2238.26b4: Log file opened: 5.2.33r132271 g_hStartupLog=000000000000001c g_uNtVerCombined=0x611db110 2238.26b4: \SystemRoot\System32\ntdll.dll: 2238.26b4: CreationTime: 2019-06-22T05:24:09.202909900Z 2238.26b4: LastWriteTime: 2019-05-16T15:08:29.092007100Z 2238.26b4: ChangeTime: 2019-06-22T08:53:51.194029100Z 2238.26b4: FileAttributes: 0x20 2238.26b4: Size: 0x196560 2238.26b4: NT Headers: 0xe0 2238.26b4: Timestamp: 0x5cdd7d10 2238.26b4: Machine: 0x8664 - amd64 2238.26b4: Timestamp: 0x5cdd7d10 2238.26b4: Image Version: 6.1 2238.26b4: SizeOfImage: 0x19f000 (1699840) 2238.26b4: Resource Dir: 0x142000 LB 0x5a028 2238.26b4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 2238.26b4: [Raw version resource data: 0x1420f0 LB 0x380, codepage 0x0 (reserved 0x0)] 2238.26b4: ProductName: Microsoft® Windows® Operating System 2238.26b4: ProductVersion: 6.1.7601.24475 2238.26b4: FileVersion: 6.1.7601.24475 (win7sp1_ldr.190516-0600) 2238.26b4: FileDescription: NT Layer DLL 2238.26b4: \SystemRoot\System32\kernel32.dll: 2238.26b4: CreationTime: 2019-06-22T05:24:20.858630900Z 2238.26b4: LastWriteTime: 2019-05-16T15:07:06.536000000Z 2238.26b4: ChangeTime: 2019-06-22T08:53:55.569057100Z 2238.26b4: FileAttributes: 0x20 2238.26b4: Size: 0x11be00 2238.26b4: NT Headers: 0xe0 2238.26b4: Timestamp: 0x5cdd7d44 2238.26b4: Machine: 0x8664 - amd64 2238.26b4: Timestamp: 0x5cdd7d44 2238.26b4: Image Version: 6.1 2238.26b4: SizeOfImage: 0x11f000 (1175552) 2238.26b4: Resource Dir: 0x116000 LB 0x528 2238.26b4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2238.26b4: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 2238.26b4: ProductName: Microsoft® Windows® Operating System 2238.26b4: ProductVersion: 6.1.7601.24475 2238.26b4: FileVersion: 6.1.7601.24475 (win7sp1_ldr.190516-0600) 2238.26b4: FileDescription: Windows NT BASE API Client DLL 2238.26b4: \SystemRoot\System32\KernelBase.dll: 2238.26b4: CreationTime: 2019-06-22T05:24:19.691593900Z 2238.26b4: LastWriteTime: 2019-05-16T15:07:06.536000000Z 2238.26b4: ChangeTime: 2019-06-22T08:53:55.615932400Z 2238.26b4: FileAttributes: 0x20 2238.26b4: Size: 0x63c00 2238.26b4: NT Headers: 0xe8 2238.26b4: Timestamp: 0x5cdd7d45 2238.26b4: Machine: 0x8664 - amd64 2238.26b4: Timestamp: 0x5cdd7d45 2238.26b4: Image Version: 6.1 2238.26b4: SizeOfImage: 0x67000 (421888) 2238.26b4: Resource Dir: 0x65000 LB 0x530 2238.26b4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2238.26b4: [Raw version resource data: 0x650b0 LB 0x3ac, codepage 0x0 (reserved 0x0)] 2238.26b4: ProductName: Microsoft® Windows® Operating System 2238.26b4: ProductVersion: 6.1.7601.24475 2238.26b4: FileVersion: 6.1.7601.24475 (win7sp1_ldr.190516-0600) 2238.26b4: FileDescription: Windows NT BASE API Client DLL 2238.26b4: \SystemRoot\System32\apisetschema.dll: 2238.26b4: CreationTime: 2019-06-22T05:24:32.749712500Z 2238.26b4: LastWriteTime: 2019-05-16T15:06:08.558000000Z 2238.26b4: ChangeTime: 2019-06-22T08:53:51.022153000Z 2238.26b4: FileAttributes: 0x20 2238.26b4: Size: 0x1a00 2238.26b4: NT Headers: 0xc0 2238.26b4: Timestamp: 0x5cdd7ca9 2238.26b4: Machine: 0x8664 - amd64 2238.26b4: Timestamp: 0x5cdd7ca9 2238.26b4: Image Version: 6.1 2238.26b4: SizeOfImage: 0x50000 (327680) 2238.26b4: Resource Dir: 0x30000 LB 0x3f8 2238.26b4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2238.26b4: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)] 2238.26b4: ProductName: Microsoft® Windows® Operating System 2238.26b4: ProductVersion: 6.1.7601.24475 2238.26b4: FileVersion: 6.1.7601.24475 (win7sp1_ldr.190516-0600) 2238.26b4: FileDescription: ApiSet Schema DLL 2238.26b4: Found driver SymNetS (0x2) 2238.26b4: Found driver SRTSPX (0x2) 2238.26b4: Found driver SymEvent (0x2) 2238.26b4: Found driver SymIRON (0x2) 2238.26b4: supR3HardenedWinFindAdversaries: 0x2 2238.26b4: \SystemRoot\System32\drivers\symevent64x86.sys: 2238.26b4: CreationTime: 2019-07-24T05:40:43.014013900Z 2238.26b4: LastWriteTime: 2019-07-24T05:40:41.473915700Z 2238.26b4: ChangeTime: 2019-07-24T05:40:41.473915700Z 2238.26b4: FileAttributes: 0x2020 2238.26b4: Size: 0x18650 2238.26b4: NT Headers: 0xe8 2238.26b4: Timestamp: 0x5a95cc4b 2238.26b4: Machine: 0x8664 - amd64 2238.26b4: Timestamp: 0x5a95cc4b 2238.26b4: Image Version: 6.3 2238.26b4: SizeOfImage: 0x21000 (135168) 2238.26b4: Resource Dir: 0x1f000 LB 0x3c8 2238.26b4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2238.26b4: [Raw version resource data: 0x1f0b8 LB 0x310, codepage 0x4e4 (reserved 0x0)] 2238.26b4: ProductName: SYMEVENT 2238.26b4: ProductVersion: 14.0.6.27 2238.26b4: FileVersion: 14.0.6.27 2238.26b4: FileDescription: Symantec Event Library 2238.26b4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 2238.26b4: Calling main() 2238.26b4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 2238.26b4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 2238.26b4: SUPR3HardenedMain: Respawn #1 2238.26b4: System32: \Device\HarddiskVolume2\Windows\System32 2238.26b4: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 2238.26b4: KnownDllPath: C:\Windows\system32 2238.26b4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 2238.26b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 2238.26b4: supR3HardNtEnableThreadCreation: 2238.26b4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b73710 pvNtTerminateThread=0000000077b99db0 2238.26b4: supR3HardenedWinDoReSpawn(1): New child 1a78.eac [kernel32]. 