VirtualBox

Ticket #16890 (closed defect: duplicate)

Opened 22 months ago

Last modified 22 months ago

Platform: Windows 10 Pro Insider Preview; Description: Starting VM Fails w/ Result Code: E_FAIL (0x80004005)); Component: MachineWrap, Imachine; Error: bcrypt.dll Fails WinVerifyTrust -> duplicate of #16892

Reported by: coderabbi Owned by:
Component: VM control Version: VirtualBox 5.1.22
Keywords: Windows WinVerifyTrust bcrypt.dll Cc:
Guest type: other Host type: Windows

Description

Description: Starting a VM from either the GUI or CLI fails (from the logs it appears that bcrypt.dll fails WinVerfyTrust).

Platform: Windows 10 Pro Insider Preview 16236.re_prerelease.170701-0549 Result Code: E_FAIL (0x80004005) Component: MachineWrap Interface: IMachine {b2547866-a0a1-4391-8b86-6952d82efaa0}

VBoxHardening.log:

26f4.1ee8: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000068 g_uNtVerCombined=0xa03f6d00 26f4.1ee8: \SystemRoot\System32\ntdll.dll: 26f4.1ee8: CreationTime: 2017-07-02T05:48:10.225937400Z 26f4.1ee8: LastWriteTime: 2017-07-02T05:48:10.225937400Z 26f4.1ee8: ChangeTime: 2017-07-07T23:25:29.336611000Z 26f4.1ee8: FileAttributes: 0x20 26f4.1ee8: Size: 0x1dc2b8 26f4.1ee8: NT Headers: 0xe0 26f4.1ee8: Timestamp: 0x169de450 26f4.1ee8: Machine: 0x8664 - amd64 26f4.1ee8: Timestamp: 0x169de450 26f4.1ee8: Image Version: 10.0 26f4.1ee8: SizeOfImage: 0x1e0000 (1966080) 26f4.1ee8: Resource Dir: 0x175000 LB 0x69eb8 26f4.1ee8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 26f4.1ee8: [Raw version resource data: 0x1750f0 LB 0x380, codepage 0x0 (reserved 0x0)] 26f4.1ee8: ProductName: Microsoft® Windows® Operating System 26f4.1ee8: ProductVersion: 10.0.16237.1001 26f4.1ee8: FileVersion: 10.0.16237.1001 (WinBuild.160101.0800) 26f4.1ee8: FileDescription: NT Layer DLL 26f4.1ee8: \SystemRoot\System32\kernel32.dll: 26f4.1ee8: CreationTime: 2017-07-02T05:48:40.132130500Z 26f4.1ee8: LastWriteTime: 2017-07-02T05:48:40.132130500Z 26f4.1ee8: ChangeTime: 2017-07-08T01:14:17.088621100Z 26f4.1ee8: FileAttributes: 0x20 26f4.1ee8: Size: 0xaa3d0 26f4.1ee8: NT Headers: 0xe8 26f4.1ee8: Timestamp: 0x4fc42b98 26f4.1ee8: Machine: 0x8664 - amd64 26f4.1ee8: Timestamp: 0x4fc42b98 26f4.1ee8: Image Version: 10.0 26f4.1ee8: SizeOfImage: 0xac000 (704512) 26f4.1ee8: Resource Dir: 0xaa000 LB 0x520 26f4.1ee8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 26f4.1ee8: [Raw version resource data: 0xaa0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 26f4.1ee8: ProductName: Microsoft® Windows® Operating System 26f4.1ee8: ProductVersion: 10.0.16237.1001 26f4.1ee8: FileVersion: 10.0.16237.1001 (WinBuild.160101.0800) 26f4.1ee8: FileDescription: Windows NT BASE API Client DLL 26f4.1ee8: \SystemRoot\System32\KernelBase.dll: 26f4.1ee8: CreationTime: 2017-07-02T05:48:08.100942400Z 26f4.1ee8: LastWriteTime: 2017-07-02T05:48:08.100942400Z 26f4.1ee8: ChangeTime: 2017-07-08T01:14:17.545811300Z 26f4.1ee8: FileAttributes: 0x20 26f4.1ee8: Size: 0x2667f8 26f4.1ee8: NT Headers: 0xf8 26f4.1ee8: Timestamp: 0xe6f210ec 26f4.1ee8: Machine: 0x8664 - amd64 26f4.1ee8: Timestamp: 0xe6f210ec 26f4.1ee8: Image Version: 10.0 26f4.1ee8: SizeOfImage: 0x268000 (2523136) 26f4.1ee8: Resource Dir: 0x247000 LB 0x548 26f4.1ee8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 26f4.1ee8: [Raw version resource data: 0x2470b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 26f4.1ee8: ProductName: Microsoft® Windows® Operating System 26f4.1ee8: ProductVersion: 10.0.16237.1001 26f4.1ee8: FileVersion: 10.0.16237.1001 (WinBuild.160101.0800) 26f4.1ee8: FileDescription: Windows NT BASE API Client DLL 26f4.1ee8: \SystemRoot\System32\apisetschema.dll: 26f4.1ee8: CreationTime: 2017-07-02T05:48:41.694628000Z 26f4.1ee8: LastWriteTime: 2017-07-02T05:48:41.694628000Z 26f4.1ee8: ChangeTime: 2017-07-07T23:25:10.245895100Z 26f4.1ee8: FileAttributes: 0x20 26f4.1ee8: Size: 0x1a350 26f4.1ee8: NT Headers: 0xc8 26f4.1ee8: Timestamp: 0xf46ff039 26f4.1ee8: Machine: 0x8664 - amd64 26f4.1ee8: Timestamp: 0xf46ff039 26f4.1ee8: Image Version: 10.0 26f4.1ee8: SizeOfImage: 0x1c000 (114688) 26f4.1ee8: Resource Dir: 0x1b000 LB 0x408 26f4.1ee8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 26f4.1ee8: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 26f4.1ee8: ProductName: Microsoft® Windows® Operating System 26f4.1ee8: ProductVersion: 10.0.16237.1001 26f4.1ee8: FileVersion: 10.0.16237.1001 (WinBuild.160101.0800) 26f4.1ee8: FileDescription: ApiSet Schema DLL 26f4.1ee8: NtOpenDirectoryObject failed on \Driver: 0xc0000022 26f4.1ee8: supR3HardenedWinFindAdversaries: 0x0 26f4.1ee8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 26f4.1ee8: Calling main() 26f4.1ee8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 26f4.1ee8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 26f4.1ee8: SUPR3HardenedMain: Respawn #1 26f4.1ee8: System32: \Device\HarddiskVolume4\Windows\System32 26f4.1ee8: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS 26f4.1ee8: KnownDllPath: C:\WINDOWS\System32 26f4.1ee8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 26f4.1ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe) 26f4.1ee8: supR3HardNtEnableThreadCreation: 26f4.1ee8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffdd9f59270 pvNtTerminateThread=00007ffdd9f819c0 26f4.1ee8: supR3HardenedWinDoReSpawn(1): New child 1edc.1ed4 [kernel32]. 