ca8.890: Log file opened: 5.1.2r108956 g_hStartupLog=0000000000000058 g_uNtVerCombined=0xa0295a00 ca8.890: \SystemRoot\System32\ntdll.dll: ca8.890: CreationTime: 2016-08-05T14:44:27.558437800Z ca8.890: LastWriteTime: 2016-04-23T05:24:28.464629900Z ca8.890: ChangeTime: 2016-08-05T14:58:15.883958700Z ca8.890: FileAttributes: 0x20 ca8.890: Size: 0x1bc248 ca8.890: NT Headers: 0xe0 ca8.890: Timestamp: 0x571af2eb ca8.890: Machine: 0x8664 - amd64 ca8.890: Timestamp: 0x571af2eb ca8.890: Image Version: 10.0 ca8.890: SizeOfImage: 0x1c1000 (1839104) ca8.890: Resource Dir: 0x159000 LB 0x66218 ca8.890: ProductName: Microsoft® Windows® Operating System ca8.890: ProductVersion: 10.0.10586.306 ca8.890: FileVersion: 10.0.10586.306 (th2_release_sec.160422-1850) ca8.890: FileDescription: NT Layer DLL ca8.890: \SystemRoot\System32\kernel32.dll: ca8.890: CreationTime: 2015-10-30T07:17:46.221743200Z ca8.890: LastWriteTime: 2015-10-30T07:17:46.221743200Z ca8.890: ChangeTime: 2016-08-04T22:35:08.473994800Z ca8.890: FileAttributes: 0x20 ca8.890: Size: 0xac430 ca8.890: NT Headers: 0xf0 ca8.890: Timestamp: 0x5632d5aa ca8.890: Machine: 0x8664 - amd64 ca8.890: Timestamp: 0x5632d5aa ca8.890: Image Version: 10.0 ca8.890: SizeOfImage: 0xad000 (708608) ca8.890: Resource Dir: 0xab000 LB 0x528 ca8.890: ProductName: Microsoft® Windows® Operating System ca8.890: ProductVersion: 10.0.10586.0 ca8.890: FileVersion: 10.0.10586.0 (th2_release.151029-1700) ca8.890: FileDescription: Windows NT BASE API Client DLL ca8.890: \SystemRoot\System32\KernelBase.dll: ca8.890: CreationTime: 2016-08-05T14:43:56.646389100Z ca8.890: LastWriteTime: 2016-07-01T04:49:21.864958900Z ca8.890: ChangeTime: 2016-08-05T14:58:14.821403600Z ca8.890: FileAttributes: 0x20 ca8.890: Size: 0x1e7a10 ca8.890: NT Headers: 0xf0 ca8.890: Timestamp: 0x5775e4c5 ca8.890: Machine: 0x8664 - amd64 ca8.890: Timestamp: 0x5775e4c5 ca8.890: Image Version: 10.0 ca8.890: SizeOfImage: 0x1e8000 (1998848) ca8.890: Resource Dir: 0x1d1000 LB 0x548 ca8.890: ProductName: Microsoft® Windows® Operating System ca8.890: ProductVersion: 10.0.10586.494 ca8.890: FileVersion: 10.0.10586.494 (th2_release_sec.160630-1736) ca8.890: FileDescription: Windows NT BASE API Client DLL ca8.890: \SystemRoot\System32\apisetschema.dll: ca8.890: CreationTime: 2015-10-30T07:17:57.502957900Z ca8.890: LastWriteTime: 2015-10-30T07:17:57.502957900Z ca8.890: ChangeTime: 2016-08-04T23:23:28.221807700Z ca8.890: FileAttributes: 0x20 ca8.890: Size: 0x16d60 ca8.890: NT Headers: 0xc8 ca8.890: Timestamp: 0x5632d94c ca8.890: Machine: 0x8664 - amd64 ca8.890: Timestamp: 0x5632d94c ca8.890: Image Version: 10.0 ca8.890: SizeOfImage: 0x18000 (98304) ca8.890: Resource Dir: 0x17000 LB 0x400 ca8.890: ProductName: Microsoft® Windows® Operating System ca8.890: ProductVersion: 10.0.10586.0 ca8.890: FileVersion: 10.0.10586.0 (th2_release.151029-1700) ca8.890: FileDescription: ApiSet Schema DLL ca8.890: NtOpenDirectoryObject failed on \Driver: 0xc0000022 ca8.890: supR3HardenedWinFindAdversaries: 0x4000 ca8.890: \SystemRoot\System32\drivers\cyprotectdrv64.sys: ca8.890: CreationTime: 2016-08-04T21:47:26.814099800Z ca8.890: LastWriteTime: 2016-04-29T09:24:28.000000000Z ca8.890: ChangeTime: 2016-08-05T14:59:41.550640100Z ca8.890: FileAttributes: 0x20 ca8.890: Size: 0x22830 ca8.890: NT Headers: 0xf0 ca8.890: Timestamp: 0x5722eff1 ca8.890: Machine: 0x8664 - amd64 ca8.890: Timestamp: 0x5722eff1 ca8.890: Image Version: 6.1 ca8.890: SizeOfImage: 0x65000 (413696) ca8.890: Resource Dir: 0x63000 LB 0x2f0 ca8.890: ProductName: CylancePROTECT