API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 20th, 2019
118
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 41.94 KB | None | 0 0
raw download clone embed print report
  1. 1680.27a0: Log file opened: 5.1.2r108956 g_hStartupLog=0000000000000070 g_uNtVerCombined=0xa0456300
  2. 1680.27a0: \SystemRoot\System32\ntdll.dll:
  3. 1680.27a0: CreationTime: 2018-12-13T19:22:02.635309100Z
  4. 1680.27a0: LastWriteTime: 2018-12-13T19:22:02.682181600Z
  5. 1680.27a0: ChangeTime: 2018-12-20T14:42:55.839474100Z
  6. 1680.27a0: FileAttributes: 0x20
  7. 1680.27a0: Size: 0x1e7010
  8. 1680.27a0: NT Headers: 0xe0
  9. 1680.27a0: Timestamp: 0xe8b54827
  10. 1680.27a0: Machine: 0x8664 - amd64
  11. 1680.27a0: Timestamp: 0xe8b54827
  12. 1680.27a0: Image Version: 10.0
  13. 1680.27a0: SizeOfImage: 0x1ed000 (2019328)
  14. 1680.27a0: Resource Dir: 0x17d000 LB 0x6ea08
  15. 1680.27a0: ProductName: Microsoft® Windows® Operating System
  16. 1680.27a0: ProductVersion: 10.0.17763.194
  17. 1680.27a0: FileVersion: 10.0.17763.194 (WinBuild.160101.0800)
  18. 1680.27a0: FileDescription: NT Layer DLL
  19. 1680.27a0: \SystemRoot\System32\kernel32.dll:
  20. 1680.27a0: CreationTime: 2018-09-15T07:28:44.342269900Z
  21. 1680.27a0: LastWriteTime: 2018-09-15T07:28:44.342269900Z
  22. 1680.27a0: ChangeTime: 2018-11-27T23:00:42.235380500Z
  23. 1680.27a0: FileAttributes: 0x20
  24. 1680.27a0: Size: 0xb1380
  25. 1680.27a0: NT Headers: 0xe8
  26. 1680.27a0: Timestamp: 0x65614da1
  27. 1680.27a0: Machine: 0x8664 - amd64
  28. 1680.27a0: Timestamp: 0x65614da1
  29. 1680.27a0: Image Version: 10.0
  30. 1680.27a0: SizeOfImage: 0xb3000 (733184)
  31. 1680.27a0: Resource Dir: 0xb1000 LB 0x520
  32. 1680.27a0: ProductName: Microsoft® Windows® Operating System
  33. 1680.27a0: ProductVersion: 10.0.17763.1
  34. 1680.27a0: FileVersion: 10.0.17763.1 (WinBuild.160101.0800)
  35. 1680.27a0: FileDescription: Windows NT BASE API Client DLL
  36. 1680.27a0: \SystemRoot\System32\KernelBase.dll:
  37. 1680.27a0: CreationTime: 2018-11-28T11:09:10.498025800Z
  38. 1680.27a0: LastWriteTime: 2018-11-28T11:09:10.560520900Z
  39. 1680.27a0: ChangeTime: 2018-12-20T14:42:55.837475400Z
  40. 1680.27a0: FileAttributes: 0x20
  41. 1680.27a0: Size: 0x293cc8
  42. 1680.27a0: NT Headers: 0xf8
  43. 1680.27a0: Timestamp: 0x1659a33b
  44. 1680.27a0: Machine: 0x8664 - amd64
  45. 1680.27a0: Timestamp: 0x1659a33b
  46. 1680.27a0: Image Version: 10.0
  47. 1680.27a0: SizeOfImage: 0x293000 (2699264)
  48. 1680.27a0: Resource Dir: 0x26f000 LB 0x548
  49. 1680.27a0: ProductName: Microsoft® Windows® Operating System
  50. 1680.27a0: ProductVersion: 10.0.17763.134
  51. 1680.27a0: FileVersion: 10.0.17763.134 (WinBuild.160101.0800)
  52. 1680.27a0: FileDescription: Windows NT BASE API Client DLL
  53. 1680.27a0: \SystemRoot\System32\apisetschema.dll:
  54. 1680.27a0: CreationTime: 2018-09-15T07:28:25.403122600Z
  55. 1680.27a0: LastWriteTime: 2018-09-15T07:28:25.403122600Z
  56. 1680.27a0: ChangeTime: 2018-11-27T22:49:35.488419400Z
  57. 1680.27a0: FileAttributes: 0x20
  58. 1680.27a0: Size: 0x1c738
  59. 1680.27a0: NT Headers: 0xd0
  60. 1680.27a0: Timestamp: 0x33775897
  61. 1680.27a0: Machine: 0x8664 - amd64
  62. 1680.27a0: Timestamp: 0x33775897
  63. 1680.27a0: Image Version: 10.0
  64. 1680.27a0: SizeOfImage: 0x1d000 (118784)
  65. 1680.27a0: Resource Dir: 0x1c000 LB 0x408
  66. 1680.27a0: ProductName: Microsoft® Windows® Operating System
  67. 1680.27a0: ProductVersion: 10.0.17763.1
  68. 1680.27a0: FileVersion: 10.0.17763.1 (WinBuild.160101.0800)
  69. 1680.27a0: FileDescription: ApiSet Schema DLL
  70. 1680.27a0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
  71. 1680.27a0: supR3HardenedWinFindAdversaries: 0x0
  72. 1680.27a0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
  73. 1680.27a0: Calling main()
  74. 1680.27a0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
  75. 1680.27a0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
  76. 1680.27a0: SUPR3HardenedMain: Respawn #1
  77. 1680.27a0: System32: \Device\HarddiskVolume2\Windows\System32
  78. 1680.27a0: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
  79. 1680.27a0: KnownDllPath: C:\WINDOWS\System32
  80. 1680.27a0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  81. 1680.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  82. 1680.27a0: supR3HardNtEnableThreadCreation:
  83. 1680.27a0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb82ea5640 pvNtTerminateThread=00007ffb82ed00b0
  84. 1680.27a0: supR3HardenedWinDoReSpawn(1): New child 24a0.2c14 [kernel32].
  85. 1680.27a0: supR3HardNtChildGatherData: PebBaseAddress=00000000011c0000 cbPeb=0x388
  86. 1680.27a0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb82e30000 uNtDllChildAddr=00007ffb82e30000
  87. 1680.27a0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb82ea5640
  88. 1680.27a0: supR3HardenedWinSetupChildInit: Start child.
  89. 1680.27a0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 2 ms.
  90. 1680.27a0: supR3HardNtChildPurify: Startup delay kludge #1/0: 259 ms, 30 sleeps
  91. 1680.27a0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
  92. 1680.27a0: *0000000000000000-ffffffffff09ffff 0x0001/0x0000 0x0000000
  93. 1680.27a0: *0000000000f60000-0000000000f3ffff 0x0004/0x0004 0x0020000
  94. 1680.27a0: *0000000000f80000-0000000000f65fff 0x0002/0x0002 0x0040000
  95. 1680.27a0: 0000000000f9a000-0000000000f93fff 0x0001/0x0000 0x0000000
  96. 1680.27a0: *0000000000fa0000-0000000000f9bfff 0x0002/0x0002 0x0040000
  97. 1680.27a0: 0000000000fa4000-0000000000f97fff 0x0001/0x0000 0x0000000
  98. 1680.27a0: *0000000000fb0000-0000000000fadfff 0x0004/0x0004 0x0020000
  99. 1680.27a0: 0000000000fb2000-0000000000f63fff 0x0001/0x0000 0x0000000
  100. 1680.27a0: *0000000001000000-0000000000e3ffff 0x0000/0x0004 0x0020000
  101. 1680.27a0: 00000000011c0000-00000000011bcfff 0x0004/0x0004 0x0020000
  102. 1680.27a0: 00000000011c3000-0000000001185fff 0x0000/0x0004 0x0020000
  103. 1680.27a0: *0000000001200000-0000000001104fff 0x0000/0x0004 0x0020000
  104. 1680.27a0: 00000000012fb000-00000000012f7fff 0x0104/0x0004 0x0020000
  105. 1680.27a0: 00000000012fe000-00000000012fbfff 0x0004/0x0004 0x0020000
  106. 1680.27a0: 0000000001300000-ffffffff8261ffff 0x0001/0x0000 0x0000000
  107. 1680.27a0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
  108. 1680.27a0: 000000007ffe1000-000000007ffdefff 0x0001/0x0000 0x0000000
  109. 1680.27a0: *000000007ffe3000-000000007ffe1fff 0x0002/0x0002 0x0020000
  110. 1680.27a0: 000000007ffe4000-ffff800b5c6d7fff 0x0001/0x0000 0x0000000
  111. 1680.27a0: *00007ff5a38f0000-00007ff5a38eefff 0x0002/0x0002 0x0040000
  112. 1680.27a0: 00007ff5a38f1000-00007ff5a38e1fff 0x0001/0x0000 0x0000000
  113. 1680.27a0: *00007ff5a3900000-00007ff5a38dcfff 0x0002/0x0002 0x0040000
  114. 1680.27a0: 00007ff5a3923000-00007ff49de65fff 0x0001/0x0000 0x0000000
  115. 1680.27a0: *00007ff6a93e0000-00007ff6a93e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
  116. 1680.27a0: 00007ff6a93e1000-00007ff6a944ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
  117. 1680.27a0: 00007ff6a9450000-00007ff6a9450fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
  118. 1680.27a0: 00007ff6a9451000-00007ff6a9494fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
  119. 1680.27a0: 00007ff6a9495000-00007ff6a9495fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
  120. 1680.27a0: 00007ff6a9496000-00007ff6a9496fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
  121. 1680.27a0: 00007ff6a9497000-00007ff6a949bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
  122. 1680.27a0: 00007ff6a949c000-00007ff6a949cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
  123. 1680.27a0: 00007ff6a949d000-00007ff6a949dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
  124. 1680.27a0: 00007ff6a949e000-00007ff6a94a1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
  125. 1680.27a0: 00007ff6a94a2000-00007ff6a94e9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
  126. 1680.27a0: 00007ff6a94ea000-00007ff1cfba3fff 0x0001/0x0000 0x0000000
  127. 1680.27a0: *00007ffb82e30000-00007ffb82e30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  128. 1680.27a0: 00007ffb82e31000-00007ffb82f47fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  129. 1680.27a0: 00007ffb82f48000-00007ffb82f8efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  130. 1680.27a0: 00007ffb82f8f000-00007ffb82f99fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  131. 1680.27a0: 00007ffb82f9a000-00007ffb82fa7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  132. 1680.27a0: 00007ffb82fa8000-00007ffb82fa8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  133. 1680.27a0: 00007ffb82fa9000-00007ffb82fabfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  134. 1680.27a0: 00007ffb82fac000-00007ffb8301cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  135. 1680.27a0: 00007ffb8301d000-00007ff706049fff 0x0001/0x0000 0x0000000
  136. 1680.27a0: VirtualBox.exe: timestamp 0x5790f053 (rc=VINF_SUCCESS)
  137. 1680.27a0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  138. 1680.27a0: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
  139. 1680.27a0: supR3HardNtChildPurify: Done after 291 ms and 0 fixes (loop #0).
  140. 24a0.2c14: Log file opened: 5.1.2r108956 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0456300
  141. 24a0.2c14: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb82e30000 g_uNtVerCombined=0xa0456300
  142. 1680.27a0: supR3HardNtEnableThreadCreation:
  143. 24a0.2c14: ntdll.dll: timestamp 0xe8b54827 (rc=VINF_SUCCESS)
  144. 24a0.2c14: New simple heap: #1 0000000001400000 LB 0x400000 (for 2019328 allocation)
  145. 24a0.2c14: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
  146. 24a0.2c14: System32: \Device\HarddiskVolume2\Windows\System32
  147. 24a0.2c14: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
  148. 24a0.2c14: KnownDllPath: C:\WINDOWS\System32
  149. 24a0.2c14: supR3HardenedVmProcessInit: Opening vboxdrv stub...
