ca0.2a2c: Log file opened: 5.2.4r119785 g_hStartupLog=0000000000000070 g_uNtVerCombined=0xa0383900 ca0.2a2c: \SystemRoot\System32\ntdll.dll: ca0.2a2c: CreationTime: 2017-09-14T07:01:46.664917300Z ca0.2a2c: LastWriteTime: 2017-09-07T06:03:35.589628500Z ca0.2a2c: ChangeTime: 2017-09-14T08:15:40.988885300Z ca0.2a2c: FileAttributes: 0x20 ca0.2a2c: Size: 0x1cccb0 ca0.2a2c: NT Headers: 0xd8 ca0.2a2c: Timestamp: 0x59b0d03e ca0.2a2c: Machine: 0x8664 - amd64 ca0.2a2c: Timestamp: 0x59b0d03e ca0.2a2c: Image Version: 10.0 ca0.2a2c: SizeOfImage: 0x1d2000 (1908736) ca0.2a2c: Resource Dir: 0x169000 LB 0x67a50 ca0.2a2c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] ca0.2a2c: [Raw version resource data: 0x1690f0 LB 0x398, codepage 0x0 (reserved 0x0)] ca0.2a2c: ProductName: Microsoft® Windows® Operating System ca0.2a2c: ProductVersion: 10.0.14393.1715 ca0.2a2c: FileVersion: 10.0.14393.1715 (rs1_release_inmarket.170906-1810) ca0.2a2c: FileDescription: NT Layer DLL ca0.2a2c: \SystemRoot\System32\kernel32.dll: ca0.2a2c: CreationTime: 2017-09-14T07:02:03.004530200Z ca0.2a2c: LastWriteTime: 2017-04-28T00:49:43.332433600Z ca0.2a2c: ChangeTime: 2017-09-14T08:15:21.281079100Z ca0.2a2c: FileAttributes: 0x20 ca0.2a2c: Size: 0xab208 ca0.2a2c: NT Headers: 0xf0 ca0.2a2c: Timestamp: 0x59028368 ca0.2a2c: Machine: 0x8664 - amd64 ca0.2a2c: Timestamp: 0x59028368 ca0.2a2c: Image Version: 10.0 ca0.2a2c: SizeOfImage: 0xac000 (704512) ca0.2a2c: Resource Dir: 0xaa000 LB 0x530 ca0.2a2c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] ca0.2a2c: [Raw version resource data: 0xaa0b0 LB 0x3b4, codepage 0x0 (reserved 0x0)] ca0.2a2c: ProductName: Microsoft® Windows® Operating System ca0.2a2c: ProductVersion: 10.0.14393.1198 ca0.2a2c: FileVersion: 10.0.14393.1198 (rs1_release_sec.170427-1353) ca0.2a2c: FileDescription: Windows NT BASE API Client DLL ca0.2a2c: \SystemRoot\System32\KernelBase.dll: ca0.2a2c: CreationTime: 2017-09-14T07:03:41.892462800Z ca0.2a2c: LastWriteTime: 2017-09-07T06:03:59.714868700Z ca0.2a2c: ChangeTime: 2017-09-14T08:15:37.972503200Z ca0.2a2c: FileAttributes: 0x20 ca0.2a2c: Size: 0x21c780 ca0.2a2c: NT Headers: 0xf8 ca0.2a2c: Timestamp: 0x59b0d106 ca0.2a2c: Machine: 0x8664 - amd64 ca0.2a2c: Timestamp: 0x59b0d106 ca0.2a2c: Image Version: 10.0 ca0.2a2c: SizeOfImage: 0x21d000 (2215936) ca0.2a2c: Resource Dir: 0x201000 LB 0x560 ca0.2a2c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] ca0.2a2c: [Raw version resource data: 0x2010b0 LB 0x3d4, codepage 0x0 (reserved 0x0)] ca0.2a2c: ProductName: Microsoft® Windows® Operating System ca0.2a2c: ProductVersion: 10.0.14393.1715 ca0.2a2c: FileVersion: 10.0.14393.1715 (rs1_release_inmarket.170906-1810) ca0.2a2c: FileDescription: Windows NT BASE API Client DLL ca0.2a2c: \SystemRoot\System32\apisetschema.dll: ca0.2a2c: CreationTime: 2017-09-14T07:02:01.403113700Z ca0.2a2c: LastWriteTime: 2017-07-12T06:15:56.983190800Z ca0.2a2c: ChangeTime: 2017-09-14T08:15:31.752249900Z ca0.2a2c: FileAttributes: 0x20 ca0.2a2c: Size: 0x18b60 ca0.2a2c: NT Headers: 0xc8 ca0.2a2c: Timestamp: 0x5965b2bd ca0.2a2c: Machine: 0x8664 - amd64 ca0.2a2c: Timestamp: 0x5965b2bd ca0.2a2c: Image Version: 10.0 ca0.2a2c: SizeOfImage: 0x19000 (102400) ca0.2a2c: Resource Dir: 0x18000 LB 0x408 ca0.2a2c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] ca0.2a2c: [Raw version resource data: 0x18060 LB 0x3a4, codepage 0x0 (reserved 0x0)] ca0.2a2c: ProductName: Microsoft® Windows® Operating System ca0.2a2c: ProductVersion: 10.0.14393.1532 ca0.2a2c: FileVersion: 10.0.14393.1532 (rs1_release_d.170711-1840) ca0.2a2c: FileDescription: ApiSet Schema DLL ca0.2a2c: NtOpenDirectoryObject failed on \Driver: 0xc0000022 ca0.2a2c: supR3HardenedWinFindAdversaries: 0x0 ca0.2a2c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' ca0.2a2c: Calling main() ca0.2a2c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 ca0.2a2c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' ca0.2a2c: SUPR3HardenedMain: Respawn #1 ca0.2a2c: System32: \Device\HarddiskVolume2\Windows\System32 ca0.2a2c: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS ca0.2a2c: KnownDllPath: C:\WINDOWS\System32 ca0.2a2c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports ca0.2a2c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) ca0.2a2c: supR3HardNtEnableThreadCreation: ca0.2a2c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007fff3e789f60 pvNtTerminateThread=00007fff3e7b6af0 ca0.2a2c: supR3HardenedWinDoReSpawn(1): New child 2328.2e04 [kernel32]. ca0.2a2c: supR3HardNtChildGatherData: PebBaseAddress=0000000000826000 cbPeb=0x388 ca0.2a2c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007fff3e710000 uNtDllChildAddr=00007fff3e710000 ca0.2a2c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007fff3e789f60 ca0.2a2c: supR3HardenedWinSetupChildInit: Start child. ca0.2a2c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. ca0.2a2c: supR3HardNtChildPurify: Startup delay kludge #1/0: 258 ms, 31 sleeps ca0.2a2c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION ca0.2a2c: *0000000000000000-000000000066ffff 0x0001/0x0000 0x0000000 ca0.2a2c: *0000000000670000-000000000068ffff 0x0004/0x0004 0x0020000 ca0.2a2c: *0000000000690000-00000000006a5fff 0x0002/0x0002 0x0040000 ca0.2a2c: 00000000006a6000-00000000006affff 0x0001/0x0000 0x0000000 ca0.2a2c: *00000000006b0000-00000000007aafff 0x0000/0x0004 0x0020000 ca0.2a2c: 00000000007ab000-00000000007adfff 0x0104/0x0004 0x0020000 ca0.2a2c: 00000000007ae000-00000000007affff 0x0004/0x0004 0x0020000 ca0.2a2c: *00000000007b0000-00000000007b3fff 0x0002/0x0002 0x0040000 ca0.2a2c: 00000000007b4000-00000000007bffff 0x0001/0x0000 0x0000000 ca0.2a2c: *00000000007c0000-00000000007c1fff 0x0004/0x0004 0x0020000 ca0.2a2c: 00000000007c2000-00000000007fffff 0x0001/0x0000 0x0000000 ca0.2a2c: *0000000000800000-0000000000825fff 0x0000/0x0004 0x0020000 ca0.2a2c: 0000000000826000-0000000000828fff 0x0004/0x0004 0x0020000 ca0.2a2c: 0000000000829000-00000000009fffff 0x0000/0x0004 0x0020000 ca0.2a2c: 0000000000a00000-00000000052affff 0x0001/0x0000 0x0000000 ca0.2a2c: *00000000052b0000-00000000052b0fff 0x0020/0x0040 0x0020000 !! ca0.2a2c: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 00000000052b0000 (LB 0x1000, 00000000052b0000 LB 0x1000) ca0.2a2c: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [00000000052b0000/00000000052b0000 LB 0/0x1000] ca0.2a2c: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/00000000052b0000 LB 0x7ad30000 s=0x10000 ap=0x0 rp=0x00000000000001 ca0.2a2c: 00000000052b1000-000000007ffdffff 0x0001/0x0000 0x0000000 ca0.2a2c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 ca0.2a2c: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 ca0.2a2c: 000000007fff0000-00007ff72c9bffff 0x0001/0x0000 0x0000000 ca0.2a2c: *00007ff72c9c0000-00007ff72c9e2fff 0x0002/0x0002 0x0040000 ca0.2a2c: 00007ff72c9e3000-00007ff72d76ffff 0x0001/0x0000 0x0000000 ca0.2a2c: *00007ff72d770000-00007ff72d770fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE ca0.2a2c: supHardNtVpNewImage: 8dot3 -> long: '\Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' ca0.2a2c: 00007ff72d771000-00007ff72d7e1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE ca0.2a2c: 00007ff72d7e2000-00007ff72d7e2fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE ca0.2a2c: 00007ff72d7e3000-00007ff72d828fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE ca0.2a2c: 00007ff72d829000-00007ff72d829fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE ca0.2a2c: 00007ff72d82a000-00007ff72d82afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE ca0.2a2c: 00007ff72d82b000-00007ff72d82ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE ca0.2a2c: 00007ff72d830000-00007ff72d830fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE ca0.2a2c: 00007ff72d831000-00007ff72d831fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE ca0.2a2c: 00007ff72d832000-00007ff72d835fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE ca0.2a2c: 00007ff72d836000-00007ff72d87dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE ca0.2a2c: 00007ff72d87e000-00007fff3e70ffff 0x0001/0x0000 0x0000000 ca0.2a2c: *00007fff3e710000-00007fff3e710fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll ca0.2a2c: 00007fff3e711000-00007fff3e818fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll ca0.2a2c: 00007fff3e819000-00007fff3e85cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll ca0.2a2c: 00007fff3e85d000-00007fff3e865fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll ca0.2a2c: 00007fff3e866000-00007fff3e873fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll ca0.2a2c: 00007fff3e874000-00007fff3e874fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll ca0.2a2c: 00007fff3e875000-00007fff3e877fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll ca0.2a2c: 00007fff3e878000-00007fff3e8e1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll ca0.2a2c: 00007fff3e8e2000-00007ffffffdffff 0x0001/0x0000 0x0000000 ca0.2a2c: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 ca0.2a2c: VirtualBox.exe: timestamp 0x5a37e337 (rc=VINF_SUCCESS) ca0.2a2c: Error (rc=-5618): ca0.2a2c: Process image name does not match the exectuable we found: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe vs \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE. ca0.2a2c: Error (rc=-5618): ca0.2a2c: supHardenedWinVerifyProcess failed with Unknown Status -5618 (0xffffea0e): Process image name does not match the exectuable we found: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe vs \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE. ca0.2a2c: Error -5618 in supR3HardNtChildPurify! (enmWhat=5) ca0.2a2c: supHardenedWinVerifyProcess failed with Unknown Status -5618 (0xffffea0e): Process image name does not match the exectuable we found: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe vs \Device\HarddiskVolume2\PROGRA~1\Oracle\VIRTUA~1\VIRTUA~1.EXE. ca0.2a2c: supR3HardNtEnableThreadCreation: