All VMs Fail to Start - Cannot open session.

[fabtastic]

Hello! Apologies if this is answered elsewhere -- I've done a bunch of Google and forum searches and I'm not sure how to read the error log or isolate the issue.


Tried installing the latest version of VirtualBox, uninstalling and reinstalling (confirming Run as Admin was used to install), and I'm experiencing the exact same error on two different workstations.
One of the workstations has the user's working copy of the VM, and I have a sort of "vanilla" one in place on mine. I can't start any of the VMs on my machine, and they are all listed as "Powered Off"

VirtualBox 6.1.38 r153438 (QtS.6.2) with no Extension Packs installed, to the best of my knowledge.
Running Windows 7 x64, 16 GB of RAM on the host. I'm told that our EDR software is not interfering with any processes, as the MSP's logs don't show any issues.
The guest is an XP 32 bit system with the latest applicable SP installed, 512 MB assigned, and whatever defaults are typically applied in VirtualBox. (I'm fairly new to it.)

I skimmed the forum etiquette rules and don't see an attachment button available (possibly since I'm a new user?), so I've pasted the VBoxHardening.log as plaintext below.

Windows crash popup:

Code: Select all

Problem signature:
  Problem Event Name:	BEX64
  Application Name:	VirtualBoxVM.exe
  Application Version:	6.1.38.3438
  Application Timestamp:	6310b1ca
  Fault Module Name:	kernel32.dll
  Fault Module Version:	6.1.7601.24545
  Fault Module Timestamp:	5e0eb6bc
  Exception Offset:	0000000000012f20
  Exception Code:	c0000005
  Exception Data:	0000000000000008
  OS Version:	6.1.7601.2.1.0.256.48
  Locale ID:	4105
  Additional Information 1:	a22a
  Additional Information 2:	a22aaef4035b9942a15b894ff00910a6
  Additional Information 3:	3a7f
  Additional Information 4:	3a7fb54c7737adf5dea5d06a667fa026

_______________________________________________________________________________________________

VirtualBox popup on crash:

Code: Select all

Failed to open a session for the virtual machine Adrian_XP-CAD.

The virtual machine 'Adrian_XP-CAD' has terminated unexpectedly during startup with exit code -1073741819 (0xc0000005).  More details may be available in 'E:\Virtual Machines\Adrian_XP-CAD\Logs\VBoxHardening.log'.

Result Code: E_FAIL (0x80004005)
Component: MachineWrap
Interface: IMachine {85632c68-b5bb-4316-a900-5eb28d3413df}

_______________________________________________________________________________________________

VBoxHardening.log

Code: Select all

32d0.1c3c: Log file opened: 6.1.38r153438 g_hStartupLog=0000000000000040 g_uNtVerCombined=0x611db110
32d0.1c3c: \SystemRoot\System32\ntdll.dll:
32d0.1c3c:     CreationTime:    2020-01-17T07:05:24.326769200Z
32d0.1c3c:     LastWriteTime:   2020-01-17T07:05:24.327769400Z
32d0.1c3c:     ChangeTime:      2020-07-07T07:32:20.873879200Z
32d0.1c3c:     FileAttributes:  0x20
32d0.1c3c:     Size:            0x198080
32d0.1c3c:     NT Headers:      0xe0
32d0.1c3c:     Timestamp:       0x5e0eb67f
32d0.1c3c:     Machine:         0x8664 - amd64
32d0.1c3c:     Timestamp:       0x5e0eb67f
32d0.1c3c:     Image Version:   6.1
32d0.1c3c:     SizeOfImage:     0x19f000 (1699840)
32d0.1c3c:     Resource Dir:    0x142000 LB 0x5a038
32d0.1c3c:     [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
32d0.1c3c:     [Raw version resource data: 0x1420f0 LB 0x38c, codepage 0x0 (reserved 0x0)]
32d0.1c3c:     ProductName:     Microsoft® Windows® Operating System
32d0.1c3c:     ProductVersion:  6.1.7601.24545
32d0.1c3c:     FileVersion:     6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
32d0.1c3c:     FileDescription: NT Layer DLL
32d0.1c3c: \SystemRoot\System32\kernel32.dll:
32d0.1c3c:     CreationTime:    2020-01-17T07:05:24.335771000Z
32d0.1c3c:     LastWriteTime:   2020-01-17T07:05:24.336771200Z
32d0.1c3c:     ChangeTime:      2020-07-07T07:32:21.014317000Z
32d0.1c3c:     FileAttributes:  0x20
32d0.1c3c:     Size:            0x11be00
32d0.1c3c:     NT Headers:      0xe0
32d0.1c3c:     Timestamp:       0x5e0eb6bc
32d0.1c3c:     Machine:         0x8664 - amd64
32d0.1c3c:     Timestamp:       0x5e0eb6bc
32d0.1c3c:     Image Version:   6.1
32d0.1c3c:     SizeOfImage:     0x11f000 (1175552)
32d0.1c3c:     Resource Dir:    0x116000 LB 0x530
32d0.1c3c:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
32d0.1c3c:     [Raw version resource data: 0x1160b0 LB 0x3b0, codepage 0x0 (reserved 0x0)]
32d0.1c3c:     ProductName:     Microsoft® Windows® Operating System
32d0.1c3c:     ProductVersion:  6.1.7601.24545
32d0.1c3c:     FileVersion:     6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
32d0.1c3c:     FileDescription: Windows NT BASE API Client DLL
32d0.1c3c: \SystemRoot\System32\KernelBase.dll:
32d0.1c3c:     CreationTime:    2020-01-17T07:05:24.359775800Z
32d0.1c3c:     LastWriteTime:   2020-01-17T07:05:24.360776000Z
32d0.1c3c:     ChangeTime:      2020-07-07T07:32:21.029921200Z
32d0.1c3c:     FileAttributes:  0x20
32d0.1c3c:     Size:            0x63c00
32d0.1c3c:     NT Headers:      0xe8
32d0.1c3c:     Timestamp:       0x5e0eb6bd
32d0.1c3c:     Machine:         0x8664 - amd64
32d0.1c3c:     Timestamp:       0x5e0eb6bd
32d0.1c3c:     Image Version:   6.1
32d0.1c3c:     SizeOfImage:     0x67000 (421888)
32d0.1c3c:     Resource Dir:    0x65000 LB 0x538
32d0.1c3c:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
32d0.1c3c:     [Raw version resource data: 0x650b0 LB 0x3b8, codepage 0x0 (reserved 0x0)]
32d0.1c3c:     ProductName:     Microsoft® Windows® Operating System
32d0.1c3c:     ProductVersion:  6.1.7601.24545
32d0.1c3c:     FileVersion:     6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
32d0.1c3c:     FileDescription: Windows NT BASE API Client DLL
32d0.1c3c: \SystemRoot\System32\apisetschema.dll:
32d0.1c3c:     CreationTime:    2020-01-17T07:05:24.329769800Z
32d0.1c3c:     LastWriteTime:   2020-01-17T07:05:24.329769800Z
32d0.1c3c:     ChangeTime:      2020-07-07T07:32:20.873879200Z
32d0.1c3c:     FileAttributes:  0x20
32d0.1c3c:     Size:            0x1c00
32d0.1c3c:     NT Headers:      0xc0
32d0.1c3c:     Timestamp:       0x5e0eb63f
32d0.1c3c:     Machine:         0x8664 - amd64
32d0.1c3c:     Timestamp:       0x5e0eb63f
32d0.1c3c:     Image Version:   6.1
32d0.1c3c:     SizeOfImage:     0x50000 (327680)
32d0.1c3c:     Resource Dir:    0x30000 LB 0x408
32d0.1c3c:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
32d0.1c3c:     [Raw version resource data: 0x30060 LB 0x3a4, codepage 0x0 (reserved 0x0)]
32d0.1c3c:     ProductName:     Microsoft® Windows® Operating System
32d0.1c3c:     ProductVersion:  6.1.7601.24545
32d0.1c3c:     FileVersion:     6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
32d0.1c3c:     FileDescription: ApiSet Schema DLL
32d0.1c3c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
32d0.1c3c: supR3HardenedWinFindAdversaries: 0x0
32d0.1c3c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
32d0.1c3c: Calling main()
32d0.1c3c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
32d0.1c3c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
32d0.1c3c: SUPR3HardenedMain: Respawn #1
32d0.1c3c: System32:  \Device\HarddiskVolume3\Windows\System32
32d0.1c3c: WinSxS:    \Device\HarddiskVolume3\Windows\winsxs
32d0.1c3c: KnownDllPath: C:\Windows\system32
32d0.1c3c: supR3HardenedWinInit: Performing a limited self purification...
32d0.1c3c: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
32d0.1c3c:  *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
32d0.1c3c:  *0000000000010000-000000000001ffff 0x0004/0x0004 0x0040000
32d0.1c3c:   0000000000020000-000000000002ffff 0x0001/0x0000 0x0000000
32d0.1c3c:  *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
32d0.1c3c:   0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
32d0.1c3c:  *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
32d0.1c3c:   0000000000041000-000000000004ffff 0x0001/0x0000 0x0000000
32d0.1c3c:  *0000000000050000-00000000000b6fff 0x0002/0x0002 0x0040000
32d0.1c3c:   00000000000b7000-00000000000effff 0x0001/0x0000 0x0000000
32d0.1c3c:  *00000000000f0000-00000000000f1fff 0x0004/0x0004 0x0020000
32d0.1c3c:   00000000000f2000-000000000016ffff 0x0000/0x0004 0x0020000
32d0.1c3c:   0000000000170000-000000000017ffff 0x0001/0x0000 0x0000000
32d0.1c3c:  *0000000000180000-0000000000239fff 0x0000/0x0004 0x0020000
32d0.1c3c:   000000000023a000-000000000023bfff 0x0104/0x0004 0x0020000
32d0.1c3c:   000000000023c000-000000000027ffff 0x0004/0x0004 0x0020000
32d0.1c3c:  *0000000000280000-00000000002e7fff 0x0004/0x0004 0x0020000
32d0.1c3c:   00000000002e8000-000000000037ffff 0x0000/0x0004 0x0020000
32d0.1c3c:  *0000000000380000-0000000000386fff 0x0004/0x0004 0x0020000
32d0.1c3c:   0000000000387000-000000000038ffff 0x0000/0x0004 0x0020000
32d0.1c3c:   0000000000390000-00000000003dffff 0x0001/0x0000 0x0000000
32d0.1c3c:  *00000000003e0000-0000000000483fff 0x0004/0x0004 0x0020000
32d0.1c3c:   0000000000484000-000000000048cfff 0x0000/0x0004 0x0020000
32d0.1c3c:   000000000048d000-000000000048ffff 0x0004/0x0004 0x0020000
32d0.1c3c:   0000000000490000-00000000004a9fff 0x0000/0x0004 0x0020000
32d0.1c3c:   00000000004aa000-00000000004aafff 0x0004/0x0004 0x0020000
32d0.1c3c:   00000000004ab000-00000000004dffff 0x0000/0x0004 0x0020000
32d0.1c3c:  *00000000004e0000-00000000004e0fff 0x0004/0x0004 0x0020000
32d0.1c3c:   00000000004e1000-00000000005f3fff 0x0120/0x0004 0x0020000 !!
32d0.1c3c:   00000000005f4000-0000000000603fff 0x0020/0x0004 0x0020000 !!
32d0.1c3c:   0000000000604000-000000000067ffff 0x0004/0x0004 0x0020000
32d0.1c3c:  *0000000000680000-0000000000680fff 0x0004/0x0004 0x0020000
32d0.1c3c:   0000000000681000-0000000000711fff 0x0120/0x0004 0x0020000 !!
32d0.1c3c:   0000000000712000-000000000071efff 0x0004/0x0004 0x0020000
32d0.1c3c:   000000000071f000-000000000072afff 0x0020/0x0004 0x0020000 !!
32d0.1c3c:   000000000072b000-000000000079ffff 0x0004/0x0004 0x0020000
32d0.1c3c:  *00000000007a0000-0000000000a6efff 0x0002/0x0002 0x0040000
32d0.1c3c:   0000000000a6f000-0000000000b1ffff 0x0001/0x0000 0x0000000
32d0.1c3c:  *0000000000b20000-0000000000b9ffff 0x0004/0x0004 0x0020000
32d0.1c3c:  *0000000000ba0000-0000000000d3ffff 0x0004/0x0004 0x0020000
32d0.1c3c:  *0000000000d40000-0000000000d61fff 0x0004/0x0004 0x0020000
32d0.1c3c:   0000000000d62000-0000000000e3ffff 0x0000/0x0004 0x0020000
32d0.1c3c:   0000000000e40000-0000000036e4ffff 0x0001/0x0000 0x0000000
32d0.1c3c:  *0000000036e50000-0000000036e5ffff 0x0020/0x0040 0x0020000 !!
32d0.1c3c:   0000000036e60000-0000000076cdffff 0x0001/0x0000 0x0000000
32d0.1c3c:  *0000000076ce0000-0000000076ce0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\kernel32.dll
32d0.1c3c:   0000000076ce1000-0000000076d7bfff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\kernel32.dll
32d0.1c3c:   0000000076d7c000-0000000076de9fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\kernel32.dll
32d0.1c3c:   0000000076dea000-0000000076debfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\kernel32.dll
32d0.1c3c:   0000000076dec000-0000000076dfefff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\kernel32.dll
32d0.1c3c:   0000000076dff000-0000000076dfffff 0x0001/0x0000 0x0000000
32d0.1c3c:  *0000000076e00000-0000000076e00fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
32d0.1c3c:   0000000076e01000-0000000076f24fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
32d0.1c3c:   0000000076f25000-0000000076f26fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
32d0.1c3c:   0000000076f27000-0000000076f28fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
32d0.1c3c:   0000000076f29000-0000000076f2afff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
32d0.1c3c:   0000000076f2b000-0000000076f33fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
32d0.1c3c:   0000000076f34000-0000000076f9efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\ntdll.dll
32d0.1c3c:   0000000076f9f000-000000007efdffff 0x0001/0x0000 0x0000000
32d0.1c3c:  *000000007efe0000-000000007efe4fff 0x0002/0x0002 0x0040000
32d0.1c3c:   000000007efe5000-000000007f0dffff 0x0000/0x0002 0x0040000
32d0.1c3c:  *000000007f0e0000-000000007ffdffff 0x0000/0x0002 0x0020000
32d0.1c3c:  *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
32d0.1c3c:   000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
32d0.1c3c:   000000007fff0000-000000013f0affff 0x0001/0x0000 0x0000000
32d0.1c3c:  *000000013f0b0000-000000013f0b0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
32d0.1c3c:   000000013f0b1000-000000013f128fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
32d0.1c3c:   000000013f129000-000000013f129fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
32d0.1c3c:   000000013f12a000-000000013f173fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
32d0.1c3c:   000000013f174000-000000013f176fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
32d0.1c3c:   000000013f177000-000000013f179fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
32d0.1c3c:   000000013f17a000-000000013f17cfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
32d0.1c3c:   000000013f17d000-000000013f17dfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
32d0.1c3c:   000000013f17e000-000000013f17ffff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
32d0.1c3c:   000000013f180000-000000013f180fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
32d0.1c3c:   000000013f181000-000000013f1c9fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
32d0.1c3c:   000000013f1ca000-000000013f1cffff 0x0001/0x0000 0x0000000
32d0.1c3c:  *000000013f1d0000-000000013f1d0fff 0x0004/0x0004 0x0020000
32d0.1c3c:   000000013f1d1000-000007fefc4dffff 0x0001/0x0000 0x0000000
32d0.1c3c:  *000007fefc4e0000-000007fefc4e0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\version.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefc4e0000 LB 0x1000 (base 000007fefc4e0000) - 'version.dll'
32d0.1c3c:   000007fefc4e1000-000007fefc4e5fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\version.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefc4e1000 LB 0x5000 (base 000007fefc4e0000) - 'version.dll'
32d0.1c3c:   000007fefc4e6000-000007fefc4e7fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\version.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefc4e6000 LB 0x2000 (base 000007fefc4e0000) - 'version.dll'
32d0.1c3c:   000007fefc4e8000-000007fefc4e8fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\version.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefc4e8000 LB 0x1000 (base 000007fefc4e0000) - 'version.dll'
32d0.1c3c:   000007fefc4e9000-000007fefc4ebfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\version.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefc4e9000 LB 0x3000 (base 000007fefc4e0000) - 'version.dll'
32d0.1c3c:   000007fefc4ec000-000007fefc4effff 0x0001/0x0000 0x0000000
32d0.1c3c:  *000007fefc4f0000-000007fefc4f2fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefc4f0000 LB 0x3000 (base 000007fefc4f0000) - 'api-ms-win-core-synch-l1-2-0.dll'
32d0.1c3c:   000007fefc4f3000-000007fefc55ffff 0x0001/0x0000 0x0000000
32d0.1c3c:  *000007fefc560000-000007fefc560fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\SentinelOne\Sentinel Agent 22.1.4.10010\InProcessClient64.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefc560000 LB 0x1000 (base 000007fefc560000) - 'InProcessClient64.dll'
32d0.1c3c:   000007fefc561000-000007fefc6cffff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\SentinelOne\Sentinel Agent 22.1.4.10010\InProcessClient64.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefc561000 LB 0x16f000 (base 000007fefc560000) - 'InProcessClient64.dll'
32d0.1c3c:   000007fefc6d0000-000007fefc74afff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\SentinelOne\Sentinel Agent 22.1.4.10010\InProcessClient64.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefc6d0000 LB 0x7b000 (base 000007fefc560000) - 'InProcessClient64.dll'
32d0.1c3c:   000007fefc74b000-000007fefc753fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\SentinelOne\Sentinel Agent 22.1.4.10010\InProcessClient64.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefc74b000 LB 0x9000 (base 000007fefc560000) - 'InProcessClient64.dll'
32d0.1c3c:   000007fefc754000-000007fefc75efff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\SentinelOne\Sentinel Agent 22.1.4.10010\InProcessClient64.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefc754000 LB 0xb000 (base 000007fefc560000) - 'InProcessClient64.dll'
32d0.1c3c:   000007fefc75f000-000007fefc75ffff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\SentinelOne\Sentinel Agent 22.1.4.10010\InProcessClient64.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefc75f000 LB 0x1000 (base 000007fefc560000) - 'InProcessClient64.dll'
32d0.1c3c:   000007fefc760000-000007fefc76afff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\SentinelOne\Sentinel Agent 22.1.4.10010\InProcessClient64.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefc760000 LB 0xb000 (base 000007fefc560000) - 'InProcessClient64.dll'
32d0.1c3c:   000007fefc76b000-000007fefc76efff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\SentinelOne\Sentinel Agent 22.1.4.10010\InProcessClient64.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefc76b000 LB 0x4000 (base 000007fefc560000) - 'InProcessClient64.dll'
32d0.1c3c:   000007fefc76f000-000007fefc77cfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\SentinelOne\Sentinel Agent 22.1.4.10010\InProcessClient64.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefc76f000 LB 0xe000 (base 000007fefc560000) - 'InProcessClient64.dll'
32d0.1c3c:   000007fefc77d000-000007fefc77dfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\SentinelOne\Sentinel Agent 22.1.4.10010\InProcessClient64.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefc77d000 LB 0x1000 (base 000007fefc560000) - 'InProcessClient64.dll'
32d0.1c3c:   000007fefc77e000-000007fefc781fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\SentinelOne\Sentinel Agent 22.1.4.10010\InProcessClient64.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefc77e000 LB 0x4000 (base 000007fefc560000) - 'InProcessClient64.dll'
32d0.1c3c:   000007fefc782000-000007fefc782fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\SentinelOne\Sentinel Agent 22.1.4.10010\InProcessClient64.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefc782000 LB 0x1000 (base 000007fefc560000) - 'InProcessClient64.dll'
32d0.1c3c:   000007fefc783000-000007fefc786fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Program Files\SentinelOne\Sentinel Agent 22.1.4.10010\InProcessClient64.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefc783000 LB 0x4000 (base 000007fefc560000) - 'InProcessClient64.dll'
32d0.1c3c:   000007fefc787000-000007fefc9fffff 0x0001/0x0000 0x0000000
32d0.1c3c:  *000007fefca00000-000007fefca00fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
32d0.1c3c:   000007fefca01000-000007fefca47fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
32d0.1c3c:   000007fefca48000-000007fefca5cfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
32d0.1c3c:   000007fefca5d000-000007fefca5efff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
32d0.1c3c:   000007fefca5f000-000007fefca66fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
32d0.1c3c:   000007fefca67000-000007fefd03ffff 0x0001/0x0000 0x0000000
32d0.1c3c:  *000007fefd040000-000007fefd040fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\sechost.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefd040000 LB 0x1000 (base 000007fefd040000) - 'sechost.dll'
32d0.1c3c:   000007fefd041000-000007fefd058fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\sechost.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefd041000 LB 0x18000 (base 000007fefd040000) - 'sechost.dll'
32d0.1c3c:   000007fefd059000-000007fefd059fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\sechost.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefd059000 LB 0x1000 (base 000007fefd040000) - 'sechost.dll'
32d0.1c3c:   000007fefd05a000-000007fefd05bfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\sechost.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefd05a000 LB 0x2000 (base 000007fefd040000) - 'sechost.dll'
32d0.1c3c:   000007fefd05c000-000007fefd05efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\sechost.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefd05c000 LB 0x3000 (base 000007fefd040000) - 'sechost.dll'
32d0.1c3c:   000007fefd05f000-000007fefe5fffff 0x0001/0x0000 0x0000000
32d0.1c3c:  *000007fefe600000-000007fefe600fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefe600000 LB 0x1000 (base 000007fefe600000) - 'msvcrt.dll'
32d0.1c3c:   000007fefe601000-000007fefe679fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefe601000 LB 0x79000 (base 000007fefe600000) - 'msvcrt.dll'
32d0.1c3c:   000007fefe67a000-000007fefe690fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefe67a000 LB 0x17000 (base 000007fefe600000) - 'msvcrt.dll'
32d0.1c3c:   000007fefe691000-000007fefe692fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefe691000 LB 0x2000 (base 000007fefe600000) - 'msvcrt.dll'
32d0.1c3c:   000007fefe693000-000007fefe693fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefe693000 LB 0x1000 (base 000007fefe600000) - 'msvcrt.dll'
32d0.1c3c:   000007fefe694000-000007fefe694fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefe694000 LB 0x1000 (base 000007fefe600000) - 'msvcrt.dll'
32d0.1c3c:   000007fefe695000-000007fefe696fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefe695000 LB 0x2000 (base 000007fefe600000) - 'msvcrt.dll'
32d0.1c3c:   000007fefe697000-000007fefe69efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefe697000 LB 0x8000 (base 000007fefe600000) - 'msvcrt.dll'
32d0.1c3c:   000007fefe69f000-000007fefeceffff 0x0001/0x0000 0x0000000
32d0.1c3c:  *000007fefecf0000-000007fefecf0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\advapi32.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefecf0000 LB 0x1000 (base 000007fefecf0000) - 'advapi32.dll'
32d0.1c3c:   000007fefecf1000-000007fefed65fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\advapi32.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefecf1000 LB 0x75000 (base 000007fefecf0000) - 'advapi32.dll'
32d0.1c3c:   000007fefed66000-000007fefed97fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\advapi32.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefed66000 LB 0x32000 (base 000007fefecf0000) - 'advapi32.dll'
32d0.1c3c:   000007fefed98000-000007fefed9cfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\advapi32.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefed98000 LB 0x5000 (base 000007fefecf0000) - 'advapi32.dll'
32d0.1c3c:   000007fefed9d000-000007fefedcafff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\advapi32.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefed9d000 LB 0x2e000 (base 000007fefecf0000) - 'advapi32.dll'
32d0.1c3c:   000007fefedcb000-000007fefedcffff 0x0001/0x0000 0x0000000
32d0.1c3c:  *000007fefedd0000-000007fefedd0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefedd0000 LB 0x1000 (base 000007fefedd0000) - 'rpcrt4.dll'
32d0.1c3c:   000007fefedd1000-000007fefeeb2fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefedd1000 LB 0xe2000 (base 000007fefedd0000) - 'rpcrt4.dll'
32d0.1c3c:   000007fefeeb3000-000007fefeedefff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefeeb3000 LB 0x2c000 (base 000007fefedd0000) - 'rpcrt4.dll'
32d0.1c3c:   000007fefeedf000-000007fefeee0fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefeedf000 LB 0x2000 (base 000007fefedd0000) - 'rpcrt4.dll'
32d0.1c3c:   000007fefeee1000-000007fefeefbfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
32d0.1c3c: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fefeee1000 LB 0x1b000 (base 000007fefedd0000) - 'rpcrt4.dll'
32d0.1c3c:   000007fefeefc000-000007feff0fffff 0x0001/0x0000 0x0000000
32d0.1c3c:  *000007feff100000-000007feff100fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume3\Windows\System32\apisetschema.dll
32d0.1c3c:   000007feff101000-000007fffffaffff 0x0001/0x0000 0x0000000
32d0.1c3c:  *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
32d0.1c3c:   000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
32d0.1c3c:  *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000
32d0.1c3c:  *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000
32d0.1c3c:  *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
32d0.1c3c: apisetschema.dll: timestamp 0x5e0eb63f (rc=VINF_SUCCESS)
32d0.1c3c: kernelbase.dll: timestamp 0x5e0eb6bd (rc=VINF_SUCCESS)
32d0.1c3c: VirtualBoxVM.exe: timestamp 0x6310b1ca (rc=VINF_SUCCESS)
32d0.1c3c: kernel32.dll: timestamp 0x5e0eb6bc (rc=VINF_SUCCESS)
32d0.1c3c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
32d0.1c3c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
32d0.1c3c: '\Device\HarddiskVolume3\Windows\System32\apisetschema.dll' has no imports
32d0.1c3c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
32d0.1c3c: ntdll.dll: Differences in section #1 (.text) between file and memory:
32d0.1c3c:   0000000076e69870 / 0x0069870: 4c != e9
32d0.1c3c:   0000000076e69871 / 0x0069871: 8b != 43
32d0.1c3c:   0000000076e69872 / 0x0069872: d1 != 6e
32d0.1c3c:   0000000076e69873 / 0x0069873: b8 != fe
32d0.1c3c:   0000000076e69874 / 0x0069874: 0a != bf
32d0.1c3c:   0000000076e69875 / 0x0069875: 00 != cc
32d0.1c3c:   0000000076e69876 / 0x0069876: 00 != cc
32d0.1c3c:   0000000076e69877 / 0x0069877: 00 != cc
32d0.1c3c:   0000000076e69920 / 0x0069920: 4c != e9
32d0.1c3c:   0000000076e69921 / 0x0069921: 8b != 53
32d0.1c3c:   0000000076e69922 / 0x0069922: d1 != 68
32d0.1c3c:   0000000076e69923 / 0x0069923: b8 != fe
32d0.1c3c:   0000000076e69924 / 0x0069924: 15 != bf
32d0.1c3c:   0000000076e69925 / 0x0069925: 00 != cc
32d0.1c3c:   0000000076e69926 / 0x0069926: 00 != cc
32d0.1c3c:   0000000076e69927 / 0x0069927: 00 != cc
32d0.1c3c:   0000000076e69960 / 0x0069960: 4c != e9
32d0.1c3c:   0000000076e69961 / 0x0069961: 8b != 33
32d0.1c3c:   0000000076e69962 / 0x0069962: d1 != 6c
32d0.1c3c:   0000000076e69963 / 0x0069963: b8 != fe
32d0.1c3c:   0000000076e69964 / 0x0069964: 19 != bf
32d0.1c3c:   0000000076e69965 / 0x0069965: 00 != cc
32d0.1c3c:   0000000076e69966 / 0x0069966: 00 != cc
32d0.1c3c:   0000000076e69967 / 0x0069967: 00 != cc
32d0.1c3c:   0000000076e69980 / 0x0069980: 4c != e9
32d0.1c3c:   0000000076e69981 / 0x0069981: 8b != 53
32d0.1c3c:   0000000076e69982 / 0x0069982: d1 != 68
32d0.1c3c:   0000000076e69983 / 0x0069983: b8 != fe
32d0.1c3c:   0000000076e69984 / 0x0069984: 1b != bf
32d0.1c3c:   0000000076e69985 / 0x0069985: 00 != cc
32d0.1c3c:   0000000076e69986 / 0x0069986: 00 != cc
32d0.1c3c:   0000000076e69987 / 0x0069987: 00 != cc
32d0.1c3c:   0000000076e69a00 / 0x0069a00: 4c != e9
32d0.1c3c:   0000000076e69a01 / 0x0069a01: 8b != 93
32d0.1c3c:   0000000076e69a02 / 0x0069a02: d1 != 68
32d0.1c3c:   0000000076e69a03 / 0x0069a03: b8 != fe
32d0.1c3c:   0000000076e69a04 / 0x0069a04: 23 != bf
32d0.1c3c:   0000000076e69a05 / 0x0069a05: 00 != cc
32d0.1c3c:   0000000076e69a06 / 0x0069a06: 00 != cc
32d0.1c3c:   0000000076e69a07 / 0x0069a07: 00 != cc
32d0.1c3c:   0000000076e69a20 / 0x0069a20: 4c != e9
32d0.1c3c:   0000000076e69a21 / 0x0069a21: 8b != 13
32d0.1c3c:   0000000076e69a22 / 0x0069a22: d1 != 68
32d0.1c3c:   0000000076e69a23 / 0x0069a23: b8 != fe
32d0.1c3c:   0000000076e69a24 / 0x0069a24: 25 != bf
32d0.1c3c:   0000000076e69a25 / 0x0069a25: 00 != cc
32d0.1c3c:   0000000076e69a26 / 0x0069a26: 00 != cc
32d0.1c3c:   0000000076e69a27 / 0x0069a27: 00 != cc
32d0.1c3c:   0000000076e69a40 / 0x0069a40: 4c != e9
32d0.1c3c:   0000000076e69a41 / 0x0069a41: 8b != b3
32d0.1c3c:   0000000076e69a42 / 0x0069a42: d1 != 68
32d0.1c3c:   0000000076e69a43 / 0x0069a43: b8 != fe
32d0.1c3c:   0000000076e69a44 / 0x0069a44: 27 != bf
32d0.1c3c:   0000000076e69a45 / 0x0069a45: 00 != cc
32d0.1c3c:   0000000076e69a46 / 0x0069a46: 00 != cc
32d0.1c3c:   0000000076e69a47 / 0x0069a47: 00 != cc
32d0.1c3c:   0000000076e69a60 / 0x0069a60: 4c != e9
32d0.1c3c:   0000000076e69a61 / 0x0069a61: 8b != f3
32d0.1c3c:   0000000076e69a62 / 0x0069a62: d1 != 6e
32d0.1c3c:   0000000076e69a63 / 0x0069a63: b8 != fe
32d0.1c3c:   0000000076e69a64 / 0x0069a64: 29 != bf
32d0.1c3c:   0000000076e69a65 / 0x0069a65: 00 != cc
32d0.1c3c:   0000000076e69a66 / 0x0069a66: 00 != cc
32d0.1c3c:   0000000076e69a67 / 0x0069a67: 00 != cc
32d0.1c3c:   0000000076e69b00 / 0x0069b00: 4c != e9
32d0.1c3c:   0000000076e69b01 / 0x0069b01: 8b != f3
32d0.1c3c:   0000000076e69b02 / 0x0069b02: d1 != 6a
32d0.1c3c:   0000000076e69b03 / 0x0069b03: b8 != fe
32d0.1c3c:   0000000076e69b04 / 0x0069b04: 33 != bf
32d0.1c3c:   0000000076e69b05 / 0x0069b05: 00 != cc
32d0.1c3c:   0000000076e69b06 / 0x0069b06: 00 != cc
32d0.1c3c:   0000000076e69b07 / 0x0069b07: 00 != cc
32d0.1c3c:   0000000076e69b40 / 0x0069b40: 4c != e9
32d0.1c3c:   0000000076e69b41 / 0x0069b41: 8b != 13
32d0.1c3c:   0000000076e69b42 / 0x0069b42: d1 != 68
32d0.1c3c:   0000000076e69b43 / 0x0069b43: b8 != fe
32d0.1c3c:   0000000076e69b44 / 0x0069b44: 37 != bf
32d0.1c3c:   0000000076e69b45 / 0x0069b45: 00 != cc
32d0.1c3c:   0000000076e69b46 / 0x0069b46: 00 != cc
32d0.1c3c:   0000000076e69b47 / 0x0069b47: 00 != cc
32d0.1c3c:   0000000076e69b90 / 0x0069b90: 4c != e9
32d0.1c3c:   0000000076e69b91 / 0x0069b91: 8b != 83
32d0.1c3c:   0000000076e69b92 / 0x0069b92: d1 != 6b
32d0.1c3c:   0000000076e69b93 / 0x0069b93: b8 != fe
32d0.1c3c:   0000000076e69b94 / 0x0069b94: 3c != bf
32d0.1c3c:   0000000076e69b95 / 0x0069b95: 00 != cc
32d0.1c3c:   0000000076e69b96 / 0x0069b96: 00 != cc
32d0.1c3c:   0000000076e69b97 / 0x0069b97: 00 != cc
32d0.1c3c:   0000000076e69bf0 / 0x0069bf0: 4c != e9
32d0.1c3c:   0000000076e69bf1 / 0x0069bf1: 8b != 83
32d0.1c3c:   0000000076e69bf2 / 0x0069bf2: d1 != 6b
32d0.1c3c:   0000000076e69bf3 / 0x0069bf3: b8 != fe
32d0.1c3c:   0000000076e69bf4 / 0x0069bf4: 42 != bf
32d0.1c3c:   0000000076e69bf5 / 0x0069bf5: 00 != cc
32d0.1c3c:   0000000076e69bf6 / 0x0069bf6: 00 != cc
32d0.1c3c:   0000000076e69bf7 / 0x0069bf7: 00 != cc
32d0.1c3c:   0000000076e69ca0 / 0x0069ca0: 4c != e9
