23ec.25f8: Log file opened: 5.2.12r122591 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa042ee00 23ec.25f8: \SystemRoot\System32\ntdll.dll: 23ec.25f8: CreationTime: 2018-04-11T23:34:22.383017500Z 23ec.25f8: LastWriteTime: 2018-04-11T23:34:22.383017500Z 23ec.25f8: ChangeTime: 2018-05-20T23:18:05.754169300Z 23ec.25f8: FileAttributes: 0x20 23ec.25f8: Size: 0x1db2c0 23ec.25f8: NT Headers: 0xe8 23ec.25f8: Timestamp: 0x207580e2 23ec.25f8: Machine: 0x8664 - amd64 23ec.25f8: Timestamp: 0x207580e2 23ec.25f8: Image Version: 10.0 23ec.25f8: SizeOfImage: 0x1e1000 (1970176) 23ec.25f8: Resource Dir: 0x174000 LB 0x6b338 23ec.25f8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 23ec.25f8: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)] 23ec.25f8: ProductName: Microsoft® Windows® Operating System 23ec.25f8: ProductVersion: 10.0.17134.1 23ec.25f8: FileVersion: 10.0.17134.1 (WinBuild.160101.0800) 23ec.25f8: FileDescription: NT Layer DLL 23ec.25f8: \SystemRoot\System32\kernel32.dll: 23ec.25f8: CreationTime: 2018-04-11T23:34:40.510607900Z 23ec.25f8: LastWriteTime: 2018-04-11T23:34:40.510607900Z 23ec.25f8: ChangeTime: 2018-05-20T23:18:04.561204000Z 23ec.25f8: FileAttributes: 0x20 23ec.25f8: Size: 0xafef8 23ec.25f8: NT Headers: 0xe8 23ec.25f8: Timestamp: 0x5f488a51 23ec.25f8: Machine: 0x8664 - amd64 23ec.25f8: Timestamp: 0x5f488a51 23ec.25f8: Image Version: 10.0 23ec.25f8: SizeOfImage: 0xb2000 (729088) 23ec.25f8: Resource Dir: 0xb0000 LB 0x520 23ec.25f8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 23ec.25f8: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 23ec.25f8: ProductName: Microsoft® Windows® Operating System 23ec.25f8: ProductVersion: 10.0.17134.1 23ec.25f8: FileVersion: 10.0.17134.1 (WinBuild.160101.0800) 23ec.25f8: FileDescription: Windows NT BASE API Client DLL 23ec.25f8: \SystemRoot\System32\KernelBase.dll: 23ec.25f8: CreationTime: 2018-04-11T23:34:20.976649600Z 23ec.25f8: LastWriteTime: 2018-04-11T23:34:20.976649600Z 23ec.25f8: ChangeTime: 2018-05-20T23:18:05.535507800Z 23ec.25f8: FileAttributes: 0x20 23ec.25f8: Size: 0x2731d0 23ec.25f8: NT Headers: 0xf8 23ec.25f8: Timestamp: 0x701ca188 23ec.25f8: Machine: 0x8664 - amd64 23ec.25f8: Timestamp: 0x701ca188 23ec.25f8: Image Version: 10.0 23ec.25f8: SizeOfImage: 0x273000 (2568192) 23ec.25f8: Resource Dir: 0x251000 LB 0x548 23ec.25f8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 23ec.25f8: [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 23ec.25f8: ProductName: Microsoft® Windows® Operating System 23ec.25f8: ProductVersion: 10.0.17134.1 23ec.25f8: FileVersion: 10.0.17134.1 (WinBuild.160101.0800) 23ec.25f8: FileDescription: Windows NT BASE API Client DLL 23ec.25f8: \SystemRoot\System32\apisetschema.dll: 23ec.25f8: CreationTime: 2018-04-11T23:34:44.042150700Z 23ec.25f8: LastWriteTime: 2018-04-11T23:34:44.042150700Z 23ec.25f8: ChangeTime: 2018-05-20T21:47:41.732351200Z 23ec.25f8: FileAttributes: 0x20 23ec.25f8: Size: 0x1bd98 23ec.25f8: NT Headers: 0xd0 23ec.25f8: Timestamp: 0xd02ff418 23ec.25f8: Machine: 0x8664 - amd64 23ec.25f8: Timestamp: 0xd02ff418 23ec.25f8: Image Version: 10.0 23ec.25f8: SizeOfImage: 0x1c000 (114688) 23ec.25f8: Resource Dir: 0x1b000 LB 0x408 23ec.25f8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 23ec.25f8: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 23ec.25f8: ProductName: Microsoft® Windows® Operating System 23ec.25f8: ProductVersion: 10.0.17134.1 23ec.25f8: FileVersion: 10.0.17134.1 (WinBuild.160101.0800) 23ec.25f8: FileDescription: ApiSet Schema DLL 23ec.25f8: NtOpenDirectoryObject failed on \Driver: 0xc0000022 23ec.25f8: supR3HardenedWinFindAdversaries: 0x0 23ec.25f8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 23ec.25f8: Calling main() 23ec.25f8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x3 23ec.25f8: supR3HardenedWinInitAppBin(0x3): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 23ec.25f8: System32: \Device\HarddiskVolume3\Windows\System32 23ec.25f8: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 23ec.25f8: KnownDllPath: C:\WINDOWS\System32 23ec.25f8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 23ec.25f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe) 