ca8.890: ProductVersion: 1.2.1372.27 ca8.890: FileVersion: 1.2.1372.27 ca8.890: FileDescription: Cylance Protect Driver ca8.890: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' ca8.890: Calling main() ca8.890: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 ca8.890: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' ca8.890: SUPR3HardenedMain: Respawn #1 ca8.890: System32: \Device\HarddiskVolume4\Windows\System32 ca8.890: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS ca8.890: KnownDllPath: C:\Windows\system32 ca8.890: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports ca8.890: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe) ca8.890: supR3HardNtEnableThreadCreation: ca8.890: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb7a916d50 pvNtTerminateThread=00007ffb7a945b30 ca8.890: supR3HardenedWinDoReSpawn(1): New child 960.8ec [kernel32]. ca8.890: supR3HardNtChildGatherData: PebBaseAddress=00000000003dd000 cbPeb=0x388 ca8.890: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb7a8a0000 uNtDllChildAddr=00007ffb7a8a0000 ca8.890: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb7a916d50 ca8.890: supR3HardenedWinSetupChildInit: Start child. ca8.890: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. ca8.890: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 44 sleeps ca8.890: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION ca8.890: *0000000000000000-ffffffffffe8ffff 0x0001/0x0000 0x0000000 ca8.890: *0000000000170000-000000000014ffff 0x0004/0x0004 0x0020000 ca8.890: *0000000000190000-000000000017afff 0x0002/0x0002 0x0040000 ca8.890: 00000000001a5000-0000000000199fff 0x0001/0x0000 0x0000000 ca8.890: *00000000001b0000-00000000001abfff 0x0002/0x0002 0x0040000 ca8.890: 00000000001b4000-00000000001a7fff 0x0001/0x0000 0x0000000 ca8.890: *00000000001c0000-00000000001bdfff 0x0004/0x0004 0x0020000 ca8.890: 00000000001c2000-00000000001b3fff 0x0001/0x0000 0x0000000 ca8.890: *00000000001d0000-00000000001cefff 0x0020/0x0020 0x0020000 !! ca8.890: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00000000001d0000 (LB 0x1000, 00000000001d0000 LB 0x1000) ca8.890: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00000000001d0000/00000000001d0000 LB 0/0x1000] ca8.890: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00000000001d0000 LB 0x30000 s=0x10000 ap=0x0 rp=0x00400100000001 ca8.890: 00000000001d1000-00000000001a1fff 0x0001/0x0000 0x0000000 ca8.890: *0000000000200000-0000000000022fff 0x0000/0x0004 0x0020000 ca8.890: 00000000003dd000-00000000003d9fff 0x0004/0x0004 0x0020000 ca8.890: 00000000003e0000-00000000003bffff 0x0000/0x0004 0x0020000 ca8.890: *0000000000400000-0000000000304fff 0x0000/0x0004 0x0020000 ca8.890: 00000000004fb000-00000000004f7fff 0x0104/0x0004 0x0020000 ca8.890: 00000000004fe000-00000000004fbfff 0x0004/0x0004 0x0020000 ca8.890: 0000000000500000-ffffffff80a1ffff 0x0001/0x0000 0x0000000 ca8.890: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 ca8.890: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 ca8.890: 000000007fff0000-ffff800a82a1ffff 0x0001/0x0000 0x0000000 ca8.890: *00007ff67d5c0000-00007ff67d59cfff 0x0002/0x0002 0x0040000 ca8.890: 00007ff67d5e3000-00007ff67d4e5fff 0x0001/0x0000 0x0000000 ca8.890: *00007ff67d6e0000-00007ff67d6e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe ca8.890: 00007ff67d6e1000-00007ff67d74ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe ca8.890: 00007ff67d750000-00007ff67d750fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe ca8.890: 