductName: Microsoft® Windows® Operating System 1c58.1e4c: ProductVersion: 10.0.19041.1706 1c58.1e4c: FileVersion: 10.0.19041.1706 (WinBuild.160101.0800) 1c58.1e4c: FileDescription: Windows NT BASE API Client DLL 1c58.1e4c: \SystemRoot\System32\KernelBase.dll: 1c58.1e4c: CreationTime: 2022-05-13T09:37:25.904947200Z 1c58.1e4c: LastWriteTime: 2022-05-13T09:37:25.981546200Z 1c58.1e4c: ChangeTime: 2022-05-13T21:27:08.226771300Z 1c58.1e4c: FileAttributes: 0x20 1c58.1e4c: Size: 0x2cf640 1c58.1e4c: NT Headers: 0xf0 1c58.1e4c: Timestamp: 0x458acb5b 1c58.1e4c: Machine: 0x8664 - amd64 1c58.1e4c: Timestamp: 0x458acb5b 1c58.1e4c: Image Version: 10.0 1c58.1e4c: SizeOfImage: 0x2cd000 (2936832) 1c58.1e4c: Resource Dir: 0x2a4000 LB 0x548 1c58.1e4c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 1c58.1e4c: [Raw version resource data: 0x2a40b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 1c58.1e4c: ProductName: Microsoft® Windows® Operating System 1c58.1e4c: ProductVersion: 10.0.19041.1706 1c58.1e4c: FileVersion: 10.0.19041.1706 (WinBuild.160101.0800) 1c58.1e4c: FileDescription: Windows NT BASE API Client DLL 1c58.1e4c: \SystemRoot\System32\apisetschema.dll: 1c58.1e4c: CreationTime: 2019-12-07T09:08:13.518339400Z 1c58.1e4c: LastWriteTime: 2019-12-07T09:08:13.518339400Z 1c58.1e4c: ChangeTime: 2022-05-13T09:38:12.902031600Z 1c58.1e4c: FileAttributes: 0x20 1c58.1e4c: Size: 0x1f538 1c58.1e4c: NT Headers: 0xd0 1c58.1e4c: Timestamp: 0x31288ce0 1c58.1e4c: Machine: 0x8664 - amd64 1c58.1e4c: Timestamp: 0x31288ce0 1c58.1e4c: Image Version: 10.0 1c58.1e4c: SizeOfImage: 0x20000 (131072) 1c58.1e4c: Resource Dir: 0x1f000 LB 0x408 1c58.1e4c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 1c58.1e4c: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 1c58.1e4c: ProductName: Microsoft® Windows® Operating System 1c58.1e4c: ProductVersion: 10.0.19041.1 1c58.1e4c: FileVersion: 10.0.19041.1 (WinBuild.160101.0800) 1c58.1e4c: FileDescription: ApiSet Schema DLL 1c58.1e4c: NtOpenDirectoryObject failed on \Driver: 0xc0000022 1c58.1e4c: supR3HardenedWinFindAdversaries: 0x800 1c58.1e4c: \SystemRoot\System32\drivers\cfrmd.sys: 1c58.1e4c: CreationTime: 2014-06-26T05:33:42.000000000Z 1c58.1e4c: LastWriteTime: 2014-06-26T05:33:42.000000000Z 1c58.1e4c: ChangeTime: 2020-10-11T11:10:28.369648400Z 1c58.1e4c: FileAttributes: 0x20 1c58.1e4c: Size: 0x9d20 1c58.1e4c: NT Headers: 0xe8 1c58.1e4c: Timestamp: 0x5004f2a1 1c58.1e4c: Machine: 0x8664 - amd64 1c58.1e4c: Timestamp: 0x5004f2a1 1c58.1e4c: Image Version: 6.1 1c58.1e4c: SizeOfImage: 0xe000 (57344) 1c58.1e4c: Resource Dir: 0xc000 LB 0x3e0 1c58.1e4c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 1c58.1e4c: [Raw version resource data: 0xc060 LB 0x380, codepage 0x0 (reserved 0x0)] 1c58.1e4c: ProductName: Windows (R) Win 7 DDK driver 1c58.1e4c: ProductVersion: 6.1.7600.16385 1c58.1e4c: FileVersion: 6.1.7600.16385 built by: WinDDK 1c58.1e4c: FileDescription: Safe Deletion Driver 1c58.1e4c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 1c58.1e4c: Calling main() 1c58.1e4c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 1c58.1e4c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 1c58.1e4c: SUPR3HardenedMain: Respawn #1 1c58.1e4c: System32: \Device\HarddiskVolume4\Windows\System32 1c58.1e4c: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS 1c58.1e4c: KnownDllPath: C:\WINDOWS\System32 1c58.1e4c: supR3HardenedWinInit: Performing a limited self purification... 1c58.1e4c: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION 1c58.1e4c: *0000000000000000-000000000042ffff 0x0001/0x0000 0x0000000 1c58.1e4c: *0000000000430000-000000000043ffff 0x0004/0x0004 0x0040000 1c58.1e4c: 0000000000440000-000000000044ffff 0x0001/0x0000 0x0000000 1c58.1e4c: *0000000000450000-000000000046cfff 0x0002/0x0002 0x0040000 1c58.1e4c: 000000000046d000-000000000046ffff 0x0001/0x0000 0x0000000 1c58.1e4c: *0000000000470000-0000000000520fff 0x0000/0x0004 0x0020000 1c58.1e4c: 0000000000521000-0000000000523fff 0x0104/0x0004 0x0020000 1c58.1e4c: 0000000000524000-000000000056ffff 0x0004/0x0004 0x0020000 1c58.1e4c: *0000000000570000-0000000000573fff 0x0002/0x0002 0x0040000 1c58.1e4c: 0000000000574000-000000000057ffff 0x0001/0x0000 0x0000000 1c58.1e4c: *0000000000580000-0000000000581fff 0x0004/0x0004 0x0020000 1c58.1e4c: 0000000000582000-000000000058ffff 0x0001/0x0000 0x0000000 1c58.1e4c: *0000000000590000-0000000000591fff 0x0004/0x0004 0x0020000 1c58.1e4c: 0000000000592000-00000000005a9fff 0x0000/0x0004 0x0020000 1c58.1e4c: 00000000005aa000-00000000005fffff 0x0001/0x0000 0x0000000 1c58.1e4c: *0000000000600000-00000000006affff 0x0000/0x0004 0x0020000 1c58.1e4c: 00000000006b0000-00000000006b2fff 0x0004/0x0004 0x0020000 1c58.1e4c: 00000000006b3000-00000000007fffff 0x0000/0x0004 0x0020000 1c58.1e4c: *0000000000800000-00000000008c8fff 0x0002/0x0002 0x0040000 1c58.1e4c: 00000000008c9000-00000000008dffff 0x0001/0x0000 0x0000000 1c58.1e4c: *00000000008e0000-00000000008e5fff 0x0004/0x0004 0x0020000 1c58.1e4c: 00000000008e6000-00000000009dffff 0x0000/0x0004 0x0020000 1c58.1e4c: *00000000009e0000-0000000000a06fff 0x0004/0x0004 0x0020000 1c58.1e4c: 0000000000a07000-0000000000adffff 0x0000/0x0004 0x0020000 1c58.1e4c: 0000000000ae0000-0000000000b0ffff 0x0001/0x0000 0x0000000 1c58.1e4c: *0000000000b10000-0000000000b1efff 0x0004/0x0004 0x0020000 1c58.1e4c: 0000000000b1f000-0000000000b1ffff 0x0000/0x0004 0x0020000 1c58.1e4c: *0000000000b20000-0000000000b2afff 0x0000/0x0004 0x0020000 1c58.1e4c: 0000000000b2b000-0000000000d20fff 0x0004/0x0004 0x0020000 1c58.1e4c: 0000000000d21000-0000000000d21fff 0x0000/0x0004 0x0020000 