  150. 24a0.2c14: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
  151. 24a0.2c14: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
  152. 24a0.2c14: Registered Dll notification callback with NTDLL.
  153. 24a0.2c14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
  154. 24a0.2c14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
  155. 24a0.2c14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
  156. 24a0.2c14: supR3HardenedDllNotificationCallback: load 00007ffb7fdd0000 LB 0x00293000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
  157. 24a0.2c14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
  158. 24a0.2c14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
  159. 24a0.2c14: supR3HardenedDllNotificationCallback: load 00007ffb81a70000 LB 0x000b3000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
  160. 24a0.2c14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  161. 24a0.2c14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb81a70000 'C:\WINDOWS\System32\KERNEL32.DLL'
  162. 24a0.2c14: supR3HardenedDllNotificationCallback: load 00007ff6a93e0000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
  163. 24a0.2c14: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  164. 24a0.2c14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  165. 24a0.2c14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
  166. 24a0.2c14: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb82ea5640 pvNtTerminateThread=00007ffb82ed00b0
  167. 1680.27a0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 84 ms.
  168. 24a0.2c14: \SystemRoot\System32\ntdll.dll:
  169. 24a0.2c14: CreationTime: 2018-12-13T19:22:02.635309100Z
  170. 24a0.2c14: LastWriteTime: 2018-12-13T19:22:02.682181600Z
  171. 24a0.2c14: ChangeTime: 2018-12-20T14:42:55.839474100Z
  172. 24a0.2c14: FileAttributes: 0x20
  173. 24a0.2c14: Size: 0x1e7010
  174. 24a0.2c14: NT Headers: 0xe0
  175. 24a0.2c14: Timestamp: 0xe8b54827
  176. 24a0.2c14: Machine: 0x8664 - amd64
  177. 24a0.2c14: Timestamp: 0xe8b54827
  178. 24a0.2c14: Image Version: 10.0
  179. 24a0.2c14: SizeOfImage: 0x1ed000 (2019328)
  180. 24a0.2c14: Resource Dir: 0x17d000 LB 0x6ea08
  181. 24a0.2c14: ProductName: Microsoft® Windows® Operating System
  182. 24a0.2c14: ProductVersion: 10.0.17763.194
  183. 24a0.2c14: FileVersion: 10.0.17763.194 (WinBuild.160101.0800)
  184. 24a0.2c14: FileDescription: NT Layer DLL
  185. 24a0.2c14: \SystemRoot\System32\kernel32.dll:
  186. 24a0.2c14: CreationTime: 2018-09-15T07:28:44.342269900Z
  187. 24a0.2c14: LastWriteTime: 2018-09-15T07:28:44.342269900Z
  188. 24a0.2c14: ChangeTime: 2018-11-27T23:00:42.235380500Z
  189. 24a0.2c14: FileAttributes: 0x20
  190. 24a0.2c14: Size: 0xb1380
  191. 24a0.2c14: NT Headers: 0xe8
  192. 24a0.2c14: Timestamp: 0x65614da1
  193. 24a0.2c14: Machine: 0x8664 - amd64
  194. 24a0.2c14: Timestamp: 0x65614da1
  195. 24a0.2c14: Image Version: 10.0
  196. 24a0.2c14: SizeOfImage: 0xb3000 (733184)
  197. 24a0.2c14: Resource Dir: 0xb1000 LB 0x520
  198. 24a0.2c14: ProductName: Microsoft® Windows® Operating System
  199. 24a0.2c14: ProductVersion: 10.0.17763.1
  200. 24a0.2c14: FileVersion: 10.0.17763.1 (WinBuild.160101.0800)
  201. 24a0.2c14: FileDescription: Windows NT BASE API Client DLL
  202. 24a0.2c14: \SystemRoot\System32\KernelBase.dll:
  203. 24a0.2c14: CreationTime: 2018-11-28T11:09:10.498025800Z
  204. 24a0.2c14: LastWriteTime: 2018-11-28T11:09:10.560520900Z
  205. 24a0.2c14: ChangeTime: 2018-12-20T14:42:55.837475400Z
  206. 24a0.2c14: FileAttributes: 0x20
  207. 24a0.2c14: Size: 0x293cc8
  208. 24a0.2c14: NT Headers: 0xf8
  209. 24a0.2c14: Timestamp: 0x1659a33b
  210. 24a0.2c14: Machine: 0x8664 - amd64
  211. 24a0.2c14: Timestamp: 0x1659a33b
  212. 24a0.2c14: Image Version: 10.0
  213. 24a0.2c14: SizeOfImage: 0x293000 (2699264)
  214. 24a0.2c14: Resource Dir: 0x26f000 LB 0x548
  215. 24a0.2c14: ProductName: Microsoft® Windows® Operating System
  216. 24a0.2c14: ProductVersion: 10.0.17763.134
  217. 24a0.2c14: FileVersion: 10.0.17763.134 (WinBuild.160101.0800)
  218. 24a0.2c14: FileDescription: Windows NT BASE API Client DLL
  219. 24a0.2c14: \SystemRoot\System32\apisetschema.dll:
  220. 24a0.2c14: CreationTime: 2018-09-15T07:28:25.403122600Z
  221. 24a0.2c14: LastWriteTime: 2018-09-15T07:28:25.403122600Z
  222. 24a0.2c14: ChangeTime: 2018-11-27T22:49:35.488419400Z
  223. 24a0.2c14: FileAttributes: 0x20
  224. 24a0.2c14: Size: 0x1c738
  225. 24a0.2c14: NT Headers: 0xd0
  226. 24a0.2c14: Timestamp: 0x33775897
  227. 24a0.2c14: Machine: 0x8664 - amd64
  228. 24a0.2c14: Timestamp: 0x33775897
  229. 24a0.2c14: Image Version: 10.0
  230. 24a0.2c14: SizeOfImage: 0x1d000 (118784)
  231. 24a0.2c14: Resource Dir: 0x1c000 LB 0x408
  232. 24a0.2c14: ProductName: Microsoft® Windows® Operating System
  233. 24a0.2c14: ProductVersion: 10.0.17763.1
  234. 24a0.2c14: FileVersion: 10.0.17763.1 (WinBuild.160101.0800)
  235. 24a0.2c14: FileDescription: ApiSet Schema DLL
  236. 24a0.2c14: NtOpenDirectoryObject failed on \Driver: 0xc0000022
  237. 24a0.2c14: supR3HardenedWinFindAdversaries: 0x0
  238. 24a0.2c14: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
  239. 24a0.2c14: Calling main()
  240. 24a0.2c14: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
  241. 24a0.2c14: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
  242. 24a0.2c14: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  243. 24a0.2c14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  244. 24a0.2c14: SUPR3HardenedMain: Respawn #2
  245. 24a0.2c14: supR3HardNtEnableThreadCreation:
  246. 24a0.2c14: supR3HardenedDllNotificationCallback: load 00007ffb82a40000 LB 0x00122000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
  247. 24a0.2c14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
  248. 24a0.2c14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
  249. 24a0.2c14: supR3HardenedDllNotificationCallback: load 00007ffb819d0000 LB 0x0009e000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
  250. 24a0.2c14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
  251. 24a0.2c14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
  252. 24a0.2c14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
  253. 24a0.2c14: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
  254. 24a0.2c14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdll.dll)
  255. 24a0.2c14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  256. 24a0.2c14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  257. 24a0.2c14: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  258. 24a0.2c14: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  259. 24a0.2c14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ntdll.dll (Input=ntdll.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  260. 24a0.2c14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb82e30000 'C:\WINDOWS\System32\ntdll.dll'
  261. 24a0.2c14: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb82ea5640 pvNtTerminateThread=00007ffb82ed00b0
  262. 24a0.2c14: supR3HardenedWinDoReSpawn(2): New child 2e38.c8 [kernel32].
