13cc.c50: Log file opened: 6.1.16r140961 g_hStartupLog=0000000000000088 g_uNtVerCombined=0xa047bb00 13cc.c50: \SystemRoot\System32\ntdll.dll: 13cc.c50: CreationTime: 2020-12-22T15:16:15.589182900Z 13cc.c50: LastWriteTime: 2020-12-22T15:16:15.677751500Z 13cc.c50: ChangeTime: 2020-12-22T15:29:09.655030500Z 13cc.c50: FileAttributes: 0x20 13cc.c50: Size: 0x1e8058 13cc.c50: NT Headers: 0xd8 13cc.c50: Timestamp: 0x103a4719 13cc.c50: Machine: 0x8664 - amd64 13cc.c50: Timestamp: 0x103a4719 13cc.c50: Image Version: 10.0 13cc.c50: SizeOfImage: 0x1f0000 (2031616) 13cc.c50: Resource Dir: 0x17f000 LB 0x6f3b8 13cc.c50: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 13cc.c50: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)] 13cc.c50: ProductName: Microsoft® Windows® Operating System 13cc.c50: ProductVersion: 10.0.18362.1171 13cc.c50: FileVersion: 10.0.18362.1171 (WinBuild.160101.0800) 13cc.c50: FileDescription: NT Layer DLL 13cc.c50: \SystemRoot\System32\kernel32.dll: 13cc.c50: CreationTime: 2020-11-09T10:57:30.590888200Z 13cc.c50: LastWriteTime: 2020-11-09T10:57:30.623754500Z 13cc.c50: ChangeTime: 2020-12-22T15:18:41.666208400Z 13cc.c50: FileAttributes: 0x20 13cc.c50: Size: 0xb04a0 13cc.c50: NT Headers: 0xf8 13cc.c50: Timestamp: 0x2d28261f 13cc.c50: Machine: 0x8664 - amd64 13cc.c50: Timestamp: 0x2d28261f 13cc.c50: Image Version: 10.0 13cc.c50: SizeOfImage: 0xb2000 (729088) 13cc.c50: Resource Dir: 0xb0000 LB 0x520 13cc.c50: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 13cc.c50: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 13cc.c50: ProductName: Microsoft® Windows® Operating System 13cc.c50: ProductVersion: 10.0.18362.1110 13cc.c50: FileVersion: 10.0.18362.1110 (WinBuild.160101.0800) 13cc.c50: FileDescription: Windows NT BASE API Client DLL 13cc.c50: \SystemRoot\System32\KernelBase.dll: 13cc.c50: CreationTime: 2020-12-22T15:16:18.184153900Z 13cc.c50: LastWriteTime: 2020-12-22T15:16:18.328616600Z 13cc.c50: ChangeTime: 2020-12-22T15:29:08.780149000Z 13cc.c50: FileAttributes: 0x20 13cc.c50: Size: 0x2a5c88 13cc.c50: NT Headers: 0x100 13cc.c50: Timestamp: 0x71e81044 13cc.c50: Machine: 0x8664 - amd64 13cc.c50: Timestamp: 0x71e81044 13cc.c50: Image Version: 10.0 13cc.c50: SizeOfImage: 0x2a5000 (2772992) 13cc.c50: Resource Dir: 0x27f000 LB 0x548 13cc.c50: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 13cc.c50: [Raw version resource data: 0x27f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 13cc.c50: ProductName: Microsoft® Windows® Operating System 13cc.c50: ProductVersion: 10.0.18362.1237 13cc.c50: FileVersion: 10.0.18362.1237 (WinBuild.160101.0800) 13cc.c50: FileDescription: Windows NT BASE API Client DLL 13cc.c50: \SystemRoot\System32\apisetschema.dll: 13cc.c50: CreationTime: 2019-03-19T04:43:54.837151500Z 13cc.c50: LastWriteTime: 2019-03-19T04:43:54.837151500Z 13cc.c50: ChangeTime: 2020-12-22T15:18:41.621562500Z 13cc.c50: FileAttributes: 0x20 13cc.c50: Size: 0x1d028 13cc.c50: NT Headers: 0xc8 13cc.c50: Timestamp: 0xd6ced080 13cc.c50: Machine: 0x8664 - amd64 13cc.c50: Timestamp: 0xd6ced080 13cc.c50: Image Version: 10.0 13cc.c50: SizeOfImage: 0x1e000 (122880) 13cc.c50: Resource Dir: 0x1d000 LB 0x408 13cc.c50: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 13cc.c50: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 13cc.c50: ProductName: Microsoft® Windows® Operating System 13cc.c50: ProductVersion: 10.0.18362.1 13cc.c50: FileVersion: 10.0.18362.1 (WinBuild.160101.0800) 13cc.c50: FileDescription: ApiSet Schema DLL 13cc.c50: NtOpenDirectoryObject failed on \Driver: 0xc0000022 13cc.c50: supR3HardenedWinFindAdversaries: 0x0 13cc.c50: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 13cc.c50: Calling main() 13cc.c50: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0 13cc.c50: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 13cc.c50: SUPR3HardenedMain: Respawn #1 13cc.c50: System32: \Device\HarddiskVolume3\Windows\System32 13cc.c50: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 13cc.c50: KnownDllPath: C:\windows\System32 13cc.c50: supR3HardenedWinInit: Performing a limited self purification... 13cc.c50: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION 13cc.c50: *0000000000000000-0000000000dfffff 0x0001/0x0000 0x0000000 13cc.c50: *0000000000e00000-0000000000e85fff 0x0000/0x0004 0x0020000 13cc.c50: 0000000000e86000-0000000000e88fff 0x0004/0x0004 0x0020000 13cc.c50: 0000000000e89000-0000000000ffffff 0x0000/0x0004 0x0020000 13cc.c50: *0000000001000000-000000000100ffff 0x0004/0x0004 0x0040000 13cc.c50: 0000000001010000-000000000101ffff 0x0001/0x0000 0x0000000 13cc.c50: *0000000001020000-000000000103afff 0x0002/0x0002 0x0040000 13cc.c50: 000000000103b000-000000000103ffff 0x0001/0x0000 0x0000000 13cc.c50: *0000000001040000-00000000010f8fff 0x0000/0x0004 0x0020000 13cc.c50: 00000000010f9000-00000000010fbfff 0x0104/0x0004 0x0020000 13cc.c50: 00000000010fc000-000000000113ffff 0x0004/0x0004 0x0020000 13cc.c50: *0000000001140000-0000000001143fff 0x0002/0x0002 0x0040000 13cc.c50: 0000000001144000-000000000114ffff 0x0001/0x0000 0x0000000 13cc.c50: *0000000001150000-0000000001151fff 0x0004/0x0004 0x0020000 13cc.c50: 0000000001152000-000000000115ffff 0x0001/0x0000 0x0000000 13cc.c50: *0000000001160000-0000000001161fff 0x0004/0x0004 0x0020000 13cc.c50: 0000000001162000-0000000001191fff 0x0000/0x0004 0x0020000 13cc.c50: 0000000001192000-00000000011affff 0x0001/0x0000 0x0000000 13cc.c50: *00000000011b0000-00000000011b6fff 0x0004/0x0004 0x0020000 13cc.c50: 00000000011b7000-00000000012affff 0x0000/0x0004 0x0020000 13cc.c50: *00000000012b0000-0000000001376fff 0x0002/0x0002 0x0040000 13cc.c50: 0000000001377000-000000000137ffff 0x0001/0x0000 0x0000000 13cc.c50: *0000000001380000-000000000139cfff 0x0004/0x0004 0x0020000 13cc.c50: 000000000139d000-000000000147ffff 0x0000/0x0004 0x0020000 13cc.c50: 0000000001480000-000000000153ffff 0x0001/0x0000 0x0000000 13cc.c50: *0000000001540000-000000000154efff 0x0004/0x0004 0x0020000 13cc.c50: 000000000154f000-000000000154ffff 0x0000/0x0004 0x0020000 13cc.c50: *0000000001550000-000000000155bfff 0x0000/0x0004 0x0020000 13cc.c50: 000000000155c000-000000000174cfff 0x0004/0x0004 0x0020000 13cc.c50: 000000000174d000-000000000174dfff 0x0000/0x0004 0x0020000 13cc.c50: 000000000174e000-000000007ffdffff 0x0001/0x0000 0x0000000 13cc.c50: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 13cc.c50: 000000007ffe1000-000000007ffe9fff 0x0001/0x0000 0x0000000 13cc.c50: *000000007ffea000-000000007ffeafff 0x0002/0x0002 0x0020000 13cc.c50: 000000007ffeb000-00007ff40368ffff 0x0001/0x0000 0x0000000 13cc.c50: *00007ff403690000-00007ff403694fff 0x0002/0x0002 0x0040000 13cc.c50: 00007ff403695000-00007ff40378ffff 0x0000/0x0002 0x0040000 13cc.c50: *00007ff403790000-00007ff5037affff 0x0000/0x0004 0x0020000 13cc.c50: *00007ff5037b0000-00007ff5057affff 0x0000/0x0004 0x0020000 13cc.c50: 00007ff5057b0000-00007ff5057b0fff 0x0004/0x0004 0x0020000 13cc.c50: 00007ff5057b1000-00007ff5057bffff 0x0001/0x0000 0x0000000 13cc.c50: *00007ff5057c0000-00007ff5057c0fff 0x0002/0x0002 0x0040000 13cc.c50: 00007ff5057c1000-00007ff5057cffff 0x0001/0x0000 0x0000000 13cc.c50: *00007ff5057d0000-00007ff5057f2fff 0x0002/0x0002 0x0040000 13cc.c50: 00007ff5057f3000-00007ff6fe4bffff 0x0001/0x0000 0x0000000 13cc.c50: *00007ff6fe4c0000-00007ff6fe4c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 13cc.c50: 00007ff6fe4c1000-00007ff6fe537fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 13cc.c50: 00007ff6fe538000-00007ff6fe538fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 13cc.c50: 00007ff6fe539000-00007ff6fe581fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 13cc.c50: 00007ff6fe582000-00007ff6fe584fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 13cc.c50: 00007ff6fe585000-00007ff6fe587fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 13cc.c50: 00007ff6fe588000-00007ff6fe58afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 13cc.c50: 00007ff6fe58b000-00007ff6fe58bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 13cc.c50: 00007ff6fe58c000-00007ff6fe58dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 13cc.c50: 00007ff6fe58e000-00007ff6fe58efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 13cc.c50: 00007ff6fe58f000-00007ff6fe5d7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 13cc.c50: 00007ff6fe5d8000-00007ff8fc43ffff 0x0001/0x0000 0x0000000 13cc.c50: *00007ff8fc440000-00007ff8fc440fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 13cc.c50: 00007ff8fc441000-00007ff8fc546fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 13cc.c50: 00007ff8fc547000-00007ff8fc6a9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 13cc.c50: 00007ff8fc6aa000-00007ff8fc6adfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 13cc.c50: 00007ff8fc6ae000-00007ff8fc6aefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 13cc.c50: 00007ff8fc6af000-00007ff8fc6e4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 13cc.c50: 00007ff8fc6e5000-00007ff8fe79ffff 0x0001/0x0000 0x0000000 13cc.c50: *00007ff8fe7a0000-00007ff8fe7a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 13cc.c50: 00007ff8fe7a1000-00007ff8fe815fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 13cc.c50: 00007ff8fe816000-00007ff8fe847fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 13cc.c50: 00007ff8fe848000-00007ff8fe848fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 13cc.c50: 00007ff8fe849000-00007ff8fe849fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 13cc.c50: 00007ff8fe84a000-00007ff8fe851fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll 13cc.c50: 00007ff8fe852000-00007ff8fe89ffff 0x0001/0x0000 0x0000000 13cc.c50: *00007ff8fe8a0000-00007ff8fe8a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 13cc.c50: 00007ff8fe8a1000-00007ff8fe9b7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 13cc.c50: 00007ff8fe9b8000-00007ff8fe9fefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 13cc.c50: 00007ff8fe9ff000-00007ff8fe9fffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 13cc.c50: 00007ff8fea00000-00007ff8fea01fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 13cc.c50: 00007ff8fea02000-00007ff8fea0afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 13cc.c50: 00007ff8fea0b000-00007ff8fea8ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 13cc.c50: 00007ff8fea90000-00007ffffffeffff 0x0001/0x0000 0x0000000 13cc.c50: kernel32.dll: timestamp 0x2d28261f (rc=VINF_SUCCESS) 13cc.c50: kernelbase.dll: timestamp 0x71e81044 (rc=VINF_SUCCESS) 13cc.c50: VBoxHeadless.exe: timestamp 0x5f89bd70 (rc=VINF_SUCCESS) 13cc.c50: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202 13cc.c50: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 13cc.c50: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 13cc.c50: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0 13cc.c50: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202 13cc.c50: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 13cc.c50: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe) 13cc.c50: supR3HardNtEnableThreadCreationEx: 13cc.c50: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8fe911df0 pvNtTerminateThread=00007ff8fe93d140 13cc.c50: supR3HardenedWinDoReSpawn(1): New child a20.2450 [kernel32]. 13cc.c50: supR3HardNtChildGatherData: PebBaseAddress=000000000093b000 cbPeb=0x388 13cc.c50: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff8fe8a0000 uNtDllChildAddr=00007ff8fe8a0000 13cc.c50: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff8fe911df0 13cc.c50: supR3HardenedWinSetupChildInit: Initial context: rax=0000000000000000 rbx=0000000000000000 rcx=00007ff6fe4c7740 rdx=000000000093b000 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000 rip=00007ff8fe90d4b0 rsp=000000000074f9b8 rbp=0000000000000000 ctxflags=0010001b cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000 13cc.c50: supR3HardenedWinSetupChildInit: Start child. 