Log file opened: 5.1.22r115126 g_hStartupLog=000000000000006

<div id="code">
15a4.f9c: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa03fab00
15a4.f9c: \SystemRoot\System32\ntdll.dll:
15a4.f9c: CreationTime: 2017-09-29T13:41:43.343111100Z
15a4.f9c: LastWriteTime: 2017-09-29T13:41:43.358737200Z
15a4.f9c: ChangeTime: 2017-10-27T06:43:11.904770500Z
15a4.f9c: FileAttributes: 0x20
15a4.f9c: Size: 0x1dd100
15a4.f9c: NT Headers: 0xe0
15a4.f9c: Timestamp: 0x493793ea
15a4.f9c: Machine: 0x8664 - amd64
15a4.f9c: Timestamp: 0x493793ea
15a4.f9c: Image Version: 10.0
15a4.f9c: SizeOfImage: 0x1e0000 (1966080)
15a4.f9c: Resource Dir: 0x174000 LB 0x6a1d8
15a4.f9c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
15a4.f9c: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
15a4.f9c: ProductName: Microsoft® Windows® Operating System
15a4.f9c: ProductVersion: 10.0.16299.15
15a4.f9c: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
15a4.f9c: FileDescription: NT Layer DLL
15a4.f9c: \SystemRoot\System32\kernel32.dll:
15a4.f9c: CreationTime: 2017-09-29T13:42:04.954227600Z
15a4.f9c: LastWriteTime: 2017-09-29T13:42:04.954227600Z
15a4.f9c: ChangeTime: 2017-10-27T06:50:40.710273500Z
15a4.f9c: FileAttributes: 0x20
15a4.f9c: Size: 0xab868
15a4.f9c: NT Headers: 0xe8
15a4.f9c: Timestamp: 0xc2cf900
15a4.f9c: Machine: 0x8664 - amd64
15a4.f9c: Timestamp: 0xc2cf900
15a4.f9c: Image Version: 10.0
15a4.f9c: SizeOfImage: 0xae000 (712704)
15a4.f9c: Resource Dir: 0xac000 LB 0x520
15a4.f9c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
15a4.f9c: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
15a4.f9c: ProductName: Microsoft® Windows® Operating System
15a4.f9c: ProductVersion: 10.0.16299.15
15a4.f9c: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
15a4.f9c: FileDescription: Windows NT BASE API Client DLL
15a4.f9c: \SystemRoot\System32\KernelBase.dll:
15a4.f9c: CreationTime: 2017-09-29T13:41:43.124345500Z
15a4.f9c: LastWriteTime: 2017-09-29T13:41:43.124345500Z
15a4.f9c: ChangeTime: 2017-10-27T06:50:41.339876800Z
15a4.f9c: FileAttributes: 0x20
15a4.f9c: Size: 0x266000
15a4.f9c: NT Headers: 0xf0
15a4.f9c: Timestamp: 0x4736733c
15a4.f9c: Machine: 0x8664 - amd64
15a4.f9c: Timestamp: 0x4736733c
15a4.f9c: Image Version: 10.0
15a4.f9c: SizeOfImage: 0x266000 (2514944)
15a4.f9c: Resource Dir: 0x245000 LB 0x548
15a4.f9c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
15a4.f9c: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
15a4.f9c: ProductName: Microsoft® Windows® Operating System
15a4.f9c: ProductVersion: 10.0.16299.15
15a4.f9c: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
15a4.f9c: FileDescription: Windows NT BASE API Client DLL
15a4.f9c: \SystemRoot\System32\apisetschema.dll:
15a4.f9c: CreationTime: 2017-09-29T13:42:07.095026600Z
15a4.f9c: LastWriteTime: 2017-09-29T13:42:07.095026600Z
15a4.f9c: ChangeTime: 2017-10-27T06:42:18.688284800Z
15a4.f9c: FileAttributes: 0x20
15a4.f9c: Size: 0x1b398
15a4.f9c: NT Headers: 0xc8
15a4.f9c: Timestamp: 0xf30abf31
15a4.f9c: Machine: 0x8664 - amd64
15a4.f9c: Timestamp: 0xf30abf31
15a4.f9c: Image Version: 10.0
15a4.f9c: SizeOfImage: 0x1c000 (114688)
15a4.f9c: Resource Dir: 0x1b000 LB 0x408
15a4.f9c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
15a4.f9c: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
15a4.f9c: ProductName: Microsoft® Windows® Operating System
15a4.f9c: ProductVersion: 10.0.16299.15
15a4.f9c: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
15a4.f9c: FileDescription: ApiSet Schema DLL
15a4.f9c: supR3HardenedWinFindAdversaries: 0x0
15a4.f9c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64'
15a4.f9c: Calling main()
15a4.f9c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x3
15a4.f9c: supR3HardenedWinInitAppBin(0x3): '\Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64'
15a4.f9c: System32: \Device\HarddiskVolume4\Windows\System32
15a4.f9c: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
15a4.f9c: KnownDllPath: C:\Windows\System32
15a4.f9c: '\Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VirtualBox.exe' has no imports
15a4.f9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VirtualBox.exe)
15a4.f9c: supR3HardNtEnableThreadCreation:
15a4.f9c: bcrypt.dll loaded at 00007ff9b5a90000, BCryptOpenAlgorithmProvider at 00007ff9b5a92590, preloading providers:
15a4.f9c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000027f8590)
15a4.f9c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000002800730)
15a4.f9c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000002800a00)
15a4.f9c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000002800cd0)
15a4.f9c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000002800fa0)
15a4.f9c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000002801270)
15a4.f9c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000002801540)
15a4.f9c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000002801810)
15a4.f9c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
15a4.f9c: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000284af90
15a4.f9c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000284af90
15a4.f9c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E2E4DE0C5BD65756637B6F71B7BAE24CF704BFD
15a4.f9c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.16299.15.cat'; file='\SystemRoot\System32\ntdll.dll'
15a4.f9c: g_pfnWinVerifyTrust=00007ff9b6ac6bc0
15a4.f9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'msasn1.dll'.
15a4.f9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll) WinVerifyTrust
15a4.f9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
15a4.f9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15a4.f9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
15a4.f9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
15a4.f9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
15a4.f9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll) WinVerifyTrust
15a4.f9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0xcd3ec73d8dd9b200 C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0xba02d0ab12c5ed00 CN=XBL Client IPsec Issuing CA
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0xd140ebc339a98a2f CN=WZTeam
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0x9546d06a8d70b800 CN=XBL Server IPsec Issuing CA
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
15a4.f9c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
15a4.f9c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=41
15a4.f9c: SUPR3HardenedMain: Load Runtime...
15a4.f9c: SUPR3HardenedMain: Load TrustedMain...
15a4.f9c: SUPR3HardenedMain: Calling TrustedMain (00007ff98f5b1610)...
e4c.5f4: Log file opened: 5.1.22r115126 g_hStartupLog=000000000000009c g_uNtVerCombined=0xa03fab00
e4c.5f4: \SystemRoot\System32\ntdll.dll:
e4c.5f4: CreationTime: 2017-09-29T13:41:43.343111100Z
e4c.5f4: LastWriteTime: 2017-09-29T13:41:43.358737200Z
e4c.5f4: ChangeTime: 2017-10-27T06:43:11.904770500Z
e4c.5f4: FileAttributes: 0x20
e4c.5f4: Size: 0x1dd100
e4c.5f4: NT Headers: 0xe0
e4c.5f4: Timestamp: 0x493793ea
e4c.5f4: Machine: 0x8664 - amd64
e4c.5f4: Timestamp: 0x493793ea
e4c.5f4: Image Version: 10.0
e4c.5f4: SizeOfImage: 0x1e0000 (1966080)
e4c.5f4: Resource Dir: 0x174000 LB 0x6a1d8
e4c.5f4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
e4c.5f4: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
e4c.5f4: ProductName: Microsoft® Windows® Operating System
e4c.5f4: ProductVersion: 10.0.16299.15
e4c.5f4: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
e4c.5f4: FileDescription: NT Layer DLL
e4c.5f4: \SystemRoot\System32\kernel32.dll:
e4c.5f4: CreationTime: 2017-09-29T13:42:04.954227600Z
e4c.5f4: LastWriteTime: 2017-09-29T13:42:04.954227600Z
e4c.5f4: ChangeTime: 2017-10-27T06:50:40.710273500Z
e4c.5f4: FileAttributes: 0x20
e4c.5f4: Size: 0xab868
e4c.5f4: NT Headers: 0xe8
e4c.5f4: Timestamp: 0xc2cf900
e4c.5f4: Machine: 0x8664 - amd64
e4c.5f4: Timestamp: 0xc2cf900
e4c.5f4: Image Version: 10.0
e4c.5f4: SizeOfImage: 0xae000 (712704)
e4c.5f4: Resource Dir: 0xac000 LB 0x520
e4c.5f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
e4c.5f4: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
e4c.5f4: ProductName: Microsoft® Windows® Operating System
e4c.5f4: ProductVersion: 10.0.16299.15
e4c.5f4: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
e4c.5f4: FileDescription: Windows NT BASE API Client DLL
e4c.5f4: \SystemRoot\System32\KernelBase.dll:
e4c.5f4: CreationTime: 2017-09-29T13:41:43.124345500Z
e4c.5f4: LastWriteTime: 2017-09-29T13:41:43.124345500Z
e4c.5f4: ChangeTime: 2017-10-27T06:50:41.339876800Z
e4c.5f4: FileAttributes: 0x20
e4c.5f4: Size: 0x266000
e4c.5f4: NT Headers: 0xf0
e4c.5f4: Timestamp: 0x4736733c
e4c.5f4: Machine: 0x8664 - amd64
e4c.5f4: Timestamp: 0x4736733c
e4c.5f4: Image Version: 10.0
e4c.5f4: SizeOfImage: 0x266000 (2514944)
e4c.5f4: Resource Dir: 0x245000 LB 0x548
e4c.5f4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
e4c.5f4: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
e4c.5f4: ProductName: Microsoft® Windows® Operating System
e4c.5f4: ProductVersion: 10.0.16299.15
e4c.5f4: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
e4c.5f4: FileDescription: Windows NT BASE API Client DLL
e4c.5f4: \SystemRoot\System32\apisetschema.dll:
e4c.5f4: CreationTime: 2017-09-29T13:42:07.095026600Z
e4c.5f4: LastWriteTime: 2017-09-29T13:42:07.095026600Z
e4c.5f4: ChangeTime: 2017-10-27T06:42:18.688284800Z
e4c.5f4: FileAttributes: 0x20
e4c.5f4: Size: 0x1b398
e4c.5f4: NT Headers: 0xc8
e4c.5f4: Timestamp: 0xf30abf31
e4c.5f4: Machine: 0x8664 - amd64
e4c.5f4: Timestamp: 0xf30abf31
e4c.5f4: Image Version: 10.0
e4c.5f4: SizeOfImage: 0x1c000 (114688)
e4c.5f4: Resource Dir: 0x1b000 LB 0x408
e4c.5f4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
e4c.5f4: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
e4c.5f4: ProductName: Microsoft® Windows® Operating System
e4c.5f4: ProductVersion: 10.0.16299.15
e4c.5f4: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
e4c.5f4: FileDescription: ApiSet Schema DLL
e4c.5f4: supR3HardenedWinFindAdversaries: 0x0
e4c.5f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64'
e4c.5f4: Calling main()
e4c.5f4: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
e4c.5f4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64'
e4c.5f4: SUPR3HardenedMain: Respawn #1
e4c.5f4: System32: \Device\HarddiskVolume4\Windows\System32
e4c.5f4: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
e4c.5f4: KnownDllPath: C:\Windows\System32
e4c.5f4: '\Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe' has no imports
e4c.5f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe)
e4c.5f4: supR3HardNtEnableThreadCreation:
e4c.5f4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9b9c591b0 pvNtTerminateThread=00007ff9b9c80890
e4c.5f4: supR3HardenedWinDoReSpawn(1): New child 14d8.1980 [kernel32].
e4c.5f4: supR3HardNtChildGatherData: PebBaseAddress=0000000000a86000 cbPeb=0x388
e4c.5f4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff9b9be0000 uNtDllChildAddr=00007ff9b9be0000
e4c.5f4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9b9c591b0
e4c.5f4: supR3HardenedWinSetupChildInit: Start child.
e4c.5f4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
e4c.5f4: supR3HardNtChildPurify: Startup delay kludge #1/0: 258 ms, 30 sleeps
e4c.5f4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
e4c.5f4: *0000000000000000-000000000099ffff 0x0001/0x0000 0x0000000
e4c.5f4: *00000000009a0000-00000000009bffff 0x0004/0x0004 0x0020000
e4c.5f4: *00000000009c0000-00000000009d8fff 0x0002/0x0002 0x0040000
e4c.5f4: 00000000009d9000-00000000009dffff 0x0001/0x0000 0x0000000
e4c.5f4: *00000000009e0000-00000000009e3fff 0x0002/0x0002 0x0040000
e4c.5f4: 00000000009e4000-00000000009effff 0x0001/0x0000 0x0000000
e4c.5f4: *00000000009f0000-00000000009f0fff 0x0004/0x0004 0x0020000
e4c.5f4: 00000000009f1000-00000000009fffff 0x0001/0x0000 0x0000000
e4c.5f4: *0000000000a00000-0000000000a85fff 0x0000/0x0004 0x0020000
e4c.5f4: 0000000000a86000-0000000000a88fff 0x0004/0x0004 0x0020000
e4c.5f4: 0000000000a89000-0000000000bfffff 0x0000/0x0004 0x0020000
e4c.5f4: *0000000000c00000-0000000000cfafff 0x0000/0x0004 0x0020000
e4c.5f4: 0000000000cfb000-0000000000cfdfff 0x0104/0x0004 0x0020000
e4c.5f4: 0000000000cfe000-0000000000cfffff 0x0004/0x0004 0x0020000
e4c.5f4: 0000000000d00000-000000007ffdffff 0x0001/0x0000 0x0000000
e4c.5f4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
e4c.5f4: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
e4c.5f4: 000000007fff0000-00007ff6a92affff 0x0001/0x0000 0x0000000
e4c.5f4: *00007ff6a92b0000-00007ff6a92d2fff 0x0002/0x0002 0x0040000
e4c.5f4: 00007ff6a92d3000-00007ff6a97effff 0x0001/0x0000 0x0000000
e4c.5f4: *00007ff6a97f0000-00007ff6a97f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe
e4c.5f4: 00007ff6a97f1000-00007ff6a9860fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe
e4c.5f4: 00007ff6a9861000-00007ff6a9861fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe
e4c.5f4: 00007ff6a9862000-00007ff6a98a6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe
e4c.5f4: 00007ff6a98a7000-00007ff6a98a7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe
e4c.5f4: 00007ff6a98a8000-00007ff6a98a8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe
e4c.5f4: 00007ff6a98a9000-00007ff6a98adfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe
e4c.5f4: 00007ff6a98ae000-00007ff6a98aefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe
e4c.5f4: 00007ff6a98af000-00007ff6a98affff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe
e4c.5f4: 00007ff6a98b0000-00007ff6a98b3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe
e4c.5f4: 00007ff6a98b4000-00007ff6a98fbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe
e4c.5f4: 00007ff6a98fc000-00007ff9b9bdffff 0x0001/0x0000 0x0000000
e4c.5f4: *00007ff9b9be0000-00007ff9b9be0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
e4c.5f4: 00007ff9b9be1000-00007ff9b9cf2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
e4c.5f4: 00007ff9b9cf3000-00007ff9b9d38fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
e4c.5f4: 00007ff9b9d39000-00007ff9b9d40fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
e4c.5f4: 00007ff9b9d41000-00007ff9b9d4efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
e4c.5f4: 00007ff9b9d4f000-00007ff9b9d4ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
e4c.5f4: 00007ff9b9d50000-00007ff9b9d52fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
e4c.5f4: 00007ff9b9d53000-00007ff9b9dbffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
e4c.5f4: 00007ff9b9dc0000-00007ffffffdffff 0x0001/0x0000 0x0000000
e4c.5f4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
e4c.5f4: VBoxHeadless.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
e4c.5f4: '\Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe' has no imports
e4c.5f4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
e4c.5f4: supR3HardNtChildPurify: Done after 337 ms and 0 fixes (loop #0).
