1760.35f0: Log file opened: 5.1.22r115126 g_hStartupLog=00000000000000c0 g_uNtVerCombined=0x611db110 1760.35f0: \SystemRoot\System32\ntdll.dll: 1760.35f0: CreationTime: 2017-06-02T21:21:41.201214000Z 1760.35f0: LastWriteTime: 2017-06-02T21:21:41.217214000Z 1760.35f0: ChangeTime: 2017-06-06T12:49:21.306808700Z 1760.35f0: FileAttributes: 0x20 1760.35f0: Size: 0x1a7100 1760.35f0: NT Headers: 0xe0 1760.35f0: Timestamp: 0x590296ce 1760.35f0: Machine: 0x8664 - amd64 1760.35f0: Timestamp: 0x590296ce 1760.35f0: Image Version: 6.1 1760.35f0: SizeOfImage: 0x1aa000 (1744896) 1760.35f0: Resource Dir: 0x14e000 LB 0x5a028 1760.35f0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 1760.35f0: [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)] 1760.35f0: ProductName: Microsoft® Windows® Operating System 1760.35f0: ProductVersion: 6.1.7601.23796 1760.35f0: FileVersion: 6.1.7601.23796 (win7sp1_ldr.170427-1518) 1760.35f0: FileDescription: NT Layer DLL 1760.35f0: \SystemRoot\System32\kernel32.dll: 1760.35f0: CreationTime: 2017-06-02T21:21:41.299214000Z 1760.35f0: LastWriteTime: 2017-06-02T21:21:41.309214000Z 1760.35f0: ChangeTime: 2017-06-06T12:49:21.462809000Z 1760.35f0: FileAttributes: 0x20 1760.35f0: Size: 0x11c000 1760.35f0: NT Headers: 0xe0 1760.35f0: Timestamp: 0x59029713 1760.35f0: Machine: 0x8664 - amd64 1760.35f0: Timestamp: 0x59029713 1760.35f0: Image Version: 6.1 1760.35f0: SizeOfImage: 0x11f000 (1175552) 1760.35f0: Resource Dir: 0x116000 LB 0x528 1760.35f0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 1760.35f0: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 1760.35f0: ProductName: Microsoft® Windows® Operating System 1760.35f0: ProductVersion: 6.1.7601.23796 1760.35f0: FileVersion: 6.1.7601.23796 (win7sp1_ldr.170427-1518) 1760.35f0: FileDescription: Windows NT BASE API Client DLL 1760.35f0: \SystemRoot\System32\KernelBase.dll: 1760.35f0: CreationTime: 2017-06-02T21:21:41.451214000Z 1760.35f0: LastWriteTime: 2017-06-02T21:21:41.458214000Z 1760.35f0: ChangeTime: 2017-06-06T12:49:21.462809000Z 1760.35f0: FileAttributes: 0x20 1760.35f0: Size: 0x66800 1760.35f0: NT Headers: 0xe8 1760.35f0: Timestamp: 0x59029714 1760.35f0: Machine: 0x8664 - amd64 1760.35f0: Timestamp: 0x59029714 1760.35f0: Image Version: 6.1 1760.35f0: SizeOfImage: 0x6a000 (434176) 1760.35f0: Resource Dir: 0x68000 LB 0x530 1760.35f0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 1760.35f0: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)] 1760.35f0: ProductName: Microsoft® Windows® Operating System 1760.35f0: ProductVersion: 6.1.7601.23796 1760.35f0: FileVersion: 6.1.7601.23796 (win7sp1_ldr.170427-1518) 1760.35f0: FileDescription: Windows NT BASE API Client DLL 1760.35f0: \SystemRoot\System32\apisetschema.dll: 1760.35f0: CreationTime: 2017-06-02T21:21:41.231214000Z 1760.35f0: LastWriteTime: 2017-06-02T21:21:41.235214000Z 1760.35f0: ChangeTime: 2017-06-06T12:49:21.291208600Z 1760.35f0: FileAttributes: 0x20 1760.35f0: Size: 0x1a00 1760.35f0: NT Headers: 0xc0 1760.35f0: Timestamp: 0x590296af 1760.35f0: Machine: 0x8664 - amd64 1760.35f0: Timestamp: 0x590296af 1760.35f0: Image Version: 6.1 1760.35f0: SizeOfImage: 0x50000 (327680) 1760.35f0: Resource Dir: 0x30000 LB 0x3f8 1760.35f0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 1760.35f0: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)] 1760.35f0: ProductName: Microsoft® Windows® Operating System 1760.35f0: ProductVersion: 6.1.7601.23796 1760.35f0: FileVersion: 6.1.7601.23796 (win7sp1_ldr.170427-1518) 1760.35f0: FileDescription: ApiSet Schema DLL 1760.35f0: supR3HardenedWinFindAdversaries: 0x0 1760.35f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 1760.35f0: Calling main() 1760.35f0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1760.35f0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 1760.35f0: SUPR3HardenedMain: Respawn #1 1760.35f0: System32: \Device\HarddiskVolume2\Windows\System32 1760.35f0: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 1760.35f0: KnownDllPath: C:\Windows\system32 1760.35f0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1760.35f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1760.35f0: supR3HardNtEnableThreadCreation: 1760.35f0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076e4a360 pvNtTerminateThread=0000000076e6c260 1760.35f0: supR3HardenedWinDoReSpawn(1): New child 34ac.3550 [kernel32]. 