26f4.1ee8: supR3HardNtChildGatherData: PebBaseAddress=0000000000939000 cbPeb=0x388 26f4.1ee8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffdd9ee0000 uNtDllChildAddr=00007ffdd9ee0000 26f4.1ee8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffdd9f59270 26f4.1ee8: supR3HardenedWinSetupChildInit: Start child. 26f4.1ee8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 26f4.1ee8: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 29 sleeps 26f4.1ee8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 26f4.1ee8: *0000000000000000-00000000006dffff 0x0001/0x0000 0x0000000 26f4.1ee8: *00000000006e0000-00000000006fffff 0x0004/0x0004 0x0020000 26f4.1ee8: *0000000000700000-0000000000718fff 0x0002/0x0002 0x0040000 26f4.1ee8: 0000000000719000-000000000071ffff 0x0001/0x0000 0x0000000 26f4.1ee8: *0000000000720000-0000000000723fff 0x0002/0x0002 0x0040000 26f4.1ee8: 0000000000724000-000000000072ffff 0x0001/0x0000 0x0000000 26f4.1ee8: *0000000000730000-0000000000730fff 0x0004/0x0004 0x0020000 26f4.1ee8: 0000000000731000-00000000007fffff 0x0001/0x0000 0x0000000 26f4.1ee8: *0000000000800000-0000000000938fff 0x0000/0x0004 0x0020000 26f4.1ee8: 0000000000939000-000000000093bfff 0x0004/0x0004 0x0020000 26f4.1ee8: 000000000093c000-00000000009fffff 0x0000/0x0004 0x0020000 26f4.1ee8: *0000000000a00000-0000000000afafff 0x0000/0x0004 0x0020000 26f4.1ee8: 0000000000afb000-0000000000afdfff 0x0104/0x0004 0x0020000 26f4.1ee8: 0000000000afe000-0000000000afffff 0x0004/0x0004 0x0020000 26f4.1ee8: 0000000000b00000-000000007ffdffff 0x0001/0x0000 0x0000000 26f4.1ee8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 26f4.1ee8: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 26f4.1ee8: 000000007fff0000-00007ff6ea4dffff 0x0001/0x0000 0x0000000 26f4.1ee8: *00007ff6ea4e0000-00007ff6ea502fff 0x0002/0x0002 0x0040000 26f4.1ee8: 00007ff6ea503000-00007ff6eb36ffff 0x0001/0x0000 0x0000000 26f4.1ee8: *00007ff6eb370000-00007ff6eb370fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 26f4.1ee8: 00007ff6eb371000-00007ff6eb3e0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 26f4.1ee8: 00007ff6eb3e1000-00007ff6eb3e1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 26f4.1ee8: 00007ff6eb3e2000-00007ff6eb426fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 26f4.1ee8: 00007ff6eb427000-00007ff6eb427fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 26f4.1ee8: 00007ff6eb428000-00007ff6eb428fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 26f4.1ee8: 00007ff6eb429000-00007ff6eb42dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 26f4.1ee8: 00007ff6eb42e000-00007ff6eb42efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 26f4.1ee8: 00007ff6eb42f000-00007ff6eb42ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 26f4.1ee8: 00007ff6eb430000-00007ff6eb433fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 26f4.1ee8: 00007ff6eb434000-00007ff6eb47bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 26f4.1ee8: 00007ff6eb47c000-00007ffdd9edffff 0x0001/0x0000 0x0000000 26f4.1ee8: *00007ffdd9ee0000-00007ffdd9ee0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 26f4.1ee8: 00007ffdd9ee1000-00007ffdd9ff3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 26f4.1ee8: 00007ffdd9ff4000-00007ffdda039fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 26f4.1ee8: 00007ffdda03a000-00007ffdda041fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 26f4.1ee8: 00007ffdda042000-00007ffdda04ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 26f4.1ee8: 00007ffdda050000-00007ffdda050fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 26f4.1ee8: 00007ffdda051000-00007ffdda053fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 26f4.1ee8: 00007ffdda054000-00007ffdda0bffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 26f4.1ee8: 00007ffdda0c0000-00007ffffffdffff 0x0001/0x0000 0x0000000 26f4.1ee8: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 26f4.1ee8: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS) 26f4.1ee8: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 26f4.1ee8: \Device\HarddiskVolume4\Windows\System32\ntdll.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x169de450; retrying against current time: 0x59621672. 26f4.1ee8: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports 26f4.1ee8: supR3HardNtChildPurify: Done after 344 ms and 0 fixes (loop #0). 1edc.1ed4: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03f6d00 1edc.1ed4: supR3HardenedVmProcessInit: uNtDllAddr=00007ffdd9ee0000 g_uNtVerCombined=0xa03f6d00 1edc.1ed4: ntdll.dll: timestamp 0x169de450 (rc=VINF_SUCCESS) 1edc.1ed4: New simple heap: #1 0000000000c00000 LB 0x400000 (for 1966080 allocation) 26f4.1ee8: supR3HardNtEnableThreadCreation: 1edc.1ed4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 1edc.1ed4: System32: \Device\HarddiskVolume4\Windows\System32 1edc.1ed4: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS 1edc.1ed4: KnownDllPath: C:\WINDOWS\System32 1edc.1ed4: supR3HardenedVmProcessInit: Opening vboxdrv stub... 1edc.1ed4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 1edc.1ed4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 1edc.1ed4: Registered Dll notification callback with NTDLL. 