00007ff67d751000-00007ff67d794fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe ca8.890: 00007ff67d795000-00007ff67d795fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe ca8.890: 00007ff67d796000-00007ff67d796fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe ca8.890: 00007ff67d797000-00007ff67d79bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe ca8.890: 00007ff67d79c000-00007ff67d79cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe ca8.890: 00007ff67d79d000-00007ff67d79dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe ca8.890: 00007ff67d79e000-00007ff67d7a1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe ca8.890: 00007ff67d7a2000-00007ff67d7e9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe ca8.890: 00007ff67d7ea000-00007ff180733fff 0x0001/0x0000 0x0000000 ca8.890: *00007ffb7a8a0000-00007ffb7a8a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll ca8.890: 00007ffb7a8a1000-00007ffb7a99dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll ca8.890: 00007ffb7a99e000-00007ffb7a9defff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll ca8.890: 00007ffb7a9df000-00007ffb7a9e7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll ca8.890: 00007ffb7a9e8000-00007ffb7a9f4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll ca8.890: 00007ffb7a9f5000-00007ffb7a9f5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll ca8.890: 00007ffb7a9f6000-00007ffb7a9f8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll ca8.890: 00007ffb7a9f9000-00007ffb7aa60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll ca8.890: 00007ffb7aa61000-00007ff6f54e1fff 0x0001/0x0000 0x0000000 ca8.890: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 ca8.890: VirtualBox.exe: timestamp 0x5790f053 (rc=VINF_SUCCESS) ca8.890: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports ca8.890: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports ca8.890: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x4000 ca8.890: supR3HardNtChildPurify: Startup delay kludge #1/1: 522 ms, 35 sleeps ca8.890: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION ca8.890: *0000000000000000-ffffffffffe8ffff 0x0001/0x0000 0x0000000 ca8.890: *0000000000170000-000000000014ffff 0x0004/0x0004 0x0020000 ca8.890: *0000000000190000-000000000017afff 0x0002/0x0002 0x0040000 ca8.890: 00000000001a5000-0000000000199fff 0x0001/0x0000 0x0000000 ca8.890: *00000000001b0000-00000000001abfff 0x0002/0x0002 0x0040000 ca8.890: 00000000001b4000-00000000001a7fff 0x0001/0x0000 0x0000000 ca8.890: *00000000001c0000-00000000001bdfff 0x0004/0x0004 0x0020000 ca8.890: 00000000001c2000-0000000000183fff 0x0001/0x0000 0x0000000 ca8.890: *0000000000200000-0000000000022fff 0x0000/0x0004 0x0020000 ca8.890: 00000000003dd000-00000000003d9fff 0x0004/0x0004 0x0020000 ca8.890: 00000000003e0000-00000000003bffff 0x0000/0x0004 0x0020000 ca8.890: *0000000000400000-0000000000304fff 0x0000/0x0004 0x0020000 ca8.890: 00000000004fb000-00000000004f7fff 0x0104/0x0004 0x0020000 ca8.890: 00000000004fe000-00000000004fbfff 0x0004/0x0004 0x0020000 ca8.890: 0000000000500000-ffffffff80a1ffff 0x0001/0x0000 0x0000000 ca8.890: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 ca8.890: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 ca8.890: 000000007fff0000-ffff800a82a1ffff 0x0001/0x0000 0x0000000 ca8.890: *00007ff67d5c0000-00007ff67d59cfff 0x0002/0x0002 0x0040000 ca8.890: 00007ff67d5e3000-00007ff67d4e5fff 0x0001/0x0000 0x0000000 ca8.890: *00007ff67d6e0000-00007ff67d6e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe ca8.890: 