Code: Select all
452c.2574: Log file opened: 6.1.38r153438 g_hStartupLog=0000000000000088 g_uNtVerCombined=0xa055f000
452c.2574: \SystemRoot\System32\ntdll.dll:
452c.2574: CreationTime: 2022-09-14T12:09:50.041746800Z
452c.2574: LastWriteTime: 2022-09-14T12:09:50.087656200Z
452c.2574: ChangeTime: 2022-09-21T15:24:46.934233200Z
452c.2574: FileAttributes: 0x20
452c.2574: Size: 0x207df8
452c.2574: NT Headers: 0xe0
452c.2574: Timestamp: 0x57b668f2
452c.2574: Machine: 0x8664 - amd64
452c.2574: Timestamp: 0x57b668f2
452c.2574: Image Version: 10.0
452c.2574: SizeOfImage: 0x209000 (2134016)
452c.2574: Resource Dir: 0x194000 LB 0x73528
452c.2574: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
452c.2574: [Raw version resource data: 0x1940f0 LB 0x380, codepage 0x0 (reserved 0x0)]
452c.2574: ProductName: Microsoft® Windows® Operating System
452c.2574: ProductVersion: 10.0.22000.918
452c.2574: FileVersion: 10.0.22000.918 (WinBuild.160101.0800)
452c.2574: FileDescription: NT Layer DLL
452c.2574: \SystemRoot\System32\kernel32.dll:
452c.2574: CreationTime: 2022-06-22T11:13:06.603559500Z
452c.2574: LastWriteTime: 2022-06-22T11:13:06.634789700Z
452c.2574: ChangeTime: 2022-09-21T15:24:46.934233200Z
452c.2574: FileAttributes: 0x20
452c.2574: Size: 0xc0058
452c.2574: NT Headers: 0xf8
452c.2574: Timestamp: 0xafec8296
452c.2574: Machine: 0x8664 - amd64
452c.2574: Timestamp: 0xafec8296
452c.2574: Image Version: 10.0
452c.2574: SizeOfImage: 0xbd000 (774144)
452c.2574: Resource Dir: 0xbb000 LB 0x520
452c.2574: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
452c.2574: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
452c.2574: ProductName: Microsoft® Windows® Operating System
452c.2574: ProductVersion: 10.0.22000.708
452c.2574: FileVersion: 10.0.22000.708 (WinBuild.160101.0800)
452c.2574: FileDescription: Windows NT BASE API Client DLL
452c.2574: \SystemRoot\System32\KernelBase.dll:
452c.2574: CreationTime: 2022-09-14T12:09:50.848339100Z
452c.2574: LastWriteTime: 2022-09-14T12:09:50.964337800Z
452c.2574: ChangeTime: 2022-09-21T15:24:46.934233200Z
452c.2574: FileAttributes: 0x20
452c.2574: Size: 0x3832e8
452c.2574: NT Headers: 0xf8
452c.2574: Timestamp: 0xb42fa627
452c.2574: Machine: 0x8664 - amd64
452c.2574: Timestamp: 0xb42fa627
452c.2574: Image Version: 10.0
452c.2574: SizeOfImage: 0x37c000 (3653632)
452c.2574: Resource Dir: 0x34c000 LB 0x548
452c.2574: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
452c.2574: [Raw version resource data: 0x34c0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
452c.2574: ProductName: Microsoft® Windows® Operating System
452c.2574: ProductVersion: 10.0.22000.918
452c.2574: FileVersion: 10.0.22000.918 (WinBuild.160101.0800)
452c.2574: FileDescription: Windows NT BASE API Client DLL
452c.2574: \SystemRoot\System32\apisetschema.dll:
452c.2574: CreationTime: 2021-06-05T12:04:59.928787900Z
452c.2574: LastWriteTime: 2021-06-05T12:04:59.928787900Z
452c.2574: ChangeTime: 2022-09-14T12:11:25.200780500Z
452c.2574: FileAttributes: 0x20
452c.2574: Size: 0x24150
452c.2574: NT Headers: 0xc8
452c.2574: Timestamp: 0x68d1dbaf
452c.2574: Machine: 0x8664 - amd64
452c.2574: Timestamp: 0x68d1dbaf
452c.2574: Image Version: 10.0
452c.2574: SizeOfImage: 0x23000 (143360)
452c.2574: Resource Dir: 0x22000 LB 0x408
452c.2574: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
452c.2574: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
452c.2574: ProductName: Microsoft® Windows® Operating System
452c.2574: ProductVersion: 10.0.22000.1
452c.2574: FileVersion: 10.0.22000.1 (WinBuild.160101.0800)
452c.2574: FileDescription: ApiSet Schema DLL
452c.2574: NtOpenDirectoryObject failed on \Driver: 0xc0000022
452c.2574: supR3HardenedWinFindAdversaries: 0x0
452c.2574: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
452c.2574: Calling main()
452c.2574: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
452c.2574: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
452c.2574: SUPR3HardenedMain: Respawn #1
452c.2574: System32: \Device\HarddiskVolume3\Windows\System32
452c.2574: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
452c.2574: KnownDllPath: C:\Windows\System32
452c.2574: supR3HardenedWinInit: Performing a limited self purification...
