316c.3064: Log file opened: 5.1.2r108956 g_hStartupLog=0000000000000028 g_uNtVerCombined=0x611db110 316c.3064: \SystemRoot\System32\ntdll.dll: 316c.3064: CreationTime: 2016-07-07T20:49:54.521575000Z 316c.3064: LastWriteTime: 2016-04-09T06:59:27.660769000Z 316c.3064: ChangeTime: 2016-07-08T19:12:56.838545300Z 316c.3064: FileAttributes: 0x20 316c.3064: Size: 0x1a7100 316c.3064: NT Headers: 0xe0 316c.3064: Timestamp: 0x5708a857 316c.3064: Machine: 0x8664 - amd64 316c.3064: Timestamp: 0x5708a857 316c.3064: Image Version: 6.1 316c.3064: SizeOfImage: 0x1aa000 (1744896) 316c.3064: Resource Dir: 0x14e000 LB 0x5a028 316c.3064: ProductName: Microsoft® Windows® Operating System 316c.3064: ProductVersion: 6.1.7601.23418 316c.3064: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045) 316c.3064: FileDescription: NT Layer DLL 316c.3064: \SystemRoot\System32\kernel32.dll: 316c.3064: CreationTime: 2016-07-07T20:49:54.771149400Z 316c.3064: LastWriteTime: 2016-04-09T06:57:53.879000000Z 316c.3064: ChangeTime: 2016-07-08T19:13:09.669873300Z 316c.3064: FileAttributes: 0x20 316c.3064: Size: 0x11c000 316c.3064: NT Headers: 0xe0 316c.3064: Timestamp: 0x5708a89b 316c.3064: Machine: 0x8664 - amd64 316c.3064: Timestamp: 0x5708a89b 316c.3064: Image Version: 6.1 316c.3064: SizeOfImage: 0x11f000 (1175552) 316c.3064: Resource Dir: 0x116000 LB 0x528 316c.3064: ProductName: Microsoft® Windows® Operating System 316c.3064: ProductVersion: 6.1.7601.23418 316c.3064: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045) 316c.3064: FileDescription: Windows NT BASE API Client DLL 316c.3064: \SystemRoot\System32\KernelBase.dll: 316c.3064: CreationTime: 2016-07-07T20:49:56.892531800Z 316c.3064: LastWriteTime: 2016-04-09T06:57:53.879000000Z 316c.3064: ChangeTime: 2016-07-08T19:13:09.778877300Z 316c.3064: FileAttributes: 0x20 316c.3064: Size: 0x66800 316c.3064: NT Headers: 0xe8 316c.3064: Timestamp: 0x5708a89c 316c.3064: Machine: 0x8664 - amd64 316c.3064: Timestamp: 0x5708a89c 316c.3064: Image Version: 6.1 316c.3064: SizeOfImage: 0x6a000 (434176) 316c.3064: Resource Dir: 0x68000 LB 0x530 316c.3064: ProductName: Microsoft® Windows® Operating System 316c.3064: ProductVersion: 6.1.7601.23418 316c.3064: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045) 316c.3064: FileDescription: Windows NT BASE API Client DLL 316c.3064: \SystemRoot\System32\apisetschema.dll: 316c.3064: CreationTime: 2016-07-07T20:50:02.492357400Z 316c.3064: LastWriteTime: 2016-04-09T06:57:48.684000000Z 316c.3064: ChangeTime: 2016-07-08T19:12:55.374777300Z 316c.3064: FileAttributes: 0x20 316c.3064: Size: 0x1a00 316c.3064: NT Headers: 0xc0 316c.3064: Timestamp: 0x5708a835 316c.3064: Machine: 0x8664 - amd64 316c.3064: Timestamp: 0x5708a835 316c.3064: Image Version: 6.1 316c.3064: SizeOfImage: 0x50000 (327680) 316c.3064: Resource Dir: 0x30000 LB 0x3f8 316c.3064: ProductName: Microsoft® Windows® Operating System 316c.3064: ProductVersion: 6.1.7601.23418 316c.3064: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045) 316c.3064: FileDescription: ApiSet Schema DLL 316c.3064: NtOpenDirectoryObject failed on \Driver: 0xc0000022 316c.3064: supR3HardenedWinFindAdversaries: 0x4003 316c.3064: \SystemRoot\System32\drivers\SysPlant.sys: 316c.3064: CreationTime: 2016-07-06T00:29:20.399609600Z 316c.3064: LastWriteTime: 2016-07-06T00:29:20.399609600Z 316c.3064: ChangeTime: 2016-07-06T00:29:20.399609600Z 316c.3064: FileAttributes: 0x20 316c.3064: Size: 0x26f40 316c.3064: NT Headers: 0x100 316c.3064: Timestamp: 0x5413cb4e 316c.3064: Machine: 0x8664 - amd64 316c.3064: Timestamp: 0x5413cb4e 316c.3064: Image Version: 5.0 316c.3064: SizeOfImage: 0x2d000 (184320) 316c.3064: Resource Dir: 0x2b000 LB 0x498 316c.3064: ProductName: Symantec CMC Firewall 316c.3064: ProductVersion: 12.1.5337.5000 316c.3064: FileVersion: 12.1.5337.5000 316c.3064: FileDescription: Symantec CMC Firewall SysPlant 316c.3064: \SystemRoot\System32\sysfer.dll: 316c.3064: CreationTime: 2016-07-06T00:29:20.399609600Z 316c.3064: LastWriteTime: 2016-07-06T00:29:20.399609600Z 316c.3064: ChangeTime: 2016-07-06T00:29:20.399609600Z 316c.3064: FileAttributes: 0x20 316c.3064: Size: 0x70f60 316c.3064: NT Headers: 0xe8 316c.3064: Timestamp: 0x5413cb55 316c.3064: Machine: 0x8664 - amd64 316c.3064: Timestamp: 0x5413cb55 316c.3064: Image Version: 0.0 316c.3064: SizeOfImage: 0x88000 (557056) 316c.3064: Resource Dir: 0x86000 LB 0x630 316c.3064: ProductName: Symantec CMC Firewall 316c.3064: ProductVersion: 12.1.5337.5000 316c.3064: FileVersion: 12.1.5337.5000 316c.3064: FileDescription: Symantec CMC Firewall sysfer 316c.3064: \SystemRoot\System32\drivers\symevent64x86.sys: 316c.3064: CreationTime: 2016-07-06T00:31:08.019446400Z 316c.3064: LastWriteTime: 2016-07-06T00:31:08.003844800Z 316c.3064: ChangeTime: 2016-07-06T00:31:08.003844800Z 316c.3064: FileAttributes: 0x20 316c.3064: Size: 0x2b658 316c.3064: NT Headers: 0xe8 316c.3064: Timestamp: 0x51f32ff2 316c.3064: Machine: 0x8664 - amd64 316c.3064: Timestamp: 0x51f32ff2 316c.3064: Image Version: 6.0 316c.3064: SizeOfImage: 0x38000 (229376) 316c.3064: Resource Dir: 0x36000 LB 0x3c8 316c.3064: ProductName: SYMEVENT 316c.3064: ProductVersion: 12.9.5.2 316c.3064: FileVersion: 12.9.5.2 316c.3064: FileDescription: Symantec Event Library 316c.3064: \SystemRoot\System32\drivers\cyprotectdrv64.sys: 316c.3064: CreationTime: 2016-07-06T00:48:50.755634000Z 316c.3064: LastWriteTime: 2016-07-28T14:57:55.118601000Z 316c.3064: ChangeTime: 2016-08-04T18:22:08.040899400Z 316c.3064: FileAttributes: 0x20 316c.3064: Size: 0x23e30 316c.3064: NT Headers: 0xf8 316c.3064: Timestamp: 0x577438a2 316c.3064: Machine: 0x8664 - amd64 316c.3064: Timestamp: 0x577438a2 316c.3064: Image Version: 6.1 316c.3064: SizeOfImage: 0xb6000 (745472) 316c.3064: Resource Dir: 0xb4000 LB 0x2f0 316c.3064: ProductName: CylancePROTECT 316c.3064: ProductVersion: 1.2.1390.55 316c.3064: FileVersion: 1.2.1390.55 316c.3064: FileDescription: Cylance Protect Driver 316c.3064: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 316c.3064: Calling main() 316c.3064: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 316c.3064: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 316c.3064: SUPR3HardenedMain: Respawn #1 316c.3064: System32: \Device\HarddiskVolume2\Windows\System32 316c.3064: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 316c.3064: KnownDllPath: C:\windows\system32 316c.3064: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 316c.3064: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 316c.3064: supR3HardNtEnableThreadCreation: 316c.3064: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007759a0e0 pvNtTerminateThread=00000000775bc060 316c.3064: supR3HardenedWinDoReSpawn(1): New child 2354.2bf4 [kernel32]. 316c.3064: supR3HardNtChildGatherData: PebBaseAddress=000007fffffda000 cbPeb=0x380 316c.3064: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077570000 uNtDllChildAddr=0000000077570000 316c.3064: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007759a0e0 316c.3064: supR3HardenedWinSetupChildInit: Start child. 316c.3064: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms. 316c.3064: supR3HardNtChildPurify: Startup delay kludge #1/0: 519 ms, 63 sleeps 316c.3064: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 316c.3064: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 316c.3064: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 316c.3064: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000 316c.3064: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000 316c.3064: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000 316c.3064: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000 316c.3064: *0000000000050000-000000000004efff 0x0020/0x0020 0x0020000 !! 316c.3064: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000000050000 (LB 0x1000, 0000000000050000 LB 0x1000) 316c.3064: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000050000/0000000000050000 LB 0/0x1000] 316c.3064: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000050000 LB 0x1a0000 s=0x10000 ap=0x0 rp=0x00000000000001 316c.3064: 0000000000051000-ffffffffffeb1fff 0x0001/0x0000 0x0000000 316c.3064: *00000000001f0000-00000000000f3fff 0x0000/0x0004 0x0020000 316c.3064: 00000000002ec000-00000000002e9fff 0x0104/0x0004 0x0020000 316c.3064: 00000000002ee000-00000000002ebfff 0x0004/0x0004 0x0020000 316c.3064: 00000000002f0000-ffffffff8906ffff 0x0001/0x0000 0x0000000 316c.3064: *0000000077570000-0000000077570fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 316c.3064: 0000000077571000-000000007766dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 316c.3064: 000000007766e000-000000007769cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 316c.3064: 000000007769d000-00000000776a6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 316c.3064: 00000000776a7000-00000000776a7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 316c.3064: 00000000776a8000-00000000776aafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 316c.3064: 00000000776ab000-0000000077719fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 316c.3064: 000000007771a000-000000006fe53fff 0x0001/0x0000 0x0000000 316c.3064: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000 316c.3064: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 316c.3064: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 316c.3064: 000000007fff0000-ffffffffc02affff 0x0001/0x0000 0x0000000 316c.3064: *000000013fd30000-000000013fd30fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 316c.3064: 000000013fd31000-000000013fd9ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 316c.3064: 000000013fda0000-000000013fda0fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 316c.3064: 000000013fda1000-000000013fde4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 316c.3064: 000000013fde5000-000000013fde5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 316c.3064: 000000013fde6000-000000013fde6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 316c.3064: 000000013fde7000-000000013fdebfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 316c.3064: 000000013fdec000-000000013fdecfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 316c.3064: 000000013fded000-000000013fdedfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 316c.3064: 000000013fdee000-000000013fdf1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 316c.3064: 000000013fdf2000-000000013fe39fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 316c.3064: 000000013fe3a000-000000013fe33fff 0x0001/0x0000 0x0000000 316c.3064: *000000013fe40000-000000013fe3efff 0x0040/0x0040 0x0020000 !! 316c.3064: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 000000013fe40000 (LB 0x1000, 000000013fe40000 LB 0x1000) 316c.3064: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [000000013fe40000/000000013fe40000 LB 0/0x1000] 316c.3064: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/000000013fe40000 LB 0x7fdbfa50000 s=0x10000 ap=0x0 rp=0x00000000000001 316c.3064: 000000013fe41000-fffff803803f1fff 0x0001/0x0000 0x0000000 316c.3064: *000007feff890000-000007feff890fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll 316c.3064: 000007feff891000-000007fdff171fff 0x0001/0x0000 0x0000000 316c.3064: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 316c.3064: 000007fffffd3000-000007fffffcbfff 0x0001/0x0000 0x0000000 316c.3064: *000007fffffda000-000007fffffd8fff 0x0004/0x0004 0x0020000 316c.3064: 000007fffffdb000-000007fffffd7fff 0x0001/0x0000 0x0000000 316c.3064: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000 316c.3064: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 316c.3064: apisetschema.dll: timestamp 0x5708a835 (rc=VINF_SUCCESS) 316c.3064: VirtualBox.exe: timestamp 0x5790f053 (rc=VINF_SUCCESS) 316c.3064: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 316c.3064: VirtualBox.exe: Differences in section #0 (headers) between file and memory: 316c.3064: 000000013fd30172 / 0x0000172: 00 != 11 316c.3064: 000000013fd30174 / 0x0000174: 00 != f0 316c.3064: 000000013fd301c8 / 0x00001c8: 00 != f0 316c.3064: 000000013fd301ca / 0x00001ca: 00 != 11 316c.3064: 000000013fd301cc / 0x00001cc: 00 != 20 316c.3064: Restored 0x400 bytes of original file content at 000000013fd30000 316c.3064: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports 316c.3064: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 316c.3064: supR3HardNtChildPurify: cFixes=3 g_fSupAdversaries=0x4003 cPatchCount=0 316c.3064: supR3HardNtChildPurify: Startup delay kludge #1/1: 514 ms, 64 sleeps 316c.3064: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 316c.3064: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 316c.3064: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 316c.3064: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000 316c.3064: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000 316c.3064: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000 316c.3064: 0000000000041000-ffffffffffe91fff 0x0001/0x0000 0x0000000 316c.3064: *00000000001f0000-00000000000f3fff 0x0000/0x0004 0x0020000 316c.3064: 00000000002ec000-00000000002e9fff 0x0104/0x0004 0x0020000 316c.3064: 00000000002ee000-00000000002ebfff 0x0004/0x0004 0x0020000 316c.3064: 00000000002f0000-ffffffff8906ffff 0x0001/0x0000 0x0000000 316c.3064: *0000000077570000-0000000077570fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 316c.3064: 0000000077571000-000000007766dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 316c.3064: 000000007766e000-000000007769cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 316c.3064: 000000007769d000-00000000776a6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 316c.3064: 00000000776a7000-00000000776a7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 316c.3064: 00000000776a8000-00000000776a8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 316c.3064: 00000000776a9000-00000000776aafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 316c.3064: 00000000776ab000-0000000077719fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 316c.3064: 000000007771a000-000000006fe53fff 0x0001/0x0000 0x0000000 316c.3064: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000 316c.3064: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 316c.3064: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 316c.3064: 000000007fff0000-ffffffffc02affff 0x0001/0x0000 0x0000000 316c.3064: *000000013fd30000-000000013fd30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 316c.3064: 000000013fd31000-000000013fd9ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 316c.3064: 000000013fda0000-000000013fda0fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 316c.3064: 000000013fda1000-000000013fde4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 316c.3064: 000000013fde5000-000000013fdf1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 316c.3064: 000000013fdf2000-000000013fe39fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 316c.3064: 000000013fe3a000-fffff803803e3fff 0x0001/0x0000 0x0000000 316c.3064: *000007feff890000-000007feff890fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll 316c.3064: 000007feff891000-000007fdff171fff 0x0001/0x0000 0x0000000 316c.3064: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 316c.3064: 000007fffffd3000-000007fffffcbfff 0x0001/0x0000 0x0000000 316c.3064: *000007fffffda000-000007fffffd8fff 0x0004/0x0004 0x0020000 316c.3064: 000007fffffdb000-000007fffffd7fff 0x0001/0x0000 0x0000000 316c.3064: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000 316c.3064: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 316c.3064: supR3HardNtChildPurify: Done after 1423 ms and 3 fixes (loop #1). 316c.3064: supR3HardNtEnableThreadCreation: 2354.2bf4: Log file opened: 5.1.2r108956 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100 2354.2bf4: supR3HardenedVmProcessInit: uNtDllAddr=0000000077570000 g_uNtVerCombined=0x611db100 2354.2bf4: ntdll.dll: timestamp 0x5708a857 (rc=VINF_SUCCESS) 2354.2bf4: New simple heap: #1 00000000002f0000 LB 0x400000 (for 1744896 allocation) 2354.2bf4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 2354.2bf4: System32: \Device\HarddiskVolume2\Windows\System32 2354.2bf4: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 2354.2bf4: KnownDllPath: C:\windows\system32 2354.2bf4: supR3HardenedVmProcessInit: Opening vboxdrv stub... 2354.2bf4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 2354.2bf4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 2354.2bf4: Registered Dll notification callback with NTDLL. 2354.2bf4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 2354.2bf4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 2354.2bf4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 2354.2bf4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 316c.3064: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2038 ms, CloseEvents);