f4.1858: Log file opened: 5.0.20r106931 g_hStartupLog=0000000000000084 g_uNtVerCombined=0xa0295a00 f4.1858: \SystemRoot\System32\ntdll.dll: f4.1858: CreationTime: 2016-05-24T11:23:17.033864600Z f4.1858: LastWriteTime: 2016-04-23T05:24:28.464629900Z f4.1858: ChangeTime: 2016-05-24T12:41:34.595936100Z f4.1858: FileAttributes: 0x20 f4.1858: Size: 0x1bc248 f4.1858: NT Headers: 0xe0 f4.1858: Timestamp: 0x571af2eb f4.1858: Machine: 0x8664 - amd64 f4.1858: Timestamp: 0x571af2eb f4.1858: Image Version: 10.0 f4.1858: SizeOfImage: 0x1c1000 (1839104) f4.1858: Resource Dir: 0x159000 LB 0x66218 f4.1858: ProductName: Microsoft® Windows® Operating System f4.1858: ProductVersion: 10.0.10586.306 f4.1858: FileVersion: 10.0.10586.306 (th2_release_sec.160422-1850) f4.1858: FileDescription: NT Layer DLL f4.1858: \SystemRoot\System32\kernel32.dll: f4.1858: CreationTime: 2015-10-30T07:17:46.221743200Z f4.1858: LastWriteTime: 2015-10-30T07:17:46.221743200Z f4.1858: ChangeTime: 2016-05-24T13:37:16.549608400Z f4.1858: FileAttributes: 0x20 f4.1858: Size: 0xac430 f4.1858: NT Headers: 0xf0 f4.1858: Timestamp: 0x5632d5aa f4.1858: Machine: 0x8664 - amd64 f4.1858: Timestamp: 0x5632d5aa f4.1858: Image Version: 10.0 f4.1858: SizeOfImage: 0xad000 (708608) f4.1858: Resource Dir: 0xab000 LB 0x528 f4.1858: ProductName: Microsoft® Windows® Operating System f4.1858: ProductVersion: 10.0.10586.0 f4.1858: FileVersion: 10.0.10586.0 (th2_release.151029-1700) f4.1858: FileDescription: Windows NT BASE API Client DLL f4.1858: \SystemRoot\System32\KernelBase.dll: f4.1858: CreationTime: 2016-05-24T11:24:05.220372200Z f4.1858: LastWriteTime: 2016-04-23T05:24:41.063286800Z f4.1858: ChangeTime: 2016-05-24T12:41:33.611507200Z f4.1858: FileAttributes: 0x20 f4.1858: Size: 0x1e7a10 f4.1858: NT Headers: 0xf0 f4.1858: Timestamp: 0x571af331 f4.1858: Machine: 0x8664 - amd64 f4.1858: Timestamp: 0x571af331 f4.1858: Image Version: 10.0 f4.1858: SizeOfImage: 0x1e8000 (1998848) f4.1858: Resource Dir: 0x1d1000 LB 0x548 f4.1858: ProductName: Microsoft® Windows® Operating System f4.1858: ProductVersion: 10.0.10586.306 f4.1858: FileVersion: 10.0.10586.306 (th2_release_sec.160422-1850) f4.1858: FileDescription: Windows NT BASE API Client DLL f4.1858: \SystemRoot\System32\apisetschema.dll: f4.1858: CreationTime: 2015-10-30T07:17:57.502957900Z f4.1858: LastWriteTime: 2015-10-30T07:17:57.502957900Z f4.1858: ChangeTime: 2016-05-24T13:37:15.315173200Z f4.1858: FileAttributes: 0x20 f4.1858: Size: 0x16d60 f4.1858: NT Headers: 0xc8 f4.1858: Timestamp: 0x5632d94c f4.1858: Machine: 0x8664 - amd64 f4.1858: Timestamp: 0x5632d94c f4.1858: Image Version: 10.0 f4.1858: SizeOfImage: 0x18000 (98304) f4.1858: Resource Dir: 0x17000 LB 0x400 f4.1858: ProductName: Microsoft® Windows® Operating System f4.1858: ProductVersion: 10.0.10586.0 f4.1858: FileVersion: 10.0.10586.0 (th2_release.151029-1700) f4.1858: FileDescription: ApiSet Schema DLL f4.1858: NtOpenDirectoryObject failed on \Driver: 0xc0000022 f4.1858: supR3HardenedWinFindAdversaries: 0x0 f4.1858: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' f4.1858: Calling main() f4.1858: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 f4.1858: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' f4.1858: SUPR3HardenedMain: Respawn #1 f4.1858: System32: \Device\HarddiskVolume4\Windows\System32 f4.1858: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS f4.1858: KnownDllPath: C:\WINDOWS\system32 f4.1858: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports f4.1858: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe) f4.1858: supR3HardNtEnableThreadCreation: f4.1858: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd6f9f6d50 pvNtTerminateThread=00007ffd6fa25b30 f4.1858: supR3HardenedWinDoReSpawn(1): New child 173c.100 [kernel32]. f4.1858: supR3HardNtChildGatherData: PebBaseAddress=00000000003e8000 cbPeb=0x388 f4.1858: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffd6f980000 uNtDllChildAddr=00007ffd6f980000 f4.1858: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffd6f9f6d50 f4.1858: supR3HardenedWinSetupChildInit: Start child. f4.1858: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. f4.1858: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 29 sleeps f4.1858: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION f4.1858: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 f4.1858: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 f4.1858: *0000000000030000-000000000001afff 0x0002/0x0002 0x0040000 f4.1858: 0000000000045000-0000000000039fff 