452c.2574: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
452c.2574: *0000000000000000-000000000061ffff 0x0001/0x0000 0x0000000
452c.2574: *0000000000620000-0000000000620fff 0x0002/0x0002 0x0040000
452c.2574: 0000000000621000-000000000062ffff 0x0001/0x0000 0x0000000
452c.2574: *0000000000630000-0000000000630fff 0x0002/0x0002 0x0040000
452c.2574: 0000000000631000-000000000063ffff 0x0001/0x0000 0x0000000
452c.2574: *0000000000640000-000000000065efff 0x0002/0x0002 0x0040000
452c.2574: 000000000065f000-000000000065ffff 0x0001/0x0000 0x0000000
452c.2574: *0000000000660000-0000000000718fff 0x0000/0x0004 0x0020000
452c.2574: 0000000000719000-000000000071bfff 0x0104/0x0004 0x0020000
452c.2574: 000000000071c000-000000000075ffff 0x0004/0x0004 0x0020000
452c.2574: *0000000000760000-0000000000763fff 0x0002/0x0002 0x0040000
452c.2574: 0000000000764000-000000000076ffff 0x0001/0x0000 0x0000000
452c.2574: *0000000000770000-0000000000771fff 0x0004/0x0004 0x0020000
452c.2574: 0000000000772000-000000000077ffff 0x0001/0x0000 0x0000000
452c.2574: *0000000000780000-0000000000790fff 0x0002/0x0002 0x0040000
452c.2574: 0000000000791000-000000000079ffff 0x0001/0x0000 0x0000000
452c.2574: *00000000007a0000-00000000007b0fff 0x0002/0x0002 0x0040000
452c.2574: 00000000007b1000-00000000007bffff 0x0001/0x0000 0x0000000
452c.2574: *00000000007c0000-00000000007c2fff 0x0002/0x0002 0x0040000
452c.2574: 00000000007c3000-00000000007cffff 0x0001/0x0000 0x0000000
452c.2574: *00000000007d0000-00000000007d0fff 0x0002/0x0002 0x0040000
452c.2574: 00000000007d1000-00000000007dffff 0x0001/0x0000 0x0000000
452c.2574: *00000000007e0000-00000000007effff 0x0004/0x0004 0x0040000
452c.2574: *00000000007f0000-00000000007f2fff 0x0002/0x0002 0x0040000
452c.2574: 00000000007f3000-00000000007fffff 0x0001/0x0000 0x0000000
452c.2574: *0000000000800000-00000000009c8fff 0x0000/0x0004 0x0020000
452c.2574: 00000000009c9000-00000000009cbfff 0x0004/0x0004 0x0020000
452c.2574: 00000000009cc000-00000000009fffff 0x0000/0x0004 0x0020000
452c.2574: *0000000000a00000-0000000000a00fff 0x0004/0x0004 0x0020000
452c.2574: 0000000000a01000-0000000000a31fff 0x0000/0x0004 0x0020000
452c.2574: 0000000000a32000-0000000000a3ffff 0x0001/0x0000 0x0000000
452c.2574: *0000000000a40000-0000000000a50fff 0x0002/0x0002 0x0040000
452c.2574: 0000000000a51000-0000000000a5ffff 0x0001/0x0000 0x0000000
452c.2574: *0000000000a60000-0000000000a70fff 0x0002/0x0002 0x0040000
452c.2574: 0000000000a71000-0000000000a7ffff 0x0001/0x0000 0x0000000
452c.2574: *0000000000a80000-0000000000a89fff 0x0004/0x0004 0x0020000
452c.2574: 0000000000a8a000-0000000000b7ffff 0x0000/0x0004 0x0020000
452c.2574: *0000000000b80000-0000000000c4dfff 0x0002/0x0002 0x0040000
452c.2574: 0000000000c4e000-0000000000c6ffff 0x0001/0x0000 0x0000000
452c.2574: *0000000000c70000-0000000000c70fff 0x0004/0x0004 0x0020000
452c.2574: 0000000000c71000-0000000000c7ffff 0x0001/0x0000 0x0000000
452c.2574: *0000000000c80000-0000000000c80fff 0x0002/0x0004 0x0020000
452c.2574: 0000000000c81000-0000000000c81fff 0x0020/0x0004 0x0020000 !!