1c58.1e4c: 0000000000d22000-000000007ffdffff 0x0001/0x0000 0x0000000 1c58.1e4c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 1c58.1e4c: 000000007ffe1000-000000007ffe2fff 0x0001/0x0000 0x0000000 1c58.1e4c: *000000007ffe3000-000000007ffe3fff 0x0002/0x0002 0x0020000 1c58.1e4c: 000000007ffe4000-00007ff4407dffff 0x0001/0x0000 0x0000000 1c58.1e4c: *00007ff4407e0000-00007ff4407e4fff 0x0002/0x0002 0x0040000 1c58.1e4c: 00007ff4407e5000-00007ff4408dffff 0x0000/0x0002 0x0040000 1c58.1e4c: *00007ff4408e0000-00007ff5408fffff 0x0000/0x0004 0x0020000 1c58.1e4c: *00007ff540900000-00007ff5428fffff 0x0000/0x0004 0x0020000 1c58.1e4c: 00007ff542900000-00007ff542900fff 0x0004/0x0004 0x0020000 1c58.1e4c: 00007ff542901000-00007ff54290ffff 0x0001/0x0000 0x0000000 1c58.1e4c: *00007ff542910000-00007ff542910fff 0x0002/0x0002 0x0040000 1c58.1e4c: 00007ff542911000-00007ff54291ffff 0x0001/0x0000 0x0000000 1c58.1e4c: *00007ff542920000-00007ff542942fff 0x0002/0x0002 0x0040000 1c58.1e4c: 00007ff542943000-00007ff7afb4ffff 0x0001/0x0000 0x0000000 1c58.1e4c: *00007ff7afb50000-00007ff7afb50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 1c58.1e4c: 00007ff7afb51000-00007ff7afbc7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 1c58.1e4c: 00007ff7afbc8000-00007ff7afbc8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 1c58.1e4c: 00007ff7afbc9000-00007ff7afc11fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 1c58.1e4c: 00007ff7afc12000-00007ff7afc14fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 1c58.1e4c: 00007ff7afc15000-00007ff7afc17fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 1c58.1e4c: 00007ff7afc18000-00007ff7afc1afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 1c58.1e4c: 00007ff7afc1b000-00007ff7afc1bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 1c58.1e4c: 00007ff7afc1c000-00007ff7afc1dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 1c58.1e4c: 00007ff7afc1e000-00007ff7afc1efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 1c58.1e4c: 00007ff7afc1f000-00007ff7afc67fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 1c58.1e4c: 00007ff7afc68000-00007ffbe210ffff 0x0001/0x0000 0x0000000 1c58.1e4c: *00007ffbe2110000-00007ffbe2110fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll 1c58.1e4c: 00007ffbe2111000-00007ffbe2225fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll 1c58.1e4c: 00007ffbe2226000-00007ffbe239efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll 1c58.1e4c: 00007ffbe239f000-00007ffbe23a2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll 1c58.1e4c: 00007ffbe23a3000-00007ffbe23a3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll 1c58.1e4c: 00007ffbe23a4000-00007ffbe23dcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\KernelBase.dll 1c58.1e4c: 00007ffbe23dd000-00007ffbe3f1ffff 0x0001/0x0000 0x0000000 1c58.1e4c: *00007ffbe3f20000-00007ffbe3f20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll 1c58.1e4c: 00007ffbe3f21000-00007ffbe3f9efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll 1c58.1e4c: 00007ffbe3f9f000-00007ffbe3fd1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll 1c58.1e4c: 00007ffbe3fd2000-00007ffbe3fd2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll 1c58.1e4c: 00007ffbe3fd3000-00007ffbe3fd3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll 1c58.1e4c: 00007ffbe3fd4000-00007ffbe3fdcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\kernel32.dll 1c58.1e4c: 00007ffbe3fdd000-00007ffbe452ffff 0x0001/0x0000 0x0000000 1c58.1e4c: *00007ffbe4530000-00007ffbe4530fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1c58.1e4c: 00007ffbe4531000-00007ffbe464bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1c58.1e4c: 00007ffbe464c000-00007ffbe4693fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1c58.1e4c: 00007ffbe4694000-00007ffbe4694fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1c58.1e4c: 00007ffbe4695000-00007ffbe4696fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1c58.1e4c: 00007ffbe4697000-00007ffbe469ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1c58.1e4c: 00007ffbe46a0000-00007ffbe4724fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1c58.1e4c: 00007ffbe4725000-00007ffffffeffff 0x0001/0x0000 0x0000000 1c58.1e4c: kernel32.dll: timestamp 0x4e5c27cf (rc=VINF_SUCCESS) 1c58.1e4c: kernelbase.dll: timestamp 0x458acb5b (rc=VINF_SUCCESS) 1c58.1e4c: VirtualBoxVM.exe: timestamp 0x623a5dfe (rc=VINF_SUCCESS) 1c58.1e4c: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 1c58.1e4c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 1c58.1e4c: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports 1c58.1e4c: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0 1c58.1e4c: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 1c58.1e4c: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 1c58.1e4c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 1c58.1e4c: supR3HardNtEnableThreadCreationEx: 1c58.1e4c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbe45a4b00 pvNtTerminateThread=00007ffbe45cd790 1c58.1e4c: supR3HardenedWinDoReSpawn(1): New child 284c.3ce4 [kernel32]. 1c58.1e4c: supR3HardNtChildGatherData: PebBaseAddress=0000000000a24000 cbPeb=0x388 1c58.1e4c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffbe4530000 uNtDllChildAddr=00007ffbe4530000 1c58.1e4c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffbe45a4b00 1c58.1e4c: supR3HardenedWinSetupChildInit: Initial context: rax=0000000000000000 rbx=0000000000000000 rcx=00007ff7afb57900 rdx=0000000000a24000 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000 rip=00007ffbe4582630 rsp=00000000009bfe78 rbp=0000000000000000 ctxflags=0010001b cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000 1c58.1e4c: supR3HardenedWinSetupChildInit: Start child. 