API tools faq
paste
Advertisement
Guest User

VBoxHardening.log

a guest
Aug 17th, 2016
292
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 84.52 KB | None | 0 0
raw download clone embed print report
  1. 910.2008: Log file opened: 5.1.4r110228 g_hStartupLog=000000000000011c g_uNtVerCombined=0xa0295a00
  2. 910.2008: \SystemRoot\System32\ntdll.dll:
  3. 910.2008: CreationTime: 2016-05-11T12:05:10.014704600Z
  4. 910.2008: LastWriteTime: 2016-04-23T05:24:28.464629900Z
  5. 910.2008: ChangeTime: 2016-05-15T20:19:31.012649400Z
  6. 910.2008: FileAttributes: 0x20
  7. 910.2008: Size: 0x1bc248
  8. 910.2008: NT Headers: 0xe0
  9. 910.2008: Timestamp: 0x571af2eb
  10. 910.2008: Machine: 0x8664 - amd64
  11. 910.2008: Timestamp: 0x571af2eb
  12. 910.2008: Image Version: 10.0
  13. 910.2008: SizeOfImage: 0x1c1000 (1839104)
  14. 910.2008: Resource Dir: 0x159000 LB 0x66218
  15. 910.2008: ProductName: Microsoft® Windows® Operating System
  16. 910.2008: ProductVersion: 10.0.10586.306
  17. 910.2008: FileVersion: 10.0.10586.306 (th2_release_sec.160422-1850)
  18. 910.2008: FileDescription: NT Layer DLL
  19. 910.2008: \SystemRoot\System32\kernel32.dll:
  20. 910.2008: CreationTime: 2015-10-30T07:16:20.331389100Z
  21. 910.2008: LastWriteTime: 2015-10-30T07:16:20.331389100Z
  22. 910.2008: ChangeTime: 2016-03-14T17:41:57.967766000Z
  23. 910.2008: FileAttributes: 0x20
  24. 910.2008: Size: 0xac430
  25. 910.2008: NT Headers: 0xf0
  26. 910.2008: Timestamp: 0x5632d5aa
  27. 910.2008: Machine: 0x8664 - amd64
  28. 910.2008: Timestamp: 0x5632d5aa
  29. 910.2008: Image Version: 10.0
  30. 910.2008: SizeOfImage: 0xad000 (708608)
  31. 910.2008: Resource Dir: 0xab000 LB 0x528
  32. 910.2008: ProductName: Microsoft® Windows® Operating System
  33. 910.2008: ProductVersion: 10.0.10586.0
  34. 910.2008: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
  35. 910.2008: FileDescription: Windows NT BASE API Client DLL
  36. 910.2008: \SystemRoot\System32\KernelBase.dll:
  37. 910.2008: CreationTime: 2016-07-13T07:44:02.748091300Z
  38. 910.2008: LastWriteTime: 2016-07-01T04:49:21.864958900Z
  39. 910.2008: ChangeTime: 2016-07-13T11:37:19.901820900Z
  40. 910.2008: FileAttributes: 0x20
  41. 910.2008: Size: 0x1e7a10
  42. 910.2008: NT Headers: 0xf0
  43. 910.2008: Timestamp: 0x5775e4c5
  44. 910.2008: Machine: 0x8664 - amd64
  45. 910.2008: Timestamp: 0x5775e4c5
  46. 910.2008: Image Version: 10.0
  47. 910.2008: SizeOfImage: 0x1e8000 (1998848)
  48. 910.2008: Resource Dir: 0x1d1000 LB 0x548
  49. 910.2008: ProductName: Microsoft® Windows® Operating System
  50. 910.2008: ProductVersion: 10.0.10586.494
  51. 910.2008: FileVersion: 10.0.10586.494 (th2_release_sec.160630-1736)
  52. 910.2008: FileDescription: Windows NT BASE API Client DLL
  53. 910.2008: \SystemRoot\System32\apisetschema.dll:
  54. 910.2008: CreationTime: 2015-10-30T07:16:42.846943300Z
  55. 910.2008: LastWriteTime: 2015-10-30T07:16:42.862567900Z
  56. 910.2008: ChangeTime: 2016-03-14T17:41:53.529567100Z
  57. 910.2008: FileAttributes: 0x20
  58. 910.2008: Size: 0x16d60
  59. 910.2008: NT Headers: 0xc8
  60. 910.2008: Timestamp: 0x5632d94c
  61. 910.2008: Machine: 0x8664 - amd64
  62. 910.2008: Timestamp: 0x5632d94c
  63. 910.2008: Image Version: 10.0
  64. 910.2008: SizeOfImage: 0x18000 (98304)
  65. 910.2008: Resource Dir: 0x17000 LB 0x400
  66. 910.2008: ProductName: Microsoft® Windows® Operating System
  67. 910.2008: ProductVersion: 10.0.10586.0
  68. 910.2008: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
  69. 910.2008: FileDescription: ApiSet Schema DLL
  70. 910.2008: supR3HardenedWinFindAdversaries: 0x80
  71. 910.2008: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
  72. 910.2008: CreationTime: 2016-01-05T09:38:45.769859200Z
  73. 910.2008: LastWriteTime: 2016-08-16T15:17:33.175624300Z
  74. 910.2008: ChangeTime: 2016-08-16T15:17:33.175624300Z
  75. 910.2008: FileAttributes: 0x20
  76. 910.2008: Size: 0x2eed8
  77. 910.2008: NT Headers: 0xe0
  78. 910.2008: Timestamp: 0x55b855d9
  79. 910.2008: Machine: 0x8664 - amd64
  80. 910.2008: Timestamp: 0x55b855d9
  81. 910.2008: Image Version: 6.1
  82. 910.2008: SizeOfImage: 0x33000 (208896)
  83. 910.2008: Resource Dir: 0x31000 LB 0x3b8
  84. 910.2008: ProductName: Malwarebytes Anti-Malware
  85. 910.2008: ProductVersion: 0.3.0.0
  86. 910.2008: FileVersion: 0.3.0.0
  87. 910.2008: FileDescription: Malwarebytes Anti-Malware
  88. 910.2008: \SystemRoot\System32\drivers\mwac.sys:
  89. 910.2008: CreationTime: 2016-01-05T09:38:10.192276800Z
  90. 910.2008: LastWriteTime: 2016-03-10T12:09:10.000000000Z
  91. 910.2008: ChangeTime: 2016-05-22T17:27:09.681502800Z
  92. 910.2008: FileAttributes: 0x20
  93. 910.2008: Size: 0xff80
  94. 910.2008: NT Headers: 0xe0
  95. 910.2008: Timestamp: 0x53a0f444
  96. 910.2008: Machine: 0x8664 - amd64
  97. 910.2008: Timestamp: 0x53a0f444
  98. 910.2008: Image Version: 6.2
  99. 910.2008: SizeOfImage: 0x13000 (77824)
  100. 910.2008: Resource Dir: 0x11000 LB 0x3e0
  101. 910.2008: ProductName: Malwarebytes Web Access Control
  102. 910.2008: ProductVersion: 1.0.6.0
  103. 910.2008: FileVersion: 1.0.6.0
  104. 910.2008: FileDescription: Malwarebytes Web Access Control
  105. 910.2008: \SystemRoot\System32\drivers\mbamchameleon.sys:
  106. 910.2008: CreationTime: 2016-01-05T09:38:10.256320100Z
  107. 910.2008: LastWriteTime: 2016-03-10T12:08:58.000000000Z
  108. 910.2008: ChangeTime: 2016-05-22T17:27:09.728541000Z
  109. 910.2008: FileAttributes: 0x20
  110. 910.2008: Size: 0x22580
  111. 910.2008: NT Headers: 0xe0
  112. 910.2008: Timestamp: 0x56a95753
  113. 910.2008: Machine: 0x8664 - amd64
  114. 910.2008: Timestamp: 0x56a95753
  115. 910.2008: Image Version: 6.1
  116. 910.2008: SizeOfImage: 0x26000 (155648)
  117. 910.2008: Resource Dir: 0x24000 LB 0xba8
  118. 910.2008: ProductName: Malwarebytes Chameleon
  119. 910.2008: ProductVersion: 1.1.22.0
  120. 910.2008: FileVersion: 1.1.22.0
  121. 910.2008: FileDescription: Malwarebytes Chameleon Protection Driver
  122. 910.2008: \SystemRoot\System32\drivers\mbam.sys:
  123. 910.2008: CreationTime: 2016-01-05T09:38:10.135239900Z
  124. 910.2008: LastWriteTime: 2016-03-10T12:08:54.000000000Z
  125. 910.2008: ChangeTime: 2016-05-22T17:27:09.298096400Z
  126. 910.2008: FileAttributes: 0x20
  127. 910.2008: Size: 0x6980
  128. 910.2008: NT Headers: 0xd8
  129. 910.2008: Timestamp: 0x55ca3257
  130. 910.2008: Machine: 0x8664 - amd64
  131. 910.2008: Timestamp: 0x55ca3257
  132. 910.2008: Image Version: 6.1
  133. 910.2008: SizeOfImage: 0xa000 (40960)
  134. 910.2008: Resource Dir: 0x8000 LB 0x3a0
  135. 910.2008: ProductName: Malwarebytes Anti-Malware
  136. 910.2008: ProductVersion: 0.1.16.0
  137. 910.2008: FileVersion: 0.1.16.0
  138. 910.2008: FileDescription: Malwarebytes Anti-Malware
  139. 910.2008: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  140. 910.2008: Calling main()
  141. 910.2008: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
  142. 910.2008: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  143. 910.2008: SUPR3HardenedMain: Respawn #1
  144. 910.2008: System32: \Device\HarddiskVolume4\Windows\System32
  145. 910.2008: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
  146. 910.2008: KnownDllPath: C:\WINDOWS\system32
  147. 910.2008: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  148. 910.2008: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  149. 910.2008: supR3HardNtEnableThreadCreation:
  150. 910.2008: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9f7c56d50 pvNtTerminateThread=00007ff9f7c85b30
  151. 910.2008: supR3HardenedWinDoReSpawn(1): New child 24e8.10f0 [kernel32].
  152. 910.2008: supR3HardNtChildGatherData: PebBaseAddress=0000000000746000 cbPeb=0x388
  153. 910.2008: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff9f7be0000 uNtDllChildAddr=00007ff9f7be0000
  154. 910.2008: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9f7c56d50
  155. 910.2008: supR3HardenedWinSetupChildInit: Start child.
  156. 910.2008: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
  157. 910.2008: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 54 sleeps
  158. 910.2008: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
  159. 910.2008: *0000000000000000-ffffffffffb9ffff 0x0001/0x0000 0x0000000
  160. 910.2008: *0000000000460000-000000000043ffff 0x0004/0x0004 0x0020000
  161. 910.2008: *0000000000480000-000000000046afff 0x0002/0x0002 0x0040000
  162. 910.2008: 0000000000495000-0000000000489fff 0x0001/0x0000 0x0000000
  163. 910.2008: *00000000004a0000-00000000003a4fff 0x0000/0x0004 0x0020000
  164. 910.2008: 000000000059b000-0000000000597fff 0x0104/0x0004 0x0020000
  165. 910.2008: 000000000059e000-000000000059bfff 0x0004/0x0004 0x0020000
  166. 910.2008: *00000000005a0000-000000000059bfff 0x0002/0x0002 0x0040000
  167. 910.2008: 00000000005a4000-0000000000597fff 0x0001/0x0000 0x0000000
  168. 910.2008: *00000000005b0000-00000000005adfff 0x0004/0x0004 0x0020000
  169. 910.2008: 00000000005b2000-0000000000563fff 0x0001/0x0000 0x0000000
  170. 910.2008: *0000000000600000-00000000004b9fff 0x0000/0x0004 0x0020000
  171. 910.2008: 0000000000746000-0000000000742fff 0x0004/0x0004 0x0020000
  172. 910.2008: 0000000000749000-0000000000691fff 0x0000/0x0004 0x0020000
  173. 910.2008: 0000000000800000-ffffffff8101ffff 0x0001/0x0000 0x0000000
  174. 910.2008: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
  175. 910.2008: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
  176. 910.2008: 000000007fff0000-ffff80099fe6ffff 0x0001/0x0000 0x0000000
  177. 910.2008: *00007ff760170000-00007ff76014cfff 0x0002/0x0002 0x0040000
  178. 910.2008: 00007ff760193000-00007ff75fbc5fff 0x0001/0x0000 0x0000000
  179. 910.2008: *00007ff760760000-00007ff760760fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  180. 910.2008: 00007ff760761000-00007ff7607cffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  181. 910.2008: 00007ff7607d0000-00007ff7607d0fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  182. 910.2008: 00007ff7607d1000-00007ff760815fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  183. 910.2008: 00007ff760816000-00007ff760816fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  184. 910.2008: 00007ff760817000-00007ff760817fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  185. 910.2008: 00007ff760818000-00007ff76081cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  186. 910.2008: 00007ff76081d000-00007ff76081dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  187. 910.2008: 00007ff76081e000-00007ff76081efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  188. 910.2008: 00007ff76081f000-00007ff760822fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  189. 910.2008: 00007ff760823000-00007ff76086afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  190. 910.2008: 00007ff76086b000-00007ff4c94f5fff 0x0001/0x0000 0x0000000
  191. 910.2008: *00007ff9f7be0000-00007ff9f7be0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  192. 910.2008: 00007ff9f7be1000-00007ff9f7cddfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  193. 910.2008: 00007ff9f7cde000-00007ff9f7d1efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  194. 910.2008: 00007ff9f7d1f000-00007ff9f7d27fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  195. 910.2008: 00007ff9f7d28000-00007ff9f7d34fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  196. 910.2008: 00007ff9f7d35000-00007ff9f7d35fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  197. 910.2008: 00007ff9f7d36000-00007ff9f7d38fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  198. 910.2008: 00007ff9f7d39000-00007ff9f7da0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  199. 910.2008: 00007ff9f7da1000-00007ff3efb61fff 0x0001/0x0000 0x0000000
  200. 910.2008: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
  201. 910.2008: VirtualBox.exe: timestamp 0x57b358f8 (rc=VINF_SUCCESS)
  202. 910.2008: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  203. 910.2008: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
  204. 910.2008: supR3HardNtChildPurify: Done after 571 ms and 0 fixes (loop #0).