452c.2574: 0000000000c82000-0000000000c8ffff 0x0001/0x0000 0x0000000
452c.2574: *0000000000c90000-0000000000c90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\umppc15610.dll
452c.2574: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000000c90000 LB 0x1000 (base 0000000000c90000) - 'umppc15610.dll'
452c.2574: 0000000000c91000-0000000000c9afff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\umppc15610.dll
452c.2574: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000000c91000 LB 0xa000 (base 0000000000c90000) - 'umppc15610.dll'
452c.2574: 0000000000c9b000-0000000000c9efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\umppc15610.dll
452c.2574: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000000c9b000 LB 0x4000 (base 0000000000c90000) - 'umppc15610.dll'
452c.2574: 0000000000c9f000-0000000000ca0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\umppc15610.dll
452c.2574: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000000c9f000 LB 0x2000 (base 0000000000c90000) - 'umppc15610.dll'
452c.2574: 0000000000ca1000-0000000000ca1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\umppc15610.dll
452c.2574: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000000ca1000 LB 0x1000 (base 0000000000c90000) - 'umppc15610.dll'
452c.2574: 0000000000ca2000-0000000000ca3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\umppc15610.dll
452c.2574: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 0000000000ca2000 LB 0x2000 (base 0000000000c90000) - 'umppc15610.dll'
452c.2574: 0000000000ca4000-0000000000caffff 0x0001/0x0000 0x0000000
452c.2574: *0000000000cb0000-0000000000cb1fff 0x0004/0x0004 0x0020000
452c.2574: 0000000000cb2000-0000000000ce1fff 0x0000/0x0004 0x0020000
452c.2574: 0000000000ce2000-0000000000d5ffff 0x0001/0x0000 0x0000000
452c.2574: *0000000000d60000-0000000000d61fff 0x0004/0x0004 0x0020000
452c.2574: 0000000000d62000-0000000000d6ffff 0x0000/0x0004 0x0020000
452c.2574: 0000000000d70000-0000000000e2ffff 0x0001/0x0000 0x0000000
452c.2574: *0000000000e30000-0000000000e3efff 0x0004/0x0004 0x0020000
452c.2574: 0000000000e3f000-0000000000e3ffff 0x0000/0x0004 0x0020000
452c.2574: *0000000000e40000-0000000000e47fff 0x0000/0x0004 0x0020000
452c.2574: 0000000000e48000-0000000001051fff 0x0004/0x0004 0x0020000
452c.2574: 0000000001052000-0000000001052fff 0x0000/0x0004 0x0020000
452c.2574: 0000000001053000-000000000105ffff 0x0001/0x0000 0x0000000
452c.2574: *0000000001060000-000000000108bfff 0x0004/0x0004 0x0020000
452c.2574: 000000000108c000-000000000115ffff 0x0000/0x0004 0x0020000
452c.2574: 0000000001160000-000000007ffdffff 0x0001/0x0000 0x0000000
452c.2574: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
452c.2574: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
452c.2574: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
452c.2574: 000000007fff0000-00007ff43238ffff 0x0001/0x0000 0x0000000
452c.2574: *00007ff432390000-00007ff432394fff 0x0002/0x0002 0x0040000
452c.2574: 00007ff432395000-00007ff43248ffff 0x0000/0x0002 0x0040000
452c.2574: *00007ff432490000-00007ff5324affff 0x0000/0x0004 0x0020000
452c.2574: *00007ff5324b0000-00007ff5344affff 0x0000/0x0004 0x0020000
452c.2574: 00007ff5344b0000-00007ff5344b0fff 0x0004/0x0004 0x0020000
452c.2574: 00007ff5344b1000-00007ff5344bffff 0x0001/0x0000 0x0000000
452c.2574: *00007ff5344c0000-00007ff5344c0fff 0x0002/0x0002 0x0040000
452c.2574: 00007ff5344c1000-00007ff6de8affff 0x0001/0x0000 0x0000000
452c.2574: *00007ff6de8b0000-00007ff6de8b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
452c.2574: 00007ff6de8b1000-00007ff6de928fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
452c.2574: 00007ff6de929000-00007ff6de929fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
452c.2574: 00007ff6de92a000-00007ff6de973fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
452c.2574: 00007ff6de974000-00007ff6de976fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
452c.2574: 00007ff6de977000-00007ff6de979fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
452c.2574: 00007ff6de97a000-00007ff6de97cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
452c.2574: 00007ff6de97d000-00007ff6de97dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
452c.2574: 00007ff6de97e000-00007ff6de97ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
452c.2574: 00007ff6de980000-00007ff6de980fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
452c.2574: 00007ff6de981000-00007ff6de9c9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