1c58.1e4c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 1c58.1e4c: supR3HardNtChildPurify: Startup delay kludge #1/0: 523 ms, 34 sleeps 1c58.1e4c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 1c58.1e4c: *0000000000000000-000000000087ffff 0x0001/0x0000 0x0000000 1c58.1e4c: *0000000000880000-000000000089ffff 0x0004/0x0004 0x0020000 1c58.1e4c: *00000000008a0000-00000000008bcfff 0x0002/0x0002 0x0040000 1c58.1e4c: 00000000008bd000-00000000008bffff 0x0001/0x0000 0x0000000 1c58.1e4c: *00000000008c0000-00000000009bafff 0x0000/0x0004 0x0020000 1c58.1e4c: 00000000009bb000-00000000009bdfff 0x0104/0x0004 0x0020000 1c58.1e4c: 00000000009be000-00000000009bffff 0x0004/0x0004 0x0020000 1c58.1e4c: *00000000009c0000-00000000009c3fff 0x0002/0x0002 0x0040000 1c58.1e4c: 00000000009c4000-00000000009cffff 0x0001/0x0000 0x0000000 1c58.1e4c: *00000000009d0000-00000000009d1fff 0x0004/0x0004 0x0020000 1c58.1e4c: 00000000009d2000-00000000009fffff 0x0001/0x0000 0x0000000 1c58.1e4c: *0000000000a00000-0000000000a23fff 0x0000/0x0004 0x0020000 1c58.1e4c: 0000000000a24000-0000000000a26fff 0x0004/0x0004 0x0020000 1c58.1e4c: 0000000000a27000-0000000000bfffff 0x0000/0x0004 0x0020000 1c58.1e4c: 0000000000c00000-000000007ffdffff 0x0001/0x0000 0x0000000 1c58.1e4c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 1c58.1e4c: 000000007ffe1000-000000007ffe2fff 0x0001/0x0000 0x0000000 1c58.1e4c: *000000007ffe3000-000000007ffe3fff 0x0002/0x0002 0x0020000 1c58.1e4c: 000000007ffe4000-00007ff5ee77ffff 0x0001/0x0000 0x0000000 1c58.1e4c: *00007ff5ee780000-00007ff5ee780fff 0x0002/0x0002 0x0040000 1c58.1e4c: 00007ff5ee781000-00007ff5ee78ffff 0x0001/0x0000 0x0000000 1c58.1e4c: *00007ff5ee790000-00007ff5ee7b2fff 0x0002/0x0002 0x0040000 1c58.1e4c: 00007ff5ee7b3000-00007ff7afb4ffff 0x0001/0x0000 0x0000000 1c58.1e4c: *00007ff7afb50000-00007ff7afb50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 1c58.1e4c: 00007ff7afb51000-00007ff7afbc7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 1c58.1e4c: 00007ff7afbc8000-00007ff7afbc8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 1c58.1e4c: 00007ff7afbc9000-00007ff7afc11fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 1c58.1e4c: 00007ff7afc12000-00007ff7afc12fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 1c58.1e4c: 00007ff7afc13000-00007ff7afc13fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 1c58.1e4c: 00007ff7afc14000-00007ff7afc18fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 1c58.1e4c: 00007ff7afc19000-00007ff7afc19fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 1c58.1e4c: 00007ff7afc1a000-00007ff7afc1afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 1c58.1e4c: 00007ff7afc1b000-00007ff7afc1efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 1c58.1e4c: 00007ff7afc1f000-00007ff7afc67fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 1c58.1e4c: 00007ff7afc68000-00007ffbe452ffff 0x0001/0x0000 0x0000000 1c58.1e4c: *00007ffbe4530000-00007ffbe4530fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1c58.1e4c: 00007ffbe4531000-00007ffbe464bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1c58.1e4c: 00007ffbe464c000-00007ffbe4693fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1c58.1e4c: 00007ffbe4694000-00007ffbe469ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1c58.1e4c: 00007ffbe46a0000-00007ffbe46aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1c58.1e4c: 00007ffbe46af000-00007ffbe46affff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1c58.1e4c: 00007ffbe46b0000-00007ffbe46b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1c58.1e4c: 00007ffbe46b3000-00007ffbe4724fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1c58.1e4c: 00007ffbe4725000-00007ffffffeffff 0x0001/0x0000 0x0000000 1c58.1e4c: supR3HardNtChildPurify: Done after 526 ms and 0 fixes (loop #0). 284c.3ce4: Log file opened: 6.1.34r150636 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6300 284c.3ce4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffbe4530000 g_uNtVerCombined=0xa04a6300 (stack ~00000000009bf908) 284c.3ce4: ntdll.dll: timestamp 0x7b5414ec (rc=VINF_SUCCESS) 284c.3ce4: New simple heap: #1 0000000000d00000 LB 0x400000 (for 2052096 allocation) 1c58.1e4c: supR3HardNtEnableThreadCreationEx: 284c.3ce4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 284c.3ce4: System32: \Device\HarddiskVolume4\Windows\System32 284c.3ce4: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS 284c.3ce4: KnownDllPath: C:\WINDOWS\System32 284c.3ce4: supR3HardenedVmProcessInit: Opening vboxdrv stub... 284c.3ce4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 284c.3ce4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 284c.3ce4: Registered Dll notification callback with NTDLL. 284c.3ce4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll) 284c.3ce4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll 284c.3ce4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling] 284c.3ce4: supR3HardenedDllNotificationCallback: load 00007ffbe2110000 LB 0x002cd000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] 284c.3ce4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll) 284c.3ce4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll 284c.3ce4: supR3HardenedDllNotificationCallback: load 00007ffbe3f20000 LB 0x000bd000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] 284c.3ce4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 284c.3ce4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3f20000 'C:\WINDOWS\System32\KERNEL32.DLL' 284c.3ce4: supR3HardenedDllNotificationCallback: load 00007ff7afb50000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0] 284c.3ce4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 284c.3ce4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 284c.3ce4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 284c.3ce4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 284c.3ce4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbe45a4b00 pvNtTerminateThread=00007ffbe45cd790 1c58.1e4c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 107 ms. 284c.3ce4: \SystemRoot\System32\ntdll.dll: 284c.3ce4: CreationTime: 2022-05-13T09:37:24.962297600Z 284c.3ce4: LastWriteTime: 2022-05-13T09:37:25.011955800Z 284c.3ce4: ChangeTime: 2022-05-13T21:27:08.242392000Z 284c.3ce4: FileAttributes: 0x20 284c.3ce4: Size: 0x1eeb38 284c.3ce4: NT Headers: 0xe8 284c.3ce4: Timestamp: 0x7b5414ec 284c.3ce4: Machine: 0x8664 - amd64 284c.3ce4: Timestamp: 0x7b5414ec 284c.3ce4: Image Version: 10.0 284c.3ce4: SizeOfImage: 0x1f5000 (2052096) 284c.3ce4: Resource Dir: 0x184000 LB 0x6fff8 284c.3ce4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 284c.3ce4: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)] 284c.3ce4: ProductName: Microsoft® Windows® Operating System 284c.3ce4: ProductVersion: 10.0.19041.1682 284c.3ce4: FileVersion: 10.0.19041.1682 (WinBuild.160101.0800) 284c.3ce4: FileDescription: NT Layer DLL 284c.3ce4: \SystemRoot\System32\kernel32.dll: 284c.3ce4: CreationTime: 2022-05-13T09:37:16.157371700Z 284c.3ce4: LastWriteTime: 2022-05-13T09:37:16.176080300Z 284c.3ce4: ChangeTime: 2022-05-13T21:27:08.008042100Z 284c.3ce4: FileAttributes: 0x20 284c.3ce4: Size: 0xbb058 284c.3ce4: NT Headers: 0xe8 284c.3ce4: Timestamp: 0x4e5c27cf 284c.3ce4: Machine: 0x8664 - amd64 284c.3ce4: Timestamp: 0x4e5c27cf 284c.3ce4: Image Version: 10.0 284c.3ce4: SizeOfImage: 0xbd000 (774144) 284c.3ce4: Resource Dir: 0xbb000 LB 0x520 284c.3ce4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 284c.3ce4: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 284c.3ce4: ProductName: Microsoft® Windows® Operating System 284c.3ce4: ProductVersion: 10.0.19041.1706 284c.3ce4: FileVersion: 10.0.19041.1706 (WinBuild.160101.0800) 284c.3ce4: FileDescription: Windows NT BASE API Client DLL 284c.3ce4: \SystemRoot\System32\KernelBase.dll: 284c.3ce4: CreationTime: 2022-05-13T09:37:25.904947200Z 284c.3ce4: LastWriteTime: 2022-05-13T09:37:25.981546200Z 284c.3ce4: ChangeTime: 2022-05-13T21:27:08.226771300Z 284c.3ce4: FileAttributes: 0x20 284c.3ce4: Size: 0x2cf640 284c.3ce4: NT Headers: 0xf0 284c.3ce4: Timestamp: 0x458acb5b 284c.3ce4: Machine: 0x8664 - amd64 284c.3ce4: Timestamp: 0x458acb5b 284c.3ce4: Image Version: 10.0 284c.3ce4: SizeOfImage: 0x2cd000 (2936832) 284c.3ce4: Resource Dir: 0x2a4000 LB 0x548 284c.3ce4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 284c.3ce4: [Raw version resource data: 0x2a40b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 284c.3ce4: ProductName: Microsoft® Windows® Operating System 284c.3ce4: ProductVersion: 10.0.19041.1706 284c.3ce4: FileVersion: 10.0.19041.1706 (WinBuild.160101.0800) 284c.3ce4: FileDescription: Windows NT BASE API Client DLL 284c.3ce4: \SystemRoot\System32\apisetschema.dll: 284c.3ce4: CreationTime: 2019-12-07T09:08:13.518339400Z 284c.3ce4: LastWriteTime: 2019-12-07T09:08:13.518339400Z 284c.3ce4: ChangeTime: 2022-05-13T09:38:12.902031600Z 284c.3ce4: FileAttributes: 0x20 284c.3ce4: Size: 0x1f538 284c.3ce4: NT Headers: 0xd0 284c.3ce4: Timestamp: 0x31288ce0 284c.3ce4: Machine: 0x8664 - amd64 284c.3ce4: Timestamp: 0x31288ce0 284c.3ce4: Image Version: 10.0 284c.3ce4: SizeOfImage: 0x20000 (131072) 284c.3ce4: Resource Dir: 0x1f000 LB 0x408 284c.3ce4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 284c.3ce4: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 284c.3ce4: ProductName: Microsoft® Windows® Operating System 284c.3ce4: ProductVersion: 10.0.19041.1 284c.3ce4: FileVersion: 10.0.19041.1 (WinBuild.160101.0800) 284c.3ce4: FileDescription: ApiSet Schema DLL 284c.3ce4: NtOpenDirectoryObject failed on \Driver: 0xc0000022 284c.3ce4: supR3HardenedWinFindAdversaries: 0x800 284c.3ce4: \SystemRoot\System32\drivers\cfrmd.sys: 284c.3ce4: CreationTime: 2014-06-26T05:33:42.000000000Z 284c.3ce4: LastWriteTime: 2014-06-26T05:33:42.000000000Z 284c.3ce4: ChangeTime: 2020-10-11T11:10:28.369648400Z 284c.3ce4: FileAttributes: 0x20 284c.3ce4: Size: 0x9d20 284c.3ce4: NT Headers: 0xe8 284c.3ce4: Timestamp: 0x5004f2a1 284c.3ce4: Machine: 0x8664 - amd64 284c.3ce4: Timestamp: 0x5004f2a1 284c.3ce4: Image Version: 6.1 284c.3ce4: SizeOfImage: 0xe000 (57344) 284c.3ce4: Resource Dir: 0xc000 LB 0x3e0 284c.3ce4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 284c.3ce4: [Raw version resource data: 0xc060 LB 0x380, codepage 0x0 (reserved 0x0)] 284c.3ce4: ProductName: Windows (R) Win 7 DDK driver 284c.3ce4: ProductVersion: 6.1.7600.16385 284c.3ce4: FileVersion: 6.1.7600.16385 built by: WinDDK 284c.3ce4: FileDescription: Safe Deletion Driver 284c.3ce4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 284c.3ce4: Calling main() 284c.3ce4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 284c.3ce4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 284c.3ce4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 284c.3ce4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 284c.3ce4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 284c.3ce4: SUPR3HardenedMain: Respawn #2 284c.3ce4: supR3HardNtEnableThreadCreationEx: 284c.3ce4: supR3HardenedDllNotificationCallback: load 00007ffbe3970000 LB 0x00125000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0] 284c.3ce4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll) 284c.3ce4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll 284c.3ce4: supR3HardenedDllNotificationCallback: load 00007ffbe2c30000 LB 0x0009c000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0] 284c.3ce4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. 