1edc.1ed4: \Device\HarddiskVolume4\Windows\System32\kernel32.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x4fc42b98; retrying against current time: 0x59621672. 1edc.1ed4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll) 1edc.1ed4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll 1edc.1ed4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling] 1edc.1ed4: supR3HardenedDllNotificationCallback: load 00007ffdd6740000 LB 0x00268000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] 1edc.1ed4: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xe6f210ec; retrying against current time: 0x59621672. 1edc.1ed4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll) 1edc.1ed4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll 1edc.1ed4: supR3HardenedDllNotificationCallback: load 00007ffdd8f70000 LB 0x000ac000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] 1edc.1ed4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1edc.1ed4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd8f70000 'C:\WINDOWS\System32\KERNEL32.DLL' 1edc.1ed4: supR3HardenedDllNotificationCallback: load 00007ff6eb370000 LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 1edc.1ed4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1edc.1ed4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1edc.1ed4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1edc.1ed4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffdd9f59270 pvNtTerminateThread=00007ffdd9f819c0 26f4.1ee8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 164 ms. 1edc.1ed4: \SystemRoot\System32\ntdll.dll: 1edc.1ed4: CreationTime: 2017-07-02T05:48:10.225937400Z 1edc.1ed4: LastWriteTime: 2017-07-02T05:48:10.225937400Z 1edc.1ed4: ChangeTime: 2017-07-07T23:25:29.336611000Z 1edc.1ed4: FileAttributes: 0x20 1edc.1ed4: Size: 0x1dc2b8 1edc.1ed4: NT Headers: 0xe0 1edc.1ed4: Timestamp: 0x169de450 1edc.1ed4: Machine: 0x8664 - amd64 1edc.1ed4: Timestamp: 0x169de450 1edc.1ed4: Image Version: 10.0 1edc.1ed4: SizeOfImage: 0x1e0000 (1966080) 1edc.1ed4: Resource Dir: 0x175000 LB 0x69eb8 1edc.1ed4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 1edc.1ed4: [Raw version resource data: 0x1750f0 LB 0x380, codepage 0x0 (reserved 0x0)] 1edc.1ed4: ProductName: Microsoft® Windows® Operating System 1edc.1ed4: ProductVersion: 10.0.16237.1001 1edc.1ed4: FileVersion: 10.0.16237.1001 (WinBuild.160101.0800) 1edc.1ed4: FileDescription: NT Layer DLL 1edc.1ed4: \SystemRoot\System32\kernel32.dll: 1edc.1ed4: CreationTime: 2017-07-02T05:48:40.132130500Z 1edc.1ed4: LastWriteTime: 2017-07-02T05:48:40.132130500Z 1edc.1ed4: ChangeTime: 2017-07-08T01:14:17.088621100Z 1edc.1ed4: FileAttributes: 0x20 1edc.1ed4: Size: 0xaa3d0 1edc.1ed4: NT Headers: 0xe8 1edc.1ed4: Timestamp: 0x4fc42b98 1edc.1ed4: Machine: 0x8664 - amd64 1edc.1ed4: Timestamp: 0x4fc42b98 1edc.1ed4: Image Version: 10.0 1edc.1ed4: SizeOfImage: 0xac000 (704512) 1edc.1ed4: Resource Dir: 0xaa000 LB 0x520 1edc.1ed4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 1edc.1ed4: [Raw version resource data: 0xaa0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 1edc.1ed4: ProductName: Microsoft® Windows® Operating System 1edc.1ed4: ProductVersion: 10.0.16237.1001 1edc.1ed4: FileVersion: 10.0.16237.1001 (WinBuild.160101.0800) 1edc.1ed4: FileDescription: Windows NT BASE API Client DLL 1edc.1ed4: \SystemRoot\System32\KernelBase.dll: 1edc.1ed4: CreationTime: 2017-07-02T05:48:08.100942400Z 1edc.1ed4: LastWriteTime: 2017-07-02T05:48:08.100942400Z 1edc.1ed4: ChangeTime: 2017-07-08T01:14:17.545811300Z 1edc.1ed4: FileAttributes: 0x20 1edc.1ed4: Size: 0x2667f8 1edc.1ed4: NT Headers: 0xf8 1edc.1ed4: Timestamp: 0xe6f210ec 1edc.1ed4: Machine: 0x8664 - amd64 1edc.1ed4: Timestamp: 0xe6f210ec 1edc.1ed4: Image Version: 10.0 1edc.1ed4: SizeOfImage: 0x268000 (2523136) 1edc.1ed4: Resource Dir: 0x247000 LB 0x548 1edc.1ed4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 1edc.1ed4: [Raw version resource data: 0x2470b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 1edc.1ed4: ProductName: Microsoft® Windows® Operating System 1edc.1ed4: ProductVersion: 10.0.16237.1001 1edc.1ed4: FileVersion: 10.0.16237.1001 (WinBuild.160101.0800) 1edc.1ed4: FileDescription: Windows NT BASE API Client DLL 1edc.1ed4: \SystemRoot\System32\apisetschema.dll: 1edc.1ed4: CreationTime: 2017-07-02T05:48:41.694628000Z 1edc.1ed4: LastWriteTime: 2017-07-02T05:48:41.694628000Z 1edc.1ed4: ChangeTime: 2017-07-07T23:25:10.245895100Z 1edc.1ed4: FileAttributes: 0x20 1edc.1ed4: Size: 0x1a350 1edc.1ed4: NT Headers: 0xc8 1edc.1ed4: Timestamp: 0xf46ff039 1edc.1ed4: Machine: 0x8664 - amd64 1edc.1ed4: Timestamp: 0xf46ff039 1edc.1ed4: Image Version: 10.0 1edc.1ed4: SizeOfImage: 0x1c000 (114688) 1edc.1ed4: Resource Dir: 0x1b000 LB 0x408 1edc.1ed4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 1edc.1ed4: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 1edc.1ed4: ProductName: Microsoft® Windows® Operating System 1edc.1ed4: ProductVersion: 10.0.16237.1001 1edc.1ed4: FileVersion: 10.0.16237.1001 (WinBuild.160101.0800) 1edc.1ed4: FileDescription: ApiSet Schema DLL 1edc.1ed4: NtOpenDirectoryObject failed on \Driver: 0xc0000022 1edc.1ed4: supR3HardenedWinFindAdversaries: 0x0 1edc.1ed4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 1edc.1ed4: Calling main() 1edc.1ed4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1edc.1ed4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 1edc.1ed4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1edc.1ed4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1edc.1ed4: SUPR3HardenedMain: Respawn #2 1edc.1ed4: supR3HardNtEnableThreadCreation: 1edc.1ed4: \Device\HarddiskVolume4\Windows\System32\ntdll.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x169de450; retrying against current time: 0x59621672. 1edc.1ed4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports 1edc.1ed4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntdll.dll) 1edc.1ed4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1edc.1ed4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 1edc.1ed4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd9ee0000 'C:\WINDOWS\System32\ntdll.dll' 1edc.1ed4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffdd9f59270 pvNtTerminateThread=00007ffdd9f819c0 1edc.1ed4: supR3HardenedWinDoReSpawn(2): New child 1ed8.15f0 [kernel32]. 1edc.1ed4: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) 1edc.1ed4: supR3HardNtChildGatherData: PebBaseAddress=0000000000bbf000 cbPeb=0x388 1edc.1ed4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffdd9ee0000 uNtDllChildAddr=00007ffdd9ee0000 1edc.1ed4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffdd9f59270 1edc.1ed4: supR3HardenedWinSetupChildInit: Start child. 1edc.1ed4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 1edc.1ed4: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 17 sleeps 1edc.1ed4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 1edc.1ed4: *0000000000000000-00000000008fffff 0x0001/0x0000 0x0000000 1edc.1ed4: *0000000000900000-000000000091ffff 0x0004/0x0004 0x0020000 1edc.1ed4: *0000000000920000-0000000000938fff 0x0002/0x0002 0x0040000 1edc.1ed4: 0000000000939000-000000000093ffff 0x0001/0x0000 0x0000000 1edc.1ed4: *0000000000940000-0000000000943fff 0x0002/0x0002 0x0040000 1edc.1ed4: 0000000000944000-000000000094ffff 0x0001/0x0000 0x0000000 1edc.1ed4: *0000000000950000-0000000000950fff 0x0004/0x0004 0x0020000 1edc.1ed4: 0000000000951000-00000000009fffff 0x0001/0x0000 0x0000000 1edc.1ed4: *0000000000a00000-0000000000bbefff 0x0000/0x0004 0x0020000 1edc.1ed4: 0000000000bbf000-0000000000bc1fff 0x0004/0x0004 0x0020000 1edc.1ed4: 0000000000bc2000-0000000000bfffff 0x0000/0x0004 0x0020000 1edc.1ed4: *0000000000c00000-0000000000cfafff 0x0000/0x0004 0x0020000 1edc.1ed4: 0000000000cfb000-0000000000cfdfff 0x0104/0x0004 0x0020000 1edc.1ed4: 0000000000cfe000-0000000000cfffff 0x0004/0x0004 0x0020000 1edc.1ed4: 0000000000d00000-000000007ffdffff 0x0001/0x0000 0x0000000 1edc.1ed4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 1edc.1ed4: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 1edc.1ed4: 000000007fff0000-00007ff6eafbffff 0x0001/0x0000 0x0000000 1edc.1ed4: *00007ff6eafc0000-00007ff6eafe2fff 0x0002/0x0002 0x0040000 1edc.1ed4: 00007ff6eafe3000-00007ff6eb36ffff 0x0001/0x0000 0x0000000 1edc.1ed4: *00007ff6eb370000-00007ff6eb370fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1edc.1ed4: 00007ff6eb371000-00007ff6eb3e0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1edc.1ed4: 00007ff6eb3e1000-00007ff6eb3e1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1edc.1ed4: 00007ff6eb3e2000-00007ff6eb426fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1edc.1ed4: 00007ff6eb427000-00007ff6eb427fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1edc.1ed4: 00007ff6eb428000-00007ff6eb428fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1edc.1ed4: 00007ff6eb429000-00007ff6eb42dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1edc.1ed4: 00007ff6eb42e000-00007ff6eb42efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1edc.1ed4: 00007ff6eb42f000-00007ff6eb42ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1edc.1ed4: 00007ff6eb430000-00007ff6eb433fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1edc.1ed4: 00007ff6eb434000-00007ff6eb47bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1edc.1ed4: 00007ff6eb47c000-00007ffdd9edffff 0x0001/0x0000 0x0000000 1edc.1ed4: *00007ffdd9ee0000-00007ffdd9ee0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1edc.1ed4: 00007ffdd9ee1000-00007ffdd9ff3fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1edc.1ed4: 00007ffdd9ff4000-00007ffdda039fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1edc.1ed4: 00007ffdda03a000-00007ffdda041fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1edc.1ed4: 00007ffdda042000-00007ffdda04ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1edc.1ed4: 00007ffdda050000-00007ffdda050fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1edc.1ed4: 00007ffdda051000-00007ffdda053fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1edc.1ed4: 00007ffdda054000-00007ffdda0bffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll 1edc.1ed4: 00007ffdda0c0000-00007ffffffdffff 0x0001/0x0000 0x0000000 1edc.1ed4: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 1edc.1ed4: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS) 1edc.1ed4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1edc.1ed4: \Device\HarddiskVolume4\Windows\System32\ntdll.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x169de450; retrying against current time: 0x59621673. 1edc.1ed4: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports 1edc.1ed4: supR3HardNtChildPurify: Done after 354 ms and 0 fixes (loop #0). 1ed8.15f0: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03f6d00 1ed8.15f0: supR3HardenedVmProcessInit: uNtDllAddr=00007ffdd9ee0000 g_uNtVerCombined=0xa03f6d00 1edc.1ed4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000c00000 LB 0x400000) 1ed8.15f0: ntdll.dll: timestamp 0x169de450 (rc=VINF_SUCCESS) 1ed8.15f0: New simple heap: #1 0000000000e00000 LB 0x400000 (for 1966080 allocation) 1edc.1ed4: supR3HardNtEnableThreadCreation: 1ed8.15f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 1ed8.15f0: System32: \Device\HarddiskVolume4\Windows\System32 1ed8.15f0: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS 1ed8.15f0: KnownDllPath: C:\WINDOWS\System32 1ed8.15f0: supR3HardenedVmProcessInit: Opening vboxdrv... 1ed8.15f0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 1ed8.15f0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 1ed8.15f0: Registered Dll notification callback with NTDLL. 1ed8.15f0: \Device\HarddiskVolume4\Windows\System32\kernel32.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x4fc42b98; retrying against current time: 0x59621673. 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll) 1ed8.15f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling] 1ed8.15f0: supR3HardenedDllNotificationCallback: load 00007ffdd6740000 LB 0x00268000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] 1ed8.15f0: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xe6f210ec; retrying against current time: 0x59621673. 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll) 1ed8.15f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll 1ed8.15f0: supR3HardenedDllNotificationCallback: load 00007ffdd8f70000 LB 0x000ac000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] 1ed8.15f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd8f70000 'C:\WINDOWS\System32\KERNEL32.DLL' 1ed8.15f0: supR3HardenedDllNotificationCallback: load 00007ff6eb370000 LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 1ed8.15f0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1ed8.15f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe 1ed8.15f0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffdd9f59270 pvNtTerminateThread=00007ffdd9f819c0 1edc.1ed4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 345 ms. 1ed8.15f0: \SystemRoot\System32\ntdll.dll: 1ed8.15f0: CreationTime: 2017-07-02T05:48:10.225937400Z 1ed8.15f0: LastWriteTime: 2017-07-02T05:48:10.225937400Z 1ed8.15f0: ChangeTime: 2017-07-07T23:25:29.336611000Z 1ed8.15f0: FileAttributes: 0x20 1ed8.15f0: Size: 0x1dc2b8 1ed8.15f0: NT Headers: 0xe0 1ed8.15f0: Timestamp: 0x169de450 1ed8.15f0: Machine: 0x8664 - amd64 1ed8.15f0: Timestamp: 0x169de450 1ed8.15f0: Image Version: 10.0 1ed8.15f0: SizeOfImage: 0x1e0000 (1966080) 1ed8.15f0: Resource Dir: 0x175000 LB 0x69eb8 1ed8.15f0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 1ed8.15f0: [Raw version resource data: 0x1750f0 LB 0x380, codepage 0x0 (reserved 0x0)] 1ed8.15f0: ProductName: Microsoft® Windows® Operating System 1ed8.15f0: ProductVersion: 10.0.16237.1001 1ed8.15f0: FileVersion: 10.0.16237.1001 (WinBuild.160101.0800) 1ed8.15f0: FileDescription: NT Layer DLL 1ed8.15f0: \SystemRoot\System32\kernel32.dll: 1ed8.15f0: CreationTime: 2017-07-02T05:48:40.132130500Z 1ed8.15f0: LastWriteTime: 2017-07-02T05:48:40.132130500Z 1ed8.15f0: ChangeTime: 2017-07-08T01:14:17.088621100Z 1ed8.15f0: FileAttributes: 0x20 1ed8.15f0: Size: 0xaa3d0 1ed8.15f0: NT Headers: 0xe8 1ed8.15f0: Timestamp: 0x4fc42b98 1ed8.15f0: Machine: 0x8664 - amd64 1ed8.15f0: Timestamp: 0x4fc42b98 1ed8.15f0: Image Version: 10.0 1ed8.15f0: SizeOfImage: 0xac000 (704512) 1ed8.15f0: Resource Dir: 0xaa000 LB 0x520 1ed8.15f0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 1ed8.15f0: [Raw version resource data: 0xaa0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 1ed8.15f0: ProductName: Microsoft® Windows® Operating System 1ed8.15f0: ProductVersion: 10.0.16237.1001 1ed8.15f0: FileVersion: 10.0.16237.1001 (WinBuild.160101.0800) 1ed8.15f0: FileDescription: Windows NT BASE API Client DLL 1ed8.15f0: \SystemRoot\System32\KernelBase.dll: 