452c.2574: 00007ff6de9ca000-00007ffc2c66ffff 0x0001/0x0000 0x0000000
452c.2574: *00007ffc2c670000-00007ffc2c670fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
452c.2574: 00007ffc2c671000-00007ffc2c7e8fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
452c.2574: 00007ffc2c7e9000-00007ffc2c99dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
452c.2574: 00007ffc2c99e000-00007ffc2c9a2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
452c.2574: 00007ffc2c9a3000-00007ffc2c9ebfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
452c.2574: 00007ffc2c9ec000-00007ffc2de3ffff 0x0001/0x0000 0x0000000
452c.2574: *00007ffc2de40000-00007ffc2de40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
452c.2574: 00007ffc2de41000-00007ffc2debdfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
452c.2574: 00007ffc2debe000-00007ffc2def1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
452c.2574: 00007ffc2def2000-00007ffc2def2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
452c.2574: 00007ffc2def3000-00007ffc2def3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
452c.2574: 00007ffc2def4000-00007ffc2defcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
452c.2574: 00007ffc2defd000-00007ffc2eddffff 0x0001/0x0000 0x0000000
452c.2574: *00007ffc2ede0000-00007ffc2ede0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
452c.2574: 00007ffc2ede1000-00007ffc2ef0bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
452c.2574: 00007ffc2ef0c000-00007ffc2ef53fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
452c.2574: 00007ffc2ef54000-00007ffc2ef54fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
452c.2574: 00007ffc2ef55000-00007ffc2ef56fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
452c.2574: 00007ffc2ef57000-00007ffc2ef5ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
452c.2574: 00007ffc2ef60000-00007ffc2efe8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
452c.2574: 00007ffc2efe9000-00007ffffffeffff 0x0001/0x0000 0x0000000
452c.2574: kernel32.dll: timestamp 0xafec8296 (rc=VINF_SUCCESS)
452c.2574: kernelbase.dll: timestamp 0xb42fa627 (rc=VINF_SUCCESS)
452c.2574: VirtualBoxVM.exe: timestamp 0x6310b1ca (rc=VINF_SUCCESS)
452c.2574: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
452c.2574: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
452c.2574: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
452c.2574: ntdll.dll: Differences in section #1 (.text) between file and memory:
452c.2574: 00007ffc2ee83c53 / 0x00a3c53: b8 != e9
452c.2574: 00007ffc2ee83c54 / 0x00a3c54: 07 != dd
452c.2574: 00007ffc2ee83c55 / 0x00a3c55: 00 != 60
452c.2574: 00007ffc2ee83c56 / 0x00a3c56: 00 != 08
452c.2574: 00007ffc2ee83d13 / 0x00a3d13: b8 != e9
452c.2574: 00007ffc2ee83d14 / 0x00a3d14: 0d != 21
452c.2574: 00007ffc2ee83d15 / 0x00a3d15: 00 != 60
452c.2574: 00007ffc2ee83d16 / 0x00a3d16: 00 != 08
452c.2574: 00007ffc2ee83e73 / 0x00a3e73: b8 != e9
452c.2574: 00007ffc2ee83e74 / 0x00a3e74: 18 != c7
452c.2574: 00007ffc2ee83e75 / 0x00a3e75: 00 != 5e
452c.2574: 00007ffc2ee83e76 / 0x00a3e76: 00 != 08
452c.2574: 00007ffc2ee83ef3 / 0x00a3ef3: b8 != e9
452c.2574: 00007ffc2ee83ef4 / 0x00a3ef4: 1c != 40
452c.2574: 00007ffc2ee83ef5 / 0x00a3ef5: 00 != 5e
452c.2574: 00007ffc2ee83ef6 / 0x00a3ef6: 00 != 08
452c.2574: 00007ffc2ee84013 / 0x00a4013: b8 != e9
452c.2574: 00007ffc2ee84014 / 0x00a4014: 25 != 22
452c.2574: 00007ffc2ee84015 / 0x00a4015: 00 != 5d
452c.2574: 00007ffc2ee84016 / 0x00a4016: 00 != 08
452c.2574: 00007ffc2ee84073 / 0x00a4073: b8 != e9
452c.2574: 00007ffc2ee84074 / 0x00a4074: 28 != cd
452c.2574: 00007ffc2ee84075 / 0x00a4075: 00 != 5c
452c.2574: 00007ffc2ee84076 / 0x00a4076: 00 != 08
452c.2574: 00007ffc2ee840b3 / 0x00a40b3: b8 != e9
452c.2574: 00007ffc2ee840b4 / 0x00a40b4: 2a != 8c
452c.2574: 00007ffc2ee840b5 / 0x00a40b5: 00 != 5c
452c.2574: 00007ffc2ee840b6 / 0x00a40b6: 00 != 08
452c.2574: 00007ffc2ee842b3 / 0x00a42b3: b8 != e9
452c.2574: 00007ffc2ee842b4 / 0x00a42b4: 3a != 84
452c.2574: 00007ffc2ee842b5 / 0x00a42b5: 00 != 5a
452c.2574: 00007ffc2ee842b6 / 0x00a42b6: 00 != 08
452c.2574: 00007ffc2ee84353 / 0x00a4353: b8 != e9
452c.2574: 00007ffc2ee84354 / 0x00a4354: 3f != e5
452c.2574: 00007ffc2ee84355 / 0x00a4355: 00 != 59
452c.2574: 00007ffc2ee84356 / 0x00a4356: 00 != 08
452c.2574: 00007ffc2ee84413 / 0x00a4413: b8 != e9
452c.2574: 00007ffc2ee84414 / 0x00a4414: 45 != 1f
452c.2574: 00007ffc2ee84415 / 0x00a4415: 00 != 59
