API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Aug 7th, 2015
209
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 44.08 KB | None | 0 0
raw download clone embed print report
  1. 12ec.d24: Log file opened: 5.0.1r101957 g_hStartupLog=00000058 g_uNtVerCombined=0xa0280000
  2. 12ec.d24: \SystemRoot\System32\ntdll.dll:
  3. 12ec.d24: CreationTime: 2015-08-06T06:28:10.077441700Z
  4. 12ec.d24: LastWriteTime: 2015-08-06T06:28:10.077441700Z
  5. 12ec.d24: ChangeTime: 2015-08-06T06:28:52.546189200Z
  6. 12ec.d24: FileAttributes: 0x20
  7. 12ec.d24: Size: 0x176c38
  8. 12ec.d24: NT Headers: 0xf0
  9. 12ec.d24: Timestamp: 0x55a85cc1
  10. 12ec.d24: Machine: 0x14c - i386
  11. 12ec.d24: Timestamp: 0x55a85cc1
  12. 12ec.d24: Image Version: 10.0
  13. 12ec.d24: SizeOfImage: 0x179000 (1544192)
  14. 12ec.d24: Resource Dir: 0x10e000 LB 0x65720
  15. 12ec.d24: ProductName: Microsoft® Windows® Operating System
  16. 12ec.d24: ProductVersion: 10.0.10240.16392
  17. 12ec.d24: FileVersion: 10.0.10240.16392 (th1_st1.150716-1608)
  18. 12ec.d24: FileDescription: NT Layer DLL
  19. 12ec.d24: \SystemRoot\System32\kernel32.dll:
  20. 12ec.d24: CreationTime: 2015-07-10T08:24:38.139724700Z
  21. 12ec.d24: LastWriteTime: 2015-07-10T08:24:38.139724700Z
  22. 12ec.d24: ChangeTime: 2015-08-06T06:15:08.921190400Z
  23. 12ec.d24: FileAttributes: 0x20
  24. 12ec.d24: Size: 0x986b8
  25. 12ec.d24: NT Headers: 0xf8
  26. 12ec.d24: Timestamp: 0x559f3b86
  27. 12ec.d24: Machine: 0x14c - i386
  28. 12ec.d24: Timestamp: 0x559f3b86
  29. 12ec.d24: Image Version: 10.0
  30. 12ec.d24: SizeOfImage: 0x95000 (610304)
  31. 12ec.d24: Resource Dir: 0x8f000 LB 0x518
  32. 12ec.d24: ProductName: Microsoft® Windows® Operating System
  33. 12ec.d24: ProductVersion: 10.0.10240.16384
  34. 12ec.d24: FileVersion: 10.0.10240.16384 (th1.150709-1700)
  35. 12ec.d24: FileDescription: Windows NT BASE API Client DLL
  36. 12ec.d24: \SystemRoot\System32\KernelBase.dll:
  37. 12ec.d24: CreationTime: 2015-07-10T08:24:56.031660300Z
  38. 12ec.d24: LastWriteTime: 2015-07-10T08:24:56.047288800Z
  39. 12ec.d24: ChangeTime: 2015-08-06T06:15:09.030566300Z
  40. 12ec.d24: FileAttributes: 0x20
  41. 12ec.d24: Size: 0x175610
  42. 12ec.d24: NT Headers: 0xf0
  43. 12ec.d24: Timestamp: 0x559f3b4c
  44. 12ec.d24: Machine: 0x14c - i386
  45. 12ec.d24: Timestamp: 0x559f3b4c
  46. 12ec.d24: Image Version: 10.0
  47. 12ec.d24: SizeOfImage: 0x177000 (1536000)
  48. 12ec.d24: Resource Dir: 0x15b000 LB 0x530
  49. 12ec.d24: ProductName: Microsoft® Windows® Operating System
  50. 12ec.d24: ProductVersion: 10.0.10240.16384
  51. 12ec.d24: FileVersion: 10.0.10240.16384 (th1.150709-1700)
  52. 12ec.d24: FileDescription: Windows NT BASE API Client DLL
  53. 12ec.d24: \SystemRoot\System32\apisetschema.dll:
  54. 12ec.d24: CreationTime: 2015-07-10T08:24:49.281165400Z
  55. 12ec.d24: LastWriteTime: 2015-07-10T08:24:49.281165400Z
  56. 12ec.d24: ChangeTime: 2015-08-06T06:15:07.639941700Z
  57. 12ec.d24: FileAttributes: 0x20
  58. 12ec.d24: Size: 0x16560
  59. 12ec.d24: NT Headers: 0xc8
  60. 12ec.d24: Timestamp: 0x559f4063
  61. 12ec.d24: Machine: 0x14c - i386
  62. 12ec.d24: Timestamp: 0x559f4063
  63. 12ec.d24: Image Version: 10.0
  64. 12ec.d24: SizeOfImage: 0x17000 (94208)
  65. 12ec.d24: Resource Dir: 0x16000 LB 0x3f0
  66. 12ec.d24: ProductName: Microsoft® Windows® Operating System
  67. 12ec.d24: ProductVersion: 10.0.10240.16384
  68. 12ec.d24: FileVersion: 10.0.10240.16384 (th1.150709-1700)
  69. 12ec.d24: FileDescription: ApiSet Schema DLL
  70. 12ec.d24: NtOpenDirectoryObject failed on \Driver: 0xc0000022
  71. 12ec.d24: supR3HardenedWinFindAdversaries: 0x0
  72. 12ec.d24: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox'
  73. 12ec.d24: Calling main()
  74. 12ec.d24: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
  75. 12ec.d24: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox'
  76. 12ec.d24: SUPR3HardenedMain: Respawn #1
  77. 12ec.d24: System32: \Device\HarddiskVolume3\Windows\System32
  78. 12ec.d24: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
  79. 12ec.d24: KnownDllPath: C:\WINDOWS\system32
  80. 12ec.d24: '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  81. 12ec.d24: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  82. 12ec.d24: supR3HardNtEnableThreadCreation:
  83. 12ec.d24: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77de2e70 pvNtTerminateThread=77df0f10
  84. 12ec.d24: supR3HardenedWinDoReSpawn(1): New child 2580.1f44 [kernel32].
  85. 12ec.d24: supR3HardNtChildGatherData: PebBaseAddress=7fa8f000 cbPeb=0x250
  86. 12ec.d24: supR3HardNtPuChFindNtdll: uNtDllParentAddr=77d70000 uNtDllChildAddr=77d70000
  87. 12ec.d24: supR3HardenedWinSetupChildInit: uLdrInitThunk=77de2e70
  88. 12ec.d24: supR3HardenedWinSetupChildInit: Start child.
  89. 12ec.d24: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
  90. 12ec.d24: supR3HardNtChildPurify: Startup delay kludge #1/0: 263 ms, 0 sleeps
  91. 12ec.d24: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
  92. 12ec.d24: *00000000-ff4effff 0x0001/0x0000 0x0000000
  93. 12ec.d24: *00b10000-00b10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
  94. 12ec.d24: 00b11000-00b86fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
  95. 12ec.d24: 00b87000-00b87fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
  96. 12ec.d24: 00b88000-00bc1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
  97. 12ec.d24: 00bc2000-00bc2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
  98. 12ec.d24: 00bc3000-00bc3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
  99. 12ec.d24: 00bc4000-00bc4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
  100. 12ec.d24: 00bc5000-00bc5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
  101. 12ec.d24: 00bc6000-00bc7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
  102. 12ec.d24: 00bc8000-00bcafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
  103. 12ec.d24: 00bcb000-00c0efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
  104. 12ec.d24: 00c0f000-00c0dfff 0x0001/0x0000 0x0000000
  105. 12ec.d24: *00c10000-00beffff 0x0004/0x0004 0x0020000
  106. 12ec.d24: *00c30000-00c1bfff 0x0002/0x0002 0x0040000
  107. 12ec.d24: 00c44000-00c37fff 0x0001/0x0000 0x0000000
  108. 12ec.d24: *00c50000-00b52fff 0x0000/0x0004 0x0020000
  109. 12ec.d24: 00d4d000-00d4afff 0x0104/0x0004 0x0020000
  110. 12ec.d24: 00d4f000-00d4dfff 0x0004/0x0004 0x0020000
  111. 12ec.d24: *00d50000-00d4bfff 0x0002/0x0002 0x0040000
  112. 12ec.d24: 00d54000-00d47fff 0x0001/0x0000 0x0000000
  113. 12ec.d24: *00d60000-00d5dfff 0x0004/0x0004 0x0020000
  114. 12ec.d24: 00d62000-89d53fff 0x0001/0x0000 0x0000000
  115. 12ec.d24: *77d70000-77d70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  116. 12ec.d24: 77d71000-77e75fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  117. 12ec.d24: 77e76000-77e7afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  118. 12ec.d24: 77e7b000-77e7bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  119. 12ec.d24: 77e7c000-77e7dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  120. 12ec.d24: 77e7e000-77ee8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  121. 12ec.d24: 77ee9000-70381fff 0x0001/0x0000 0x0000000
  122. 12ec.d24: *7fa50000-7fa1cfff 0x0002/0x0002 0x0040000
  123. 12ec.d24: 7fa83000-7fa77fff 0x0001/0x0000 0x0000000
  124. 12ec.d24: *7fa8e000-7fa8cfff 0x0004/0x0004 0x0020000
  125. 12ec.d24: *7fa8f000-7fa8dfff 0x0004/0x0004 0x0020000
  126. 12ec.d24: 7fa90000-7f53ffff 0x0001/0x0000 0x0000000
  127. 12ec.d24: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000
  128. 12ec.d24: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000
  129. 12ec.d24: VirtualBox.exe: timestamp 0x55c302e9 (rc=VINF_SUCCESS)
  130. 12ec.d24: '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  131. 12ec.d24: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
  132. 12ec.d24: supR3HardNtChildPurify: Done after 317 ms and 0 fixes (loop #0).
  133. 2580.1f44: Log file opened: 5.0.1r101957 g_hStartupLog=00000004 g_uNtVerCombined=0xa0280000
  134. 2580.1f44: supR3HardenedVmProcessInit: uNtDllAddr=77d70000
  135. 2580.1f44: ntdll.dll: timestamp 0x55a85cc1 (rc=VINF_SUCCESS)
  136. 2580.1f44: New simple heap: #1 00e70000 LB 0x400000 (for 1544192 allocation)
  137. 12ec.d24: supR3HardNtEnableThreadCreation:
  138. 2580.1f44: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox'
  139. 2580.1f44: System32: \Device\HarddiskVolume3\Windows\System32
  140. 2580.1f44: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
  141. 2580.1f44: KnownDllPath: C:\WINDOWS\system32
  142. 2580.1f44: supR3HardenedVmProcessInit: Opening vboxdrv stub...
  143. 2580.1f44: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
  144. 2580.1f44: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
  145. 2580.1f44: Registered Dll notification callback with NTDLL.
  146. 2580.1f44: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
  147. 2580.1f44: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
  148. 2580.1f44: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000801:<flags> [calling]
  149. 2580.1f44: supR3HardenedDllNotificationCallback: load 74f20000 LB 0x00177000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
  150. 2580.1f44: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
  151. 2580.1f44: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
  152. 2580.1f44: supR3HardenedDllNotificationCallback: load 77be0000 LB 0x00095000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
  153. 2580.1f44: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  154. 2580.1f44: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77be0000 'C:\WINDOWS\system32\KERNEL32.DLL'
  155. 2580.1f44: supR3HardenedDllNotificationCallback: load 00b10000 LB 0x000ff000 H:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
  156. 2580.1f44: '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  157. 2580.1f44: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  158. 2580.1f44: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
  159. 2580.1f44: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77de2e70 pvNtTerminateThread=77df0f10
  160. 12ec.d24: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 127 ms.
  161. 2580.1f44: \SystemRoot\System32\ntdll.dll:
  162. 2580.1f44: CreationTime: 2015-08-06T06:28:10.077441700Z
  163. 2580.1f44: LastWriteTime: 2015-08-06T06:28:10.077441700Z
  164. 2580.1f44: ChangeTime: 2015-08-06T06:28:52.546189200Z
  165. 2580.1f44: FileAttributes: 0x20
  166. 2580.1f44: Size: 0x176c38
  167. 2580.1f44: NT Headers: 0xf0
  168. 2580.1f44: Timestamp: 0x55a85cc1
  169. 2580.1f44: Machine: 0x14c - i386
  170. 2580.1f44: Timestamp: 0x55a85cc1
  171. 2580.1f44: Image Version: 10.0
  172. 2580.1f44: SizeOfImage: 0x179000 (1544192)
  173. 2580.1f44: Resource Dir: 0x10e000 LB 0x65720
  174. 2580.1f44: ProductName: Microsoft® Windows® Operating System
  175. 2580.1f44: ProductVersion: 10.0.10240.16392
  176. 2580.1f44: FileVersion: 10.0.10240.16392 (th1_st1.150716-1608)
  177. 2580.1f44: FileDescription: NT Layer DLL
  178. 2580.1f44: \SystemRoot\System32\kernel32.dll:
  179. 2580.1f44: CreationTime: 2015-07-10T08:24:38.139724700Z
  180. 2580.1f44: LastWriteTime: 2015-07-10T08:24:38.139724700Z
  181. 2580.1f44: ChangeTime: 2015-08-06T06:15:08.921190400Z
  182. 2580.1f44: FileAttributes: 0x20
  183. 2580.1f44: Size: 0x986b8
  184. 2580.1f44: NT Headers: 0xf8
  185. 2580.1f44: Timestamp: 0x559f3b86
  186. 2580.1f44: Machine: 0x14c - i386
  187. 2580.1f44: Timestamp: 0x559f3b86
  188. 2580.1f44: Image Version: 10.0
  189. 2580.1f44: SizeOfImage: 0x95000 (610304)
  190. 2580.1f44: Resource Dir: 0x8f000 LB 0x518
  191. 2580.1f44: ProductName: Microsoft® Windows® Operating System
  192. 2580.1f44: ProductVersion: 10.0.10240.16384
  193. 2580.1f44: FileVersion: 10.0.10240.16384 (th1.150709-1700)
  194. 2580.1f44: FileDescription: Windows NT BASE API Client DLL
  195. 2580.1f44: \SystemRoot\System32\KernelBase.dll:
  196. 2580.1f44: CreationTime: 2015-07-10T08:24:56.031660300Z
  197. 2580.1f44: LastWriteTime: 2015-07-10T08:24:56.047288800Z
  198. 2580.1f44: ChangeTime: 2015-08-06T06:15:09.030566300Z
  199. 2580.1f44: FileAttributes: 0x20
  200. 2580.1f44: Size: 0x175610
  201. 2580.1f44: NT Headers: 0xf0
  202. 2580.1f44: Timestamp: 0x559f3b4c
  203. 2580.1f44: Machine: 0x14c - i386
  204. 2580.1f44: Timestamp: 0x559f3b4c
  205. 2580.1f44: Image Version: 10.0
  206. 2580.1f44: SizeOfImage: 0x177000 (1536000)
  207. 2580.1f44: Resource Dir: 0x15b000 LB 0x530
  208. 2580.1f44: ProductName: Microsoft® Windows® Operating System
  209. 2580.1f44: ProductVersion: 10.0.10240.16384
  210. 2580.1f44: FileVersion: 10.0.10240.16384 (th1.150709-1700)
  211. 2580.1f44: FileDescription: Windows NT BASE API Client DLL
  212. 2580.1f44: \SystemRoot\System32\apisetschema.dll:
  213. 2580.1f44: CreationTime: 2015-07-10T08:24:49.281165400Z
  214. 2580.1f44: LastWriteTime: 2015-07-10T08:24:49.281165400Z
  215. 2580.1f44: ChangeTime: 2015-08-06T06:15:07.639941700Z
  216. 2580.1f44: FileAttributes: 0x20
  217. 2580.1f44: Size: 0x16560
  218. 2580.1f44: NT Headers: 0xc8
  219. 2580.1f44: Timestamp: 0x559f4063
  220. 2580.1f44: Machine: 0x14c - i386
  221. 2580.1f44: Timestamp: 0x559f4063
  222. 2580.1f44: Image Version: 10.0
  223. 2580.1f44: SizeOfImage: 0x17000 (94208)
  224. 2580.1f44: Resource Dir: 0x16000 LB 0x3f0
  225. 2580.1f44: ProductName: Microsoft® Windows® Operating System
  226. 2580.1f44: ProductVersion: 10.0.10240.16384
  227. 2580.1f44: FileVersion: 10.0.10240.16384 (th1.150709-1700)
  228. 2580.1f44: FileDescription: ApiSet Schema DLL
  229. 2580.1f44: NtOpenDirectoryObject failed on \Driver: 0xc0000022
  230. 2580.1f44: supR3HardenedWinFindAdversaries: 0x0
  231. 2580.1f44: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox'
  232. 2580.1f44: Calling main()
  233. 2580.1f44: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
  234. 2580.1f44: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox'
  235. 2580.1f44: '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  236. 2580.1f44: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  237. 2580.1f44: SUPR3HardenedMain: Respawn #2
  238. 2580.1f44: supR3HardNtEnableThreadCreation:
  239. 2580.1f44: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77de2e70 pvNtTerminateThread=77df0f10
  240. 2580.1f44: supR3HardenedWinDoReSpawn(2): New child 1b68.1ae4 [kernel32].
  241. 2580.1f44: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
  242. 2580.1f44: supR3HardNtChildGatherData: PebBaseAddress=7f73c000 cbPeb=0x250
  243. 2580.1f44: supR3HardNtPuChFindNtdll: uNtDllParentAddr=77d70000 uNtDllChildAddr=77d70000
  244. 2580.1f44: supR3HardenedWinSetupChildInit: uLdrInitThunk=77de2e70
  245. 2580.1f44: supR3HardenedWinSetupChildInit: Start child.
  246. 2580.1f44: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
  247. 2580.1f44: supR3HardNtChildPurify: Startup delay kludge #1/0: 263 ms, 0 sleeps
  248. 2580.1f44: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
  249. 2580.1f44: *00000000-ff55ffff 0x0001/0x0000 0x0000000
  250. 2580.1f44: *00aa0000-00a7ffff 0x0004/0x0004 0x0020000
  251. 2580.1f44: *00ac0000-00aabfff 0x0002/0x0002 0x0040000
  252. 2580.1f44: 00ad4000-00ac7fff 0x0001/0x0000 0x0000000
  253. 2580.1f44: *00ae0000-00adbfff 0x0002/0x0002 0x0040000
  254. 2580.1f44: 00ae4000-00ad7fff 0x0001/0x0000 0x0000000
  255. 2580.1f44: *00af0000-00aedfff 0x0004/0x0004 0x0020000
  256. 2580.1f44: 00af2000-00ad3fff 0x0001/0x0000 0x0000000
  257. 2580.1f44: *00b10000-00b10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
  258. 2580.1f44: 00b11000-00b86fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
  259. 2580.1f44: 00b87000-00b87fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
  260. 2580.1f44: 00b88000-00bc1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
  261. 2580.1f44: 00bc2000-00bc2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
  262. 2580.1f44: 00bc3000-00bc3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
  263. 2580.1f44: 00bc4000-00bc4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
  264. 2580.1f44: 00bc5000-00bc5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
  265. 2580.1f44: 00bc6000-00bc7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
  266. 2580.1f44: 00bc8000-00bcafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
  267. 2580.1f44: 00bcb000-00c0efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
  268. 2580.1f44: 00c0f000-00c0dfff 0x0001/0x0000 0x0000000
  269. 2580.1f44: *00c10000-00b12fff 0x0000/0x0004 0x0020000
  270. 2580.1f44: 00d0d000-00d0afff 0x0104/0x0004 0x0020000
  271. 2580.1f44: 00d0f000-00d0dfff 0x0004/0x0004 0x0020000
  272. 2580.1f44: 00d10000-89caffff 0x0001/0x0000 0x0000000
  273. 2580.1f44: *77d70000-77d70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  274. 2580.1f44: 77d71000-77e75fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  275. 2580.1f44: 77e76000-77e7afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  276. 2580.1f44: 77e7b000-77e7bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  277. 2580.1f44: 77e7c000-77e7dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  278. 2580.1f44: 77e7e000-77ee8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
  279. 2580.1f44: 77ee9000-706d1fff 0x0001/0x0000 0x0000000
  280. 2580.1f44: *7f700000-7f6ccfff 0x0002/0x0002 0x0040000
  281. 2580.1f44: 7f733000-7f729fff 0x0001/0x0000 0x0000000
  282. 2580.1f44: *7f73c000-7f73afff 0x0004/0x0004 0x0020000
  283. 2580.1f44: 7f73d000-7f73afff 0x0001/0x0000 0x0000000
  284. 2580.1f44: *7f73f000-7f73dfff 0x0004/0x0004 0x0020000
  285. 2580.1f44: 7f740000-7ee9ffff 0x0001/0x0000 0x0000000
  286. 2580.1f44: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000
  287. 2580.1f44: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000
  288. 2580.1f44: VirtualBox.exe: timestamp 0x55c302e9 (rc=VINF_SUCCESS)
  289. 2580.1f44: '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  290. 2580.1f44: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
  291. 2580.1f44: supR3HardNtChildPurify: Done after 317 ms and 0 fixes (loop #0).
  292. 1b68.1ae4: Log file opened: 5.0.1r101957 g_hStartupLog=00000004 g_uNtVerCombined=0xa0280000
  293. 1b68.1ae4: supR3HardenedVmProcessInit: uNtDllAddr=77d70000
  294. 2580.1f44: supR3HardenedEarlyCompact: Removed heap 1 (0xe70000 LB 0x400000)
  295. 1b68.1ae4: ntdll.dll: timestamp 0x55a85cc1 (rc=VINF_SUCCESS)
  296. 1b68.1ae4: New simple heap: #1 00e10000 LB 0x400000 (for 1544192 allocation)
  297. 2580.1f44: supR3HardNtEnableThreadCreation:
  298. 1b68.1ae4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox'
  299. 1b68.1ae4: System32: \Device\HarddiskVolume3\Windows\System32
  300. 1b68.1ae4: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
  301. 1b68.1ae4: KnownDllPath: C:\WINDOWS\system32
  302. 1b68.1ae4: supR3HardenedVmProcessInit: Opening vboxdrv...
  303. 1b68.1ae4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
  304. 1b68.1ae4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
  305. 1b68.1ae4: Registered Dll notification callback with NTDLL.
  306. 1b68.1ae4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
  307. 1b68.1ae4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
  308. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000801:<flags> [calling]
  309. 1b68.1ae4: supR3HardenedDllNotificationCallback: load 74f20000 LB 0x00177000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
  310. 1b68.1ae4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
  311. 1b68.1ae4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
  312. 1b68.1ae4: supR3HardenedDllNotificationCallback: load 77be0000 LB 0x00095000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
  313. 1b68.1ae4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  314. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77be0000 'C:\WINDOWS\system32\KERNEL32.DLL'
  315. 1b68.1ae4: supR3HardenedDllNotificationCallback: load 00b10000 LB 0x000ff000 H:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
  316. 1b68.1ae4: '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  317. 1b68.1ae4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  318. 1b68.1ae4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe
  319. 2580.1f44: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 138 ms.
  320. 1b68.1ae4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77de2e70 pvNtTerminateThread=77df0f10
  321. 1b68.1ae4: \SystemRoot\System32\ntdll.dll:
  322. 1b68.1ae4: CreationTime: 2015-08-06T06:28:10.077441700Z
  323. 1b68.1ae4: LastWriteTime: 2015-08-06T06:28:10.077441700Z
  324. 1b68.1ae4: ChangeTime: 2015-08-06T06:28:52.546189200Z
  325. 1b68.1ae4: FileAttributes: 0x20
  326. 1b68.1ae4: Size: 0x176c38
  327. 1b68.1ae4: NT Headers: 0xf0
  328. 1b68.1ae4: Timestamp: 0x55a85cc1
  329. 1b68.1ae4: Machine: 0x14c - i386
  330. 1b68.1ae4: Timestamp: 0x55a85cc1
  331. 1b68.1ae4: Image Version: 10.0
  332. 1b68.1ae4: SizeOfImage: 0x179000 (1544192)
  333. 1b68.1ae4: Resource Dir: 0x10e000 LB 0x65720
  334. 1b68.1ae4: ProductName: Microsoft® Windows® Operating System
  335. 1b68.1ae4: ProductVersion: 10.0.10240.16392
  336. 1b68.1ae4: FileVersion: 10.0.10240.16392 (th1_st1.150716-1608)
  337. 1b68.1ae4: FileDescription: NT Layer DLL
  338. 1b68.1ae4: \SystemRoot\System32\kernel32.dll:
  339. 1b68.1ae4: CreationTime: 2015-07-10T08:24:38.139724700Z
  340. 1b68.1ae4: LastWriteTime: 2015-07-10T08:24:38.139724700Z
  341. 1b68.1ae4: ChangeTime: 2015-08-06T06:15:08.921190400Z
  342. 1b68.1ae4: FileAttributes: 0x20
  343. 1b68.1ae4: Size: 0x986b8
  344. 1b68.1ae4: NT Headers: 0xf8
  345. 1b68.1ae4: Timestamp: 0x559f3b86
  346. 1b68.1ae4: Machine: 0x14c - i386
  347. 1b68.1ae4: Timestamp: 0x559f3b86
  348. 1b68.1ae4: Image Version: 10.0
  349. 1b68.1ae4: SizeOfImage: 0x95000 (610304)
  350. 1b68.1ae4: Resource Dir: 0x8f000 LB 0x518
  351. 1b68.1ae4: ProductName: Microsoft® Windows® Operating System
  352. 1b68.1ae4: ProductVersion: 10.0.10240.16384
  353. 1b68.1ae4: FileVersion: 10.0.10240.16384 (th1.150709-1700)
  354. 1b68.1ae4: FileDescription: Windows NT BASE API Client DLL
  355. 1b68.1ae4: \SystemRoot\System32\KernelBase.dll:
  356. 1b68.1ae4: CreationTime: 2015-07-10T08:24:56.031660300Z
  357. 1b68.1ae4: LastWriteTime: 2015-07-10T08:24:56.047288800Z
  358. 1b68.1ae4: ChangeTime: 2015-08-06T06:15:09.030566300Z
  359. 1b68.1ae4: FileAttributes: 0x20
  360. 1b68.1ae4: Size: 0x175610
  361. 1b68.1ae4: NT Headers: 0xf0
  362. 1b68.1ae4: Timestamp: 0x559f3b4c
  363. 1b68.1ae4: Machine: 0x14c - i386
  364. 1b68.1ae4: Timestamp: 0x559f3b4c
  365. 1b68.1ae4: Image Version: 10.0
  366. 1b68.1ae4: SizeOfImage: 0x177000 (1536000)
  367. 1b68.1ae4: Resource Dir: 0x15b000 LB 0x530
  368. 1b68.1ae4: ProductName: Microsoft® Windows® Operating System
  369. 1b68.1ae4: ProductVersion: 10.0.10240.16384
  370. 1b68.1ae4: FileVersion: 10.0.10240.16384 (th1.150709-1700)
  371. 1b68.1ae4: FileDescription: Windows NT BASE API Client DLL
  372. 1b68.1ae4: \SystemRoot\System32\apisetschema.dll:
  373. 1b68.1ae4: CreationTime: 2015-07-10T08:24:49.281165400Z
  374. 1b68.1ae4: LastWriteTime: 2015-07-10T08:24:49.281165400Z
  375. 1b68.1ae4: ChangeTime: 2015-08-06T06:15:07.639941700Z
  376. 1b68.1ae4: FileAttributes: 0x20
  377. 1b68.1ae4: Size: 0x16560
  378. 1b68.1ae4: NT Headers: 0xc8
  379. 1b68.1ae4: Timestamp: 0x559f4063
  380. 1b68.1ae4: Machine: 0x14c - i386
  381. 1b68.1ae4: Timestamp: 0x559f4063
  382. 1b68.1ae4: Image Version: 10.0
  383. 1b68.1ae4: SizeOfImage: 0x17000 (94208)
  384. 1b68.1ae4: Resource Dir: 0x16000 LB 0x3f0
  385. 1b68.1ae4: ProductName: Microsoft® Windows® Operating System
  386. 1b68.1ae4: ProductVersion: 10.0.10240.16384
  387. 1b68.1ae4: FileVersion: 10.0.10240.16384 (th1.150709-1700)
  388. 1b68.1ae4: FileDescription: ApiSet Schema DLL
  389. 1b68.1ae4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
  390. 1b68.1ae4: supR3HardenedWinFindAdversaries: 0x0
  391. 1b68.1ae4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox'
  392. 1b68.1ae4: Calling main()
  393. 1b68.1ae4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
  394. 1b68.1ae4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox'
  395. 1b68.1ae4: '\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  396. 1b68.1ae4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  397. 1b68.1ae4: SUPR3HardenedMain: Final process, opening VBoxDrv...
  398. 1b68.1ae4: supR3HardenedEarlyCompact: Removed heap 1 (0xe10000 LB 0x400000)
  399. 1b68.1ae4: supR3HardNtEnableThreadCreation:
  400. 1b68.1ae4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
  401. 1b68.1ae4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
  402. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: pName=H:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000801:<flags> [calling]
  403. 1b68.1ae4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  404. 1b68.1ae4: supR3HardenedDllNotificationCallback: load 6fb30000 LB 0x00005000 H:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
  405. 1b68.1ae4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  406. 1b68.1ae4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  407. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: pName=H:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
  408. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6fb30000 'H:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
  409. 1b68.1ae4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume8\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  410. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: pName=H:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
  411. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6fb30000 'H:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
  412. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6fb30000 'H:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
  413. 1b68.1ae4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  414. 1b68.1ae4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
  415. 1b68.1ae4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
  416. 1b68.1ae4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
  417. 1b68.1ae4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
  418. 1b68.1ae4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
  419. 1b68.1ae4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  420. 1b68.1ae4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  421. 1b68.1ae4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
  422. 1b68.1ae4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
  423. 1b68.1ae4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
  424. 1b68.1ae4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
  425. 1b68.1ae4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  426. 1b68.1ae4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msasn1.dll'.
  427. 1b68.1ae4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
  428. 1b68.1ae4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
  429. 1b68.1ae4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
  430. 1b68.1ae4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
  431. 1b68.1ae4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
  432. 1b68.1ae4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
  433. 1b68.1ae4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  434. 1b68.1ae4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  435. 1b68.1ae4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
  436. 1b68.1ae4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
  437. 1b68.1ae4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
  438. 1b68.1ae4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
  439. 1b68.1ae4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
  440. 1b68.1ae4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  441. 1b68.1ae4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  442. 1b68.1ae4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  443. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000801:<flags> [calling]
  444. 1b68.1ae4: supR3HardenedDllNotificationCallback: load 77310000 LB 0x000be000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0]
  445. 1b68.1ae4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  446. 1b68.1ae4: supR3HardenedDllNotificationCallback: load 74f00000 LB 0x0000e000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0]
  447. 1b68.1ae4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
  448. 1b68.1ae4: supR3HardenedDllNotificationCallback: load 756b0000 LB 0x00175000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0]
  449. 1b68.1ae4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  450. 1b68.1ae4: supR3HardenedDllNotificationCallback: load 77a70000 LB 0x000c2000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0]
  451. 1b68.1ae4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  452. 1b68.1ae4: supR3HardenedDllNotificationCallback: load 75140000 LB 0x00042000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0]
  453. 1b68.1ae4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  454. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75140000 'C:\WINDOWS\system32\Wintrust.dll'
  455. 1b68.1ae4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
  456. 1b68.1ae4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
  457. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000801:<flags> [calling]
  458. 1b68.1ae4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  459. 1b68.1ae4: supR3HardenedDllNotificationCallback: load 74e00000 LB 0x0001d000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
  460. 1b68.1ae4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  461. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74e00000 'C:\WINDOWS\system32\bcrypt.dll'
  462. 1b68.1ae4: bcrypt.dll loaded at 74e00000, BCryptOpenAlgorithmProvider at 74e05cc0, preloading providers:
  463. 1b68.1ae4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
  464. 1b68.1ae4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
  465. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
  466. 1b68.1ae4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
  467. 1b68.1ae4: supR3HardenedDllNotificationCallback: load 74d20000 LB 0x00059000 C:\WINDOWS\system32\bcryptprimitives.dll [fFlags=0x0]
  468. 1b68.1ae4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
  469. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74d20000 'C:\WINDOWS\system32\bcryptprimitives.dll'
  470. 1b68.1ae4: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=013e9648)
  471. 1b68.1ae4: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=013e9b88)
  472. 1b68.1ae4: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=013e9e40)
  473. 1b68.1ae4: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=013ea0f8)
  474. 1b68.1ae4: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=013ea3b0)
  475. 1b68.1ae4: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=013ea668)
  476. 1b68.1ae4: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=013ea920)
  477. 1b68.1ae4: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=013eb360)
  478. 1b68.1ae4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  479. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
  480. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75140000 'C:\Windows\System32\WINTRUST.DLL'
  481. 1b68.1ae4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  482. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
  483. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75140000 'C:\Windows\System32\WINTRUST.DLL'
  484. 1b68.1ae4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  485. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
  486. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75140000 'C:\Windows\System32\WINTRUST.DLL'
  487. 1b68.1ae4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  488. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
  489. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75140000 'C:\Windows\System32\WINTRUST.DLL'
  490. 1b68.1ae4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  491. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
  492. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75140000 'C:\Windows\System32\WINTRUST.DLL'
  493. 1b68.1ae4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  494. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
  495. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75140000 'C:\Windows\System32\WINTRUST.DLL'
  496. 1b68.1ae4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  497. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
  498. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75140000 'C:\Windows\System32\WINTRUST.DLL'
  499. 1b68.1ae4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
  500. 1b68.1ae4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
  501. 1b68.1ae4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
  502. 1b68.1ae4: supR3HardenedDllNotificationCallback: load 74870000 LB 0x00013000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
  503. 1b68.1ae4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
  504. 1b68.1ae4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
  505. 1b68.1ae4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
  506. 1b68.1ae4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
  507. 1b68.1ae4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
  508. 1b68.1ae4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
  509. 1b68.1ae4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  510. 1b68.1ae4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
  511. 1b68.1ae4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
  512. 1b68.1ae4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  513. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
  514. 1b68.1ae4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  515. 1b68.1ae4: supR3HardenedDllNotificationCallback: load 74550000 LB 0x0002f000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
  516. 1b68.1ae4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  517. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74550000 'C:\WINDOWS\system32\rsaenh.dll'
  518. 1b68.1ae4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
  519. 1b68.1ae4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
  520. 1b68.1ae4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
  521. 1b68.1ae4: supR3HardenedDllNotificationCallback: load 749a0000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
  522. 1b68.1ae4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
  523. 1b68.1ae4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  524. 1b68.1ae4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
  525. 1b68.1ae4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
  526. 1b68.1ae4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
  527. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
  528. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77be0000 'C:\WINDOWS\system32\kernel32.dll'
  529. 1b68.1ae4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  530. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75140000 'C:\Windows\System32\WINTRUST.DLL'
  531. 1b68.1ae4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  532. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000001:<flags> [calling]
  533. 1b68.1ae4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=756b0000 'C:\WINDOWS\system32\CRYPT32.dll'
  534. 1b68.1ae4: supR3HardenedDllNotificationCallback: load 77b40000 LB 0x00019000 C:\WINDOWS\system32\imagehlp.dll [fFlags=0x0]
  535. 1b68.1ae4: supHardenedWinVerifyImageByHandle: -> -626 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
  536. 1b68.1ae4: Error (rc=0):
  537. 1b68.1ae4: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume3\Windows\System32\imagehlp.dll:
  538. 1b68.1ae4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
  539. 1b68.1ae4: Fatal error:
  540. 1b68.1ae4: supR3HardenedDllNotificationCallback: supR3HardenedScreenImage failed on 'C:\WINDOWS\system32\imagehlp.dll' / '\??\C:\WINDOWS\system32\imagehlp.dll': 0xc0000190
  541. 2580.1f44: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 174 ms, the end);
  542. 12ec.d24: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 668 ms, the end);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!