456c.42b8: Log file opened: 5.1.51r113155 g_hStartupLog=0000000000000028 g_uNtVerCombined=0x611db110 456c.42b8: \SystemRoot\System32\ntdll.dll: 456c.42b8: CreationTime: 2017-01-25T14:06:06.548625300Z 456c.42b8: LastWriteTime: 2016-10-11T15:34:46.170628400Z 456c.42b8: ChangeTime: 2017-01-25T14:10:25.769157200Z 456c.42b8: FileAttributes: 0x20 456c.42b8: Size: 0x1a7100 456c.42b8: NT Headers: 0xe0 456c.42b8: Timestamp: 0x57fd0651 456c.42b8: Machine: 0x8664 - amd64 456c.42b8: Timestamp: 0x57fd0651 456c.42b8: Image Version: 6.1 456c.42b8: SizeOfImage: 0x1aa000 (1744896) 456c.42b8: Resource Dir: 0x14e000 LB 0x5a028 456c.42b8: ProductName: Microsoft® Windows® Operating System 456c.42b8: ProductVersion: 6.1.7601.23572 456c.42b8: FileVersion: 6.1.7601.23572 (win7sp1_ldr.161011-0600) 456c.42b8: FileDescription: NT Layer DLL 456c.42b8: \SystemRoot\System32\kernel32.dll: 456c.42b8: CreationTime: 2017-01-25T14:06:11.901160500Z 456c.42b8: LastWriteTime: 2016-10-11T15:31:56.010000000Z 456c.42b8: ChangeTime: 2017-01-25T14:10:26.237166200Z 456c.42b8: FileAttributes: 0x20 456c.42b8: Size: 0x11c000 456c.42b8: NT Headers: 0xe0 456c.42b8: Timestamp: 0x57fd0695 456c.42b8: Machine: 0x8664 - amd64 456c.42b8: Timestamp: 0x57fd0695 456c.42b8: Image Version: 6.1 456c.42b8: SizeOfImage: 0x11f000 (1175552) 456c.42b8: Resource Dir: 0x116000 LB 0x528 456c.42b8: ProductName: Microsoft® Windows® Operating System 456c.42b8: ProductVersion: 6.1.7601.23572 456c.42b8: FileVersion: 6.1.7601.23572 (win7sp1_ldr.161011-0600) 456c.42b8: FileDescription: Windows NT BASE API Client DLL 456c.42b8: \SystemRoot\System32\KernelBase.dll: 456c.42b8: CreationTime: 2017-01-25T14:06:23.243294600Z 456c.42b8: LastWriteTime: 2016-10-11T15:31:56.010000000Z 456c.42b8: ChangeTime: 2017-01-25T14:10:26.205965600Z 456c.42b8: FileAttributes: 0x20 456c.42b8: Size: 0x66800 456c.42b8: NT Headers: 0xe8 456c.42b8: Timestamp: 0x57fd0696 456c.42b8: Machine: 0x8664 - amd64 456c.42b8: Timestamp: 0x57fd0696 456c.42b8: Image Version: 6.1 456c.42b8: SizeOfImage: 0x6a000 (434176) 456c.42b8: Resource Dir: 0x68000 LB 0x530 456c.42b8: ProductName: Microsoft® Windows® Operating System 456c.42b8: ProductVersion: 6.1.7601.23572 456c.42b8: FileVersion: 6.1.7601.23572 (win7sp1_ldr.161011-0600) 456c.42b8: FileDescription: Windows NT BASE API Client DLL 456c.42b8: \SystemRoot\System32\apisetschema.dll: 456c.42b8: CreationTime: 2017-01-25T14:06:32.766246800Z 456c.42b8: LastWriteTime: 2016-10-11T15:31:50.862000000Z 456c.42b8: ChangeTime: 2017-01-25T14:10:25.737956600Z 456c.42b8: FileAttributes: 0x20 456c.42b8: Size: 0x1a00 456c.42b8: NT Headers: 0xc0 456c.42b8: Timestamp: 0x57fd062f 456c.42b8: Machine: 0x8664 - amd64 456c.42b8: Timestamp: 0x57fd062f 456c.42b8: Image Version: 6.1 456c.42b8: SizeOfImage: 0x50000 (327680) 456c.42b8: Resource Dir: 0x30000 LB 0x3f8 456c.42b8: ProductName: Microsoft® Windows® Operating System 456c.42b8: ProductVersion: 6.1.7601.23572 456c.42b8: FileVersion: 6.1.7601.23572 (win7sp1_ldr.161011-0600) 456c.42b8: FileDescription: ApiSet Schema DLL 456c.42b8: NtOpenDirectoryObject failed on \Driver: 0xc0000022 456c.42b8: supR3HardenedWinFindAdversaries: 0x4003 456c.42b8: \SystemRoot\System32\drivers\SysPlant.sys: 456c.42b8: CreationTime: 2016-06-03T10:32:35.703940500Z 456c.42b8: LastWriteTime: 2016-06-03T10:32:35.703940500Z 456c.42b8: ChangeTime: 2016-06-03T10:32:35.703940500Z 456c.42b8: FileAttributes: 0x20 456c.42b8: Size: 0x29170 456c.42b8: NT Headers: 0xf0 456c.42b8: Timestamp: 0x55ba08b1 456c.42b8: Machine: 0x8664 - amd64 456c.42b8: Timestamp: 0x55ba08b1 456c.42b8: Image Version: 5.0 456c.42b8: SizeOfImage: 0x2f000 (192512) 456c.42b8: Resource Dir: 0x2d000 LB 0x498 456c.42b8: ProductName: Symantec CMC Firewall 456c.42b8: ProductVersion: 12.1.6318.6100 456c.42b8: FileVersion: 12.1.6318.6100 456c.42b8: FileDescription: Symantec CMC Firewall SysPlant 456c.42b8: \SystemRoot\System32\sysfer.dll: 456c.42b8: CreationTime: 2016-06-03T10:32:35.703940500Z 456c.42b8: LastWriteTime: 2016-06-03T10:32:35.703940500Z 456c.42b8: ChangeTime: 2016-06-03T10:32:35.703940500Z 456c.42b8: FileAttributes: 0x20 456c.42b8: Size: 0x72038 456c.42b8: NT Headers: 0xe8 456c.42b8: Timestamp: 0x55ba08bc 456c.42b8: Machine: 0x8664 - amd64 456c.42b8: Timestamp: 0x55ba08bc 456c.42b8: Image Version: 0.0 456c.42b8: SizeOfImage: 0x89000 (561152) 456c.42b8: Resource Dir: 0x87000 LB 0x630 456c.42b8: ProductName: Symantec CMC Firewall 456c.42b8: ProductVersion: 12.1.6318.6100 456c.42b8: FileVersion: 12.1.6318.6100 456c.42b8: FileDescription: Symantec CMC Firewall sysfer 456c.42b8: \SystemRoot\System32\drivers\symevent64x86.sys: 456c.42b8: CreationTime: 2016-06-03T10:33:15.546410500Z 456c.42b8: LastWriteTime: 2016-06-03T10:33:15.530810500Z 456c.42b8: ChangeTime: 2016-06-03T10:33:15.530810500Z 456c.42b8: FileAttributes: 0x20 456c.42b8: Size: 0x2b8d8 456c.42b8: NT Headers: 0xe8 456c.42b8: Timestamp: 0x54b87d44 456c.42b8: Machine: 0x8664 - amd64 456c.42b8: Timestamp: 0x54b87d44 456c.42b8: Image Version: 6.0 456c.42b8: SizeOfImage: 0x38000 (229376) 456c.42b8: Resource Dir: 0x36000 LB 0x3c8 456c.42b8: ProductName: SYMEVENT 456c.42b8: ProductVersion: 12.9.6.12 456c.42b8: FileVersion: 12.9.6.12 456c.42b8: FileDescription: Symantec Event Library 456c.42b8: \SystemRoot\System32\drivers\cyprotectdrv64.sys: 456c.42b8: CreationTime: 2016-10-28T12:00:10.351957700Z 456c.42b8: LastWriteTime: 2016-08-31T21:08:24.000000000Z 456c.42b8: ChangeTime: 2017-02-03T12:50:00.537012700Z 456c.42b8: FileAttributes: 0x20 456c.42b8: Size: 0x24630 456c.42b8: NT Headers: 0xf8 456c.42b8: Timestamp: 0x57c70efc 456c.42b8: Machine: 0x8664 - amd64 456c.42b8: Timestamp: 0x57c70efc 456c.42b8: Image Version: 6.1 456c.42b8: SizeOfImage: 0x126000 (1204224) 456c.42b8: Resource Dir: 0x124000 LB 0x2f0 456c.42b8: ProductName: CylancePROTECT 456c.42b8: ProductVersion: 1.2.1390.74 456c.42b8: FileVersion: 1.2.1390.74 456c.42b8: FileDescription: Cylance Protect Driver 456c.42b8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 456c.42b8: Calling main() 456c.42b8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 456c.42b8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 456c.42b8: SUPR3HardenedMain: Respawn #1 456c.42b8: System32: \Device\HarddiskVolume1\Windows\System32 456c.42b8: WinSxS: \Device\HarddiskVolume1\Windows\winsxs 456c.42b8: KnownDllPath: C:\Windows\system32 456c.42b8: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 456c.42b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe) 456c.42b8: supR3HardNtEnableThreadCreation: 456c.42b8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007728a360 pvNtTerminateThread=00000000772ac260 456c.42b8: supR3HardenedWinDoReSpawn(1): New child 3470.4670 [kernel32]. 456c.42b8: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd4000 cbPeb=0x380 456c.42b8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077260000 uNtDllChildAddr=0000000077260000 456c.42b8: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007728a360 456c.42b8: supR3HardenedWinSetupChildInit: Start child. 456c.42b8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 456c.42b8: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps 456c.42b8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 456c.42b8: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 456c.42b8: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 456c.42b8: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000 456c.42b8: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000 456c.42b8: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000 456c.42b8: 0000000000041000-0000000000031fff 0x0001/0x0000 0x0000000 456c.42b8: *0000000000050000-000000000004efff 0x0020/0x0020 0x0020000 !! 456c.42b8: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000000050000 (LB 0x1000, 0000000000050000 LB 0x1000) 456c.42b8: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000050000/0000000000050000 LB 0/0x1000] 456c.42b8: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000050000 LB 0x120000 s=0x10000 ap=0x0 rp=0x00000000000001 456c.42b8: 0000000000051000-fffffffffff31fff 0x0001/0x0000 0x0000000 456c.42b8: *0000000000170000-0000000000073fff 0x0000/0x0004 0x0020000 456c.42b8: 000000000026c000-0000000000269fff 0x0104/0x0004 0x0020000 456c.42b8: 000000000026e000-000000000026bfff 0x0004/0x0004 0x0020000 456c.42b8: 0000000000270000-ffffffff8927ffff 0x0001/0x0000 0x0000000 456c.42b8: *0000000077260000-0000000077260fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 456c.42b8: 0000000077261000-000000007735dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 456c.42b8: 000000007735e000-000000007738cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 456c.42b8: 000000007738d000-0000000077396fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 456c.42b8: 0000000077397000-0000000077397fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 456c.42b8: 0000000077398000-000000007739afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 456c.42b8: 000000007739b000-0000000077409fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 456c.42b8: 000000007740a000-000000006f833fff 0x0001/0x0000 0x0000000 456c.42b8: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000 456c.42b8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 456c.42b8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 456c.42b8: 000000007fff0000-ffffffffc005ffff 0x0001/0x0000 0x0000000 456c.42b8: *000000013ff80000-000000013ff80fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 456c.42b8: 000000013ff81000-000000013fff0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 456c.42b8: 000000013fff1000-000000013fff1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 456c.42b8: 000000013fff2000-0000000140036fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 456c.42b8: 0000000140037000-0000000140037fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 456c.42b8: 0000000140038000-0000000140038fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 456c.42b8: 0000000140039000-000000014003dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 456c.42b8: 000000014003e000-000000014003efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 456c.42b8: 000000014003f000-000000014003ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 456c.42b8: 0000000140040000-0000000140043fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 456c.42b8: 0000000140044000-000000014008bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 456c.42b8: 000000014008c000-0000000140087fff 0x0001/0x0000 0x0000000 456c.42b8: *0000000140090000-000000014008efff 0x0040/0x0040 0x0020000 !! 456c.42b8: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000140090000 (LB 0x1000, 0000000140090000 LB 0x1000) 456c.42b8: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000140090000/0000000140090000 LB 0/0x1000] 456c.42b8: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000140090000 LB 0x7fdbf4f0000 s=0x10000 ap=0x0 rp=0x00000000000001 456c.42b8: 0000000140091000-fffff80380ba1fff 0x0001/0x0000 0x0000000 456c.42b8: *000007feff580000-000007feff580fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll 456c.42b8: 000007feff581000-000007fdfeb51fff 0x0001/0x0000 0x0000000 456c.42b8: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 456c.42b8: 000007fffffd3000-000007fffffd1fff 0x0001/0x0000 0x0000000 456c.42b8: *000007fffffd4000-000007fffffd2fff 0x0004/0x0004 0x0020000 456c.42b8: 000007fffffd5000-000007fffffcbfff 0x0001/0x0000 0x0000000 456c.42b8: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000 456c.42b8: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 456c.42b8: apisetschema.dll: timestamp 0x57fd062f (rc=VINF_SUCCESS) 456c.42b8: VirtualBox.exe: timestamp 0x588f3aff (rc=VINF_SUCCESS) 456c.42b8: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 456c.42b8: VirtualBox.exe: Differences in section #0 (headers) between file and memory: 456c.42b8: 000000013ff80172 / 0x0000172: 00 != 11 456c.42b8: 000000013ff80174 / 0x0000174: 00 != 14 456c.42b8: Restored 0x400 bytes of original file content at 000000013ff80000 456c.42b8: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports 456c.42b8: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports 456c.42b8: supR3HardNtChildPurify: cFixes=3 g_fSupAdversaries=0x4003 cPatchCount=0 456c.42b8: supR3HardNtChildPurify: Startup delay kludge #1/1: 520 ms, 65 sleeps 456c.42b8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 456c.42b8: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000 456c.42b8: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000 