1760.35f0: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380 1760.35f0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076e20000 uNtDllChildAddr=0000000076e20000 1760.35f0: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076e4a360 1760.35f0: supR3HardenedWinSetupChildInit: Start child. 1760.35f0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms. 1760.35f0: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps 1760.35f0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 1760.35f0: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000 1760.35f0: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000 1760.35f0: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000 1760.35f0: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000 1760.35f0: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000 1760.35f0: 0000000000041000-00000000001fffff 0x0001/0x0000 0x0000000 1760.35f0: *0000000000200000-00000000002fbfff 0x0000/0x0004 0x0020000 1760.35f0: 00000000002fc000-00000000002fdfff 0x0104/0x0004 0x0020000 1760.35f0: 00000000002fe000-00000000002fffff 0x0004/0x0004 0x0020000 1760.35f0: 0000000000300000-0000000076e1ffff 0x0001/0x0000 0x0000000 1760.35f0: *0000000076e20000-0000000076e20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1760.35f0: 0000000076e21000-0000000076f1dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1760.35f0: 0000000076f1e000-0000000076f4cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1760.35f0: 0000000076f4d000-0000000076f56fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1760.35f0: 0000000076f57000-0000000076f57fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1760.35f0: 0000000076f58000-0000000076f5afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1760.35f0: 0000000076f5b000-0000000076fc9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 1760.35f0: 0000000076fca000-000000007efdffff 0x0001/0x0000 0x0000000 1760.35f0: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000 1760.35f0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 1760.35f0: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 1760.35f0: 000000007fff0000-000000013fdfffff 0x0001/0x0000 0x0000000 1760.35f0: *000000013fe00000-000000013fe00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1760.35f0: 000000013fe01000-000000013fe70fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1760.35f0: 000000013fe71000-000000013fe71fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1760.35f0: 000000013fe72000-000000013feb6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1760.35f0: 000000013feb7000-000000013feb7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1760.35f0: 000000013feb8000-000000013feb8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1760.35f0: 000000013feb9000-000000013febdfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1760.35f0: 000000013febe000-000000013febefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1760.35f0: 000000013febf000-000000013febffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1760.35f0: 000000013fec0000-000000013fec3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1760.35f0: 000000013fec4000-000000013ff0bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 1760.35f0: 000000013ff0c000-000007feff13ffff 0x0001/0x0000 0x0000000 1760.35f0: *000007feff140000-000007feff140fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll 1760.35f0: 000007feff141000-000007fffffaffff 0x0001/0x0000 0x0000000 1760.35f0: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000 1760.35f0: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000 1760.35f0: *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000 1760.35f0: *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000 1760.35f0: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000 1760.35f0: apisetschema.dll: timestamp 0x590296af (rc=VINF_SUCCESS) 1760.35f0: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS) 1760.35f0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1760.35f0: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports 1760.35f0: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 1760.35f0: supR3HardNtChildPurify: Done after 285 ms and 0 fixes (loop #0). 