  205. 24e8.10f0: Log file opened: 5.1.4r110228 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0295a00
  206. 24e8.10f0: supR3HardenedVmProcessInit: uNtDllAddr=00007ff9f7be0000 g_uNtVerCombined=0xa0295a00
  207. 24e8.10f0: ntdll.dll: timestamp 0x571af2eb (rc=VINF_SUCCESS)
  208. 24e8.10f0: New simple heap: #1 0000000000900000 LB 0x400000 (for 1839104 allocation)
  209. 24e8.10f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  210. 24e8.10f0: System32: \Device\HarddiskVolume4\Windows\System32
  211. 24e8.10f0: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
  212. 24e8.10f0: KnownDllPath: C:\WINDOWS\system32
  213. 24e8.10f0: supR3HardenedVmProcessInit: Opening vboxdrv stub...
  214. 910.2008: supR3HardNtEnableThreadCreation:
  215. 24e8.10f0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
  216. 24e8.10f0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
  217. 24e8.10f0: Registered Dll notification callback with NTDLL.
  218. 24e8.10f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
  219. 24e8.10f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
  220. 24e8.10f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
  221. 24e8.10f0: supR3HardenedDllNotificationCallback: load 00007ff9f4bb0000 LB 0x001e8000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
  222. 24e8.10f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
  223. 24e8.10f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
  224. 24e8.10f0: supR3HardenedDllNotificationCallback: load 00007ff9f5270000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
  225. 24e8.10f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  226. 24e8.10f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5270000 'C:\WINDOWS\system32\KERNEL32.DLL'
  227. 24e8.10f0: supR3HardenedDllNotificationCallback: load 00007ff760760000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
  228. 24e8.10f0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  229. 24e8.10f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  230. 24e8.10f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  231. 24e8.10f0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9f7c56d50 pvNtTerminateThread=00007ff9f7c85b30
  232. 24e8.10f0: \SystemRoot\System32\ntdll.dll:
  233. 24e8.10f0: CreationTime: 2016-05-11T12:05:10.014704600Z
  234. 24e8.10f0: LastWriteTime: 2016-04-23T05:24:28.464629900Z
  235. 24e8.10f0: ChangeTime: 2016-05-15T20:19:31.012649400Z
  236. 24e8.10f0: FileAttributes: 0x20
  237. 24e8.10f0: Size: 0x1bc248
  238. 24e8.10f0: NT Headers: 0xe0
  239. 24e8.10f0: Timestamp: 0x571af2eb
  240. 24e8.10f0: Machine: 0x8664 - amd64
  241. 24e8.10f0: Timestamp: 0x571af2eb
  242. 24e8.10f0: Image Version: 10.0
  243. 24e8.10f0: SizeOfImage: 0x1c1000 (1839104)
  244. 24e8.10f0: Resource Dir: 0x159000 LB 0x66218
  245. 24e8.10f0: ProductName: Microsoft® Windows® Operating System
  246. 24e8.10f0: ProductVersion: 10.0.10586.306
  247. 24e8.10f0: FileVersion: 10.0.10586.306 (th2_release_sec.160422-1850)
  248. 24e8.10f0: FileDescription: NT Layer DLL
  249. 24e8.10f0: \SystemRoot\System32\kernel32.dll:
  250. 24e8.10f0: CreationTime: 2015-10-30T07:16:20.331389100Z
  251. 24e8.10f0: LastWriteTime: 2015-10-30T07:16:20.331389100Z
  252. 24e8.10f0: ChangeTime: 2016-03-14T17:41:57.967766000Z
  253. 24e8.10f0: FileAttributes: 0x20
  254. 24e8.10f0: Size: 0xac430
  255. 24e8.10f0: NT Headers: 0xf0
  256. 24e8.10f0: Timestamp: 0x5632d5aa
  257. 24e8.10f0: Machine: 0x8664 - amd64
  258. 24e8.10f0: Timestamp: 0x5632d5aa
  259. 24e8.10f0: Image Version: 10.0
  260. 24e8.10f0: SizeOfImage: 0xad000 (708608)
  261. 24e8.10f0: Resource Dir: 0xab000 LB 0x528
  262. 24e8.10f0: ProductName: Microsoft® Windows® Operating System
  263. 24e8.10f0: ProductVersion: 10.0.10586.0
  264. 24e8.10f0: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
  265. 24e8.10f0: FileDescription: Windows NT BASE API Client DLL
  266. 24e8.10f0: \SystemRoot\System32\KernelBase.dll:
  267. 24e8.10f0: CreationTime: 2016-07-13T07:44:02.748091300Z
  268. 24e8.10f0: LastWriteTime: 2016-07-01T04:49:21.864958900Z
  269. 24e8.10f0: ChangeTime: 2016-07-13T11:37:19.901820900Z
  270. 24e8.10f0: FileAttributes: 0x20
  271. 24e8.10f0: Size: 0x1e7a10
  272. 24e8.10f0: NT Headers: 0xf0
  273. 24e8.10f0: Timestamp: 0x5775e4c5
  274. 24e8.10f0: Machine: 0x8664 - amd64
  275. 24e8.10f0: Timestamp: 0x5775e4c5
  276. 24e8.10f0: Image Version: 10.0
  277. 24e8.10f0: SizeOfImage: 0x1e8000 (1998848)
  278. 24e8.10f0: Resource Dir: 0x1d1000 LB 0x548
  279. 24e8.10f0: ProductName: Microsoft® Windows® Operating System
  280. 24e8.10f0: ProductVersion: 10.0.10586.494
  281. 24e8.10f0: FileVersion: 10.0.10586.494 (th2_release_sec.160630-1736)
  282. 24e8.10f0: FileDescription: Windows NT BASE API Client DLL
  283. 24e8.10f0: \SystemRoot\System32\apisetschema.dll:
  284. 24e8.10f0: CreationTime: 2015-10-30T07:16:42.846943300Z
  285. 24e8.10f0: LastWriteTime: 2015-10-30T07:16:42.862567900Z
  286. 24e8.10f0: ChangeTime: 2016-03-14T17:41:53.529567100Z
  287. 24e8.10f0: FileAttributes: 0x20
  288. 24e8.10f0: Size: 0x16d60
  289. 24e8.10f0: NT Headers: 0xc8
  290. 24e8.10f0: Timestamp: 0x5632d94c
  291. 24e8.10f0: Machine: 0x8664 - amd64
  292. 24e8.10f0: Timestamp: 0x5632d94c
  293. 24e8.10f0: Image Version: 10.0
  294. 24e8.10f0: SizeOfImage: 0x18000 (98304)
  295. 24e8.10f0: Resource Dir: 0x17000 LB 0x400
  296. 24e8.10f0: ProductName: Microsoft® Windows® Operating System
  297. 24e8.10f0: ProductVersion: 10.0.10586.0
  298. 24e8.10f0: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
  299. 24e8.10f0: FileDescription: ApiSet Schema DLL
  300. 910.2008: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 88 ms.
  301. 24e8.10f0: supR3HardenedWinFindAdversaries: 0x80
  302. 24e8.10f0: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
  303. 24e8.10f0: CreationTime: 2016-01-05T09:38:45.769859200Z
  304. 24e8.10f0: LastWriteTime: 2016-08-16T15:17:33.175624300Z
  305. 24e8.10f0: ChangeTime: 2016-08-16T15:17:33.175624300Z
  306. 24e8.10f0: FileAttributes: 0x20
  307. 24e8.10f0: Size: 0x2eed8
  308. 24e8.10f0: NT Headers: 0xe0
  309. 24e8.10f0: Timestamp: 0x55b855d9
  310. 24e8.10f0: Machine: 0x8664 - amd64
  311. 24e8.10f0: Timestamp: 0x55b855d9
  312. 24e8.10f0: Image Version: 6.1
  313. 24e8.10f0: SizeOfImage: 0x33000 (208896)
  314. 24e8.10f0: Resource Dir: 0x31000 LB 0x3b8
  315. 24e8.10f0: ProductName: Malwarebytes Anti-Malware
  316. 24e8.10f0: ProductVersion: 0.3.0.0
  317. 24e8.10f0: FileVersion: 0.3.0.0
  318. 24e8.10f0: FileDescription: Malwarebytes Anti-Malware
  319. 24e8.10f0: \SystemRoot\System32\drivers\mwac.sys:
  320. 24e8.10f0: CreationTime: 2016-01-05T09:38:10.192276800Z
  321. 24e8.10f0: LastWriteTime: 2016-03-10T12:09:10.000000000Z
  322. 24e8.10f0: ChangeTime: 2016-05-22T17:27:09.681502800Z
  323. 24e8.10f0: FileAttributes: 0x20
  324. 24e8.10f0: Size: 0xff80
  325. 24e8.10f0: NT Headers: 0xe0
  326. 24e8.10f0: Timestamp: 0x53a0f444
  327. 24e8.10f0: Machine: 0x8664 - amd64
  328. 24e8.10f0: Timestamp: 0x53a0f444
  329. 24e8.10f0: Image Version: 6.2
  330. 24e8.10f0: SizeOfImage: 0x13000 (77824)
  331. 24e8.10f0: Resource Dir: 0x11000 LB 0x3e0
  332. 24e8.10f0: ProductName: Malwarebytes Web Access Control
  333. 24e8.10f0: ProductVersion: 1.0.6.0
  334. 24e8.10f0: FileVersion: 1.0.6.0
  335. 24e8.10f0: FileDescription: Malwarebytes Web Access Control
  336. 24e8.10f0: \SystemRoot\System32\drivers\mbamchameleon.sys:
  337. 24e8.10f0: CreationTime: 2016-01-05T09:38:10.256320100Z
  338. 24e8.10f0: LastWriteTime: 2016-03-10T12:08:58.000000000Z
  339. 24e8.10f0: ChangeTime: 2016-05-22T17:27:09.728541000Z
  340. 24e8.10f0: FileAttributes: 0x20
  341. 24e8.10f0: Size: 0x22580
  342. 24e8.10f0: NT Headers: 0xe0
  343. 24e8.10f0: Timestamp: 0x56a95753
  344. 24e8.10f0: Machine: 0x8664 - amd64
  345. 24e8.10f0: Timestamp: 0x56a95753
  346. 24e8.10f0: Image Version: 6.1
  347. 24e8.10f0: SizeOfImage: 0x26000 (155648)
  348. 24e8.10f0: Resource Dir: 0x24000 LB 0xba8
  349. 24e8.10f0: ProductName: Malwarebytes Chameleon
  350. 24e8.10f0: ProductVersion: 1.1.22.0
  351. 24e8.10f0: FileVersion: 1.1.22.0
  352. 24e8.10f0: FileDescription: Malwarebytes Chameleon Protection Driver
  353. 24e8.10f0: \SystemRoot\System32\drivers\mbam.sys:
  354. 24e8.10f0: CreationTime: 2016-01-05T09:38:10.135239900Z
  355. 24e8.10f0: LastWriteTime: 2016-03-10T12:08:54.000000000Z
  356. 24e8.10f0: ChangeTime: 2016-05-22T17:27:09.298096400Z
  357. 24e8.10f0: FileAttributes: 0x20
  358. 24e8.10f0: Size: 0x6980
  359. 24e8.10f0: NT Headers: 0xd8
  360. 24e8.10f0: Timestamp: 0x55ca3257
  361. 24e8.10f0: Machine: 0x8664 - amd64
  362. 24e8.10f0: Timestamp: 0x55ca3257
  363. 24e8.10f0: Image Version: 6.1
  364. 24e8.10f0: SizeOfImage: 0xa000 (40960)
  365. 24e8.10f0: Resource Dir: 0x8000 LB 0x3a0
  366. 24e8.10f0: ProductName: Malwarebytes Anti-Malware
  367. 24e8.10f0: ProductVersion: 0.1.16.0
  368. 24e8.10f0: FileVersion: 0.1.16.0
  369. 24e8.10f0: FileDescription: Malwarebytes Anti-Malware
  370. 24e8.10f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  371. 24e8.10f0: Calling main()
  372. 24e8.10f0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
  373. 24e8.10f0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  374. 24e8.10f0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  375. 24e8.10f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  376. 24e8.10f0: SUPR3HardenedMain: Respawn #2
  377. 24e8.10f0: supR3HardNtEnableThreadCreation:
  378. 24e8.10f0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\apphelp.dll)
  379. 24e8.10f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\apphelp.dll
  380. 24e8.10f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
  381. 24e8.10f0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
  382. 24e8.10f0: supR3HardenedDllNotificationCallback: load 00007ff9f29f0000 LB 0x00079000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0]
  383. 24e8.10f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
  384. 24e8.10f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f29f0000 'C:\WINDOWS\system32\apphelp.dll'
  385. 24e8.10f0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9f7c56d50 pvNtTerminateThread=00007ff9f7c85b30
  386. 24e8.10f0: supR3HardenedWinDoReSpawn(2): New child 2630.ba4 [kernel32].
  387. 24e8.10f0: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
  388. 24e8.10f0: supR3HardNtChildGatherData: PebBaseAddress=0000000001080000 cbPeb=0x388
  389. 24e8.10f0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff9f7be0000 uNtDllChildAddr=00007ff9f7be0000
  390. 24e8.10f0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9f7c56d50
  391. 24e8.10f0: supR3HardenedWinSetupChildInit: Start child.
  392. 24e8.10f0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
  393. 24e8.10f0: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 54 sleeps
  394. 24e8.10f0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
  395. 24e8.10f0: *0000000000000000-ffffffffff07ffff 0x0001/0x0000 0x0000000
  396. 24e8.10f0: *0000000000f80000-0000000000f5ffff 0x0004/0x0004 0x0020000
  397. 24e8.10f0: *0000000000fa0000-0000000000f8afff 0x0002/0x0002 0x0040000
  398. 24e8.10f0: 0000000000fb5000-0000000000fa9fff 0x0001/0x0000 0x0000000
  399. 24e8.10f0: *0000000000fc0000-0000000000fbbfff 0x0002/0x0002 0x0040000
  400. 24e8.10f0: 0000000000fc4000-0000000000fb7fff 0x0001/0x0000 0x0000000
  401. 24e8.10f0: *0000000000fd0000-0000000000fcdfff 0x0004/0x0004 0x0020000
  402. 24e8.10f0: 0000000000fd2000-0000000000fa3fff 0x0001/0x0000 0x0000000
  403. 24e8.10f0: *0000000001000000-0000000000f7ffff 0x0000/0x0004 0x0020000
  404. 24e8.10f0: 0000000001080000-000000000107cfff 0x0004/0x0004 0x0020000
  405. 24e8.10f0: 0000000001083000-0000000000f05fff 0x0000/0x0004 0x0020000
  406. 24e8.10f0: *0000000001200000-0000000001104fff 0x0000/0x0004 0x0020000
  407. 24e8.10f0: 00000000012fb000-00000000012f7fff 0x0104/0x0004 0x0020000
  408. 24e8.10f0: 00000000012fe000-00000000012fbfff 0x0004/0x0004 0x0020000
  409. 24e8.10f0: 0000000001300000-ffffffff8261ffff 0x0001/0x0000 0x0000000
  410. 24e8.10f0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
  411. 24e8.10f0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
  412. 24e8.10f0: 000000007fff0000-ffff80099fa6ffff 0x0001/0x0000 0x0000000
  413. 24e8.10f0: *00007ff760570000-00007ff76054cfff 0x0002/0x0002 0x0040000
  414. 24e8.10f0: 00007ff760593000-00007ff7603c5fff 0x0001/0x0000 0x0000000
  415. 24e8.10f0: *00007ff760760000-00007ff760760fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  416. 24e8.10f0: 00007ff760761000-00007ff7607cffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  417. 24e8.10f0: 00007ff7607d0000-00007ff7607d0fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  418. 24e8.10f0: 00007ff7607d1000-00007ff760815fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  419. 24e8.10f0: 00007ff760816000-00007ff760816fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  420. 24e8.10f0: 00007ff760817000-00007ff760817fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  421. 24e8.10f0: 00007ff760818000-00007ff76081cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  422. 24e8.10f0: 00007ff76081d000-00007ff76081dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  423. 24e8.10f0: 00007ff76081e000-00007ff76081efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  424. 24e8.10f0: 00007ff76081f000-00007ff760822fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  425. 24e8.10f0: 00007ff760823000-00007ff76086afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  426. 24e8.10f0: 00007ff76086b000-00007ff4c94f5fff 0x0001/0x0000 0x0000000
  427. 24e8.10f0: *00007ff9f7be0000-00007ff9f7be0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  428. 24e8.10f0: 00007ff9f7be1000-00007ff9f7cddfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  429. 24e8.10f0: 00007ff9f7cde000-00007ff9f7d1efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  430. 24e8.10f0: 00007ff9f7d1f000-00007ff9f7d27fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  431. 24e8.10f0: 00007ff9f7d28000-00007ff9f7d34fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  432. 24e8.10f0: 00007ff9f7d35000-00007ff9f7d35fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  433. 24e8.10f0: 00007ff9f7d36000-00007ff9f7d38fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  434. 24e8.10f0: 00007ff9f7d39000-00007ff9f7da0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  435. 24e8.10f0: 00007ff9f7da1000-00007ff3efb61fff 0x0001/0x0000 0x0000000
  436. 24e8.10f0: *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
  437. 24e8.10f0: VirtualBox.exe: timestamp 0x57b358f8 (rc=VINF_SUCCESS)
  438. 24e8.10f0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  439. 24e8.10f0: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
  440. 24e8.10f0: supR3HardNtChildPurify: Done after 575 ms and 0 fixes (loop #0).
  441. 2630.ba4: Log file opened: 5.1.4r110228 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0295a00
  442. 2630.ba4: supR3HardenedVmProcessInit: uNtDllAddr=00007ff9f7be0000 g_uNtVerCombined=0xa0295a00
  443. 2630.ba4: ntdll.dll: timestamp 0x571af2eb (rc=VINF_SUCCESS)
  444. 2630.ba4: New simple heap: #1 0000000001400000 LB 0x400000 (for 1839104 allocation)
  445. 24e8.10f0: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000900000 LB 0x400000)
  446. 24e8.10f0: supR3HardNtEnableThreadCreation:
  447. 2630.ba4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  448. 2630.ba4: System32: \Device\HarddiskVolume4\Windows\System32
  449. 2630.ba4: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
  450. 2630.ba4: KnownDllPath: C:\WINDOWS\system32
  451. 2630.ba4: supR3HardenedVmProcessInit: Opening vboxdrv...
  452. 2630.ba4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
  453. 2630.ba4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
  454. 2630.ba4: Registered Dll notification callback with NTDLL.
  455. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
  456. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
  457. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
  458. 2630.ba4: supR3HardenedDllNotificationCallback: load 00007ff9f4bb0000 LB 0x001e8000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
  459. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
  460. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
  461. 2630.ba4: supR3HardenedDllNotificationCallback: load 00007ff9f5270000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
  462. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  463. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5270000 'C:\WINDOWS\system32\KERNEL32.DLL'
  464. 2630.ba4: supR3HardenedDllNotificationCallback: load 00007ff760760000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
  465. 2630.ba4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  466. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  467. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  468. 2630.ba4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9f7c56d50 pvNtTerminateThread=00007ff9f7c85b30
  469. 24e8.10f0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 110 ms.
  470. 2630.ba4: \SystemRoot\System32\ntdll.dll:
  471. 2630.ba4: CreationTime: 2016-05-11T12:05:10.014704600Z
  472. 2630.ba4: LastWriteTime: 2016-04-23T05:24:28.464629900Z
  473. 2630.ba4: ChangeTime: 2016-05-15T20:19:31.012649400Z
  474. 2630.ba4: FileAttributes: 0x20
  475. 2630.ba4: Size: 0x1bc248
  476. 2630.ba4: NT Headers: 0xe0
  477. 2630.ba4: Timestamp: 0x571af2eb
  478. 2630.ba4: Machine: 0x8664 - amd64
  479. 2630.ba4: Timestamp: 0x571af2eb
  480. 2630.ba4: Image Version: 10.0
  481. 2630.ba4: SizeOfImage: 0x1c1000 (1839104)
  482. 2630.ba4: Resource Dir: 0x159000 LB 0x66218
  483. 2630.ba4: ProductName: Microsoft® Windows® Operating System
  484. 2630.ba4: ProductVersion: 10.0.10586.306
  485. 2630.ba4: FileVersion: 10.0.10586.306 (th2_release_sec.160422-1850)
  486. 2630.ba4: FileDescription: NT Layer DLL
  487. 2630.ba4: \SystemRoot\System32\kernel32.dll:
  488. 2630.ba4: CreationTime: 2015-10-30T07:16:20.331389100Z
  489. 2630.ba4: LastWriteTime: 2015-10-30T07:16:20.331389100Z
  490. 2630.ba4: ChangeTime: 2016-03-14T17:41:57.967766000Z
  491. 2630.ba4: FileAttributes: 0x20
  492. 2630.ba4: Size: 0xac430
  493. 2630.ba4: NT Headers: 0xf0
  494. 2630.ba4: Timestamp: 0x5632d5aa
  495. 2630.ba4: Machine: 0x8664 - amd64
  496. 2630.ba4: Timestamp: 0x5632d5aa
  497. 2630.ba4: Image Version: 10.0
  498. 2630.ba4: SizeOfImage: 0xad000 (708608)
  499. 2630.ba4: Resource Dir: 0xab000 LB 0x528
  500. 2630.ba4: ProductName: Microsoft® Windows® Operating System
  501. 2630.ba4: ProductVersion: 10.0.10586.0
  502. 2630.ba4: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
  503. 2630.ba4: FileDescription: Windows NT BASE API Client DLL
  504. 2630.ba4: \SystemRoot\System32\KernelBase.dll:
  505. 2630.ba4: CreationTime: 2016-07-13T07:44:02.748091300Z
  506. 2630.ba4: LastWriteTime: 2016-07-01T04:49:21.864958900Z
  507. 2630.ba4: ChangeTime: 2016-07-13T11:37:19.901820900Z
  508. 2630.ba4: FileAttributes: 0x20
  509. 2630.ba4: Size: 0x1e7a10
  510. 2630.ba4: NT Headers: 0xf0
  511. 2630.ba4: Timestamp: 0x5775e4c5
  512. 2630.ba4: Machine: 0x8664 - amd64
  513. 2630.ba4: Timestamp: 0x5775e4c5
  514. 2630.ba4: Image Version: 10.0
  515. 2630.ba4: SizeOfImage: 0x1e8000 (1998848)
  516. 2630.ba4: Resource Dir: 0x1d1000 LB 0x548
  517. 2630.ba4: ProductName: Microsoft® Windows® Operating System
  518. 2630.ba4: ProductVersion: 10.0.10586.494
  519. 2630.ba4: FileVersion: 10.0.10586.494 (th2_release_sec.160630-1736)
  520. 2630.ba4: FileDescription: Windows NT BASE API Client DLL
  521. 2630.ba4: \SystemRoot\System32\apisetschema.dll:
  522. 2630.ba4: CreationTime: 2015-10-30T07:16:42.846943300Z
  523. 2630.ba4: LastWriteTime: 2015-10-30T07:16:42.862567900Z
  524. 2630.ba4: ChangeTime: 2016-03-14T17:41:53.529567100Z
  525. 2630.ba4: FileAttributes: 0x20
  526. 2630.ba4: Size: 0x16d60
  527. 2630.ba4: NT Headers: 0xc8
  528. 2630.ba4: Timestamp: 0x5632d94c
  529. 2630.ba4: Machine: 0x8664 - amd64
  530. 2630.ba4: Timestamp: 0x5632d94c
  531. 2630.ba4: Image Version: 10.0
  532. 2630.ba4: SizeOfImage: 0x18000 (98304)
  533. 2630.ba4: Resource Dir: 0x17000 LB 0x400
  534. 2630.ba4: ProductName: Microsoft® Windows® Operating System
  535. 2630.ba4: ProductVersion: 10.0.10586.0
  536. 2630.ba4: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
  537. 2630.ba4: FileDescription: ApiSet Schema DLL
  538. 2630.ba4: supR3HardenedWinFindAdversaries: 0x80
  539. 2630.ba4: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
  540. 2630.ba4: CreationTime: 2016-01-05T09:38:45.769859200Z
  541. 2630.ba4: LastWriteTime: 2016-08-16T15:17:33.175624300Z
  542. 2630.ba4: ChangeTime: 2016-08-16T15:17:33.175624300Z
  543. 2630.ba4: FileAttributes: 0x20
  544. 2630.ba4: Size: 0x2eed8
  545. 2630.ba4: NT Headers: 0xe0
  546. 2630.ba4: Timestamp: 0x55b855d9
  547. 2630.ba4: Machine: 0x8664 - amd64
  548. 2630.ba4: Timestamp: 0x55b855d9
  549. 2630.ba4: Image Version: 6.1
  550. 2630.ba4: SizeOfImage: 0x33000 (208896)
  551. 2630.ba4: Resource Dir: 0x31000 LB 0x3b8
  552. 2630.ba4: ProductName: Malwarebytes Anti-Malware
  553. 2630.ba4: ProductVersion: 0.3.0.0
  554. 2630.ba4: FileVersion: 0.3.0.0
  555. 2630.ba4: FileDescription: Malwarebytes Anti-Malware
  556. 2630.ba4: \SystemRoot\System32\drivers\mwac.sys:
  557. 2630.ba4: CreationTime: 2016-01-05T09:38:10.192276800Z
  558. 2630.ba4: LastWriteTime: 2016-03-10T12:09:10.000000000Z
  559. 2630.ba4: ChangeTime: 2016-05-22T17:27:09.681502800Z
  560. 2630.ba4: FileAttributes: 0x20
  561. 2630.ba4: Size: 0xff80
  562. 2630.ba4: NT Headers: 0xe0
  563. 2630.ba4: Timestamp: 0x53a0f444
  564. 2630.ba4: Machine: 0x8664 - amd64
  565. 2630.ba4: Timestamp: 0x53a0f444
  566. 2630.ba4: Image Version: 6.2
  567. 2630.ba4: SizeOfImage: 0x13000 (77824)
  568. 2630.ba4: Resource Dir: 0x11000 LB 0x3e0
  569. 2630.ba4: ProductName: Malwarebytes Web Access Control
  570. 2630.ba4: ProductVersion: 1.0.6.0
  571. 2630.ba4: FileVersion: 1.0.6.0
  572. 2630.ba4: FileDescription: Malwarebytes Web Access Control
  573. 2630.ba4: \SystemRoot\System32\drivers\mbamchameleon.sys:
  574. 2630.ba4: CreationTime: 2016-01-05T09:38:10.256320100Z
  575. 2630.ba4: LastWriteTime: 2016-03-10T12:08:58.000000000Z
  576. 2630.ba4: ChangeTime: 2016-05-22T17:27:09.728541000Z
  577. 2630.ba4: FileAttributes: 0x20
  578. 2630.ba4: Size: 0x22580
  579. 2630.ba4: NT Headers: 0xe0
  580. 2630.ba4: Timestamp: 0x56a95753
  581. 2630.ba4: Machine: 0x8664 - amd64
  582. 2630.ba4: Timestamp: 0x56a95753
  583. 2630.ba4: Image Version: 6.1
  584. 2630.ba4: SizeOfImage: 0x26000 (155648)
  585. 2630.ba4: Resource Dir: 0x24000 LB 0xba8
  586. 2630.ba4: ProductName: Malwarebytes Chameleon
  587. 2630.ba4: ProductVersion: 1.1.22.0
  588. 2630.ba4: FileVersion: 1.1.22.0
  589. 2630.ba4: FileDescription: Malwarebytes Chameleon Protection Driver
  590. 2630.ba4: \SystemRoot\System32\drivers\mbam.sys:
  591. 2630.ba4: CreationTime: 2016-01-05T09:38:10.135239900Z
  592. 2630.ba4: LastWriteTime: 2016-03-10T12:08:54.000000000Z
  593. 2630.ba4: ChangeTime: 2016-05-22T17:27:09.298096400Z
  594. 2630.ba4: FileAttributes: 0x20
  595. 2630.ba4: Size: 0x6980
  596. 2630.ba4: NT Headers: 0xd8
  597. 2630.ba4: Timestamp: 0x55ca3257
  598. 2630.ba4: Machine: 0x8664 - amd64
  599. 2630.ba4: Timestamp: 0x55ca3257
  600. 2630.ba4: Image Version: 6.1
  601. 2630.ba4: SizeOfImage: 0xa000 (40960)
  602. 2630.ba4: Resource Dir: 0x8000 LB 0x3a0
  603. 2630.ba4: ProductName: Malwarebytes Anti-Malware
  604. 2630.ba4: ProductVersion: 0.1.16.0
  605. 2630.ba4: FileVersion: 0.1.16.0
  606. 2630.ba4: FileDescription: Malwarebytes Anti-Malware
  607. 2630.ba4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  608. 2630.ba4: Calling main()
  609. 2630.ba4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
  610. 2630.ba4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  611. 2630.ba4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  612. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  613. 2630.ba4: SUPR3HardenedMain: Final process, opening VBoxDrv...
  614. 2630.ba4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001400000 LB 0x400000)
  615. 2630.ba4: supR3HardNtEnableThreadCreation:
  616. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
  617. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
  618. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  619. 2630.ba4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  620. 2630.ba4: supR3HardenedDllNotificationCallback: load 00007ff9edd70000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
  621. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  622. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  623. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  624. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9edd70000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
  625. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  626. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  627. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9edd70000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
  628. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9edd70000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
  629. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  630. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
  631. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
  632. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
  633. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
  634. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
  635. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  636. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  637. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
  638. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
  639. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
  640. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
  641. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  642. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msasn1.dll'.
  643. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
  644. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
  645. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
  646. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
  647. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
  648. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
  649. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  650. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  651. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
  652. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
  653. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
  654. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
  655. 2630.ba4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
  656. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  657. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  658. 2630.ba4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  659. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  660. 2630.ba4: supR3HardenedDllNotificationCallback: load 00007ff9f58c0000 LB 0x0009d000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0]
  661. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  662. 2630.ba4: supR3HardenedDllNotificationCallback: load 00007ff9f4200000 LB 0x00010000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0]
  663. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
  664. 2630.ba4: supR3HardenedDllNotificationCallback: load 00007ff9f4e10000 LB 0x001c8000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0]
  665. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  666. 2630.ba4: supR3HardenedDllNotificationCallback: load 00007ff9f7540000 LB 0x0011c000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0]
  667. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  668. 2630.ba4: supR3HardenedDllNotificationCallback: load 00007ff9f4340000 LB 0x00055000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0]
  669. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  670. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\WINDOWS\system32\Wintrust.dll'
  671. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
  672. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
  673. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  674. 2630.ba4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  675. 2630.ba4: supR3HardenedDllNotificationCallback: load 00007ff9f4130000 LB 0x00029000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
  676. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  677. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4130000 'C:\WINDOWS\system32\bcrypt.dll'
  678. 2630.ba4: bcrypt.dll loaded at 00007ff9f4130000, BCryptOpenAlgorithmProvider at 00007ff9f4133b50, preloading providers:
  679. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
  680. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
  681. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  682. 2630.ba4: supR3HardenedDllNotificationCallback: load 00007ff9f4b40000 LB 0x0006a000 C:\WINDOWS\system32\bcryptprimitives.dll [fFlags=0x0]
  683. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
  684. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4b40000 'C:\WINDOWS\system32\bcryptprimitives.dll'
  685. 2630.ba4: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000019b9a00)
  686. 2630.ba4: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000019ba0c0)
  687. 2630.ba4: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000019ba390)
  688. 2630.ba4: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000019ba6f0)
  689. 2630.ba4: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000019bb210)
  690. 2630.ba4: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000019bb520)
  691. 2630.ba4: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000019bb830)
  692. 2630.ba4: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000019bbb00)
  693. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  694. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  695. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  696. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  697. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  698. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  699. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  700. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  701. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  702. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  703. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  704. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  705. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  706. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  707. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  708. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  709. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  710. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  711. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  712. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  713. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  714. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
  715. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
  716. 2630.ba4: supR3HardenedDllNotificationCallback: load 00007ff9f3b80000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
  717. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
  718. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
  719. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
  720. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
  721. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
  722. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
  723. 2630.ba4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  724. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  725. 2630.ba4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  726. 2630.ba4: supR3HardenedDllNotificationCallback: load 00007ff9f3810000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
  727. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  728. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  729. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
  730. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
  731. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
  732. 2630.ba4: supR3HardenedDllNotificationCallback: load 00007ff9f3ca0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
  733. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
  734. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  735. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
  736. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
  737. 2630.ba4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
  738. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  739. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5270000 'C:\WINDOWS\system32\kernel32.dll'
  740. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  741. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  742. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  743. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  744. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4e10000 'C:\WINDOWS\system32\CRYPT32.dll'
  745. 2630.ba4: supR3HardenedDllNotificationCallback: load 00007ff9f5dc0000 LB 0x0001c000 C:\WINDOWS\system32\imagehlp.dll [fFlags=0x0]
  746. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  747. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
  748. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
  749. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  750. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  751. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  752. 2630.ba4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  753. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  754. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  755. 2630.ba4: supR3HardenedDllNotificationCallback: load 00007ff9f5640000 LB 0x0005b000 C:\WINDOWS\system32\sechost.dll [fFlags=0x0]
  756. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
  757. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
  758. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
  759. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  760. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
  761. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
  762. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
  763. 2630.ba4: supR3HardenedDllNotificationCallback: load 00007ff9f3200000 LB 0x00024000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
  764. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
  765. 2630.ba4: supR3HardenedDllNotificationCallback: load 00007ff9f4270000 LB 0x00014000 C:\WINDOWS\system32\profapi.dll [fFlags=0x0]
  766. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
  767. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
  768. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  769. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
  770. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
  771. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
  772. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
  773. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
  774. 2630.ba4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  775. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  776. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  777. 2630.ba4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  778. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  779. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  780. 2630.ba4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  781. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  782. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  783. 2630.ba4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  784. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  785. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  786. 2630.ba4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  787. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  788. 2630.ba4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  789. 2630.ba4: supR3HardenedDllNotificationCallback: load 00007ff9e4270000 LB 0x0002f000 C:\WINDOWS\system32\cryptnet.dll [fFlags=0x0]
  790. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  791. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  792. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  793. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4270000 'C:\WINDOWS\system32\cryptnet.dll'
  794. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  795. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  796. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4270000 'C:\WINDOWS\system32\cryptnet.dll'
  797. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  798. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  799. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4270000 'C:\WINDOWS\system32\cryptnet.dll'
  800. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  801. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  802. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4270000 'C:\WINDOWS\system32\cryptnet.dll'
  803. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  804. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  805. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4270000 'C:\WINDOWS\system32\cryptnet.dll'
  806. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  807. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  808. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4270000 'C:\WINDOWS\system32\cryptnet.dll'
  809. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  810. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4270000 'C:\WINDOWS\system32\cryptnet.dll'
  811. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  812. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4270000 'C:\WINDOWS\system32\cryptnet.dll'
  813. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  814. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4270000 'C:\WINDOWS\system32\cryptnet.dll'
  815. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  816. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4270000 'C:\WINDOWS\system32\cryptnet.dll'
  817. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  818. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4270000 'C:\WINDOWS\system32\cryptnet.dll'
  819. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4270000 'C:\WINDOWS\system32\cryptnet.dll'
  820. 2630.ba4: supR3HardenedDllNotificationCallback: load 00007ff9f5aa0000 LB 0x000a7000 C:\WINDOWS\system32\advapi32.dll [fFlags=0x0]