13cc.c50: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 13cc.c50: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 16 sleeps 13cc.c50: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 13cc.c50: *0000000000000000-000000000060ffff 0x0001/0x0000 0x0000000 13cc.c50: *0000000000610000-000000000062ffff 0x0004/0x0004 0x0020000 13cc.c50: *0000000000630000-000000000064afff 0x0002/0x0002 0x0040000 13cc.c50: 000000000064b000-000000000064ffff 0x0001/0x0000 0x0000000 13cc.c50: *0000000000650000-000000000074afff 0x0000/0x0004 0x0020000 13cc.c50: 000000000074b000-000000000074dfff 0x0104/0x0004 0x0020000 13cc.c50: 000000000074e000-000000000074ffff 0x0004/0x0004 0x0020000 13cc.c50: *0000000000750000-0000000000753fff 0x0002/0x0002 0x0040000 13cc.c50: 0000000000754000-000000000075ffff 0x0001/0x0000 0x0000000 13cc.c50: *0000000000760000-0000000000761fff 0x0004/0x0004 0x0020000 13cc.c50: 0000000000762000-00000000007fffff 0x0001/0x0000 0x0000000 13cc.c50: *0000000000800000-000000000093afff 0x0000/0x0004 0x0020000 13cc.c50: 000000000093b000-000000000093dfff 0x0004/0x0004 0x0020000 13cc.c50: 000000000093e000-00000000009fffff 0x0000/0x0004 0x0020000 13cc.c50: 0000000000a00000-000000007ffdffff 0x0001/0x0000 0x0000000 13cc.c50: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 13cc.c50: 000000007ffe1000-000000007ffe9fff 0x0001/0x0000 0x0000000 13cc.c50: *000000007ffea000-000000007ffeafff 0x0002/0x0002 0x0020000 13cc.c50: 000000007ffeb000-00007ff5c99cffff 0x0001/0x0000 0x0000000 13cc.c50: *00007ff5c99d0000-00007ff5c99d0fff 0x0002/0x0002 0x0040000 13cc.c50: 00007ff5c99d1000-00007ff5c99dffff 0x0001/0x0000 0x0000000 13cc.c50: *00007ff5c99e0000-00007ff5c9a02fff 0x0002/0x0002 0x0040000 13cc.c50: 00007ff5c9a03000-00007ff6fe4bffff 0x0001/0x0000 0x0000000 13cc.c50: *00007ff6fe4c0000-00007ff6fe4c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 13cc.c50: 00007ff6fe4c1000-00007ff6fe537fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 13cc.c50: 00007ff6fe538000-00007ff6fe538fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 13cc.c50: 00007ff6fe539000-00007ff6fe581fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 13cc.c50: 00007ff6fe582000-00007ff6fe582fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 13cc.c50: 00007ff6fe583000-00007ff6fe583fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 13cc.c50: 00007ff6fe584000-00007ff6fe588fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 13cc.c50: 00007ff6fe589000-00007ff6fe589fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 13cc.c50: 00007ff6fe58a000-00007ff6fe58afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 13cc.c50: 00007ff6fe58b000-00007ff6fe58efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 13cc.c50: 00007ff6fe58f000-00007ff6fe5d7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 13cc.c50: 00007ff6fe5d8000-00007ff8fe89ffff 0x0001/0x0000 0x0000000 13cc.c50: *00007ff8fe8a0000-00007ff8fe8a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 13cc.c50: 00007ff8fe8a1000-00007ff8fe9b7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 13cc.c50: 00007ff8fe9b8000-00007ff8fe9fefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 13cc.c50: 00007ff8fe9ff000-00007ff8fea0afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 13cc.c50: 00007ff8fea0b000-00007ff8fea19fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 13cc.c50: 00007ff8fea1a000-00007ff8fea1afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 13cc.c50: 00007ff8fea1b000-00007ff8fea1dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 13cc.c50: 00007ff8fea1e000-00007ff8fea8ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 13cc.c50: 00007ff8fea90000-00007ffffffeffff 0x0001/0x0000 0x0000000 13cc.c50: supR3HardNtChildPurify: Done after 265 ms and 0 fixes (loop #0). a20.2450: Log file opened: 6.1.16r140961 