  263. 24a0.2c14: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
  264. 24a0.2c14: supR3HardNtChildGatherData: PebBaseAddress=00000000009de000 cbPeb=0x388
  265. 24a0.2c14: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffb82e30000 uNtDllChildAddr=00007ffb82e30000
  266. 24a0.2c14: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffb82ea5640
  267. 24a0.2c14: supR3HardenedWinSetupChildInit: Start child.
  268. 24a0.2c14: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
  269. 24a0.2c14: supR3HardNtChildPurify: Startup delay kludge #1/0: 260 ms, 24 sleeps
  270. 24a0.2c14: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
  271. 24a0.2c14: *0000000000000000-ffffffffff84ffff 0x0001/0x0000 0x0000000
  272. 24a0.2c14: *00000000007b0000-000000000078ffff 0x0004/0x0004 0x0020000
  273. 24a0.2c14: *00000000007d0000-00000000007b5fff 0x0002/0x0002 0x0040000
  274. 24a0.2c14: 00000000007ea000-00000000007e3fff 0x0001/0x0000 0x0000000
  275. 24a0.2c14: *00000000007f0000-00000000007ebfff 0x0002/0x0002 0x0040000
  276. 24a0.2c14: 00000000007f4000-00000000007e7fff 0x0001/0x0000 0x0000000
  277. 24a0.2c14: *0000000000800000-0000000000621fff 0x0000/0x0004 0x0020000
  278. 24a0.2c14: 00000000009de000-00000000009dafff 0x0004/0x0004 0x0020000
  279. 24a0.2c14: 00000000009e1000-00000000009c1fff 0x0000/0x0004 0x0020000
  280. 24a0.2c14: *0000000000a00000-0000000000904fff 0x0000/0x0004 0x0020000
  281. 24a0.2c14: 0000000000afb000-0000000000af7fff 0x0104/0x0004 0x0020000
  282. 24a0.2c14: 0000000000afe000-0000000000afbfff 0x0004/0x0004 0x0020000
  283. 24a0.2c14: *0000000000b00000-0000000000afdfff 0x0004/0x0004 0x0020000
  284. 24a0.2c14: 0000000000b02000-ffffffff81623fff 0x0001/0x0000 0x0000000
  285. 24a0.2c14: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
  286. 24a0.2c14: 000000007ffe1000-000000007ffdefff 0x0001/0x0000 0x0000000
  287. 24a0.2c14: *000000007ffe3000-000000007ffe1fff 0x0002/0x0002 0x0020000
  288. 24a0.2c14: 000000007ffe4000-ffff800b4eac7fff 0x0001/0x0000 0x0000000
  289. 24a0.2c14: *00007ff5b1500000-00007ff5b14fefff 0x0002/0x0002 0x0040000
  290. 24a0.2c14: 00007ff5b1501000-00007ff5b14f1fff 0x0001/0x0000 0x0000000
  291. 24a0.2c14: *00007ff5b1510000-00007ff5b14ecfff 0x0002/0x0002 0x0040000
  292. 24a0.2c14: 00007ff5b1533000-00007ff4b9685fff 0x0001/0x0000 0x0000000
  293. 24a0.2c14: *00007ff6a93e0000-00007ff6a93e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
  294. 24a0.2c14: 00007ff6a93e1000-00007ff6a944ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
  295. 24a0.2c14: 00007ff6a9450000-00007ff6a9450fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
  296. 24a0.2c14: 00007ff6a9451000-00007ff6a9494fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
  297. 24a0.2c14: 00007ff6a9495000-00007ff6a9495fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
  298. 24a0.2c14: 00007ff6a9496000-00007ff6a9496fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
  299. 24a0.2c14: 00007ff6a9497000-00007ff6a949bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
  300. 24a0.2c14: 00007ff6a949c000-00007ff6a949cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
  301. 24a0.2c14: 00007ff6a949d000-00007ff6a949dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
  302. 24a0.2c14: 00007ff6a949e000-00007ff6a94a1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
  303. 24a0.2c14: 00007ff6a94a2000-00007ff6a94e9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
  304. 24a0.2c14: 00007ff6a94ea000-00007ff1cfba3fff 0x0001/0x0000 0x0000000
  305. 24a0.2c14: *00007ffb82e30000-00007ffb82e30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  306. 24a0.2c14: 00007ffb82e31000-00007ffb82f47fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  307. 24a0.2c14: 00007ffb82f48000-00007ffb82f8efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  308. 24a0.2c14: 00007ffb82f8f000-00007ffb82f99fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  309. 24a0.2c14: 00007ffb82f9a000-00007ffb82fa7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  310. 24a0.2c14: 00007ffb82fa8000-00007ffb82fa8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  311. 24a0.2c14: 00007ffb82fa9000-00007ffb82fabfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  312. 24a0.2c14: 00007ffb82fac000-00007ffb8301cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
  313. 24a0.2c14: 00007ffb8301d000-00007ff706049fff 0x0001/0x0000 0x0000000
  314. 24a0.2c14: VirtualBox.exe: timestamp 0x5790f053 (rc=VINF_SUCCESS)
  315. 24a0.2c14: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  316. 24a0.2c14: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
  317. 24a0.2c14: supR3HardNtChildPurify: Done after 292 ms and 0 fixes (loop #0).
  318. 2e38.c8: Log file opened: 5.1.2r108956 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0456300
  319. 2e38.c8: supR3HardenedVmProcessInit: uNtDllAddr=00007ffb82e30000 g_uNtVerCombined=0xa0456300
  320. 2e38.c8: ntdll.dll: timestamp 0xe8b54827 (rc=VINF_SUCCESS)
  321. 2e38.c8: New simple heap: #1 0000000000c10000 LB 0x400000 (for 2019328 allocation)
  322. 24a0.2c14: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001400000 LB 0x400000)
  323. 24a0.2c14: supR3HardNtEnableThreadCreation:
  324. 2e38.c8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
  325. 2e38.c8: System32: \Device\HarddiskVolume2\Windows\System32
  326. 2e38.c8: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
  327. 2e38.c8: KnownDllPath: C:\WINDOWS\System32
  328. 2e38.c8: supR3HardenedVmProcessInit: Opening vboxdrv...
  329. 2e38.c8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
  330. 2e38.c8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
  331. 2e38.c8: Registered Dll notification callback with NTDLL.
  332. 2e38.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
  333. 2e38.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
  334. 2e38.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
  335. 2e38.c8: supR3HardenedDllNotificationCallback: load 00007ffb7fdd0000 LB 0x00293000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
  336. 2e38.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
  337. 2e38.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
  338. 2e38.c8: supR3HardenedDllNotificationCallback: load 00007ffb81a70000 LB 0x000b3000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
  339. 2e38.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  340. 2e38.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb81a70000 'C:\WINDOWS\System32\KERNEL32.DLL'
  341. 2e38.c8: supR3HardenedDllNotificationCallback: load 00007ff6a93e0000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
  342. 2e38.c8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  343. 2e38.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  344. 2e38.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
  345. 2e38.c8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffb82ea5640 pvNtTerminateThread=00007ffb82ed00b0
  346. 24a0.2c14: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 106 ms.