2238.26b4: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380 2238.26b4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077b30000 uNtDllChildAddr=0000000077b30000 2238.26b4: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077b73710 2238.26b4: supR3HardenedWinSetupChildInit: Start child. 2238.26b4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms. 2238.26b4: supR3HardNtChildPurify: Startup delay kludge #1/0: 518 ms, 59 sleeps 2238.26b4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 2238.26b4: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000 2238.26b4: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000 2238.26b4: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000 2238.26b4: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000 2238.26b4: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000 2238.26b4: 0000000000041000-000000000004ffff 0x0001/0x0000 0x0000000 2238.26b4: *0000000000050000-0000000000050fff 0x0020/0x0004 0x0020000 !! 2238.26b4: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000000050000 (LB 0x1000, 0000000000050000 LB 0x1000) 2238.26b4: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000000050000/0000000000050000 LB 0/0x1000] 2238.26b4: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000000050000 LB 0x1c0000 s=0x10000 ap=0x0 rp=0x00000000000001 2238.26b4: 0000000000051000-000000000020ffff 0x0001/0x0000 0x0000000 2238.26b4: *0000000000210000-000000000030bfff 0x0000/0x0004 0x0020000 2238.26b4: 000000000030c000-000000000030dfff 0x0104/0x0004 0x0020000 2238.26b4: 000000000030e000-000000000030ffff 0x0004/0x0004 0x0020000 2238.26b4: 0000000000310000-0000000077b2ffff 0x0001/0x0000 0x0000000 2238.26b4: *0000000077b30000-0000000077b30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2238.26b4: 0000000077b31000-0000000077c54fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2238.26b4: 0000000077c55000-0000000077c5afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2238.26b4: 0000000077c5b000-0000000077c5bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2238.26b4: 0000000077c5c000-0000000077c63fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2238.26b4: 0000000077c64000-0000000077ccefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2238.26b4: 0000000077ccf000-000000007efdffff 0x0001/0x0000 0x0000000 2238.26b4: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000 2238.26b4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 2238.26b4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 2238.26b4: 000000007fff0000-000000013fc4ffff 0x0001/0x0000 0x0000000 2238.26b4: *000000013fc50000-000000013fc50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2238.26b4: 000000013fc51000-000000013fcc1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2238.26b4: 000000013fcc2000-000000013fcc2fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2238.26b4: 000000013fcc3000-000000013fd09fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2238.26b4: 000000013fd0a000-000000013fd0afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2238.26b4: 000000013fd0b000-000000013fd0bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2238.26b4: 000000013fd0c000-000000013fd10fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2238.26b4: 000000013fd11000-000000013fd11fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2238.26b4: 000000013fd12000-000000013fd12fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2238.26b4: 000000013fd13000-000000013fd16fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2238.26b4: 000000013fd17000-000000013fd5efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2238.26b4: 000000013fd5f000-000007feffe2ffff 0x0001/0x0000 0x0000000 2238.26b4: *000007feffe30000-000007feffe30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll 2238.26b4: 000007feffe31000-000007fffffaffff 0x0001/0x0000 0x0000000 2238.26b4: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000 2238.26b4: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000 2238.26b4: *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000 2238.26b4: *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000 2238.26b4: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000 2238.26b4: apisetschema.dll: timestamp 0x5cdd7ca9 (rc=VINF_SUCCESS) 2238.26b4: VirtualBox.exe: timestamp 0x5d318309 (rc=VINF_SUCCESS) 2238.26b4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 2238.26b4: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports 2238.26b4: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 2238.26b4: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x2 cPatchCount=0 2238.26b4: supR3HardNtChildPurify: Startup delay kludge #1/1: 519 ms, 59 sleeps 2238.26b4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 2238.26b4: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000 2238.26b4: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000 2238.26b4: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000 2238.26b4: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000 2238.26b4: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000 2238.26b4: 0000000000041000-000000000020ffff 0x0001/0x0000 0x0000000 2238.26b4: *0000000000210000-000000000030bfff 0x0000/0x0004 0x0020000 2238.26b4: 000000000030c000-000000000030dfff 0x0104/0x0004 0x0020000 2238.26b4: 000000000030e000-000000000030ffff 0x0004/0x0004 0x0020000 2238.26b4: 0000000000310000-0000000077b2ffff 0x0001/0x0000 0x0000000 2238.26b4: *0000000077b30000-0000000077b30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2238.26b4: 0000000077b31000-0000000077c54fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2238.26b4: 0000000077c55000-0000000077c5afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2238.26b4: 0000000077c5b000-0000000077c63fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2238.26b4: 0000000077c64000-0000000077ccefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 2238.26b4: 0000000077ccf000-000000007efdffff 0x0001/0x0000 0x0000000 2238.26b4: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000 2238.26b4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 2238.26b4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 2238.26b4: 000000007fff0000-000000013fc4ffff 0x0001/0x0000 0x0000000 2238.26b4: *000000013fc50000-000000013fc50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2238.26b4: 000000013fc51000-000000013fcc1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2238.26b4: 000000013fcc2000-000000013fcc2fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2238.26b4: 000000013fcc3000-000000013fd09fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2238.26b4: 000000013fd0a000-000000013fd16fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2238.26b4: 000000013fd17000-000000013fd5efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 2238.26b4: 000000013fd5f000-000007feffe2ffff 0x0001/0x0000 0x0000000 2238.26b4: *000007feffe30000-000007feffe30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll 2238.26b4: 000007feffe31000-000007fffffaffff 0x0001/0x0000 0x0000000 2238.26b4: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000 2238.26b4: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000 2238.26b4: *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000 2238.26b4: *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000 2238.26b4: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000 2238.26b4: supR3HardNtChildPurify: Done after 1616 ms and 1 fixes (loop #1). 2238.26b4: supR3HardNtEnableThreadCreation: 1a78.eac: Log file opened: 5.2.33r132271 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100 1a78.eac: supR3HardenedVmProcessInit: uNtDllAddr=0000000077b30000 g_uNtVerCombined=0x611db100 1a78.eac: ntdll.dll: timestamp 0x5cdd7d10 (rc=VINF_SUCCESS) 1a78.eac: New simple heap: #1 0000000000310000 LB 0x400000 (for 1699840 allocation) 1a78.eac: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 1a78.eac: System32: \Device\HarddiskVolume2\Windows\System32 1a78.eac: WinSxS: \Device\HarddiskVolume2\Windows\winsxs 1a78.eac: KnownDllPath: C:\Windows\system32 1a78.eac: supR3HardenedVmProcessInit: Opening vboxdrv stub... 1a78.eac: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 1a78.eac: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 1a78.eac: Registered Dll notification callback with NTDLL. 1a78.eac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) 1a78.eac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll 1a78.eac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 1a78.eac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1a78.eac: supR3HardenedDllNotificationCallback: load 0000000077a10000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0] 1a78.eac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1a78.eac: supR3HardenedDllNotificationCallback: load 000007fefd800000 LB 0x00067000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] 1a78.eac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) 1a78.eac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll 1a78.eac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077a10000 'C:\Windows\system32\kernel32.dll' 2238.26b4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 68 ms, CloseEvents);