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa047bb00 a20.2450: supR3HardenedVmProcessInit: uNtDllAddr=00007ff8fe8a0000 g_uNtVerCombined=0xa047bb00 (stack ~000000000074f448) a20.2450: ntdll.dll: timestamp 0x103a4719 (rc=VINF_SUCCESS) a20.2450: New simple heap: #1 0000000000b00000 LB 0x400000 (for 2031616 allocation) 13cc.c50: supR3HardNtEnableThreadCreationEx: a20.2450: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' a20.2450: System32: \Device\HarddiskVolume3\Windows\System32 a20.2450: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS a20.2450: KnownDllPath: C:\windows\System32 a20.2450: supR3HardenedVmProcessInit: Opening vboxdrv stub... a20.2450: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... a20.2450: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... a20.2450: Registered Dll notification callback with NTDLL. a20.2450: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll) a20.2450: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll a20.2450: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] a20.2450: supR3HardenedDllNotificationCallback: load 00007ff8fc440000 LB 0x002a5000 C:\windows\System32\KERNELBASE.dll [fFlags=0x0] a20.2450: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll) a20.2450: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll a20.2450: supR3HardenedDllNotificationCallback: load 00007ff8fe7a0000 LB 0x000b2000 C:\windows\System32\KERNEL32.DLL [fFlags=0x0] a20.2450: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] a20.2450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fe7a0000 'C:\windows\System32\KERNEL32.DLL' a20.2450: supR3HardenedDllNotificationCallback: load 00007ff6fe4c0000 LB 0x00118000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0] a20.2450: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202 a20.2450: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports a20.2450: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe) a20.2450: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe a20.2450: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8fe911df0 pvNtTerminateThread=00007ff8fe93d140 13cc.c50: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 92 ms. a20.2450: \SystemRoot\System32\ntdll.dll: a20.2450: CreationTime: 2020-12-22T15:16:15.589182900Z a20.2450: LastWriteTime: 2020-12-22T15:16:15.677751500Z a20.2450: ChangeTime: 2020-12-22T15:29:09.655030500Z a20.2450: FileAttributes: 0x20 a20.2450: Size: 0x1e8058 a20.2450: NT Headers: 0xd8 a20.2450: Timestamp: 0x103a4719 a20.2450: Machine: 0x8664 - amd64 a20.2450: Timestamp: 0x103a4719 a20.2450: Image Version: 10.0 a20.2450: SizeOfImage: 0x1f0000 (2031616) a20.2450: Resource Dir: 0x17f000 LB 0x6f3b8 a20.2450: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] a20.2450: [Raw version resource data: 0x17f0f0 LB 0x380, codepage 0x0 (reserved 0x0)] a20.2450: ProductName: Microsoft® Windows® Operating System a20.2450: ProductVersion: 10.0.18362.1171 a20.2450: FileVersion: 10.0.18362.1171 (WinBuild.160101.0800) a20.2450: FileDescription: NT Layer DLL a20.2450: \SystemRoot\System32\kernel32.dll: a20.2450: CreationTime: 2020-11-09T10:57:30.590888200Z a20.2450: LastWriteTime: 2020-11-09T10:57:30.623754500Z a20.2450: ChangeTime: 2020-12-22T15:18:41.666208400Z a20.2450: FileAttributes: 0x20 a20.2450: Size: 0xb04a0 a20.2450: NT Headers: 0xf8 a20.2450: Timestamp: 0x2d28261f a20.2450: Machine: 0x8664 - amd64 a20.2450: Timestamp: 0x2d28261f a20.2450: Image Version: 10.0 a20.2450: SizeOfImage: 0xb2000 (729088) a20.2450: Resource Dir: 0xb0000 LB 0x520 a20.2450: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] a20.2450: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] a20.2450: ProductName: Microsoft® Windows® Operating System a20.2450: ProductVersion: 10.0.18362.1110 a20.2450: FileVersion: 10.0.18362.1110 (WinBuild.160101.0800) a20.2450: FileDescription: Windows NT BASE API Client DLL a20.2450: \SystemRoot\System32\KernelBase.dll: a20.2450: CreationTime: 2020-12-22T15:16:18.184153900Z a20.2450: LastWriteTime: 2020-12-22T15:16:18.328616600Z a20.2450: ChangeTime: 2020-12-22T15:29:08.780149000Z a20.2450: FileAttributes: 0x20 a20.2450: Size: 0x2a5c88 a20.2450: NT Headers: 0x100 a20.2450: Timestamp: 0x71e81044 a20.2450: Machine: 0x8664 - amd64 a20.2450: Timestamp: 0x71e81044 a20.2450: Image Version: 10.0 a20.2450: SizeOfImage: 0x2a5000 (2772992) a20.2450: Resource Dir: 0x27f000 LB 0x548 a20.2450: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] a20.2450: [Raw version resource data: 0x27f0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] a20.2450: ProductName: Microsoft® Windows® Operating System a20.2450: ProductVersion: 10.0.18362.1237 a20.2450: FileVersion: 10.0.18362.1237 (WinBuild.160101.0800) a20.2450: FileDescription: Windows NT BASE API Client DLL a20.2450: \SystemRoot\System32\apisetschema.dll: a20.2450: CreationTime: 2019-03-19T04:43:54.837151500Z a20.2450: LastWriteTime: 2019-03-19T04:43:54.837151500Z a20.2450: ChangeTime: 2020-12-22T15:18:41.621562500Z a20.2450: FileAttributes: 0x20 a20.2450: Size: 0x1d028 a20.2450: NT Headers: 0xc8 a20.2450: Timestamp: 0xd6ced080 a20.2450: Machine: 0x8664 - amd64 a20.2450: Timestamp: 0xd6ced080 a20.2450: Image Version: 10.0 a20.2450: SizeOfImage: 0x1e000 (122880) a20.2450: Resource Dir: 0x1d000 LB 0x408 a20.2450: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] a20.2450: [Raw version resource data: 0x1d060 LB 0x3a8, codepage 0x0 (reserved 0x0)] a20.2450: ProductName: Microsoft® Windows® Operating System a20.2450: ProductVersion: 10.0.18362.1 a20.2450: FileVersion: 10.0.18362.1 (WinBuild.160101.0800) a20.2450: FileDescription: ApiSet Schema DLL a20.2450: NtOpenDirectoryObject failed on \Driver: 0xc0000022 a20.2450: supR3HardenedWinFindAdversaries: 0x0 a20.2450: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' a20.2450: Calling main() a20.2450: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0 a20.2450: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' a20.2450: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe: Signature #1/2: info status: 24202 a20.2450: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports a20.2450: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe) a20.2450: SUPR3HardenedMain: Respawn #2 a20.2450: supR3HardNtEnableThreadCreationEx: a20.2450: supR3HardenedDllNotificationCallback: load 00007ff8fce20000 LB 0x00120000 C:\windows\System32\RPCRT4.dll [fFlags=0x0] a20.2450: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll) a20.2450: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll a20.2450: supR3HardenedDllNotificationCallback: load 00007ff8fe370000 LB 0x00097000 C:\windows\System32\sechost.dll [fFlags=0x0] a20.2450: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. a20.2450: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll) a20.2450: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll a20.2450: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports a20.2450: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdll.dll) a20.2450: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdll.dll a20.2450: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... a20.2450: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] a20.2450: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] a20.2450: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] a20.2450: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8fe8a0000 'C:\windows\System32\ntdll.dll' a20.2450: Error -104 in supR3HardenedWinReSpawn! (enmWhat=5) a20.2450: Error relaunching VirtualBox VM process: 5 Command line: '60eaff78-4bdd-042d-2e72-669728efd737-suplib-3rdchild --comment Bahmni --startvm 94b224cf-5b1f-4233-862a-acc26b941c8c --vrde config "--sup-hardening-log=C:\Users\intadmin\VirtualBox VMs\Bahmni\Logs\VBoxHardening.log"' 13cc.c50: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 78 ms, the end);