456c.42b8: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000 456c.42b8: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000 456c.42b8: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000 456c.42b8: 0000000000041000-fffffffffff11fff 0x0001/0x0000 0x0000000 456c.42b8: *0000000000170000-0000000000073fff 0x0000/0x0004 0x0020000 456c.42b8: 000000000026c000-0000000000269fff 0x0104/0x0004 0x0020000 456c.42b8: 000000000026e000-000000000026bfff 0x0004/0x0004 0x0020000 456c.42b8: 0000000000270000-ffffffff8927ffff 0x0001/0x0000 0x0000000 456c.42b8: *0000000077260000-0000000077260fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 456c.42b8: 0000000077261000-000000007735dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 456c.42b8: 000000007735e000-000000007738cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 456c.42b8: 000000007738d000-0000000077396fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 456c.42b8: 0000000077397000-0000000077397fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 456c.42b8: 0000000077398000-0000000077398fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 456c.42b8: 0000000077399000-000000007739afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 456c.42b8: 000000007739b000-0000000077409fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 456c.42b8: 000000007740a000-000000006f833fff 0x0001/0x0000 0x0000000 456c.42b8: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000 456c.42b8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000 456c.42b8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000 456c.42b8: 000000007fff0000-ffffffffc005ffff 0x0001/0x0000 0x0000000 456c.42b8: *000000013ff80000-000000013ff80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 456c.42b8: 000000013ff81000-000000013fff0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 456c.42b8: 000000013fff1000-000000013fff1fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 456c.42b8: 000000013fff2000-0000000140036fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 456c.42b8: 0000000140037000-0000000140043fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 456c.42b8: 0000000140044000-000000014008bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 456c.42b8: 000000014008c000-fffff80380b97fff 0x0001/0x0000 0x0000000 456c.42b8: *000007feff580000-000007feff580fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll 456c.42b8: 000007feff581000-000007fdfeb51fff 0x0001/0x0000 0x0000000 456c.42b8: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000 456c.42b8: 000007fffffd3000-000007fffffd1fff 0x0001/0x0000 0x0000000 456c.42b8: *000007fffffd4000-000007fffffd2fff 0x0004/0x0004 0x0020000 456c.42b8: 000007fffffd5000-000007fffffcbfff 0x0001/0x0000 0x0000000 456c.42b8: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000 456c.42b8: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000 456c.42b8: supR3HardNtChildPurify: Done after 1070 ms and 3 fixes (loop #1). 456c.42b8: supR3HardNtEnableThreadCreation: 3470.4670: Log file opened: 5.1.51r113155 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100 3470.4670: supR3HardenedVmProcessInit: uNtDllAddr=0000000077260000 g_uNtVerCombined=0x611db100 3470.4670: ntdll.dll: timestamp 0x57fd0651 (rc=VINF_SUCCESS) 3470.4670: New simple heap: #1 0000000000270000 LB 0x400000 (for 1744896 allocation) 3470.4670: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 3470.4670: System32: \Device\HarddiskVolume1\Windows\System32 3470.4670: WinSxS: \Device\HarddiskVolume1\Windows\winsxs 3470.4670: KnownDllPath: C:\Windows\system32 3470.4670: supR3HardenedVmProcessInit: Opening vboxdrv stub... 3470.4670: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 3470.4670: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 3470.4670: Registered Dll notification callback with NTDLL. 3470.4670: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll) 3470.4670: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll 3470.4670: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 3470.4670: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 456c.42b8: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1481 ms, CloseEvents);