284c.3ce4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll) 284c.3ce4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll 284c.3ce4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports 284c.3ce4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll) 284c.3ce4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll 284c.3ce4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 284c.3ce4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 284c.3ce4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 284c.3ce4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 284c.3ce4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe4530000 'C:\WINDOWS\System32\ntdll.dll' 284c.3ce4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbe45a4b00 pvNtTerminateThread=00007ffbe45cd790 284c.3ce4: supR3HardenedWinDoReSpawn(2): New child 255c.41c4 [kernel32]. 284c.3ce4: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) 284c.3ce4: supR3HardNtChildGatherData: PebBaseAddress=0000000000ccf000 cbPeb=0x388 284c.3ce4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffbe4530000 uNtDllChildAddr=00007ffbe4530000 284c.3ce4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffbe45a4b00 284c.3ce4: supR3HardenedWinSetupChildInit: Initial context: rax=0000000000000000 rbx=0000000000000000 rcx=00007ff7afb57900 rdx=0000000000ccf000 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000 rip=00007ffbe4582630 rsp=0000000000b9fad8 rbp=0000000000000000 ctxflags=0010001b cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000 284c.3ce4: kernel32.dll: timestamp 0x4e5c27cf (rc=VINF_SUCCESS) 284c.3ce4: supR3HardenedWinSetupChildInit: Start child. 284c.3ce4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 284c.3ce4: supR3HardNtChildPurify: Startup delay kludge #1/0: 524 ms, 34 sleeps 284c.3ce4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 284c.3ce4: *0000000000000000-0000000000a5ffff 0x0001/0x0000 0x0000000 284c.3ce4: *0000000000a60000-0000000000a7ffff 0x0004/0x0004 0x0020000 284c.3ce4: *0000000000a80000-0000000000a9cfff 0x0002/0x0002 0x0040000 284c.3ce4: 0000000000a9d000-0000000000a9ffff 0x0001/0x0000 0x0000000 284c.3ce4: *0000000000aa0000-0000000000b9afff 0x0000/0x0004 0x0020000 284c.3ce4: 0000000000b9b000-0000000000b9dfff 0x0104/0x0004 0x0020000 284c.3ce4: 0000000000b9e000-0000000000b9ffff 0x0004/0x0004 0x0020000 284c.3ce4: *0000000000ba0000-0000000000ba3fff 0x0002/0x0002 0x0040000 284c.3ce4: 0000000000ba4000-0000000000baffff 0x0001/0x0000 0x0000000 284c.3ce4: *0000000000bb0000-0000000000bb1fff 0x0004/0x0004 0x0020000 284c.3ce4: 0000000000bb2000-0000000000bfffff 0x0001/0x0000 0x0000000 284c.3ce4: *0000000000c00000-0000000000ccefff 0x0000/0x0004 0x0020000 284c.3ce4: 0000000000ccf000-0000000000cd1fff 0x0004/0x0004 0x0020000 284c.3ce4: 0000000000cd2000-0000000000dfffff 0x0000/0x0004 0x0020000 284c.3ce4: 0000000000e00000-000000007ffdffff 0x0001/0x0000 0x0000000 284c.3ce4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 284c.3ce4: 000000007ffe1000-000000007ffe2fff 0x0001/0x0000 0x0000000 284c.3ce4: *000000007ffe3000-000000007ffe3fff 0x0002/0x0002 0x0020000 284c.3ce4: 000000007ffe4000-00007ff55706ffff 0x0001/0x0000 0x0000000 284c.3ce4: *00007ff557070000-00007ff557070fff 0x0002/0x0002 0x0040000 284c.3ce4: 00007ff557071000-00007ff55707ffff 0x0001/0x0000 0x0000000 284c.3ce4: *00007ff557080000-00007ff5570a2fff 0x0002/0x0002 0x0040000 284c.3ce4: 00007ff5570a3000-00007ff7afb4ffff 0x0001/0x0000 0x0000000 284c.3ce4: *00007ff7afb50000-00007ff7afb50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 284c.3ce4: 00007ff7afb51000-00007ff7afbc7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 284c.3ce4: 00007ff7afbc8000-00007ff7afbc8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 284c.3ce4: 00007ff7afbc9000-00007ff7afc11fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 284c.3ce4: 00007ff7afc12000-00007ff7afc12fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 284c.3ce4: 00007ff7afc13000-00007ff7afc13fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 284c.3ce4: 00007ff7afc14000-00007ff7afc18fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 284c.3ce4: 00007ff7afc19000-00007ff7afc19fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 284c.3ce4: 00007ff7afc1a000-00007ff7afc1afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 284c.3ce4: 00007ff7afc1b000-00007ff7afc1efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 284c.3ce4: 00007ff7afc1f000-00007ff7afc67fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 284c.3ce4: 00007ff7afc68000-00007ffbe452ffff 0x0001/0x0000 0x0000000 284c.3ce4: *00007ffbe4530000-00007ffbe4530fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 284c.3ce4: 00007ffbe4531000-00007ffbe464bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 284c.3ce4: 00007ffbe464c000-00007ffbe4693fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 284c.3ce4: 00007ffbe4694000-00007ffbe469ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 284c.3ce4: 00007ffbe46a0000-00007ffbe46aefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 284c.3ce4: 00007ffbe46af000-00007ffbe46affff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 284c.3ce4: 00007ffbe46b0000-00007ffbe46b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 284c.3ce4: 00007ffbe46b3000-00007ffbe4724fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 284c.3ce4: 00007ffbe4725000-00007ffffffeffff 0x0001/0x0000 0x0000000 284c.3ce4: VirtualBoxVM.exe: timestamp 0x623a5dfe (rc=VINF_SUCCESS) 284c.3ce4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 284c.3ce4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 284c.3ce4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports 284c.3ce4: supR3HardNtChildPurify: Done after 566 ms and 0 fixes (loop #0). 284c.3ce4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000d00000 LB 0x400000) 255c.41c4: Log file opened: 6.1.34r150636 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa04a6300 255c.41c4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffbe4530000 g_uNtVerCombined=0xa04a6300 (stack ~0000000000b9f568) 284c.3ce4: supR3HardNtEnableThreadCreationEx: 255c.41c4: ntdll.dll: timestamp 0x7b5414ec (rc=VINF_SUCCESS) 255c.41c4: New simple heap: #1 0000000000f00000 LB 0x400000 (for 2052096 allocation) 255c.41c4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 255c.41c4: System32: \Device\HarddiskVolume4\Windows\System32 255c.41c4: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS 255c.41c4: KnownDllPath: C:\WINDOWS\System32 255c.41c4: supR3HardenedVmProcessInit: Opening vboxdrv... 255c.41c4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 255c.41c4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 255c.41c4: Registered Dll notification callback with NTDLL. 255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll) 255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll 255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling] 255c.41c4: supR3HardenedDllNotificationCallback: load 00007ffbe2110000 LB 0x002cd000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] 255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll) 255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll 255c.41c4: supR3HardenedDllNotificationCallback: load 00007ffbe3f20000 LB 0x000bd000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] 255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3f20000 'C:\WINDOWS\System32\KERNEL32.DLL' 255c.41c4: supR3HardenedDllNotificationCallback: load 00007ff7afb50000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0] 255c.41c4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 255c.41c4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 255c.41c4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe 255c.41c4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffbe45a4b00 pvNtTerminateThread=00007ffbe45cd790 284c.3ce4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 125 ms. 255c.41c4: \SystemRoot\System32\ntdll.dll: 255c.41c4: CreationTime: 2022-05-13T09:37:24.962297600Z 255c.41c4: LastWriteTime: 2022-05-13T09:37:25.011955800Z 255c.41c4: ChangeTime: 2022-05-13T21:27:08.242392000Z 255c.41c4: FileAttributes: 0x20 255c.41c4: Size: 0x1eeb38 255c.41c4: NT Headers: 0xe8 255c.41c4: Timestamp: 0x7b5414ec 255c.41c4: Machine: 0x8664 - amd64 255c.41c4: Timestamp: 0x7b5414ec 255c.41c4: Image Version: 10.0 255c.41c4: SizeOfImage: 0x1f5000 (2052096) 255c.41c4: Resource Dir: 0x184000 LB 0x6fff8 255c.41c4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 255c.41c4: [Raw version resource data: 0x1840f0 LB 0x380, codepage 0x0 (reserved 0x0)] 255c.41c4: ProductName: Microsoft® Windows® Operating System 255c.41c4: ProductVersion: 10.0.19041.1682 255c.41c4: FileVersion: 10.0.19041.1682 (WinBuild.160101.0800) 255c.41c4: FileDescription: NT Layer DLL 255c.41c4: \SystemRoot\System32\kernel32.dll: 255c.41c4: CreationTime: 2022-05-13T09:37:16.157371700Z 255c.41c4: LastWriteTime: 2022-05-13T09:37:16.176080300Z 255c.41c4: ChangeTime: 2022-05-13T21:27:08.008042100Z 255c.41c4: FileAttributes: 0x20 255c.41c4: Size: 0xbb058 255c.41c4: NT Headers: 0xe8 255c.41c4: Timestamp: 0x4e5c27cf 255c.41c4: Machine: 0x8664 - amd64 255c.41c4: Timestamp: 0x4e5c27cf 255c.41c4: Image Version: 10.0 255c.41c4: SizeOfImage: 0xbd000 (774144) 255c.41c4: Resource Dir: 0xbb000 LB 0x520 255c.41c4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 255c.41c4: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 255c.41c4: ProductName: Microsoft® Windows® Operating System 255c.41c4: ProductVersion: 10.0.19041.1706 255c.41c4: FileVersion: 10.0.19041.1706 (WinBuild.160101.0800) 255c.41c4: FileDescription: Windows NT BASE API Client DLL 255c.41c4: \SystemRoot\System32\KernelBase.dll: 255c.41c4: CreationTime: 2022-05-13T09:37:25.904947200Z 255c.41c4: LastWriteTime: 2022-05-13T09:37:25.981546200Z 255c.41c4: ChangeTime: 2022-05-13T21:27:08.226771300Z 255c.41c4: FileAttributes: 0x20 255c.41c4: Size: 0x2cf640 255c.41c4: NT Headers: 0xf0 255c.41c4: Timestamp: 0x458acb5b 255c.41c4: Machine: 0x8664 - amd64 255c.41c4: Timestamp: 0x458acb5b 255c.41c4: Image Version: 10.0 255c.41c4: SizeOfImage: 0x2cd000 (2936832) 255c.41c4: Resource Dir: 0x2a4000 LB 0x548 255c.41c4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 255c.41c4: [Raw version resource data: 0x2a40b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 255c.41c4: ProductName: Microsoft® Windows® Operating System 255c.41c4: ProductVersion: 10.0.19041.1706 255c.41c4: FileVersion: 10.0.19041.1706 (WinBuild.160101.0800) 255c.41c4: FileDescription: Windows NT BASE API Client DLL 255c.41c4: \SystemRoot\System32\apisetschema.dll: 255c.41c4: CreationTime: 2019-12-07T09:08:13.518339400Z 255c.41c4: LastWriteTime: 2019-12-07T09:08:13.518339400Z 255c.41c4: ChangeTime: 2022-05-13T09:38:12.902031600Z 