452c.2574: 00007ffc2ee84416 / 0x00a4416: 00 != 08
452c.2574: 00007ffc2ee84573 / 0x00a4573: b8 != e9
452c.2574: 00007ffc2ee84574 / 0x00a4574: 50 != c6
452c.2574: 00007ffc2ee84575 / 0x00a4575: 00 != 57
452c.2574: 00007ffc2ee84576 / 0x00a4576: 00 != 08
452c.2574: 00007ffc2ee845b3 / 0x00a45b3: b8 != e9
452c.2574: 00007ffc2ee845b4 / 0x00a45b4: 52 != 88
452c.2574: 00007ffc2ee845b5 / 0x00a45b5: 00 != 57
452c.2574: 00007ffc2ee845b6 / 0x00a45b6: 00 != 08
452c.2574: 00007ffc2ee84a23 / 0x00a4a23: b8 != e9
452c.2574: 00007ffc2ee84a24 / 0x00a4a24: 76 != 0b
452c.2574: 00007ffc2ee84a25 / 0x00a4a25: 00 != 53
452c.2574: 00007ffc2ee84a26 / 0x00a4a26: 00 != 08
452c.2574: Restored 0x2000 bytes of original file content at 00007ffc2ee82c1e
452c.2574: ntdll.dll: Differences in section #1 (.text) between file and memory:
452c.2574: 00007ffc2ee85223 / 0x00a5223: b8 != e9
452c.2574: 00007ffc2ee85224 / 0x00a5224: b6 != 09
452c.2574: 00007ffc2ee85225 / 0x00a5225: 00 != 4b
452c.2574: 00007ffc2ee85226 / 0x00a5226: 00 != 08
452c.2574: 00007ffc2ee85a43 / 0x00a5a43: b8 != e9
452c.2574: 00007ffc2ee85a44 / 0x00a5a44: f7 != fb
452c.2574: 00007ffc2ee85a45 / 0x00a5a45: 00 != 42
452c.2574: 00007ffc2ee85a46 / 0x00a5a46: 00 != 08
452c.2574: 00007ffc2ee85ea3 / 0x00a5ea3: b8 != e9
452c.2574: 00007ffc2ee85ea4 / 0x00a5ea4: 1a != 8a
452c.2574: 00007ffc2ee85ea5 / 0x00a5ea5: 01 != 3e
452c.2574: 00007ffc2ee85ea6 / 0x00a5ea6: 00 != 08
452c.2574: 00007ffc2ee868e3 / 0x00a68e3: b8 != e9
452c.2574: 00007ffc2ee868e4 / 0x00a68e4: 6c != 4e
452c.2574: 00007ffc2ee868e5 / 0x00a68e5: 01 != 34
452c.2574: 00007ffc2ee868e6 / 0x00a68e6: 00 != 08
452c.2574: 00007ffc2ee86903 / 0x00a6903: b8 != e9
452c.2574: 00007ffc2ee86904 / 0x00a6904: 6d != 28
452c.2574: 00007ffc2ee86905 / 0x00a6905: 01 != 34
452c.2574: 00007ffc2ee86906 / 0x00a6906: 00 != 08
452c.2574: Restored 0x2000 bytes of original file content at 00007ffc2ee84c1e
452c.2574: ntdll.dll: Differences in section #1 (.text) between file and memory:
452c.2574: 00007ffc2ee86de3 / 0x00a6de3: b8 != e9
452c.2574: 00007ffc2ee86de4 / 0x00a6de4: 94 != 5a
452c.2574: 00007ffc2ee86de5 / 0x00a6de5: 01 != 2f
452c.2574: 00007ffc2ee86de6 / 0x00a6de6: 00 != 08
452c.2574: 00007ffc2ee87443 / 0x00a7443: b8 != e9
452c.2574: 00007ffc2ee87444 / 0x00a7444: c7 != f9
452c.2574: 00007ffc2ee87445 / 0x00a7445: 01 != 28
452c.2574: 00007ffc2ee87446 / 0x00a7446: 00 != 08
452c.2574: 00007ffc2ee87643 / 0x00a7643: b8 != e9
452c.2574: 00007ffc2ee87644 / 0x00a7644: d7 != f3
452c.2574: 00007ffc2ee87645 / 0x00a7645: 01 != 26
452c.2574: 00007ffc2ee87646 / 0x00a7646: 00 != 08
452c.2574: Restored 0xd82 bytes of original file content at 00007ffc2ee86c1e
452c.2574: ntdll.dll: Differences in section #1 (.text) between file and memory:
452c.2574: 00007ffc2ef09d30 / 0x0129d30: 00 != 51
452c.2574: 00007ffc2ef09d31 / 0x0129d31: 00 != 51
452c.2574: 00007ffc2ef09d32 / 0x0129d32: 00 != 51
452c.2574: 00007ffc2ef09d33 / 0x0129d33: 00 != 51
452c.2574: 00007ffc2ef09d34 / 0x0129d34: 00 != 51
452c.2574: 00007ffc2ef09d35 / 0x0129d35: 00 != 51
452c.2574: 00007ffc2ef09d36 / 0x0129d36: 00 != 51
452c.2574: 00007ffc2ef09d37 / 0x0129d37: 00 != 51
452c.2574: 00007ffc2ef09d38 / 0x0129d38: 00 != 51
452c.2574: 00007ffc2ef09d39 / 0x0129d39: 00 != 51
452c.2574: 00007ffc2ef09d3a / 0x0129d3a: 00 != 51
452c.2574: 00007ffc2ef09d3b / 0x0129d3b: 00 != 51
452c.2574: 00007ffc2ef09d3c / 0x0129d3c: 00 != 51
452c.2574: 00007ffc2ef09d3d / 0x0129d3d: 00 != 51
452c.2574: 00007ffc2ef09d3e / 0x0129d3e: 00 != 51
452c.2574: 00007ffc2ef09d3f / 0x0129d3f: 00 != 51
452c.2574: 00007ffc2ef09d40 / 0x0129d40: 00 != 51
452c.2574: 00007ffc2ef09d41 / 0x0129d41: 00 != 51
452c.2574: 00007ffc2ef09d42 / 0x0129d42: 00 != 51
452c.2574: 00007ffc2ef09d43 / 0x0129d43: 00 != 51
452c.2574: 00007ffc2ef09d44 / 0x0129d44: 00 != 51
452c.2574: 00007ffc2ef09d45 / 0x0129d45: 00 != ff
452c.2574: 00007ffc2ef09d46 / 0x0129d46: 00 != 25
452c.2574: 00007ffc2ef09d4b / 0x0129d4b: 00 != 70
452c.2574: 00007ffc2ef09d4c / 0x0129d4c: 00 != 90
452c.2574: 00007ffc2ef09d4d / 0x0129d4d: 00 != c9
452c.2574: Restored 0x9d0 bytes of original file content at 00007ffc2ef09630
452c.2574: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=4
452c.2574: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
452c.2574: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
452c.2574: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
452c.2574: supR3HardNtEnableThreadCreationEx:
452c.2574: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc2ee5ac10 pvNtTerminateThread=00007ffc2ee845d0