1760.35f0: supR3HardNtEnableThreadCreation: 34ac.3550: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100 34ac.3550: supR3HardenedVmProcessInit: uNtDllAddr=0000000076e20000 g_uNtVerCombined=0x611db100 34ac.3550: ntdll.dll: timestamp 0x590296ce (rc=VINF_SUCCESS) 34ac.3550: New simple heap: #1 0000000000300000 LB 0x400000 (for 1744896 allocation) 34ac.3550: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 34ac.3550: System32: \Device\HarddiskVolume2\Windows\System32 34ac.3550: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 34ac.3550: KnownDllPath: C:\Windows\system32 34ac.3550: supR3HardenedVmProcessInit: Opening vboxdrv stub... 34ac.3550: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 34ac.3550: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 34ac.3550: Registered Dll notification callback with NTDLL. 34ac.3550: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 34ac.3550: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 34ac.3550: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 34ac.3550: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1760.35f0: Error (rc=258): 1760.35f0: Timed out after 60001 ms waiting for child request #1 (CloseEvents). 1760.35f0: Error 258 in supR3HardNtChildWaitFor! (enmWhat=5) 1760.35f0: Timed out after 60001 ms waiting for child request #1 (CloseEvents). 31dc.1428: Log file opened: 5.1.22r115126 g_hStartupLog=00000000000000c0 g_uNtVerCombined=0x611db110 31dc.1428: \SystemRoot\System32\ntdll.dll: 31dc.1428: CreationTime: 2017-06-02T21:21:41.201214000Z 31dc.1428: LastWriteTime: 2017-06-02T21:21:41.217214000Z 31dc.1428: ChangeTime: 2017-06-06T12:49:21.306808700Z 31dc.1428: FileAttributes: 0x20 31dc.1428: Size: 0x1a7100 31dc.1428: NT Headers: 0xe0 31dc.1428: Timestamp: 0x590296ce 31dc.1428: Machine: 0x8664 - amd64 31dc.1428: Timestamp: 0x590296ce 31dc.1428: Image Version: 6.1 31dc.1428: SizeOfImage: 0x1aa000 (1744896) 31dc.1428: Resource Dir: 0x14e000 LB 0x5a028 31dc.1428: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 31dc.1428: [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)] 31dc.1428: ProductName: Microsoft® Windows® Operating System 31dc.1428: ProductVersion: 6.1.7601.23796 31dc.1428: FileVersion: 6.1.7601.23796 (win7sp1_ldr.170427-1518) 31dc.1428: FileDescription: NT Layer DLL 31dc.1428: \SystemRoot\System32\kernel32.dll: 31dc.1428: CreationTime: 2017-06-02T21:21:41.299214000Z 31dc.1428: LastWriteTime: 2017-06-02T21:21:41.309214000Z 31dc.1428: ChangeTime: 2017-06-06T12:49:21.462809000Z 31dc.1428: FileAttributes: 0x20 31dc.1428: Size: 0x11c000 31dc.1428: NT Headers: 0xe0 31dc.1428: Timestamp: 0x59029713 31dc.1428: Machine: 0x8664 - amd64 31dc.1428: Timestamp: 0x59029713 31dc.1428: Image Version: 6.1 31dc.1428: SizeOfImage: 0x11f000 (1175552) 31dc.1428: Resource Dir: 0x116000 LB 0x528 31dc.1428: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 31dc.1428: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 31dc.1428: ProductName: Microsoft® Windows® Operating System 31dc.1428: ProductVersion: 6.1.7601.23796 31dc.1428: FileVersion: 6.1.7601.23796 (win7sp1_ldr.170427-1518) 31dc.1428: FileDescription: Windows NT BASE API Client DLL 31dc.1428: \SystemRoot\System32\KernelBase.dll: 31dc.1428: CreationTime: 2017-06-02T21:21:41.451214000Z 31dc.1428: LastWriteTime: 2017-06-02T21:21:41.458214000Z 31dc.1428: ChangeTime: 2017-06-06T12:49:21.462809000Z 31dc.1428: FileAttributes: 0x20 31dc.1428: Size: 0x66800 31dc.1428: NT Headers: 0xe8 31dc.1428: Timestamp: 0x59029714 31dc.1428: Machine: 0x8664 - amd64 31dc.1428: Timestamp: 0x59029714 31dc.1428: Image Version: 6.1 31dc.1428: SizeOfImage: 0x6a000 (434176) 31dc.1428: Resource Dir: 0x68000 LB 0x530 31dc.1428: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 31dc.1428: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)] 31dc.1428: ProductName: Microsoft® Windows® Operating System 31dc.1428: ProductVersion: 6.1.7601.23796 31dc.1428: FileVersion: 6.1.7601.23796 (win7sp1_ldr.170427-1518) 31dc.1428: FileDescription: Windows NT BASE API Client DLL 31dc.1428: \SystemRoot\System32\apisetschema.dll: 31dc.1428: CreationTime: 2017-06-02T21:21:41.231214000Z 31dc.1428: LastWriteTime: 2017-06-02T21:21:41.235214000Z 31dc.1428: ChangeTime: 2017-06-06T12:49:21.291208600Z 31dc.1428: FileAttributes: 0x20 31dc.1428: Size: 0x1a00 31dc.1428: NT Headers: 0xc0 31dc.1428: Timestamp: 0x590296af 31dc.1428: Machine: 0x8664 - amd64 31dc.1428: Timestamp: 0x590296af 31dc.1428: Image Version: 6.1 31dc.1428: SizeOfImage: 0x50000 (327680) 31dc.1428: Resource Dir: 0x30000 LB 0x3f8 31dc.1428: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 31dc.1428: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)] 31dc.1428: ProductName: Microsoft® Windows® Operating System 31dc.1428: ProductVersion: 6.1.7601.23796 31dc.1428: FileVersion: 6.1.7601.23796 (win7sp1_ldr.170427-1518) 31dc.1428: FileDescription: ApiSet Schema DLL 31dc.1428: supR3HardenedWinFindAdversaries: 0x0 31dc.1428: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 31dc.1428: Calling main() 31dc.1428: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 31dc.1428: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 31dc.1428: SUPR3HardenedMain: Respawn #1 31dc.1428: System32: \Device\HarddiskVolume2\Windows\System32 31dc.1428: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 31dc.1428: KnownDllPath: C:\Windows\system32 31dc.1428: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 31dc.1428: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 31dc.1428: supR3HardNtEnableThreadCreation: 31dc.1428: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076e4a360 pvNtTerminateThread=0000000076e6c260 31dc.1428: supR3HardenedWinDoReSpawn(1): New child 2b4c.1f8c [kernel32]. 31dc.1428: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdb000 cbPeb=0x380 31dc.1428: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076e20000 uNtDllChildAddr=0000000076e20000 31dc.1428: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076e4a360 31dc.1428: supR3HardenedWinSetupChildInit: Start child. 31dc.1428: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms. 31dc.1428: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps 31dc.1428: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 31dc.1428: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000 31dc.1428: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000 31dc.1428: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000 31dc.1428: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000 31dc.1428: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000 31dc.1428: 0000000000041000-00000000000dffff 0x0001/0x0000 0x0000000 31dc.1428: *00000000000e0000-00000000001dbfff 0x0000/0x0004 0x0020000 31dc.1428: 00000000001dc000-00000000001ddfff 0x0104/0x0004 0x0020000 31dc.1428: 00000000001de000-00000000001dffff 0x0004/0x0004 0x0020000 31dc.1428: 00000000001e0000-0000000076e1ffff 0x0001/0x0000 0x0000000 31dc.1428: *0000000076e20000-0000000076e20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 31dc.1428: 0000000076e21000-0000000076f1dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 31dc.1428: 0000000076f1e000-0000000076f4cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 31dc.1428: 0000000076f4d000-0000000076f56fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 31dc.1428: 0000000076f57000-0000000076f57fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 31dc.1428: 0000000076f58000-0000000076f5afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 31dc.1428: 0000000076f5b000-0000000076fc9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 31dc.1428: 0000000076fca000-000000007efdffff 0x0001/0x0000 0x0000000 31dc.1428: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000 31dc.1428: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 31dc.1428: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 31dc.1428: 000000007fff0000-000000013fdfffff 0x0001/0x0000 0x0000000 31dc.1428: *000000013fe00000-000000013fe00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 31dc.1428: 000000013fe01000-000000013fe70fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 31dc.1428: 000000013fe71000-000000013fe71fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 31dc.1428: 000000013fe72000-000000013feb6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 31dc.1428: 000000013feb7000-000000013feb7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 31dc.1428: 000000013feb8000-000000013feb8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 31dc.1428: 