32d0.1c3c:   0000000076e69ca1 / 0x0069ca1: 8b != 13
32d0.1c3c:   0000000076e69ca2 / 0x0069ca2: d1 != 67
32d0.1c3c:   0000000076e69ca3 / 0x0069ca3: b8 != fe
32d0.1c3c:   0000000076e69ca4 / 0x0069ca4: 4d != bf
32d0.1c3c:   0000000076e69ca5 / 0x0069ca5: 00 != cc
32d0.1c3c:   0000000076e69ca6 / 0x0069ca6: 00 != cc
32d0.1c3c:   0000000076e69ca7 / 0x0069ca7: 00 != cc
32d0.1c3c:   0000000076e69cc0 / 0x0069cc0: 4c != e9
32d0.1c3c:   0000000076e69cc1 / 0x0069cc1: 8b != b3
32d0.1c3c:   0000000076e69cc2 / 0x0069cc2: d1 != 67
32d0.1c3c:   0000000076e69cc3 / 0x0069cc3: b8 != fe
32d0.1c3c:   0000000076e69cc4 / 0x0069cc4: 4f != bf
32d0.1c3c:   0000000076e69cc5 / 0x0069cc5: 00 != cc
32d0.1c3c:   0000000076e69cc6 / 0x0069cc6: 00 != cc
32d0.1c3c:   0000000076e69cc7 / 0x0069cc7: 00 != cc
32d0.1c3c:   0000000076e6a210 / 0x006a210: 4c != e9
32d0.1c3c:   0000000076e6a211 / 0x006a211: 8b != a3
32d0.1c3c:   0000000076e6a212 / 0x006a212: d1 != 67
32d0.1c3c:   0000000076e6a213 / 0x006a213: b8 != fe
32d0.1c3c:   0000000076e6a214 / 0x006a214: a4 != bf
32d0.1c3c:   0000000076e6a215 / 0x006a215: 00 != cc
32d0.1c3c:   0000000076e6a216 / 0x006a216: 00 != cc
32d0.1c3c:   0000000076e6a217 / 0x006a217: 00 != cc
32d0.1c3c:   0000000076e6a220 / 0x006a220: 4c != e9
32d0.1c3c:   0000000076e6a221 / 0x006a221: 8b != 13
32d0.1c3c:   0000000076e6a222 / 0x006a222: d1 != 66
32d0.1c3c:   0000000076e6a223 / 0x006a223: b8 != fe
32d0.1c3c:   0000000076e6a224 / 0x006a224: a5 != bf
32d0.1c3c:   0000000076e6a225 / 0x006a225: 00 != cc
32d0.1c3c:   0000000076e6a226 / 0x006a226: 00 != cc
32d0.1c3c:   0000000076e6a227 / 0x006a227: 00 != cc
32d0.1c3c:   0000000076e6a270 / 0x006a270: 4c != e9
32d0.1c3c:   0000000076e6a271 / 0x006a271: 8b != 83
32d0.1c3c:   0000000076e6a272 / 0x006a272: d1 != 66
32d0.1c3c:   0000000076e6a273 / 0x006a273: b8 != fe
32d0.1c3c:   0000000076e6a274 / 0x006a274: aa != bf
32d0.1c3c:   0000000076e6a275 / 0x006a275: 00 != cc
32d0.1c3c:   0000000076e6a276 / 0x006a276: 00 != cc
32d0.1c3c:   0000000076e6a277 / 0x006a277: 00 != cc
32d0.1c3c:   0000000076e6a590 / 0x006a590: 4c != e9
32d0.1c3c:   0000000076e6a591 / 0x006a591: 8b != 83
32d0.1c3c:   0000000076e6a592 / 0x006a592: d1 != 5e
32d0.1c3c:   0000000076e6a593 / 0x006a593: b8 != fe
32d0.1c3c:   0000000076e6a594 / 0x006a594: dc != bf
32d0.1c3c:   0000000076e6a595 / 0x006a595: 00 != cc
32d0.1c3c:   0000000076e6a596 / 0x006a596: 00 != cc
32d0.1c3c:   0000000076e6a597 / 0x006a597: 00 != cc
32d0.1c3c:   0000000076e6a640 / 0x006a640: 4c != e9
32d0.1c3c:   0000000076e6a641 / 0x006a641: 8b != 33
32d0.1c3c:   0000000076e6a642 / 0x006a642: d1 != 64
32d0.1c3c:   0000000076e6a643 / 0x006a643: b8 != fe
32d0.1c3c:   0000000076e6a644 / 0x006a644: e7 != bf
32d0.1c3c:   0000000076e6a645 / 0x006a645: 00 != cc
32d0.1c3c:   0000000076e6a646 / 0x006a646: 00 != cc
32d0.1c3c:   0000000076e6a647 / 0x006a647: 00 != cc
32d0.1c3c:   0000000076e6aa90 / 0x006aa90: 4c != e9
32d0.1c3c:   0000000076e6aa91 / 0x006aa91: 8b != c3
32d0.1c3c:   0000000076e6aa92 / 0x006aa92: d1 != 5b
32d0.1c3c:   0000000076e6aa93 / 0x006aa93: b8 != fe
32d0.1c3c:   0000000076e6aa94 / 0x006aa94: 2c != bf
32d0.1c3c:   0000000076e6aa95 / 0x006aa95: 01 != cc
32d0.1c3c:   0000000076e6aa96 / 0x006aa96: 00 != cc
32d0.1c3c:   0000000076e6aa97 / 0x006aa97: 00 != cc
32d0.1c3c:   0000000076e6aab0 / 0x006aab0: 4c != e9
32d0.1c3c:   0000000076e6aab1 / 0x006aab1: 8b != 23
32d0.1c3c:   0000000076e6aab2 / 0x006aab2: d1 != 5d
32d0.1c3c:   0000000076e6aab3 / 0x006aab3: b8 != fe
32d0.1c3c:   0000000076e6aab4 / 0x006aab4: 2e != bf
32d0.1c3c:   0000000076e6aab5 / 0x006aab5: 01 != cc
32d0.1c3c:   0000000076e6aab6 / 0x006aab6: 00 != cc
32d0.1c3c:   0000000076e6aab7 / 0x006aab7: 00 != cc
32d0.1c3c:   0000000076e6acd0 / 0x006acd0: 4c != e9
32d0.1c3c:   0000000076e6acd1 / 0x006acd1: 8b != 63
32d0.1c3c:   0000000076e6acd2 / 0x006acd2: d1 != 58
32d0.1c3c:   0000000076e6acd3 / 0x006acd3: b8 != fe
32d0.1c3c:   0000000076e6acd4 / 0x006acd4: 50 != bf
32d0.1c3c:   0000000076e6acd5 / 0x006acd5: 01 != cc
32d0.1c3c:   0000000076e6acd6 / 0x006acd6: 00 != cc
32d0.1c3c:   0000000076e6acd7 / 0x006acd7: 00 != cc
32d0.1c3c:   Restored 0x1c92 bytes of original file content at 0000000076e6973e
32d0.1c3c: ntdll.dll: Differences in section #1 (.text) between file and memory:
32d0.1c3c:   0000000076ee1230 / 0x00e1230: 45 != e9
32d0.1c3c:   0000000076ee1231 / 0x00e1231: 33 != e3
32d0.1c3c:   0000000076ee1232 / 0x00e1232: c0 != f7
32d0.1c3c:   0000000076ee1233 / 0x00e1233: e9 != f6
32d0.1c3c:   0000000076ee1234 / 0x00e1234: 98 != bf
32d0.1c3c:   0000000076ee1235 / 0x00e1235: 82 != cc
32d0.1c3c:   0000000076ee1236 / 0x00e1236: ff != cc
32d0.1c3c:   0000000076ee1237 / 0x00e1237: ff != cc
32d0.1c3c:   Restored 0x2000 bytes of original file content at 0000000076edf51e
32d0.1c3c: ntdll.dll: Differences in section #1 (.text) between file and memory:
32d0.1c3c:   0000000076eeac90 / 0x00eac90: 48 != e9
32d0.1c3c:   0000000076eeac91 / 0x00eac91: 89 != 43
32d0.1c3c:   0000000076eeac92 / 0x00eac92: 5c != 58
32d0.1c3c:   0000000076eeac93 / 0x00eac93: 24 != f6
32d0.1c3c:   0000000076eeac94 / 0x00eac94: 10 != bf
32d0.1c3c:   Restored 0x2000 bytes of original file content at 0000000076ee951e
32d0.1c3c: kernel32.dll: Differences in section #1 (.text) between file and memory:
32d0.1c3c:   0000000076cf1410 / 0x0011410: 48 != e9
32d0.1c3c:   0000000076cf1411 / 0x0011411: 89 != e3
32d0.1c3c:   0000000076cf1412 / 0x0011412: 5c != f7
32d0.1c3c:   0000000076cf1413 / 0x0011413: 24 != 15
32d0.1c3c:   0000000076cf1414 / 0x0011414: 08 != c0

Thank you for your time and any assistance you can provide! I read over some of the FAQs and guides etc., but I'm not even sure where to begin.

[mpack]

Please provide logs as zipped attachments, not truncated, pasted text.

Also we would need the VM log (VBox.log), not just the hardening log.

Topic moved to Windows hosts since the question does not concern the guest OS.

[fabtastic]

Oh, I missed the tiny text where it says "upload attachment" -- my mistake. I was looking above the text box for a button and not below.

Please see attached -- is that all the info that is needed?

[mpack]

You seem to have some kind of AV called "SentinelOne" installed, which is doing nasty things in VirtualBox process space which offends VirtualBox hardening checks. Try adding VirtualBox (all the exe's in the Program Files\Oracle folder) as an exception for the AV software.

[fabtastic]

I wasn't sure if that was affecting it, as it has been installed and running on workstations for around half a year. It only just started throwing a wrench in a works a few days ago.
I suppose I shouldn't be surprised, as it's only ever interfered with legitimate processes or hands on work. I'm not particularly impressed at the gulf between the sales pitch and actual real world performance / usage.

MSP mentioned that the only way to test this is to... uninstall the EDR entirely, since it's "doing what it's supposed to do" which is rather irritating. It was one of the first things I asked them about when troubleshooting, and they said there were no alerts or logging information on their end re: the EDR triggering or interfering with anything.

We've used traditional A/V solutions in the past and they were okay. I'm thinking we'll revert back to that over the next few months. Thanks for the heads up, I'll give that a try.

[mpack]

MSP mentioned that the only way to test this is to... uninstall the EDR entirely, since it's "doing what it's supposed to do"

Well, if the entire purpose of a computer is to be safe against malware, then you must admit that preventing it from running anything except the AV software is a pretty effective way of achieving the goal. Yes indeed it does what it's supposed to do.

I'm happy with Defender, which is built into Windows 10. I don't see why a modern OS should only be safe when third party fingers are digging into its guts... Personally that sounds rather not safe. And if Defender ever has a real weakness then there are legions of security rags to point it out. I'm aware that you are still on Win7.

[fabtastic]

Well, if the entire purpose of a computer is to be safe against malware, then you must admit that preventing it from running anything except the AV software is a pretty effective way of achieving the goal. Yes indeed it does what it's supposed to do.

You were correct, it is the EDR causing the problem. After it was uninstalled via the remote console (which I don't have access to), VirtualBox worked just as before.

Presumably the SentinelOne EDR had an update this past week in one of its scanning engines that now flags the way VirtualBox on Windows 7 starts up? The Windows 10 host PC with the same version of VirtualBox never had any issues with a VM I had previously installed from scratch on this Windows 7 host and moved over to that machine.

My hands have been tied with moving everyone into Windows 10, but we're getting there slowly. As Windows 7 isn't supported, I suppose actively developed software or services are likely to break more frequently as time passes. I'm a bit annoyed that I'm not getting any detailed feedback from the MSP, as I don't have access to the admin / logging side of the EDR, just the basic client interface which is hilariously light on details. I was told to read over the VirtualBox documentation, so if anyone knows of specific sections or DLL calls / hooks or folders I should pass along to be flagged as exceptions, please let me know!

I also stick to using Windows Defender only on my personal computers. It's good enough for most of us exercising a modicum of caution, but in a business environment, those pesky end users have a way of breaking things. Not always their fault, but some of the things you see them do blithely are... interesting, to say the least.

[mpack]

so if anyone knows of specific sections or DLL calls / hooks or folders I should pass along to be flagged as exceptions, please let me know!

The hardening log provides a list of problems involving "InProcessClient64.dll", at least up to the moment VirtualBox gave up.