14d8.1980: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa03fab00
14d8.1980: supR3HardenedVmProcessInit: uNtDllAddr=00007ff9b9be0000 g_uNtVerCombined=0xa03fab00
14d8.1980: ntdll.dll: timestamp 0x493793ea (rc=VINF_SUCCESS)
14d8.1980: New simple heap: #1 0000000000e00000 LB 0x400000 (for 1966080 allocation)
e4c.5f4: supR3HardNtEnableThreadCreation:
14d8.1980: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64'
14d8.1980: System32: \Device\HarddiskVolume4\Windows\System32
14d8.1980: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
14d8.1980: KnownDllPath: C:\Windows\System32
14d8.1980: supR3HardenedVmProcessInit: Opening vboxdrv stub...
14d8.1980: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
14d8.1980: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
14d8.1980: Registered Dll notification callback with NTDLL.
14d8.1980: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
14d8.1980: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
14d8.1980: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
14d8.1980: supR3HardenedDllNotificationCallback: load 00007ff9b6750000 LB 0x00266000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
14d8.1980: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
14d8.1980: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
14d8.1980: supR3HardenedDllNotificationCallback: load 00007ff9b8130000 LB 0x000ae000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
14d8.1980: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
14d8.1980: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b8130000 'C:\Windows\System32\KERNEL32.DLL'
14d8.1980: supR3HardenedDllNotificationCallback: load 00007ff6a97f0000 LB 0x0010c000 C:\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe [fFlags=0x0]
14d8.1980: '\Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe' has no imports
14d8.1980: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe)
14d8.1980: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe
14d8.1980: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9b9c591b0 pvNtTerminateThread=00007ff9b9c80890
e4c.5f4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 87 ms.
14d8.1980: \SystemRoot\System32\ntdll.dll:
14d8.1980: CreationTime: 2017-09-29T13:41:43.343111100Z
14d8.1980: LastWriteTime: 2017-09-29T13:41:43.358737200Z
14d8.1980: ChangeTime: 2017-10-27T06:43:11.904770500Z
14d8.1980: FileAttributes: 0x20
14d8.1980: Size: 0x1dd100
14d8.1980: NT Headers: 0xe0
14d8.1980: Timestamp: 0x493793ea
14d8.1980: Machine: 0x8664 - amd64
14d8.1980: Timestamp: 0x493793ea
14d8.1980: Image Version: 10.0
14d8.1980: SizeOfImage: 0x1e0000 (1966080)
14d8.1980: Resource Dir: 0x174000 LB 0x6a1d8
14d8.1980: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
14d8.1980: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
14d8.1980: ProductName: Microsoft® Windows® Operating System
14d8.1980: ProductVersion: 10.0.16299.15
14d8.1980: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
14d8.1980: FileDescription: NT Layer DLL
14d8.1980: \SystemRoot\System32\kernel32.dll:
14d8.1980: CreationTime: 2017-09-29T13:42:04.954227600Z
14d8.1980: LastWriteTime: 2017-09-29T13:42:04.954227600Z
14d8.1980: ChangeTime: 2017-10-27T06:50:40.710273500Z
14d8.1980: FileAttributes: 0x20
14d8.1980: Size: 0xab868
14d8.1980: NT Headers: 0xe8
14d8.1980: Timestamp: 0xc2cf900
14d8.1980: Machine: 0x8664 - amd64
14d8.1980: Timestamp: 0xc2cf900
14d8.1980: Image Version: 10.0
14d8.1980: SizeOfImage: 0xae000 (712704)
14d8.1980: Resource Dir: 0xac000 LB 0x520
14d8.1980: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
14d8.1980: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
14d8.1980: ProductName: Microsoft® Windows® Operating System
14d8.1980: ProductVersion: 10.0.16299.15
14d8.1980: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
14d8.1980: FileDescription: Windows NT BASE API Client DLL
14d8.1980: \SystemRoot\System32\KernelBase.dll:
14d8.1980: CreationTime: 2017-09-29T13:41:43.124345500Z
14d8.1980: LastWriteTime: 2017-09-29T13:41:43.124345500Z
14d8.1980: ChangeTime: 2017-10-27T06:50:41.339876800Z
14d8.1980: FileAttributes: 0x20
14d8.1980: Size: 0x266000
14d8.1980: NT Headers: 0xf0
14d8.1980: Timestamp: 0x4736733c
14d8.1980: Machine: 0x8664 - amd64
14d8.1980: Timestamp: 0x4736733c
14d8.1980: Image Version: 10.0
14d8.1980: SizeOfImage: 0x266000 (2514944)
14d8.1980: Resource Dir: 0x245000 LB 0x548
14d8.1980: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
14d8.1980: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
14d8.1980: ProductName: Microsoft® Windows® Operating System
14d8.1980: ProductVersion: 10.0.16299.15
14d8.1980: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
14d8.1980: FileDescription: Windows NT BASE API Client DLL
14d8.1980: \SystemRoot\System32\apisetschema.dll:
14d8.1980: CreationTime: 2017-09-29T13:42:07.095026600Z
14d8.1980: LastWriteTime: 2017-09-29T13:42:07.095026600Z
14d8.1980: ChangeTime: 2017-10-27T06:42:18.688284800Z
14d8.1980: FileAttributes: 0x20
14d8.1980: Size: 0x1b398
14d8.1980: NT Headers: 0xc8
14d8.1980: Timestamp: 0xf30abf31
14d8.1980: Machine: 0x8664 - amd64
14d8.1980: Timestamp: 0xf30abf31
14d8.1980: Image Version: 10.0
14d8.1980: SizeOfImage: 0x1c000 (114688)
14d8.1980: Resource Dir: 0x1b000 LB 0x408
14d8.1980: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
14d8.1980: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
14d8.1980: ProductName: Microsoft® Windows® Operating System
14d8.1980: ProductVersion: 10.0.16299.15
14d8.1980: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
14d8.1980: FileDescription: ApiSet Schema DLL
14d8.1980: supR3HardenedWinFindAdversaries: 0x0
14d8.1980: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64'
14d8.1980: Calling main()
14d8.1980: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
14d8.1980: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64'
14d8.1980: '\Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe' has no imports
14d8.1980: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe)
14d8.1980: SUPR3HardenedMain: Respawn #2
14d8.1980: supR3HardNtEnableThreadCreation:
14d8.1980: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
14d8.1980: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll)
14d8.1980: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14d8.1980: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
14d8.1980: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b9be0000 'C:\Windows\System32\ntdll.dll'
14d8.1980: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9b9c591b0 pvNtTerminateThread=00007ff9b9c80890
14d8.1980: supR3HardenedWinDoReSpawn(2): New child 1f68.dc [kernel32].
14d8.1980: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
14d8.1980: supR3HardNtChildGatherData: PebBaseAddress=0000000000615000 cbPeb=0x388
14d8.1980: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff9b9be0000 uNtDllChildAddr=00007ff9b9be0000
14d8.1980: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9b9c591b0
14d8.1980: supR3HardenedWinSetupChildInit: Start child.
14d8.1980: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
14d8.1980: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 31 sleeps
14d8.1980: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
14d8.1980: *0000000000000000-000000000052ffff 0x0001/0x0000 0x0000000
14d8.1980: *0000000000530000-000000000054ffff 0x0004/0x0004 0x0020000
14d8.1980: *0000000000550000-0000000000568fff 0x0002/0x0002 0x0040000
14d8.1980: 0000000000569000-000000000056ffff 0x0001/0x0000 0x0000000
14d8.1980: *0000000000570000-0000000000573fff 0x0002/0x0002 0x0040000
14d8.1980: 0000000000574000-000000000057ffff 0x0001/0x0000 0x0000000
14d8.1980: *0000000000580000-0000000000580fff 0x0004/0x0004 0x0020000
14d8.1980: 0000000000581000-00000000005fffff 0x0001/0x0000 0x0000000
14d8.1980: *0000000000600000-0000000000614fff 0x0000/0x0004 0x0020000
14d8.1980: 0000000000615000-0000000000617fff 0x0004/0x0004 0x0020000
14d8.1980: 0000000000618000-00000000007fffff 0x0000/0x0004 0x0020000
14d8.1980: *0000000000800000-00000000008fafff 0x0000/0x0004 0x0020000
14d8.1980: 00000000008fb000-00000000008fdfff 0x0104/0x0004 0x0020000
14d8.1980: 00000000008fe000-00000000008fffff 0x0004/0x0004 0x0020000
14d8.1980: 0000000000900000-000000007ffdffff 0x0001/0x0000 0x0000000
14d8.1980: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
14d8.1980: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
14d8.1980: 000000007fff0000-00007ff6a883ffff 0x0001/0x0000 0x0000000
14d8.1980: *00007ff6a8840000-00007ff6a8862fff 0x0002/0x0002 0x0040000
14d8.1980: 00007ff6a8863000-00007ff6a97effff 0x0001/0x0000 0x0000000
14d8.1980: *00007ff6a97f0000-00007ff6a97f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe
14d8.1980: 00007ff6a97f1000-00007ff6a9860fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe
14d8.1980: 00007ff6a9861000-00007ff6a9861fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe
14d8.1980: 00007ff6a9862000-00007ff6a98a6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe
14d8.1980: 00007ff6a98a7000-00007ff6a98a7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe
14d8.1980: 00007ff6a98a8000-00007ff6a98a8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe
14d8.1980: 00007ff6a98a9000-00007ff6a98adfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe
14d8.1980: 00007ff6a98ae000-00007ff6a98aefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe
14d8.1980: 00007ff6a98af000-00007ff6a98affff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe
14d8.1980: 00007ff6a98b0000-00007ff6a98b3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe
14d8.1980: 00007ff6a98b4000-00007ff6a98fbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe
14d8.1980: 00007ff6a98fc000-00007ff9b9bdffff 0x0001/0x0000 0x0000000
14d8.1980: *00007ff9b9be0000-00007ff9b9be0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14d8.1980: 00007ff9b9be1000-00007ff9b9cf2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14d8.1980: 00007ff9b9cf3000-00007ff9b9d38fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14d8.1980: 00007ff9b9d39000-00007ff9b9d40fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14d8.1980: 00007ff9b9d41000-00007ff9b9d4efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14d8.1980: 00007ff9b9d4f000-00007ff9b9d4ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14d8.1980: 00007ff9b9d50000-00007ff9b9d52fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14d8.1980: 00007ff9b9d53000-00007ff9b9dbffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
14d8.1980: 00007ff9b9dc0000-00007ffffffdffff 0x0001/0x0000 0x0000000
14d8.1980: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
14d8.1980: VBoxHeadless.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
14d8.1980: '\Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe' has no imports
14d8.1980: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
14d8.1980: supR3HardNtChildPurify: Done after 320 ms and 0 fixes (loop #0).
1f68.dc: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa03fab00
1f68.dc: supR3HardenedVmProcessInit: uNtDllAddr=00007ff9b9be0000 g_uNtVerCombined=0xa03fab00
14d8.1980: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000e00000 LB 0x400000)
1f68.dc: ntdll.dll: timestamp 0x493793ea (rc=VINF_SUCCESS)
1f68.dc: New simple heap: #1 0000000000a00000 LB 0x400000 (for 1966080 allocation)
14d8.1980: supR3HardNtEnableThreadCreation:
1f68.dc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64'
1f68.dc: System32: \Device\HarddiskVolume4\Windows\System32
1f68.dc: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
1f68.dc: KnownDllPath: C:\Windows\System32
1f68.dc: supR3HardenedVmProcessInit: Opening vboxdrv...
1f68.dc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1f68.dc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1f68.dc: Registered Dll notification callback with NTDLL.
1f68.dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
1f68.dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
1f68.dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
1f68.dc: supR3HardenedDllNotificationCallback: load 00007ff9b6750000 LB 0x00266000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
1f68.dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
1f68.dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
1f68.dc: supR3HardenedDllNotificationCallback: load 00007ff9b8130000 LB 0x000ae000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
1f68.dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1f68.dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b8130000 'C:\Windows\System32\KERNEL32.DLL'
1f68.dc: supR3HardenedDllNotificationCallback: load 00007ff6a97f0000 LB 0x0010c000 C:\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe [fFlags=0x0]
1f68.dc: '\Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe' has no imports
1f68.dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe)
1f68.dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe
1f68.dc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9b9c591b0 pvNtTerminateThread=00007ff9b9c80890
14d8.1980: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 102 ms.