0x0001/0x0000 0x0000000 f4.1858: *0000000000050000-fffffffffff54fff 0x0000/0x0004 0x0020000 f4.1858: 000000000014b000-0000000000147fff 0x0104/0x0004 0x0020000 f4.1858: 000000000014e000-000000000014bfff 0x0004/0x0004 0x0020000 f4.1858: *0000000000150000-000000000014bfff 0x0002/0x0002 0x0040000 f4.1858: 0000000000154000-0000000000147fff 0x0001/0x0000 0x0000000 f4.1858: *0000000000160000-000000000015dfff 0x0004/0x0004 0x0020000 f4.1858: 0000000000162000-00000000000c3fff 0x0001/0x0000 0x0000000 f4.1858: *0000000000200000-0000000000017fff 0x0000/0x0004 0x0020000 f4.1858: 00000000003e8000-00000000003e4fff 0x0004/0x0004 0x0020000 f4.1858: 00000000003eb000-00000000003d5fff 0x0000/0x0004 0x0020000 f4.1858: 0000000000400000-ffffffff8081ffff 0x0001/0x0000 0x0000000 f4.1858: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 f4.1858: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 f4.1858: 000000007fff0000-ffff800936d2ffff 0x0001/0x0000 0x0000000 f4.1858: *00007ff7c92b0000-00007ff7c92aefff 0x0040/0x0040 0x0020000 !! f4.1858: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00007ff7c92b0000 (LB 0x1000, 00007ff7c92b0000 LB 0x1000) f4.1858: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00007ff7c92b0000/00007ff7c92b0000 LB 0/0x1000] f4.1858: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00007ff7c92b0000 LB 0x10000 s=0x10000 ap=0x0 rp=0x00400100000001 f4.1858: 00007ff7c92b1000-00007ff7c92a1fff 0x0001/0x0000 0x0000000 f4.1858: *00007ff7c92c0000-00007ff7c929cfff 0x0002/0x0002 0x0040000 f4.1858: 00007ff7c92e3000-00007ff7c9275fff 0x0001/0x0000 0x0000000 f4.1858: *00007ff7c9350000-00007ff7c9350fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE f4.1858: 00007ff7c9351000-00007ff7c93c0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE f4.1858: 00007ff7c93c1000-00007ff7c93c1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE f4.1858: 00007ff7c93c2000-00007ff7c9406fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE f4.1858: 00007ff7c9407000-00007ff7c9407fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE f4.1858: 00007ff7c9408000-00007ff7c9408fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE f4.1858: 00007ff7c9409000-00007ff7c940dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE f4.1858: 00007ff7c940e000-00007ff7c940efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE f4.1858: 00007ff7c940f000-00007ff7c940ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE f4.1858: 00007ff7c9410000-00007ff7c9413fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE f4.1858: 00007ff7c9414000-00007ff7c945bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE f4.1858: 00007ff7c945c000-00007ff222f37fff 0x0001/0x0000 0x0000000 f4.1858: *00007ffd6f980000-00007ffd6f980fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll f4.1858: 00007ffd6f981000-00007ffd6fa7dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll f4.1858: 00007ffd6fa7e000-00007ffd6fabefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll f4.1858: 00007ffd6fabf000-00007ffd6fac7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll f4.1858: 00007ffd6fac8000-00007ffd6fad4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll f4.1858: 00007ffd6fad5000-00007ffd6fad5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll f4.1858: 00007ffd6fad6000-00007ffd6fad8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll f4.1858: 00007ffd6fad9000-00007ffd6fb40fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll f4.1858: 00007ffd6fb41000-00007ffadf6a1fff 0x0001/0x0000 0x0000000 f4.1858: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 f4.1858: VirtualBox.exe: timestamp 0x57220aaf (rc=VINF_SUCCESS) f4.1858: Error (rc=-5618): f4.1858: Process image name does not match the exectuable we found: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe vs \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE. f4.1858: Error (rc=-5618): f4.1858: supHardenedWinVerifyProcess failed with Unknown Status -5618 (0xffffea0e): Process image name does not match the exectuable we found: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe vs \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE. f4.1858: Error -5618 in supR3HardNtChildPurify! (enmWhat=5) f4.1858: supHardenedWinVerifyProcess failed with Unknown Status -5618 (0xffffea0e): Process image name does not match the exectuable we found: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe vs \Device\HarddiskVolume4\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE. f4.1858: supR3HardNtEnableThreadCreation: