1d58.1d5c: Log file opened: 4.3.16r95972 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
1d58.1d5c: Calling main()
1d58.1d5c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1d58.1d5c: SUPR3HardenedMain: Respawn #1
1d58.1d5c: System32:  \Device\HarddiskVolume2\Windows\System32
1d58.1d5c: WinSxS:    \Device\HarddiskVolume2\Windows\winsxs
1d58.1d5c: ProgDir:   \Device\HarddiskVolume2\Program Files
1d58.1d5c: ComDir:    \Device\HarddiskVolume2\Program Files\Common Files
1d58.1d5c: ProgDir32: \Device\HarddiskVolume2\Program Files (x86)
1d58.1d5c: ComDir32:  \Device\HarddiskVolume2\Program Files (x86)\Common Files
1d58.1d5c: '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBox.exe' has no imports
1d58.1d5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBox.exe)
1d58.1d5c: supR3HardNtEnableThreadCreation:
1d58.1d5c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b5c320 pvNtTerminateThread=0000000077b81840
1d58.1d5c: supR3HardenedWinDoReSpawn(1): New child 1d68.1d6c [kernel32].
1d58.1d5c: supR3HardenedWinPurifyChild: PebBaseAddress=000007fffffd6000 cbPeb=0x380
1d58.1d5c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077b30000 uNtDllChildAddr=0000000077b30000
1d58.1d5c: supR3HardNtPuChTriggerInitialImageEvents: uLdrInitThunk=0000000077b5c320 uNtTerminateThread=0000000077b81840
1d58.1d5c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b5c320 pvNtTerminateThread=0000000077b81840
1d58.1d5c: supR3HardNtPuChTriggerInitialImageEvents: mapping view of ntdll.dll[2nd]
1d58.1d5c: supR3HardNtPuChTriggerInitialImageEvents: ntdll.dll[2nd] mapped at 00000000002f0000 LB 0x1a9000
1d58.1d5c: supR3HardNtPuChTriggerInitialImageEvents: mapping view of kernel32.dll
1d58.1d5c: supR3HardNtPuChTriggerInitialImageEvents: kernel32.dll mapped at 0000000077910000 LB 0x11f000
1d58.1d5c: supR3HardNtPuChTriggerInitialImageEvents: mapping view of KernelBase.dll
1d58.1d5c: supR3HardNtPuChTriggerInitialImageEvents: KernelBase.dll mapped at 000007fefdc70000 LB 0x6c000
1d58.1d5c: supR3HardNtPuChTriggerInitialImageEvents: Startup delay kludge #1: 16 ms
1d58.1d5c: supR3HardNtEnableThreadCreation:
1d58.1d5c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1d58.1d5c:  *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
1d58.1d5c:  *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
1d58.1d5c:  *0000000000030000-000000000002efff 0x0040/0x0040 0x0020000 !!
1d58.1d5c: supHardNtVpScanVirtualMemory: Freeing exec mem at 0000000000030000 (0000000000030000 LB 0x1000)
1d58.1d5c:   0000000000031000-0000000000021fff 0x0001/0x0000 0x0000000
1d58.1d5c:  *0000000000040000-000000000003bfff 0x0002/0x0002 0x0040000
1d58.1d5c:   0000000000044000-0000000000037fff 0x0001/0x0000 0x0000000
1d58.1d5c:  *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
1d58.1d5c:   0000000000051000-ffffffffffeb1fff 0x0001/0x0000 0x0000000
1d58.1d5c:  *00000000001f0000-00000000000f3fff 0x0000/0x0004 0x0020000
1d58.1d5c:   00000000002ec000-00000000002e8fff 0x0104/0x0004 0x0020000
1d58.1d5c:   00000000002ef000-00000000002edfff 0x0004/0x0004 0x0020000
1d58.1d5c:   00000000002f0000-ffffffff88aaffff 0x0001/0x0000 0x0000000
1d58.1d5c:  *0000000077b30000-0000000077b2efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d58.1d5c:   0000000077b31000-0000000077a2efff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d58.1d5c:   0000000077c33000-0000000077c03fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d58.1d5c:   0000000077c62000-0000000077c55fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d58.1d5c:   0000000077c6e000-0000000077c02fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d58.1d5c:   0000000077cd9000-00000000709d1fff 0x0001/0x0000 0x0000000
1d58.1d5c:  *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
1d58.1d5c:  *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
1d58.1d5c:   000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
1d58.1d5c:   000000007fff0000-ffffffffc0a4ffff 0x0001/0x0000 0x0000000
1d58.1d5c:  *000000013f590000-000000013f58efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBox.exe
1d58.1d5c:   000000013f591000-000000013f511fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBox.exe
1d58.1d5c:   000000013f610000-000000013f60efff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBox.exe
1d58.1d5c:   000000013f611000-000000013f5d9fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBox.exe
1d58.1d5c:   000000013f648000-000000013f63efff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBox.exe
1d58.1d5c:   000000013f651000-000000013f617fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBox.exe
1d58.1d5c:   000000013f68a000-fffff8037eec3fff 0x0001/0x0000 0x0000000
1d58.1d5c:  *000007feffe50000-000007feffe4efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
1d58.1d5c:   000007feffe51000-000007fdffcf1fff 0x0001/0x0000 0x0000000
1d58.1d5c:  *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
1d58.1d5c:   000007fffffd3000-000007fffffcffff 0x0001/0x0000 0x0000000
1d58.1d5c:  *000007fffffd6000-000007fffffd4fff 0x0004/0x0004 0x0020000
1d58.1d5c:   000007fffffd7000-000007fffffcffff 0x0001/0x0000 0x0000000
1d58.1d5c:  *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
1d58.1d5c:  *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
1d58.1d5c: '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBox.exe' has no imports
1d58.1d5c: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
1d58.1d5c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
1d68.1d6c: Log file opened: 4.3.16r95972 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
1d68.1d6c: Calling main()
1d68.1d6c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1d68.1d6c: System32:  \Device\HarddiskVolume2\Windows\System32
1d68.1d6c: WinSxS:    \Device\HarddiskVolume2\Windows\winsxs
1d68.1d6c: ProgDir:   \Device\HarddiskVolume2\Program Files
1d68.1d6c: ComDir:    \Device\HarddiskVolume2\Program Files\Common Files
1d68.1d6c: ProgDir32: \Device\HarddiskVolume2\Program Files (x86)
1d68.1d6c: ComDir32:  \Device\HarddiskVolume2\Program Files (x86)\Common Files
1d68.1d6c: supR3HardenedWinInit: Startup delay kludge #2/0: 94 ms, 9 sleeps
1d68.1d6c: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
1d68.1d6c:  *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
1d68.1d6c:  *0000000000010000-ffffffffffffffff 0x0004/0x0004 0x0040000
1d68.1d6c:   0000000000020000-ffffffffffffffff 0x0001/0x0000 0x0000000
1d68.1d6c:  *0000000000040000-000000000003bfff 0x0002/0x0002 0x0040000
1d68.1d6c:   0000000000044000-0000000000037fff 0x0001/0x0000 0x0000000
1d68.1d6c:  *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
1d68.1d6c:   0000000000051000-0000000000041fff 0x0001/0x0000 0x0000000