255c.41c4: FileAttributes: 0x20 255c.41c4: Size: 0x1f538 255c.41c4: NT Headers: 0xd0 255c.41c4: Timestamp: 0x31288ce0 255c.41c4: Machine: 0x8664 - amd64 255c.41c4: Timestamp: 0x31288ce0 255c.41c4: Image Version: 10.0 255c.41c4: SizeOfImage: 0x20000 (131072) 255c.41c4: Resource Dir: 0x1f000 LB 0x408 255c.41c4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 255c.41c4: [Raw version resource data: 0x1f060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 255c.41c4: ProductName: Microsoft® Windows® Operating System 255c.41c4: ProductVersion: 10.0.19041.1 255c.41c4: FileVersion: 10.0.19041.1 (WinBuild.160101.0800) 255c.41c4: FileDescription: ApiSet Schema DLL 255c.41c4: NtOpenDirectoryObject failed on \Driver: 0xc0000022 255c.41c4: supR3HardenedWinFindAdversaries: 0x800 255c.41c4: \SystemRoot\System32\drivers\cfrmd.sys: 255c.41c4: CreationTime: 2014-06-26T05:33:42.000000000Z 255c.41c4: LastWriteTime: 2014-06-26T05:33:42.000000000Z 255c.41c4: ChangeTime: 2020-10-11T11:10:28.369648400Z 255c.41c4: FileAttributes: 0x20 255c.41c4: Size: 0x9d20 255c.41c4: NT Headers: 0xe8 255c.41c4: Timestamp: 0x5004f2a1 255c.41c4: Machine: 0x8664 - amd64 255c.41c4: Timestamp: 0x5004f2a1 255c.41c4: Image Version: 6.1 255c.41c4: SizeOfImage: 0xe000 (57344) 255c.41c4: Resource Dir: 0xc000 LB 0x3e0 255c.41c4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 255c.41c4: [Raw version resource data: 0xc060 LB 0x380, codepage 0x0 (reserved 0x0)] 255c.41c4: ProductName: Windows (R) Win 7 DDK driver 255c.41c4: ProductVersion: 6.1.7600.16385 255c.41c4: FileVersion: 6.1.7600.16385 built by: WinDDK 255c.41c4: FileDescription: Safe Deletion Driver 255c.41c4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 255c.41c4: Calling main() 255c.41c4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2 255c.41c4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 255c.41c4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202 255c.41c4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports 255c.41c4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe) 255c.41c4: SUPR3HardenedMain: Final process, opening VBoxDrv... 255c.41c4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000f00000 LB 0x400000) 255c.41c4: supR3HardNtEnableThreadCreationEx: 255c.41c4: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202 255c.41c4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) 255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll 255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 255c.41c4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 255c.41c4: supR3HardenedDllNotificationCallback: load 00007ffbdcfb0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] 255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdcfb0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdcfb0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbdcfb0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 255c.41c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 255c.41c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'rpcrt4.dll'. 255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll) 255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll 255c.41c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 255c.41c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll) 255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll 255c.41c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 255c.41c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll) 255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll 255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 255c.41c4: supR3HardenedDllNotificationCallback: load 00007ffbe26a0000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0] 255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 255c.41c4: supR3HardenedDllNotificationCallback: load 00007ffbe3970000 LB 0x00125000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0] 255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 255c.41c4: supR3HardenedDllNotificationCallback: load 00007ffbe2510000 LB 0x00068000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0] 255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 255c.41c4: supR3HardenedDllNotificationCallback: load 00007ffbe1c70000 LB 0x00100000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0] 255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll) 255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll 255c.41c4: supR3HardenedDllNotificationCallback: load 00007ffbe1d70000 LB 0x00156000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0] 255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll) 255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll 255c.41c4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2110000 'api-ms-win-core-synch-l1-2-0' 255c.41c4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2110000 'api-ms-win-core-fibers-l1-1-1' 255c.41c4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2110000 'api-ms-win-core-fibers-l1-1-1' 255c.41c4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2110000 'api-ms-win-core-synch-l1-2-0' 255c.41c4: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1 255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2110000 'api-ms-win-core-localization-l1-2-1' 255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll) 255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll 255c.41c4: supR3HardenedDllNotificationCallback: load 00007ffbe1830000 LB 0x00012000 C:\WINDOWS\SYSTEM32\MSASN1.dll [fFlags=0x0] 255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2510000 'C:\WINDOWS\system32\Wintrust.dll' 