452c.2574: supR3HardenedWinDoReSpawn(1): New child 282c.17e4 [kernel32].
452c.2574: supR3HardNtChildGatherData: PebBaseAddress=0000000000ca0000 cbPeb=0x388
452c.2574: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffc2ede0000 uNtDllChildAddr=00007ffc2ede0000
452c.2574: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffc2ee5ac10
452c.2574: supR3HardenedWinSetupChildInit: Initial context:
rax=0000000000000000 rbx=0000000000000000 rcx=00007ff6de8b7900 rdx=0000000000ca0000
rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
rip=00007ffc2ede4830 rsp=0000000000bcff08 rbp=0000000000000000 ctxflags=0010001b
cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
452c.2574: supR3HardenedWinSetupChildInit: Start child.
452c.2574: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
452c.2574: supR3HardNtChildPurify: Startup delay kludge #1/0: 270 ms, 17 sleeps
452c.2574: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
452c.2574: *0000000000000000-0000000000a8ffff 0x0001/0x0000 0x0000000
452c.2574: *0000000000a90000-0000000000aaffff 0x0004/0x0004 0x0020000
452c.2574: *0000000000ab0000-0000000000acefff 0x0002/0x0002 0x0040000
452c.2574: 0000000000acf000-0000000000acffff 0x0001/0x0000 0x0000000
452c.2574: *0000000000ad0000-0000000000bcafff 0x0000/0x0004 0x0020000
452c.2574: 0000000000bcb000-0000000000bcdfff 0x0104/0x0004 0x0020000
452c.2574: 0000000000bce000-0000000000bcffff 0x0004/0x0004 0x0020000
452c.2574: *0000000000bd0000-0000000000bd3fff 0x0002/0x0002 0x0040000
452c.2574: 0000000000bd4000-0000000000bdffff 0x0001/0x0000 0x0000000
452c.2574: *0000000000be0000-0000000000be1fff 0x0004/0x0004 0x0020000
452c.2574: 0000000000be2000-0000000000bfffff 0x0001/0x0000 0x0000000
452c.2574: *0000000000c00000-0000000000c9ffff 0x0000/0x0004 0x0020000
452c.2574: 0000000000ca0000-0000000000ca2fff 0x0004/0x0004 0x0020000
452c.2574: 0000000000ca3000-0000000000dfffff 0x0000/0x0004 0x0020000
452c.2574: 0000000000e00000-000000007ffdffff 0x0001/0x0000 0x0000000
452c.2574: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
452c.2574: 000000007ffe1000-000000007ffeefff 0x0001/0x0000 0x0000000
452c.2574: *000000007ffef000-000000007ffeffff 0x0002/0x0002 0x0020000
452c.2574: 000000007fff0000-00007ff51285ffff 0x0001/0x0000 0x0000000
452c.2574: *00007ff512860000-00007ff512860fff 0x0002/0x0002 0x0040000
452c.2574: 00007ff512861000-00007ff6de8affff 0x0001/0x0000 0x0000000
452c.2574: *00007ff6de8b0000-00007ff6de8b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
452c.2574: 00007ff6de8b1000-00007ff6de928fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
452c.2574: 00007ff6de929000-00007ff6de929fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
452c.2574: 00007ff6de92a000-00007ff6de973fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
452c.2574: 00007ff6de974000-00007ff6de974fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
452c.2574: 00007ff6de975000-00007ff6de975fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
452c.2574: 00007ff6de976000-00007ff6de97afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
452c.2574: 00007ff6de97b000-00007ff6de97bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
452c.2574: 00007ff6de97c000-00007ff6de97cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
452c.2574: 00007ff6de97d000-00007ff6de980fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
452c.2574: 00007ff6de981000-00007ff6de9c9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
452c.2574: 00007ff6de9ca000-00007ffc2eddffff 0x0001/0x0000 0x0000000
452c.2574: *00007ffc2ede0000-00007ffc2ede0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
452c.2574: 00007ffc2ede1000-00007ffc2ef0bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
452c.2574: 00007ffc2ef0c000-00007ffc2ef53fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
452c.2574: 00007ffc2ef54000-00007ffc2ef5ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
452c.2574: 00007ffc2ef60000-00007ffc2ef6efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
452c.2574: 00007ffc2ef6f000-00007ffc2ef6ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
452c.2574: 00007ffc2ef70000-00007ffc2ef72fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
452c.2574: 00007ffc2ef73000-00007ffc2efe8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
452c.2574: 00007ffc2efe9000-00007ffffffeffff 0x0001/0x0000 0x0000000
452c.2574: supR3HardNtChildPurify: Done after 270 ms and 0 fixes (loop #0).
282c.17e4: Log file opened: 6.1.38r153438 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa055f000
282c.17e4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffc2ede0000 g_uNtVerCombined=0xa055f000 (stack ~0000000000bcf988)
282c.17e4: ntdll.dll: timestamp 0x57b668f2 (rc=VINF_SUCCESS)
452c.2574: supR3HardNtEnableThreadCreationEx:
282c.17e4: New simple heap: #1 0000000000f00000 LB 0x800000 (for 2134016 allocation)
282c.17e4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
282c.17e4: System32: \Device\HarddiskVolume3\Windows\System32
282c.17e4: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
282c.17e4: KnownDllPath: C:\Windows\System32
282c.17e4: supR3HardenedVmProcessInit: Opening vboxsup stub...
282c.17e4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
282c.17e4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
282c.17e4: Registered Dll notification callback with NTDLL.
282c.17e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
282c.17e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
282c.17e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
282c.17e4: supR3HardenedDllNotificationCallback: load 00007ffc2c670000 LB 0x0037c000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
282c.17e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
282c.17e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
282c.17e4: supR3HardenedDllNotificationCallback: load 00007ffc2de40000 LB 0x000bd000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
282c.17e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
282c.17e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffc2de40000 'C:\Windows\System32\KERNEL32.DLL'
282c.17e4: supR3HardenedDllNotificationCallback: load 00007ff6de8b0000 LB 0x0011a000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe [fFlags=0x0]
282c.17e4: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
282c.17e4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
282c.17e4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
282c.17e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
282c.17e4: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=00007ffc2ee11140 enmState=3 -> supR3HardenedWinDummyApcRoutine
282c.17e4: supR3HardenedWinDummyApcRoutine: pvArg1=ffffe6042d2319e0 pvArg2=0000000000000000 pvArg3=0000000000000000
282c.17e4: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=0000000001801000 enmState=3 -> supR3HardenedWinDummyApcRoutine
282c.17e4: supR3HardenedWinDummyApcRoutine: pvArg1=0000000001820000 pvArg2=ffffe6042475aa60 pvArg3=0000000001820000
282c.17e4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffc2ee5ac10 pvNtTerminateThread=00007ffc2ee845d0
452c.2574: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 94 ms.