1ed8.15f0: CreationTime: 2017-07-02T05:48:08.100942400Z 1ed8.15f0: LastWriteTime: 2017-07-02T05:48:08.100942400Z 1ed8.15f0: ChangeTime: 2017-07-08T01:14:17.545811300Z 1ed8.15f0: FileAttributes: 0x20 1ed8.15f0: Size: 0x2667f8 1ed8.15f0: NT Headers: 0xf8 1ed8.15f0: Timestamp: 0xe6f210ec 1ed8.15f0: Machine: 0x8664 - amd64 1ed8.15f0: Timestamp: 0xe6f210ec 1ed8.15f0: Image Version: 10.0 1ed8.15f0: SizeOfImage: 0x268000 (2523136) 1ed8.15f0: Resource Dir: 0x247000 LB 0x548 1ed8.15f0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 1ed8.15f0: [Raw version resource data: 0x2470b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 1ed8.15f0: ProductName: Microsoft® Windows® Operating System 1ed8.15f0: ProductVersion: 10.0.16237.1001 1ed8.15f0: FileVersion: 10.0.16237.1001 (WinBuild.160101.0800) 1ed8.15f0: FileDescription: Windows NT BASE API Client DLL 1ed8.15f0: \SystemRoot\System32\apisetschema.dll: 1ed8.15f0: CreationTime: 2017-07-02T05:48:41.694628000Z 1ed8.15f0: LastWriteTime: 2017-07-02T05:48:41.694628000Z 1ed8.15f0: ChangeTime: 2017-07-07T23:25:10.245895100Z 1ed8.15f0: FileAttributes: 0x20 1ed8.15f0: Size: 0x1a350 1ed8.15f0: NT Headers: 0xc8 1ed8.15f0: Timestamp: 0xf46ff039 1ed8.15f0: Machine: 0x8664 - amd64 1ed8.15f0: Timestamp: 0xf46ff039 1ed8.15f0: Image Version: 10.0 1ed8.15f0: SizeOfImage: 0x1c000 (114688) 1ed8.15f0: Resource Dir: 0x1b000 LB 0x408 1ed8.15f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 1ed8.15f0: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 1ed8.15f0: ProductName: Microsoft® Windows® Operating System 1ed8.15f0: ProductVersion: 10.0.16237.1001 1ed8.15f0: FileVersion: 10.0.16237.1001 (WinBuild.160101.0800) 1ed8.15f0: FileDescription: ApiSet Schema DLL 1ed8.15f0: NtOpenDirectoryObject failed on \Driver: 0xc0000022 1ed8.15f0: supR3HardenedWinFindAdversaries: 0x0 1ed8.15f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 1ed8.15f0: Calling main() 1ed8.15f0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1ed8.15f0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 1ed8.15f0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1ed8.15f0: SUPR3HardenedMain: Final process, opening VBoxDrv... 1ed8.15f0: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000e00000 LB 0x400000) 1ed8.15f0: supR3HardNtEnableThreadCreation: 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) 1ed8.15f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 1ed8.15f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1ed8.15f0: supR3HardenedDllNotificationCallback: load 00007ffdcbad0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] 1ed8.15f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1ed8.15f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcbad0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 1ed8.15f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcbad0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdcbad0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 1ed8.15f0: \Device\HarddiskVolume4\Windows\System32\wintrust.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x30ef84fa; retrying against current time: 0x59621673. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'. 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll) 1ed8.15f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1ed8.15f0: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x884b69ac; retrying against current time: 0x59621673. 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll) 1ed8.15f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 1ed8.15f0: \Device\HarddiskVolume4\Windows\System32\crypt32.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x9ad46f36; retrying against current time: 0x59621673. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'msasn1.dll'. 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll) 1ed8.15f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 1ed8.15f0: \Device\HarddiskVolume4\Windows\System32\msasn1.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x527804d8; retrying against current time: 0x59621673. 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll) 1ed8.15f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1ed8.15f0: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xcfb9733b; retrying against current time: 0x59621673. 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll) 1ed8.15f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 1ed8.15f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 1ed8.15f0: supR3HardenedDllNotificationCallback: load 00007ffdd73b0000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0] 1ed8.15f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1ed8.15f0: supR3HardenedDllNotificationCallback: load 00007ffdd6280000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0] 1ed8.15f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 1ed8.15f0: supR3HardenedDllNotificationCallback: load 00007ffdd6300000 LB 0x000fa000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0] 1ed8.15f0: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xff9dadd8; retrying against current time: 0x59621673. 