  821. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  822. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
  823. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
  824. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
  825. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
  826. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  827. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  828. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  829. 2630.ba4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  830. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
  831. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
  832. 2630.ba4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
  833. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  834. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  835. 2630.ba4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  836. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  837. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  838. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  839. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  840. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4e10000 'C:\WINDOWS\system32\crypt32.dll'
  841. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x80092026 (<NULL>) on '\SystemRoot\System32\ntdll.dll'
  842. 2630.ba4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
  843. 2630.ba4: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000001a39700
  844. 2630.ba4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001a39700
  845. 2630.ba4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=056BDD821FDC5EB443883F1928BBEC403ED3FC46
  846. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  847. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  848. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f7540000 'C:\WINDOWS\system32\rpcrt4.dll'
  849. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  850. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  851. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  852. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  853. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  854. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  855. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  856. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  857. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  858. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  859. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  860. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  861. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  862. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  863. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  864. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  865. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  866. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  867. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  868. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  869. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4e10000 'C:\WINDOWS\system32\crypt32.dll'
  870. 2630.ba4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1999_for_KB3176493~31bf3856ad364e35~amd64~~10.0.1.7.cat'; file='\SystemRoot\System32\ntdll.dll'
  871. 2630.ba4: g_pfnWinVerifyTrust=00007ff9f43474d0
  872. 2630.ba4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
  873. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  874. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  875. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  876. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  877. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  878. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4e10000 'C:\WINDOWS\system32\crypt32.dll'
  879. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x80092026 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
  880. 2630.ba4: supR3HardenedScreenImage/preload: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
  881. 2630.ba4: Error (rc=0):
  882. 2630.ba4: supR3HardenedScreenImage/preload: cached rc=Unknown Status -22919 (0xffffa679) fImage=0 fProtect=0x0 fAccess=0x0 cHits=6 \Device\HarddiskVolume4\Windows\System32\crypt32.dll
  883. 2630.ba4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
  884. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  885. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  886. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  887. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
  888. 2630.ba4: Error (rc=0):
  889. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=8 \Device\HarddiskVolume4\Windows\System32\crypt32.dll
  890. 2630.ba4: Error (rc=0):
  891. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\system32\crypt32.dll': rcNt=0xc0000190
  892. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\crypt32.dll'
  893. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x80092026 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
  894. 2630.ba4: supR3HardenedScreenImage/preload: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
  895. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  896. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  897. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  898. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x80092026 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
  899. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
  900. 2630.ba4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000374 pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
  901. 2630.ba4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001a39700
  902. 2630.ba4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001a39700
  903. 2630.ba4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=357A4685FBBF5E8A1472AE56D4B122532A042630
  904. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  905. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  906. 2630.ba4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
  907. 2630.ba4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  908. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
  909. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  910. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  911. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x80092026 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
  912. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
  913. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  914. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  915. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x80092026 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
  916. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
  917. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  918. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  919. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x80092026 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
  920. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
  921. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  922. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  923. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x80092026 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
  924. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
  925. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  926. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  927. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x80092026 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
  928. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
  929. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  930. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  931. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
  932. 2630.ba4: Error (rc=0):
  933. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume4\Windows\System32\crypt32.dll
  934. 2630.ba4: Error (rc=0):
  935. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\system32\crypt32.dll': rcNt=0xc0000190
  936. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\crypt32.dll'
  937. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x80092026 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
  938. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
  939. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
  940. 2630.ba4: Error (rc=0):
  941. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
  942. 2630.ba4: Error (rc=0):
  943. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\system32\rsaenh.dll' (C:\WINDOWS\system32\rsaenh.dll): rcNt=0xc0000190
  944. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\rsaenh.dll'
  945. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x8 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
  946. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
  947. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x8 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
  948. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
  949. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x8 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
  950. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
  951. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x8 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
  952. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
  953. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x8 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
  954. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
  955. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x8 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
  956. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
  957. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x8 (<NULL>) on '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
  958. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
  959. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x8 (<NULL>) on '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe'
  960. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe'
  961. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x8 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
  962. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
  963. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x8 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
  964. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
  965. 2630.ba4: Fatal error:
  966. 2630.ba4: Error loading 'crypt32.dll': 1790 [C:\WINDOWS\system32\crypt32.dll]
  967. 24e8.10f0: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 310 ms, the end);
  968. 910.2008: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1024 ms, the end);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!