282c.17e4: \SystemRoot\System32\ntdll.dll:
282c.17e4: CreationTime: 2022-09-14T12:09:50.041746800Z
282c.17e4: LastWriteTime: 2022-09-14T12:09:50.087656200Z
282c.17e4: ChangeTime: 2022-09-21T15:24:46.934233200Z
282c.17e4: FileAttributes: 0x20
282c.17e4: Size: 0x207df8
282c.17e4: NT Headers: 0xe0
282c.17e4: Timestamp: 0x57b668f2
282c.17e4: Machine: 0x8664 - amd64
282c.17e4: Timestamp: 0x57b668f2
282c.17e4: Image Version: 10.0
282c.17e4: SizeOfImage: 0x209000 (2134016)
282c.17e4: Resource Dir: 0x194000 LB 0x73528
282c.17e4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
282c.17e4: [Raw version resource data: 0x1940f0 LB 0x380, codepage 0x0 (reserved 0x0)]
282c.17e4: ProductName: Microsoft® Windows® Operating System
282c.17e4: ProductVersion: 10.0.22000.918
282c.17e4: FileVersion: 10.0.22000.918 (WinBuild.160101.0800)
282c.17e4: FileDescription: NT Layer DLL
282c.17e4: \SystemRoot\System32\kernel32.dll:
282c.17e4: CreationTime: 2022-06-22T11:13:06.603559500Z
282c.17e4: LastWriteTime: 2022-06-22T11:13:06.634789700Z
282c.17e4: ChangeTime: 2022-09-21T15:24:46.934233200Z
282c.17e4: FileAttributes: 0x20
282c.17e4: Size: 0xc0058
282c.17e4: NT Headers: 0xf8
282c.17e4: Timestamp: 0xafec8296
282c.17e4: Machine: 0x8664 - amd64
282c.17e4: Timestamp: 0xafec8296
282c.17e4: Image Version: 10.0
282c.17e4: SizeOfImage: 0xbd000 (774144)
282c.17e4: Resource Dir: 0xbb000 LB 0x520
282c.17e4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
282c.17e4: [Raw version resource data: 0xbb0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
282c.17e4: ProductName: Microsoft® Windows® Operating System
282c.17e4: ProductVersion: 10.0.22000.708
282c.17e4: FileVersion: 10.0.22000.708 (WinBuild.160101.0800)
282c.17e4: FileDescription: Windows NT BASE API Client DLL
282c.17e4: \SystemRoot\System32\KernelBase.dll:
282c.17e4: CreationTime: 2022-09-14T12:09:50.848339100Z
282c.17e4: LastWriteTime: 2022-09-14T12:09:50.964337800Z
282c.17e4: ChangeTime: 2022-09-21T15:24:46.934233200Z
282c.17e4: FileAttributes: 0x20
282c.17e4: Size: 0x3832e8
282c.17e4: NT Headers: 0xf8
282c.17e4: Timestamp: 0xb42fa627
282c.17e4: Machine: 0x8664 - amd64
282c.17e4: Timestamp: 0xb42fa627
282c.17e4: Image Version: 10.0
282c.17e4: SizeOfImage: 0x37c000 (3653632)
282c.17e4: Resource Dir: 0x34c000 LB 0x548
282c.17e4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
282c.17e4: [Raw version resource data: 0x34c0b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
282c.17e4: ProductName: Microsoft® Windows® Operating System
282c.17e4: ProductVersion: 10.0.22000.918
282c.17e4: FileVersion: 10.0.22000.918 (WinBuild.160101.0800)
282c.17e4: FileDescription: Windows NT BASE API Client DLL
282c.17e4: \SystemRoot\System32\apisetschema.dll:
282c.17e4: CreationTime: 2021-06-05T12:04:59.928787900Z
282c.17e4: LastWriteTime: 2021-06-05T12:04:59.928787900Z
282c.17e4: ChangeTime: 2022-09-14T12:11:25.200780500Z
282c.17e4: FileAttributes: 0x20
282c.17e4: Size: 0x24150
282c.17e4: NT Headers: 0xc8
282c.17e4: Timestamp: 0x68d1dbaf
282c.17e4: Machine: 0x8664 - amd64
282c.17e4: Timestamp: 0x68d1dbaf
282c.17e4: Image Version: 10.0
282c.17e4: SizeOfImage: 0x23000 (143360)
282c.17e4: Resource Dir: 0x22000 LB 0x408
282c.17e4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
282c.17e4: [Raw version resource data: 0x22060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
282c.17e4: ProductName: Microsoft® Windows® Operating System
282c.17e4: ProductVersion: 10.0.22000.1
282c.17e4: FileVersion: 10.0.22000.1 (WinBuild.160101.0800)
282c.17e4: FileDescription: ApiSet Schema DLL
282c.17e4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
282c.17e4: supR3HardenedWinFindAdversaries: 0x0
282c.17e4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
282c.17e4: Calling main()
282c.17e4: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
282c.17e4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
282c.4b04: \Device\HarddiskVolume3\Program Files\Manufacturer\Endpoint Agent\clpbm64.dll: Signature #1/2: info status: 24202
282c.4b04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'advapi32.dll'.
282c.4b04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
282c.4b04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'userenv.dll'.
282c.4b04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'secur32.dll'.
282c.4b04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcp120.dll'.
282c.4b04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
282c.4b04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
282c.4b04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
282c.4b04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr120.dll'.
282c.4b04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'shell32.dll'.
282c.4b04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'shlwapi.dll'.
282c.4b04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'psapi.dll'.
282c.4b04: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Manufacturer\Endpoint Agent\clpbm64.dll)
282c.4b04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Manufacturer\Endpoint Agent\clpbm64.dll
282c.4b04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
282c.4b04: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
282c.4b04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\psapi.dll)
282c.4b04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\psapi.dll
282c.4b04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
282c.4b04: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
282c.4b04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
282c.4b04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
282c.4b04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
282c.4b04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
282c.4b04: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
282c.17e4: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
282c.17e4: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
282c.17e4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
282c.17e4: SUPR3HardenedMain: Respawn #2
282c.17e4: Error (rc=-5640):
282c.17e4: More than one thread in process
282c.17e4: Error -5640 in supR3HardenedWinReSpawn! (enmWhat=1)
282c.17e4: More than one thread in process
282c.17e4: supR3HardNtEnableThreadCreationEx:
282c.17e4: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll: Signature #1/2: info status: 24202