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ucrtbase.dll) 1ed8.15f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ucrtbase.dll 1ed8.15f0: supR3HardenedDllNotificationCallback: load 00007ffdd69b0000 LB 0x001ce000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0] 1ed8.15f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 1ed8.15f0: supR3HardenedDllNotificationCallback: load 00007ffdd94d0000 LB 0x00121000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0] 1ed8.15f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1ed8.15f0: supR3HardenedDllNotificationCallback: load 00007ffdd9400000 LB 0x0005a000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0] 1ed8.15f0: \Device\HarddiskVolume4\Windows\System32\sechost.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xb5ff34cc; retrying against current time: 0x59621673. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll) 1ed8.15f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll 1ed8.15f0: supR3HardenedDllNotificationCallback: load 00007ffdd9820000 LB 0x000a1000 C:\WINDOWS\System32\advapi32.dll [fFlags=0x0] 1ed8.15f0: \Device\HarddiskVolume4\Windows\System32\advapi32.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xecaf3300; retrying against current time: 0x59621673. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll) 1ed8.15f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll 1ed8.15f0: supR3HardenedDllNotificationCallback: load 00007ffdd6630000 LB 0x00058000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0] 1ed8.15f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6740000 'api-ms-win-core-synch-l1-2-0' 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6740000 'api-ms-win-core-fibers-l1-1-1' 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6740000 'api-ms-win-core-fibers-l1-1-1' 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6740000 'api-ms-win-core-synch-l1-2-0' 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling] 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6740000 'api-ms-win-core-localization-l1-2-1' 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6630000 'C:\WINDOWS\system32\Wintrust.dll' 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> -626 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll) 1ed8.15f0: Error (rc=0): 1ed8.15f0: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume4\Windows\System32\bcrypt.dll: Grown load config (244 to 256 bytes) includes non-zero bytes: 00 00 00 00 60 a9 01 80 01 00 00 00 1ed8.15f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll 1ed8.15f0: Error (rc=0): 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\system32\bcrypt.dll' (C:\WINDOWS\system32\bcrypt.dll): rcNt=0xc0000190 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\bcrypt.dll' 1ed8.15f0: Warning! Failed to load bcrypt.dll 1ed8.15f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1ed8.15f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] 1ed8.15f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust] 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1ed8.15f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1ed8.15f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6630000 'C:\Windows\System32\WINTRUST.DLL' 1ed8.15f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6630000 'C:\Windows\System32\WINTRUST.DLL' 1ed8.15f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6630000 'C:\Windows\System32\WINTRUST.DLL' 1ed8.15f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6630000 'C:\Windows\System32\WINTRUST.DLL' 1ed8.15f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6630000 'C:\Windows\System32\WINTRUST.DLL' 1ed8.15f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6630000 'C:\Windows\System32\WINTRUST.DLL' 1ed8.15f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffdd6630000 'C:\Windows\System32\WINTRUST.DLL' 1ed8.15f0: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x981ac005; retrying against current time: 0x59621674. 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll) 1ed8.15f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll 1ed8.15f0: supR3HardenedDllNotificationCallback: load 00007ffdd5c80000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0] 1ed8.15f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 1ed8.15f0: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x2f19baa8; retrying against current time: 0x59621674. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'. 