000000013feb9000-000000013febdfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 31dc.1428: 000000013febe000-000000013febefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 31dc.1428: 000000013febf000-000000013febffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 31dc.1428: 000000013fec0000-000000013fec3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 31dc.1428: 000000013fec4000-000000013ff0bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 31dc.1428: 000000013ff0c000-000007feff13ffff 0x0001/0x0000 0x0000000 31dc.1428: *000007feff140000-000007feff140fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll 31dc.1428: 000007feff141000-000007fffffaffff 0x0001/0x0000 0x0000000 31dc.1428: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000 31dc.1428: 000007fffffd3000-000007fffffdafff 0x0001/0x0000 0x0000000 31dc.1428: *000007fffffdb000-000007fffffdbfff 0x0004/0x0004 0x0020000 31dc.1428: 000007fffffdc000-000007fffffddfff 0x0001/0x0000 0x0000000 31dc.1428: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000 31dc.1428: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000 31dc.1428: apisetschema.dll: timestamp 0x590296af (rc=VINF_SUCCESS) 31dc.1428: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS) 31dc.1428: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 31dc.1428: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports 31dc.1428: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 31dc.1428: supR3HardNtChildPurify: Done after 284 ms and 0 fixes (loop #0). 31dc.1428: supR3HardNtEnableThreadCreation: 2b4c.1f8c: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100 2b4c.1f8c: supR3HardenedVmProcessInit: uNtDllAddr=0000000076e20000 g_uNtVerCombined=0x611db100 2b4c.1f8c: ntdll.dll: timestamp 0x590296ce (rc=VINF_SUCCESS) 2b4c.1f8c: New simple heap: #1 00000000002e0000 LB 0x400000 (for 1744896 allocation) 2b4c.1f8c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 2b4c.1f8c: System32: \Device\HarddiskVolume2\Windows\System32 2b4c.1f8c: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 2b4c.1f8c: KnownDllPath: C:\Windows\system32 2b4c.1f8c: supR3HardenedVmProcessInit: Opening vboxdrv stub... 2b4c.1f8c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 2b4c.1f8c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 2b4c.1f8c: Registered Dll notification callback with NTDLL. 2b4c.1f8c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 2b4c.1f8c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 2b4c.1f8c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 2b4c.1f8c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 31dc.1428: Error (rc=258): 31dc.1428: Timed out after 60001 ms waiting for child request #1 (CloseEvents). 31dc.1428: Error 258 in supR3HardNtChildWaitFor! (enmWhat=5) 31dc.1428: Timed out after 60001 ms waiting for child request #1 (CloseEvents). 2df8.17b8: Log file opened: 5.1.22r115126 g_hStartupLog=00000000000000c0 g_uNtVerCombined=0x611db110 2df8.17b8: \SystemRoot\System32\ntdll.dll: 2df8.17b8: CreationTime: 2017-06-02T21:21:41.201214000Z 2df8.17b8: LastWriteTime: 2017-06-02T21:21:41.217214000Z 2df8.17b8: ChangeTime: 2017-06-06T12:49:21.306808700Z 2df8.17b8: FileAttributes: 0x20 2df8.17b8: Size: 0x1a7100 2df8.17b8: NT Headers: 0xe0 2df8.17b8: Timestamp: 0x590296ce 2df8.17b8: Machine: 0x8664 - amd64 2df8.17b8: Timestamp: 0x590296ce 2df8.17b8: Image Version: 6.1 2df8.17b8: SizeOfImage: 0x1aa000 (1744896) 2df8.17b8: Resource Dir: 0x14e000 LB 0x5a028 2df8.17b8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 2df8.17b8: [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)] 2df8.17b8: ProductName: Microsoft® Windows® Operating System 2df8.17b8: ProductVersion: 6.1.7601.23796 2df8.17b8: FileVersion: 6.1.7601.23796 (win7sp1_ldr.170427-1518) 2df8.17b8: FileDescription: NT Layer DLL 2df8.17b8: \SystemRoot\System32\kernel32.dll: 2df8.17b8: CreationTime: 2017-06-02T21:21:41.299214000Z 2df8.17b8: LastWriteTime: 2017-06-02T21:21:41.309214000Z 2df8.17b8: ChangeTime: 2017-06-06T12:49:21.462809000Z 2df8.17b8: FileAttributes: 0x20 2df8.17b8: Size: 0x11c000 2df8.17b8: NT Headers: 0xe0 2df8.17b8: Timestamp: 0x59029713 2df8.17b8: Machine: 0x8664 - amd64 2df8.17b8: Timestamp: 0x59029713 2df8.17b8: Image Version: 6.1 2df8.17b8: SizeOfImage: 0x11f000 (1175552) 2df8.17b8: Resource Dir: 0x116000 LB 0x528 2df8.17b8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2df8.17b8: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 2df8.17b8: ProductName: Microsoft® Windows® Operating System 2df8.17b8: ProductVersion: 6.1.7601.23796 2df8.17b8: FileVersion: 6.1.7601.23796 (win7sp1_ldr.170427-1518) 2df8.17b8: FileDescription: Windows NT BASE API Client DLL 2df8.17b8: \SystemRoot\System32\KernelBase.dll: 2df8.17b8: CreationTime: 2017-06-02T21:21:41.451214000Z 2df8.17b8: LastWriteTime: 2017-06-02T21:21:41.458214000Z 2df8.17b8: ChangeTime: 2017-06-06T12:49:21.462809000Z 2df8.17b8: FileAttributes: 0x20 2df8.17b8: Size: 0x66800 2df8.17b8: NT Headers: 0xe8 2df8.17b8: Timestamp: 0x59029714 2df8.17b8: Machine: 0x8664 - amd64 2df8.17b8: Timestamp: 0x59029714 2df8.17b8: Image Version: 6.1 2df8.17b8: SizeOfImage: 0x6a000 (434176) 2df8.17b8: Resource Dir: 0x68000 LB 0x530 2df8.17b8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2df8.17b8: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)] 2df8.17b8: ProductName: Microsoft® Windows® Operating System 2df8.17b8: ProductVersion: 6.1.7601.23796 2df8.17b8: FileVersion: 6.1.7601.23796 (win7sp1_ldr.170427-1518) 2df8.17b8: FileDescription: Windows NT BASE API Client DLL 2df8.17b8: \SystemRoot\System32\apisetschema.dll: 2df8.17b8: CreationTime: 2017-06-02T21:21:41.231214000Z 2df8.17b8: LastWriteTime: 2017-06-02T21:21:41.235214000Z 2df8.17b8: ChangeTime: 2017-06-06T12:49:21.291208600Z 2df8.17b8: FileAttributes: 0x20 2df8.17b8: Size: 0x1a00 2df8.17b8: NT Headers: 0xc0 2df8.17b8: Timestamp: 0x590296af 2df8.17b8: Machine: 0x8664 - amd64 2df8.17b8: Timestamp: 0x590296af 2df8.17b8: Image Version: 6.1 2df8.17b8: SizeOfImage: 0x50000 (327680) 2df8.17b8: Resource Dir: 0x30000 LB 0x3f8 2df8.17b8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2df8.17b8: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)] 2df8.17b8: ProductName: Microsoft® Windows® Operating System 2df8.17b8: ProductVersion: 6.1.7601.23796 2df8.17b8: FileVersion: 6.1.7601.23796 (win7sp1_ldr.170427-1518) 2df8.17b8: FileDescription: ApiSet Schema DLL 2df8.17b8: supR3HardenedWinFindAdversaries: 0x0 2df8.17b8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 2df8.17b8: Calling main() 2df8.17b8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 2df8.17b8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 2df8.17b8: SUPR3HardenedMain: Respawn #1 2df8.17b8: System32: \Device\HarddiskVolume2\Windows\System32 2df8.17b8: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 2df8.17b8: KnownDllPath: C:\Windows\system32 2df8.17b8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 2df8.17b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 2df8.17b8: supR3HardNtEnableThreadCreation: 2df8.17b8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076e4a360 pvNtTerminateThread=0000000076e6c260 2df8.17b8: supR3HardenedWinDoReSpawn(1): New child aa8.3404 [kernel32]. 2df8.17b8: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd8000 cbPeb=0x380 2df8.17b8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076e20000 uNtDllChildAddr=0000000076e20000 2df8.17b8: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076e4a360 2df8.17b8: supR3HardenedWinSetupChildInit: Start child. 2df8.17b8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 2df8.17b8: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps 2df8.17b8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 2df8.17b8: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000 2df8.17b8: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000 2df8.17b8: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000 2df8.17b8: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000 2df8.17b8: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000 2df8.17b8: 0000000000041000-000000000005ffff 0x0001/0x0000 0x0000000 2df8.17b8: *0000000000060000-000000000015bfff 0x0000/0x0004 0x0020000 2df8.17b8: 000000000015c000-000000000015dfff 0x0104/0x0004 0x0020000 2df8.17b8: 000000000015e000-000000000015ffff 0x0004/0x0004 0x0020000 2df8.17b8: 0000000000160000-0000000076e1ffff 0x0001/0x0000 0x0000000 2df8.17b8: *0000000076e20000-0000000076e20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2df8.17b8: 