255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll) 255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll 255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 255c.41c4: supR3HardenedDllNotificationCallback: load 00007ffbe1c40000 LB 0x00027000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0] 255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe1c40000 'C:\WINDOWS\system32\bcrypt.dll' 255c.41c4: bcrypt.dll loaded at 00007ffbe1c40000, BCryptOpenAlgorithmProvider at 00007ffbe1c451e0, preloading providers: 255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll) 255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll 255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 255c.41c4: supR3HardenedDllNotificationCallback: load 00007ffbe23e0000 LB 0x00082000 C:\WINDOWS\System32\bcryptprimitives.dll [fFlags=0x0] 255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe23e0000 'C:\WINDOWS\system32\bcryptprimitives.dll' 255c.41c4: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000014417e0) 255c.41c4: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000001441e60) 255c.41c4: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000001442180) 255c.41c4: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000014434b0) 255c.41c4: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000014437d0) 255c.41c4: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000001443af0) 255c.41c4: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000001443e10) 255c.41c4: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000001444130) 255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll) 255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll 255c.41c4: supR3HardenedDllNotificationCallback: load 00007ffbe15f0000 LB 0x00018000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0] 255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 255c.41c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'. 255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll) 255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll 255c.41c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 255c.41c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 255c.41c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 255c.41c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 255c.41c4: supR3HardenedDllNotificationCallback: load 00007ffbe0cb0000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0] 255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe0cb0000 'C:\WINDOWS\system32\rsaenh.dll' 255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll) 255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll 255c.41c4: supR3HardenedDllNotificationCallback: load 00007ffbe1610000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0] 255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe3f20000 'C:\WINDOWS\System32\kernel32.dll' 255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe2510000 'C:\WINDOWS\System32\WINTRUST.DLL' 255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling] 255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe1d70000 'C:\WINDOWS\System32\CRYPT32.dll' 255c.41c4: supR3HardenedDllNotificationCallback: load 00007ffbe4280000 LB 0x0001d000 C:\WINDOWS\System32\imagehlp.dll [fFlags=0x0] 255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll) 255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll 255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 255c.41c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 255c.41c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffbe0cb0000 'C:\WINDOWS\system32\rsaenh.dll' 255c.41c4: supR3HardenedDllNotificationCallback: load 00007ffbe2c30000 LB 0x0009c000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0] 255c.41c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. 255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll) 255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll 255c.41c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 255c.41c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. 255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll) 255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll 255c.41c4: supR3HardenedDllNotificationCallback: load 00007ffbe0510000 LB 0x00023000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0] 255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust] 255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll) 255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll 255c.41c4: supR3HardenedDllNotificationCallback: load 00007ffbe1b80000 LB 0x0001f000 C:\WINDOWS\SYSTEM32\profapi.dll [fFlags=0x0] 255c.41c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll [lacks WinVerifyTrust] 255c.41c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 255c.41c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'. 255c.41c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll) 255c.41c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll 255c.41c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 255c.41c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 255c.41c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 255c.41c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 255c.41c4: supR3HardenedWin
Attachments (1)
Change History (2)
by , 2 years ago
| Attachment: | VBoxHardening.log added |
|---|
comment:1 by , 23 months ago
| Resolution: | → duplicate |
|---|---|
| Status: | new → closed |
Duplicate of #20960.
Version 0, edited 23 months ago by (next)
Note:
See TracTickets
for help on using tickets.


VBox Hardening Log