00007ff67d6e1000-00007ff67d74ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe ca8.890: 00007ff67d750000-00007ff67d750fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe ca8.890: 00007ff67d751000-00007ff67d794fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe ca8.890: 00007ff67d795000-00007ff67d7a1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe ca8.890: 00007ff67d7a2000-00007ff67d7e9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe ca8.890: 00007ff67d7ea000-00007ff180733fff 0x0001/0x0000 0x0000000 ca8.890: *00007ffb7a8a0000-00007ffb7a8a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll ca8.890: 00007ffb7a8a1000-00007ffb7a99dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll ca8.890: 00007ffb7a99e000-00007ffb7a9defff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll ca8.890: 00007ffb7a9df000-00007ffb7a9e2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll ca8.890: 00007ffb7a9e3000-00007ffb7a9e7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll ca8.890: 00007ffb7a9e8000-00007ffb7a9f4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll ca8.890: 00007ffb7a9f5000-00007ffb7a9f5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll ca8.890: 00007ffb7a9f6000-00007ffb7a9f8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll ca8.890: 00007ffb7a9f9000-00007ffb7aa60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll ca8.890: 00007ffb7aa61000-00007ff6f54e1fff 0x0001/0x0000 0x0000000 ca8.890: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000 ca8.890: supR3HardNtChildPurify: Done after 1248 ms and 1 fixes (loop #1). 960.8ec: Log file opened: 5.1.2r108956 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0295a00 960.8ec: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb7a8a0000 g_uNtVerCombined=0xa0295a00 960.8ec: ntdll.dll: timestamp 0x571af2eb (rc=VINF_SUCCESS) 960.8ec: New simple heap: #1 0000000000600000 LB 0x400000 (for 1839104 allocation) ca8.890: supR3HardNtEnableThreadCreation: 960.8ec: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox' 960.8ec: System32: \Device\HarddiskVolume4\Windows\System32 960.8ec: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS 960.8ec: KnownDllPath: C:\Windows\system32 960.8ec: supR3HardenedVmProcessInit: Opening vboxdrv stub... 960.8ec: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 960.8ec: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 960.8ec: Registered Dll notification callback with NTDLL. 960.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll) 960.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll 960.8ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801: [calling] 960.8ec: supR3HardenedDllNotificationCallback: load 00007ffb779c0000 LB 0x001e8000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] 960.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll) 960.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll 960.8ec: supR3HardenedDllNotificationCallback: load 00007ffb7a5b0000 LB 0x000ad000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0] 960.8ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 960.8ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7a5b0000 'C:\Windows\system32\KERNEL32.DLL' 960.8ec: supR3HardenedDllNotificationCallback: load 00007ff67d6e0000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 960.8ec: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 960.8ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe) 960.8ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe ca8.890: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 156 ms, CloseEvents);