0000000076e21000-0000000076f1dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2df8.17b8: 0000000076f1e000-0000000076f4cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2df8.17b8: 0000000076f4d000-0000000076f56fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2df8.17b8: 0000000076f57000-0000000076f57fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2df8.17b8: 0000000076f58000-0000000076f5afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2df8.17b8: 0000000076f5b000-0000000076fc9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2df8.17b8: 0000000076fca000-000000007efdffff 0x0001/0x0000 0x0000000 2df8.17b8: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000 2df8.17b8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 2df8.17b8: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 2df8.17b8: 000000007fff0000-000000013fdfffff 0x0001/0x0000 0x0000000 2df8.17b8: *000000013fe00000-000000013fe00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2df8.17b8: 000000013fe01000-000000013fe70fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2df8.17b8: 000000013fe71000-000000013fe71fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2df8.17b8: 000000013fe72000-000000013feb6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2df8.17b8: 000000013feb7000-000000013feb7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2df8.17b8: 000000013feb8000-000000013feb8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2df8.17b8: 000000013feb9000-000000013febdfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2df8.17b8: 000000013febe000-000000013febefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2df8.17b8: 000000013febf000-000000013febffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2df8.17b8: 000000013fec0000-000000013fec3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2df8.17b8: 000000013fec4000-000000013ff0bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2df8.17b8: 000000013ff0c000-000007feff13ffff 0x0001/0x0000 0x0000000 2df8.17b8: *000007feff140000-000007feff140fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll 2df8.17b8: 000007feff141000-000007fffffaffff 0x0001/0x0000 0x0000000 2df8.17b8: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000 2df8.17b8: 000007fffffd3000-000007fffffd7fff 0x0001/0x0000 0x0000000 2df8.17b8: *000007fffffd8000-000007fffffd8fff 0x0004/0x0004 0x0020000 2df8.17b8: 000007fffffd9000-000007fffffddfff 0x0001/0x0000 0x0000000 2df8.17b8: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000 2df8.17b8: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000 2df8.17b8: apisetschema.dll: timestamp 0x590296af (rc=VINF_SUCCESS) 2df8.17b8: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS) 2df8.17b8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 2df8.17b8: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports 2df8.17b8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 2df8.17b8: supR3HardNtChildPurify: Done after 285 ms and 0 fixes (loop #0). 2df8.17b8: supR3HardNtEnableThreadCreation: aa8.3404: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100 aa8.3404: supR3HardenedVmProcessInit: uNtDllAddr=0000000076e20000 g_uNtVerCombined=0x611db100 aa8.3404: ntdll.dll: timestamp 0x590296ce (rc=VINF_SUCCESS) aa8.3404: New simple heap: #1 0000000000260000 LB 0x400000 (for 1744896 allocation) aa8.3404: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' aa8.3404: System32: \Device\HarddiskVolume2\Windows\System32 aa8.3404: WinSxS: \Device\HarddiskVolume2\Windows\winsxs aa8.3404: KnownDllPath: C:\Windows\system32 aa8.3404: supR3HardenedVmProcessInit: Opening vboxdrv stub... aa8.3404: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... aa8.3404: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... aa8.3404: Registered Dll notification callback with NTDLL. aa8.3404: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) aa8.3404: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll aa8.3404: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] aa8.3404: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 2df8.17b8: Error (rc=258): 2df8.17b8: Timed out after 60001 ms waiting for child request #1 (CloseEvents). 2df8.17b8: Error 258 in supR3HardNtChildWaitFor! (enmWhat=5) 2df8.17b8: Timed out after 60001 ms waiting for child request #1 (CloseEvents).