1d68.1d6c:  *0000000000060000-ffffffffffff8fff 0x0002/0x0002 0x0040000
1d68.1d6c:   00000000000c7000-fffffffffff9dfff 0x0001/0x0000 0x0000000
1d68.1d6c:  *00000000001f0000-00000000000f4fff 0x0000/0x0004 0x0020000
1d68.1d6c:   00000000002eb000-00000000002e8fff 0x0104/0x0004 0x0020000
1d68.1d6c:   00000000002ed000-00000000002e9fff 0x0004/0x0004 0x0020000
1d68.1d6c:   00000000002f0000-00000000001dffff 0x0001/0x0000 0x0000000
1d68.1d6c:  *0000000000400000-0000000000393fff 0x0004/0x0004 0x0020000
1d68.1d6c:   000000000046c000-00000000003d7fff 0x0000/0x0004 0x0020000
1d68.1d6c:  *0000000000500000-0000000000355fff 0x0004/0x0004 0x0020000
1d68.1d6c:   00000000006aa000-ffffffff89443fff 0x0001/0x0000 0x0000000
1d68.1d6c:  *0000000077910000-000000007790efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1d68.1d6c:   0000000077911000-0000000077875fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1d68.1d6c:   00000000779ac000-000000007793dfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1d68.1d6c:   0000000077a1a000-0000000077a17fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1d68.1d6c:   0000000077a1c000-0000000077a08fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1d68.1d6c:   0000000077a2f000-000000007792dfff 0x0001/0x0000 0x0000000
1d68.1d6c:  *0000000077b30000-0000000077b2efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d68.1d6c:   0000000077b31000-0000000077a2efff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d68.1d6c:   0000000077c33000-0000000077c03fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d68.1d6c:   0000000077c62000-0000000077c60fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d68.1d6c:   0000000077c63000-0000000077c61fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d68.1d6c:   0000000077c64000-0000000077c62fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d68.1d6c:   0000000077c65000-0000000077c62fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d68.1d6c:   0000000077c67000-0000000077c65fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d68.1d6c:   0000000077c68000-0000000077c66fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d68.1d6c:   0000000077c69000-0000000077c66fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d68.1d6c:   0000000077c6b000-0000000077c69fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d68.1d6c:   0000000077c6c000-0000000077c69fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d68.1d6c:   0000000077c6e000-0000000077c02fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d68.1d6c:   0000000077cd9000-00000000709d1fff 0x0001/0x0000 0x0000000
1d68.1d6c:  *000000007efe0000-000000007efdafff 0x0002/0x0002 0x0040000
1d68.1d6c:   000000007efe5000-000000007eee9fff 0x0000/0x0002 0x0040000
1d68.1d6c:  *000000007f0e0000-000000007e1dffff 0x0000/0x0002 0x0020000
1d68.1d6c:  *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
1d68.1d6c:   000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
1d68.1d6c:   000000007fff0000-ffffffffc0a4ffff 0x0001/0x0000 0x0000000
1d68.1d6c:  *000000013f590000-000000013f58efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBox.exe
1d68.1d6c:   000000013f591000-000000013f511fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBox.exe
1d68.1d6c:   000000013f610000-000000013f60efff 0x0040/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBox.exe
1d68.1d6c:   000000013f611000-000000013f5d9fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBox.exe
1d68.1d6c:   000000013f648000-000000013f63efff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBox.exe
1d68.1d6c:   000000013f651000-000000013f617fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBox.exe
1d68.1d6c:   000000013f68a000-fffff803810a3fff 0x0001/0x0000 0x0000000
1d68.1d6c:  *000007fefdc70000-000007fefdc6efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1d68.1d6c:   000007fefdc71000-000007fefdc26fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1d68.1d6c:   000007fefdcbb000-000007fefdca4fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1d68.1d6c:   000007fefdcd1000-000007fefdccefff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1d68.1d6c:   000007fefdcd3000-000007fefdcc9fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1d68.1d6c:   000007fefdcdc000-000007fefbb67fff 0x0001/0x0000 0x0000000
1d68.1d6c:  *000007feffe50000-000007feffe4efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
1d68.1d6c:   000007feffe51000-000007fdffcf1fff 0x0001/0x0000 0x0000000
1d68.1d6c:  *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
1d68.1d6c:   000007fffffd3000-000007fffffcffff 0x0001/0x0000 0x0000000
1d68.1d6c:  *000007fffffd6000-000007fffffd4fff 0x0004/0x0004 0x0020000
1d68.1d6c:   000007fffffd7000-000007fffffcffff 0x0001/0x0000 0x0000000
1d68.1d6c:  *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
1d68.1d6c:  *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
1d68.1d6c: '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBox.exe' has no imports
1d68.1d6c: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
1d68.1d6c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
1d68.1d6c: '\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBox.exe' has no imports
1d68.1d6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBox.exe)
1d68.1d6c: supHardNtVpScanVirtualMemory: enmKind=VERIFY_ONLY
1d68.1d6c:  *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
1d68.1d6c:  *0000000000010000-ffffffffffffffff 0x0004/0x0004 0x0040000
1d68.1d6c:   0000000000020000-ffffffffffffffff 0x0001/0x0000 0x0000000
1d68.1d6c:  *0000000000040000-000000000003bfff 0x0002/0x0002 0x0040000
1d68.1d6c:   0000000000044000-0000000000037fff 0x0001/0x0000 0x0000000
1d68.1d6c:  *0000000000050000-000000000004efff 0x0004/0x0004 0x0020000
1d68.1d6c:   0000000000051000-0000000000041fff 0x0001/0x0000 0x0000000
1d68.1d6c:  *0000000000060000-ffffffffffff8fff 0x0002/0x0002 0x0040000
1d68.1d6c:   00000000000c7000-00000000000bdfff 0x0001/0x0000 0x0000000
1d68.1d6c:  *00000000000d0000-fffffffffffcffff 0x0004/0x0004 0x0020000
1d68.1d6c:   00000000001d0000-00000000001affff 0x0001/0x0000 0x0000000
1d68.1d6c:  *00000000001f0000-00000000000f5fff 0x0000/0x0004 0x0020000
1d68.1d6c:   00000000002ea000-00000000002e7fff 0x0104/0x0004 0x0020000
1d68.1d6c:   00000000002ec000-00000000002e7fff 0x0004/0x0004 0x0020000
1d68.1d6c:   00000000002f0000-00000000001dffff 0x0001/0x0000 0x0000000
1d68.1d6c:  *0000000000400000-0000000000324fff 0x0004/0x0004 0x0020000
1d68.1d6c:   00000000004db000-00000000004b5fff 0x0000/0x0004 0x0020000
1d68.1d6c:  *0000000000500000-0000000000355fff 0x0004/0x0004 0x0020000
1d68.1d6c:   00000000006aa000-00000000006a3fff 0x0001/0x0000 0x0000000
1d68.1d6c:  *00000000006b0000-0000000000641fff 0x0004/0x0004 0x0020000
1d68.1d6c:   000000000071e000-000000000058bfff 0x0000/0x0004 0x0020000
1d68.1d6c:  *00000000008b0000-000000000078ffff 0x0004/0x0004 0x0020000
1d68.1d6c:   00000000009d0000-ffffffff89a8ffff 0x0001/0x0000 0x0000000
1d68.1d6c:  *0000000077910000-000000007790efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1d68.1d6c:   0000000077911000-0000000077875fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1d68.1d6c:   00000000779ac000-000000007793dfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1d68.1d6c:   0000000077a1a000-0000000077a17fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1d68.1d6c:   0000000077a1c000-0000000077a08fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1d68.1d6c:   0000000077a2f000-000000007792dfff 0x0001/0x0000 0x0000000
1d68.1d6c:  *0000000077b30000-0000000077b2efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d68.1d6c:   0000000077b31000-0000000077a2efff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d68.1d6c:   0000000077c33000-0000000077c03fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d68.1d6c:   0000000077c62000-0000000077c60fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d68.1d6c:   0000000077c63000-0000000077c61fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d68.1d6c:   0000000077c64000-0000000077c62fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d68.1d6c:   0000000077c65000-0000000077c62fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d68.1d6c:   0000000077c67000-0000000077c65fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d68.1d6c:   0000000077c68000-0000000077c66fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d68.1d6c:   0000000077c69000-0000000077c66fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d68.1d6c:   0000000077c6b000-0000000077c69fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d68.1d6c:   0000000077c6c000-0000000077c69fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d68.1d6c:   0000000077c6e000-0000000077c02fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d68.1d6c:   0000000077cd9000-0000000077cd1fff 0x0001/0x0000 0x0000000
1d68.1d6c:  *0000000077ce0000-0000000077cdefff 0x0004/0x0004 0x0020000
1d68.1d6c:   0000000077ce1000-00000000709e1fff 0x0001/0x0000 0x0000000
1d68.1d6c:  *000000007efe0000-000000007efdafff 0x0002/0x0002 0x0040000
1d68.1d6c:   000000007efe5000-000000007eee9fff 0x0000/0x0002 0x0040000
1d68.1d6c:  *000000007f0e0000-000000007e1dffff 0x0000/0x0002 0x0020000
1d68.1d6c:  *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
1d68.1d6c:   000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
1d68.1d6c:   000000007fff0000-ffffffffc0a4ffff 0x0001/0x0000 0x0000000
1d68.1d6c:  *000000013f590000-000000013f58efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBox.exe
1d68.1d6c:   000000013f591000-000000013f510fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBox.exe
1d68.1d6c:   000000013f611000-000000013f5d9fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBox.exe
1d68.1d6c:   000000013f648000-000000013f63efff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBox.exe
1d68.1d6c:   000000013f651000-000000013f617fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle VM VirtualBox\VirtualBox.exe
1d68.1d6c:   000000013f68a000-fffff803810a3fff 0x0001/0x0000 0x0000000
1d68.1d6c:  *000007fefdc70000-000007fefdc6efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1d68.1d6c:   000007fefdc71000-000007fefdc26fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1d68.1d6c:   000007fefdcbb000-000007fefdca4fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1d68.1d6c:   000007fefdcd1000-000007fefdccefff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1d68.1d6c:   000007fefdcd3000-000007fefdcc9fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1d68.1d6c:   000007fefdcdc000-000007fefbb67fff 0x0001/0x0000 0x0000000
1d68.1d6c:  *000007feffe50000-000007feffe4efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
1d68.1d6c:   000007feffe51000-000007fdffcf1fff 0x0001/0x0000 0x0000000
1d68.1d6c:  *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
1d68.1d6c:   000007fffffd3000-000007fffffcffff 0x0001/0x0000 0x0000000
1d68.1d6c:  *000007fffffd6000-000007fffffd4fff 0x0004/0x0004 0x0020000
1d68.1d6c:   000007fffffd7000-000007fffffcffff 0x0001/0x0000 0x0000000
1d68.1d6c:  *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
1d68.1d6c:  *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
1d68.1d6c: SUPR3HardenedMain: Respawn #2
1d68.1d6c: supR3HardNtEnableThreadCreation:
1d68.1d6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags>
1d68.1d6c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
1d68.1d6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
1d68.1d6c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
1d68.1d6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7b0000 'C:\Windows\system32\apphelp.dll'
1d68.1d6c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b5c320 pvNtTerminateThread=0000000077b81840
1d68.1d6c: supR3HardenedWinDoReSpawn(2): New child 1d90.1d94 [kernel32].
1d68.1d6c: supR3HardenedWinPurifyChild: PebBaseAddress=000007fffffdd000 cbPeb=0x380
1d68.1d6c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077b30000 uNtDllChildAddr=0000000077b30000
1d68.1d6c: supR3HardNtPuChTriggerInitialImageEvents: uLdrInitThunk=0000000077b5c320 uNtTerminateThread=0000000077b81840
1d68.1d6c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077b5c320 pvNtTerminateThread=0000000077b81840
1d68.1d6c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
1d68.1d6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll)
1d68.1d6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1d68.1d6c: supR3HardNtPuChTriggerInitialImageEvents: mapping view of ntdll.dll[2nd]
1d68.1d6c: supR3HardNtPuChTriggerInitialImageEvents: ntdll.dll[2nd] mapped at 0000000000060000 LB 0x1a9000
1d68.1d6c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
1d68.1d6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1d68.1d6c: supR3HardNtPuChTriggerInitialImageEvents: mapping view of kernel32.dll
1d58.1d5c: supR3HardenedWinDoReSpawn(1): Quitting: ExitCode=0xc0000005 rcNt=0x0