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll) 1ed8.15f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 1ed8.15f0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -626 (0xfffffd8e)) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1ed8.15f0: Error (rc=0): 1ed8.15f0: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume4\Windows\System32\bcrypt.dll 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling] 1ed8.15f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1ed8.15f0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status -626 (0xfffffd8e)) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1ed8.15f0: Error (rc=0): 1ed8.15f0: supR3HardenedScreenImage/NtCreateSection: cached rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x10 fAccess=0xf cHits=2 \Device\HarddiskVolume4\Windows\System32\bcrypt.dll 1ed8.15f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\rsaenh.dll' 1ed8.15f0: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x8 (<NULL>) on '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' 1ed8.15f0: Error -22919 in VirtualBox! (enmWhat=1) 1ed8.15f0: WinVerifyTrust failed on stub executable: WinVerifyTrust failed with hrc=Unknown Status 0x8 on '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'. 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll) 1ed8.15f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'... 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008] 1ed8.15f0: \Device\HarddiskVolume4\Windows\System32\winmm.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x5a9d3d16; retrying against current time: 0x59621674. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'. 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll) 1ed8.15f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 1ed8.15f0: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x5dcd01c; retrying against current time: 0x59621674. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'. 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll) 1ed8.15f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 1ed8.15f0: \Device\HarddiskVolume4\Windows\System32\ole32.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x54729f9e; retrying against current time: 0x59621674. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'gdi32.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'user32.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'combase.dll'. 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll) 1ed8.15f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 1ed8.15f0: \Device\HarddiskVolume4\Windows\System32\shell32.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0x214078c4; retrying against current time: 0x59621674. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #73 'user32.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'gdi32.dll'. 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll) 1ed8.15f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 1ed8.15f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 1ed8.15f0: \Device\HarddiskVolume4\Windows\System32\user32.dll: VERR_CR_X509_CPV_NOT_VALID_AT_TIME for 0xf7d682bf; retrying against current time: 0x59621674. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'. 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll) 1ed8.15f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'... 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008] 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'. 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) 1ed8.15f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'... 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008] 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'. 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) 1ed8.15f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'... 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008] 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) 1ed8.15f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'... 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008] 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'. 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) 1ed8.15f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'... 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008] 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'. 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'. 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) 1ed8.15f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'... 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008] 1ed8.15f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll) 1ed8.15f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'... 1ed8.15f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008] 1ed8.15f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0

Change History

comment:1 Changed 22 months ago by PaulSchulz

Workaround: I was able to get Virtual VMs running again by reveirting to previous version of Windows 10.

See: Ticket #16892

comment:2 Changed 22 months ago by michael

  • Status changed from new to closed
  • Resolution set to duplicate
  • Summary changed from Platform: Windows 10 Pro Insider Preview; Description: Starting VM Fails w/ Result Code: E_FAIL (0x80004005)); Component: MachineWrap, Imachine; Error: bcrypt.dll Fails WinVerifyTrust to Platform: Windows 10 Pro Insider Preview; Description: Starting VM Fails w/ Result Code: E_FAIL (0x80004005)); Component: MachineWrap, Imachine; Error: bcrypt.dll Fails WinVerifyTrust -> duplicate of #16892
Note: See TracTickets for help on using tickets.

www.oracle.com
ContactPrivacy policyTerms of Use