23ec.25f8: supR3HardNtEnableThreadCreation: 23ec.25f8: bcrypt.dll loaded at 00007ff8797c0000, BCryptOpenAlgorithmProvider at 00007ff8797c2770, preloading providers: 23ec.25f8: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000c51b00) 23ec.25f8: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000c52020) 23ec.25f8: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000c522f0) 23ec.25f8: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000c525c0) 23ec.25f8: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000c52890) 23ec.25f8: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000c52b60) 23ec.25f8: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000c52e30) 23ec.25f8: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000c53100) 23ec.25f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll 23ec.25f8: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000001825e00 23ec.25f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001825e00 23ec.25f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=98003193C3DABFC8058E41BA6C80A93085D521AF 23ec.25f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0015~31bf3856ad364e35~amd64~~10.0.17134.1.cat'; file='\SystemRoot\System32\ntdll.dll' 23ec.25f8: g_pfnWinVerifyTrust=00007ff87aa69940 23ec.25f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'msasn1.dll'. 23ec.25f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll) WinVerifyTrust 23ec.25f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll 23ec.25f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 23ec.25f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'. 23ec.25f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'. 23ec.25f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'. 23ec.25f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll) WinVerifyTrust 23ec.25f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0xecd7788fafb7e400 OU=generated by AVG Antivirus for SSL/TLS scanning, O=AVG Web/Mail Shield, CN=AVG Web/Mail Shield Root 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x6c10e5fce090b300 CN=Warsaw Personal CA 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0xe991ee72b03db500 C=US, O=Symantec Corporation, CN=Symantec Enterprise Mobile Root for Microsoft 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp. 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc. 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x1be813c97ffb600 C=TW, O=Government Root Certification Authority 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x40e7dd0ea446ba00 C=BR, O=ICP-Brasil, OU=Instituto Nacional de Tecnologia da Informacao - ITI, CN=Autoridade Certificadora Raiz Brasileira v2 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x1b8578514b74ac00 C=US, O=WFA Hotspot 2.0, CN=Hotspot 2.0 Trust Root CA - 03 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048) 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3 23ec.25f8: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root 23ec.25f8: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=51 23ec.25f8: SUPR3HardenedMain: Load Runtime... 23ec.25f8: SUPR3HardenedMain: Load TrustedMain... 23ec.25f8: SUPR3HardenedMain: Calling TrustedMain (00007ff80d6214f0)... 1e84.3420: Log file opened: 5.2.12r122591 g_hStartupLog=0000000000000064 g_uNtVerCombined=0xa042ee00 1e84.3420: \SystemRoot\System32\ntdll.dll: 1e84.3420: CreationTime: 2018-04-11T23:34:22.383017500Z 1e84.3420: LastWriteTime: 2018-04-11T23:34:22.383017500Z 1e84.3420: ChangeTime: 2018-05-20T23:18:05.754169300Z 1e84.3420: FileAttributes: 0x20 1e84.3420: Size: 0x1db2c0 1e84.3420: NT Headers: 0xe8 1e84.3420: Timestamp: 0x207580e2 1e84.3420: Machine: 0x8664 - amd64 1e84.3420: Timestamp: 0x207580e2 1e84.3420: Image Version: 10.0 1e84.3420: SizeOfImage: 0x1e1000 (1970176) 1e84.3420: Resource Dir: 0x174000 LB 0x6b338 1e84.3420: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 1e84.3420: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)] 1e84.3420: ProductName: Microsoft® Windows® Operating System 1e84.3420: ProductVersion: 10.0.17134.1 1e84.3420: FileVersion: 10.0.17134.1 (WinBuild.160101.0800) 1e84.3420: FileDescription: NT Layer DLL 1e84.3420: \SystemRoot\System32\kernel32.dll: 1e84.3420: CreationTime: 2018-04-11T23:34:40.510607900Z 1e84.3420: LastWriteTime: 2018-04-11T23:34:40.510607900Z 1e84.3420: ChangeTime: 2018-05-20T23:18:04.561204000Z 1e84.3420: FileAttributes: 0x20 1e84.3420: Size: 0xafef8 1e84.3420: NT Headers: 0xe8 1e84.3420: Timestamp: 0x5f488a51 1e84.3420: Machine: 0x8664 - amd64 1e84.3420: Timestamp: 0x5f488a51 1e84.3420: Image Version: 10.0 1e84.3420: SizeOfImage: 0xb2000 (729088) 1e84.3420: Resource Dir: 0xb0000 LB 0x520 1e84.3420: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 1e84.3420: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 1e84.3420: ProductName: Microsoft® Windows® Operating System 1e84.3420: ProductVersion: 10.0.17134.1 1e84.3420: FileVersion: 10.0.17134.1 (WinBuild.160101.0800) 1e84.3420: FileDescription: Windows NT BASE API Client DLL 1e84.3420: \SystemRoot\System32\KernelBase.dll: 1e84.3420: CreationTime: 2018-04-11T23:34:20.976649600Z 1e84.3420: LastWriteTime: 2018-04-11T23:34:20.976649600Z 1e84.3420: ChangeTime: 2018-05-20T23:18:05.535507800Z 1e84.3420: FileAttributes: 0x20 1e84.3420: Size: 0x2731d0 1e84.3420: NT Headers: 0xf8 1e84.3420: Timestamp: 0x701ca188 1e84.3420: Machine: 0x8664 - amd64 1e84.3420: Timestamp: 0x701ca188 1e84.3420: Image Version: 10.0 1e84.3420: SizeOfImage: 0x273000 (2568192) 1e84.3420: Resource Dir: 0x251000 LB 0x548 1e84.3420: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 1e84.3420: [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 1e84.3420: ProductName: Microsoft® Windows® Operating System 1e84.3420: ProductVersion: 10.0.17134.1 1e84.3420: FileVersion: 10.0.17134.1 (WinBuild.160101.0800) 1e84.3420: FileDescription: Windows NT BASE API Client DLL 1e84.3420: \SystemRoot\System32\apisetschema.dll: 1e84.3420: CreationTime: 2018-04-11T23:34:44.042150700Z 1e84.3420: LastWriteTime: 2018-04-11T23:34:44.042150700Z 1e84.3420: ChangeTime: 2018-05-20T21:47:41.732351200Z 1e84.3420: FileAttributes: 0x20 1e84.3420: Size: 0x1bd98 1e84.3420: NT Headers: 0xd0 1e84.3420: Timestamp: 0xd02ff418 1e84.3420: Machine: 0x8664 - amd64 1e84.3420: Timestamp: 0xd02ff418 1e84.3420: Image Version: 10.0 1e84.3420: SizeOfImage: 0x1c000 (114688) 1e84.3420: Resource Dir: 0x1b000 LB 0x408 1e84.3420: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 1e84.3420: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 1e84.3420: ProductName: Microsoft® Windows® Operating System 1e84.3420: ProductVersion: 10.0.17134.1 1e84.3420: FileVersion: 10.0.17134.1 (WinBuild.160101.0800) 1e84.3420: FileDescription: ApiSet Schema DLL 1e84.3420: NtOpenDirectoryObject failed on \Driver: 0xc0000022 1e84.3420: supR3HardenedWinFindAdversaries: 0x0 1e84.3420: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 1e84.3420: Calling main() 1e84.3420: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0 1e84.3420: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 1e84.3420: SUPR3HardenedMain: Respawn #1 1e84.3420: System32: \Device\HarddiskVolume3\Windows\System32 1e84.3420: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 1e84.3420: KnownDllPath: C:\WINDOWS\System32 1e84.3420: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 1e84.3420: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe) 1e84.3420: supR3HardNtEnableThreadCreation: 1e84.3420: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff87d9c30e0 pvNtTerminateThread=00007ff87d9ea9e0 1e84.3420: supR3HardenedWinDoReSpawn(1): New child 1ff0.3668 [kernel32]. 1e84.3420: supR3HardNtChildGatherData: PebBaseAddress=0000000000715000 cbPeb=0x388 1e84.3420: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff87d950000 uNtDllChildAddr=00007ff87d950000 1e84.3420: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff87d9c30e0 1e84.3420: supR3HardenedWinSetupChildInit: Start child. 1e84.3420: Error (rc=258): 1e84.3420: Timed out after 2001 ms waiting for child request #0 (PurifyChildAndCloseHandles). 1e84.3420: Error 258 in supR3HardNtChildWaitFor! (enmWhat=5) 1e84.3420: Timed out after 2001 ms waiting for child request #0 (PurifyChildAndCloseHandles). 23ec.25f8: Terminating the normal way: rcExit=0