1f68.dc: \SystemRoot\System32\ntdll.dll:
1f68.dc: CreationTime: 2017-09-29T13:41:43.343111100Z
1f68.dc: LastWriteTime: 2017-09-29T13:41:43.358737200Z
1f68.dc: ChangeTime: 2017-10-27T06:43:11.904770500Z
1f68.dc: FileAttributes: 0x20
1f68.dc: Size: 0x1dd100
1f68.dc: NT Headers: 0xe0
1f68.dc: Timestamp: 0x493793ea
1f68.dc: Machine: 0x8664 - amd64
1f68.dc: Timestamp: 0x493793ea
1f68.dc: Image Version: 10.0
1f68.dc: SizeOfImage: 0x1e0000 (1966080)
1f68.dc: Resource Dir: 0x174000 LB 0x6a1d8
1f68.dc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1f68.dc: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1f68.dc: ProductName: Microsoft® Windows® Operating System
1f68.dc: ProductVersion: 10.0.16299.15
1f68.dc: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
1f68.dc: FileDescription: NT Layer DLL
1f68.dc: \SystemRoot\System32\kernel32.dll:
1f68.dc: CreationTime: 2017-09-29T13:42:04.954227600Z
1f68.dc: LastWriteTime: 2017-09-29T13:42:04.954227600Z
1f68.dc: ChangeTime: 2017-10-27T06:50:40.710273500Z
1f68.dc: FileAttributes: 0x20
1f68.dc: Size: 0xab868
1f68.dc: NT Headers: 0xe8
1f68.dc: Timestamp: 0xc2cf900
1f68.dc: Machine: 0x8664 - amd64
1f68.dc: Timestamp: 0xc2cf900
1f68.dc: Image Version: 10.0
1f68.dc: SizeOfImage: 0xae000 (712704)
1f68.dc: Resource Dir: 0xac000 LB 0x520
1f68.dc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
1f68.dc: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
1f68.dc: ProductName: Microsoft® Windows® Operating System
1f68.dc: ProductVersion: 10.0.16299.15
1f68.dc: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
1f68.dc: FileDescription: Windows NT BASE API Client DLL
1f68.dc: \SystemRoot\System32\KernelBase.dll:
1f68.dc: CreationTime: 2017-09-29T13:41:43.124345500Z
1f68.dc: LastWriteTime: 2017-09-29T13:41:43.124345500Z
1f68.dc: ChangeTime: 2017-10-27T06:50:41.339876800Z
1f68.dc: FileAttributes: 0x20
1f68.dc: Size: 0x266000
1f68.dc: NT Headers: 0xf0
1f68.dc: Timestamp: 0x4736733c
1f68.dc: Machine: 0x8664 - amd64
1f68.dc: Timestamp: 0x4736733c
1f68.dc: Image Version: 10.0
1f68.dc: SizeOfImage: 0x266000 (2514944)
1f68.dc: Resource Dir: 0x245000 LB 0x548
1f68.dc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
1f68.dc: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
1f68.dc: ProductName: Microsoft® Windows® Operating System
1f68.dc: ProductVersion: 10.0.16299.15
1f68.dc: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
1f68.dc: FileDescription: Windows NT BASE API Client DLL
1f68.dc: \SystemRoot\System32\apisetschema.dll:
1f68.dc: CreationTime: 2017-09-29T13:42:07.095026600Z
1f68.dc: LastWriteTime: 2017-09-29T13:42:07.095026600Z
1f68.dc: ChangeTime: 2017-10-27T06:42:18.688284800Z
1f68.dc: FileAttributes: 0x20
1f68.dc: Size: 0x1b398
1f68.dc: NT Headers: 0xc8
1f68.dc: Timestamp: 0xf30abf31
1f68.dc: Machine: 0x8664 - amd64
1f68.dc: Timestamp: 0xf30abf31
1f68.dc: Image Version: 10.0
1f68.dc: SizeOfImage: 0x1c000 (114688)
1f68.dc: Resource Dir: 0x1b000 LB 0x408
1f68.dc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1f68.dc: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
1f68.dc: ProductName: Microsoft® Windows® Operating System
1f68.dc: ProductVersion: 10.0.16299.15
1f68.dc: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
1f68.dc: FileDescription: ApiSet Schema DLL
1f68.dc: supR3HardenedWinFindAdversaries: 0x0
1f68.dc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64'
1f68.dc: Calling main()
1f68.dc: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
1f68.dc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64'
1f68.dc: '\Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe' has no imports
1f68.dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe)
1f68.dc: SUPR3HardenedMain: Final process, opening VBoxDrv...
1f68.dc: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000a00000 LB 0x400000)
1f68.dc: supR3HardNtEnableThreadCreation:
1f68.dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxSupLib.dll)
1f68.dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxSupLib.dll
1f68.dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1f68.dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxSupLib.dll [lacks WinVerifyTrust]
1f68.dc: supR3HardenedDllNotificationCallback: load 00007ff9b3a80000 LB 0x00005000 C:\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxSupLib.DLL [fFlags=0x0]
1f68.dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxSupLib.dll [lacks WinVerifyTrust]
1f68.dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxSupLib.dll [lacks WinVerifyTrust]
1f68.dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1f68.dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b3a80000 'C:\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxSupLib.DLL'
1f68.dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxSupLib.dll [lacks WinVerifyTrust]
1f68.dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1f68.dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b3a80000 'C:\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxSupLib.DLL'
1f68.dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b3a80000 'C:\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxSupLib.DLL'
1f68.dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1f68.dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
1f68.dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
1f68.dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
1f68.dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
1f68.dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
1f68.dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1f68.dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1f68.dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
1f68.dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
1f68.dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1f68.dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1f68.dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'msasn1.dll'.
1f68.dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
1f68.dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
1f68.dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
1f68.dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
1f68.dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
1f68.dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
1f68.dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1f68.dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1f68.dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
1f68.dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
1f68.dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
1f68.dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
1f68.dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
1f68.dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1f68.dc: supR3HardenedDllNotificationCallback: load 00007ff9b7230000 LB 0x0009d000 C:\Windows\System32\msvcrt.dll [fFlags=0x0]
1f68.dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1f68.dc: supR3HardenedDllNotificationCallback: load 00007ff9b5f50000 LB 0x00012000 C:\Windows\System32\MSASN1.dll [fFlags=0x0]
1f68.dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
1f68.dc: supR3HardenedDllNotificationCallback: load 00007ff9b6f10000 LB 0x000f6000 C:\Windows\System32\ucrtbase.dll [fFlags=0x0]
1f68.dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll)
1f68.dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll
1f68.dc: supR3HardenedDllNotificationCallback: load 00007ff9b6cc0000 LB 0x001ce000 C:\Windows\System32\CRYPT32.dll [fFlags=0x0]
1f68.dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1f68.dc: supR3HardenedDllNotificationCallback: load 00007ff9b73b0000 LB 0x0011f000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0]
1f68.dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1f68.dc: supR3HardenedDllNotificationCallback: load 00007ff9b96a0000 LB 0x0005b000 C:\Windows\System32\sechost.dll [fFlags=0x0]
1f68.dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1f68.dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
1f68.dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
1f68.dc: supR3HardenedDllNotificationCallback: load 00007ff9b98f0000 LB 0x000a1000 C:\Windows\System32\advapi32.dll [fFlags=0x0]
1f68.dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1f68.dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
1f68.dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
1f68.dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
1f68.dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
1f68.dc: supR3HardenedDllNotificationCallback: load 00007ff9b6ac0000 LB 0x00058000 C:\Windows\System32\Wintrust.dll [fFlags=0x0]
1f68.dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1f68.dc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1f68.dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b6750000 'api-ms-win-core-synch-l1-2-0'
1f68.dc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1f68.dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b6750000 'api-ms-win-core-fibers-l1-1-1'
1f68.dc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1f68.dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b6750000 'api-ms-win-core-fibers-l1-1-1'
1f68.dc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1f68.dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b6750000 'api-ms-win-core-synch-l1-2-0'
1f68.dc: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
1f68.dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b6750000 'api-ms-win-core-localization-l1-2-1'
1f68.dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b6ac0000 'C:\Windows\system32\Wintrust.dll'
1f68.dc: supHardenedWinVerifyImageByHandle: -> -626 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
1f68.dc: Error (rc=0):
1f68.dc: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume4\Windows\System32\bcrypt.dll: Grown load config (244 to 256 bytes) includes non-zero bytes: 00 00 00 00 60 a9 01 80 01 00 00 00
1f68.dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
1f68.dc: Error (rc=0):
1f68.dc: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\bcrypt.dll' (C:\Windows\system32\bcrypt.dll): rcNt=0xc0000190
1f68.dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\bcrypt.dll'
1f68.dc: Warning! Failed to load bcrypt.dll
1f68.dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1f68.dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1f68.dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1f68.dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1f68.dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
1f68.dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
1f68.dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
1f68.dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1f68.dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1f68.dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1f68.dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1f68.dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1f68.dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1f68.dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1f68.dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b6ac0000 'C:\Windows\System32\WINTRUST.DLL'
1f68.dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1f68.dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1f68.dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b6ac0000 'C:\Windows\System32\WINTRUST.DLL'
1f68.dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1f68.dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1f68.dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b6ac0000 'C:\Windows\System32\WINTRUST.DLL'
1f68.dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1f68.dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1f68.dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b6ac0000 'C:\Windows\System32\WINTRUST.DLL'
1f68.dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1f68.dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1f68.dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b6ac0000 'C:\Windows\System32\WINTRUST.DLL'
1f68.dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1f68.dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1f68.dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b6ac0000 'C:\Windows\System32\WINTRUST.DLL'
1f68.dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1f68.dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1f68.dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9b6ac0000 'C:\Windows\System32\WINTRUST.DLL'
1f68.dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
1f68.dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
1f68.dc: supR3HardenedDllNotificationCallback: load 00007ff9b5980000 LB 0x00017000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
1f68.dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
1f68.dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
1f68.dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
1f68.dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
1f68.dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1f68.dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1f68.dc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -626 (0xfffffd8e)) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1f68.dc: Error (rc=0):
1f68.dc: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
1f68.dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
1f68.dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1f68.dc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status -626 (0xfffffd8e)) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1f68.dc: Error (rc=0):
1f68.dc: supR3HardenedScreenImage/NtCreateSection: cached rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x10 fAccess=0xf cHits=2 \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
1f68.dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\rsaenh.dll'
1f68.dc: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x8 (<NULL>) on '\Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe'
1f68.dc: Error -22919 in VBoxHeadless! (enmWhat=1)
1f68.dc: WinVerifyTrust failed on stub executable: WinVerifyTrust failed with hrc=Unknown Status 0x8 on '\Device\HarddiskVolume4\TCPU68\Programm\VirtualBox\Portable-VirtualBox\app64\VBoxHeadless.exe'
14d8.1980: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 125 ms, the end);
e4c.5f4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 597 ms, the end);
15a4.f9c: Terminating the normal way: rcExit=0

</div>