  347. 2e38.c8: \SystemRoot\System32\ntdll.dll:
  348. 2e38.c8: CreationTime: 2018-12-13T19:22:02.635309100Z
  349. 2e38.c8: LastWriteTime: 2018-12-13T19:22:02.682181600Z
  350. 2e38.c8: ChangeTime: 2018-12-20T14:42:55.839474100Z
  351. 2e38.c8: FileAttributes: 0x20
  352. 2e38.c8: Size: 0x1e7010
  353. 2e38.c8: NT Headers: 0xe0
  354. 2e38.c8: Timestamp: 0xe8b54827
  355. 2e38.c8: Machine: 0x8664 - amd64
  356. 2e38.c8: Timestamp: 0xe8b54827
  357. 2e38.c8: Image Version: 10.0
  358. 2e38.c8: SizeOfImage: 0x1ed000 (2019328)
  359. 2e38.c8: Resource Dir: 0x17d000 LB 0x6ea08
  360. 2e38.c8: ProductName: Microsoft® Windows® Operating System
  361. 2e38.c8: ProductVersion: 10.0.17763.194
  362. 2e38.c8: FileVersion: 10.0.17763.194 (WinBuild.160101.0800)
  363. 2e38.c8: FileDescription: NT Layer DLL
  364. 2e38.c8: \SystemRoot\System32\kernel32.dll:
  365. 2e38.c8: CreationTime: 2018-09-15T07:28:44.342269900Z
  366. 2e38.c8: LastWriteTime: 2018-09-15T07:28:44.342269900Z
  367. 2e38.c8: ChangeTime: 2018-11-27T23:00:42.235380500Z
  368. 2e38.c8: FileAttributes: 0x20
  369. 2e38.c8: Size: 0xb1380
  370. 2e38.c8: NT Headers: 0xe8
  371. 2e38.c8: Timestamp: 0x65614da1
  372. 2e38.c8: Machine: 0x8664 - amd64
  373. 2e38.c8: Timestamp: 0x65614da1
  374. 2e38.c8: Image Version: 10.0
  375. 2e38.c8: SizeOfImage: 0xb3000 (733184)
  376. 2e38.c8: Resource Dir: 0xb1000 LB 0x520
  377. 2e38.c8: ProductName: Microsoft® Windows® Operating System
  378. 2e38.c8: ProductVersion: 10.0.17763.1
  379. 2e38.c8: FileVersion: 10.0.17763.1 (WinBuild.160101.0800)
  380. 2e38.c8: FileDescription: Windows NT BASE API Client DLL
  381. 2e38.c8: \SystemRoot\System32\KernelBase.dll:
  382. 2e38.c8: CreationTime: 2018-11-28T11:09:10.498025800Z
  383. 2e38.c8: LastWriteTime: 2018-11-28T11:09:10.560520900Z
  384. 2e38.c8: ChangeTime: 2018-12-20T14:42:55.837475400Z
  385. 2e38.c8: FileAttributes: 0x20
  386. 2e38.c8: Size: 0x293cc8
  387. 2e38.c8: NT Headers: 0xf8
  388. 2e38.c8: Timestamp: 0x1659a33b
  389. 2e38.c8: Machine: 0x8664 - amd64
  390. 2e38.c8: Timestamp: 0x1659a33b
  391. 2e38.c8: Image Version: 10.0
  392. 2e38.c8: SizeOfImage: 0x293000 (2699264)
  393. 2e38.c8: Resource Dir: 0x26f000 LB 0x548
  394. 2e38.c8: ProductName: Microsoft® Windows® Operating System
  395. 2e38.c8: ProductVersion: 10.0.17763.134
  396. 2e38.c8: FileVersion: 10.0.17763.134 (WinBuild.160101.0800)
  397. 2e38.c8: FileDescription: Windows NT BASE API Client DLL
  398. 2e38.c8: \SystemRoot\System32\apisetschema.dll:
  399. 2e38.c8: CreationTime: 2018-09-15T07:28:25.403122600Z
  400. 2e38.c8: LastWriteTime: 2018-09-15T07:28:25.403122600Z
  401. 2e38.c8: ChangeTime: 2018-11-27T22:49:35.488419400Z
  402. 2e38.c8: FileAttributes: 0x20
  403. 2e38.c8: Size: 0x1c738
  404. 2e38.c8: NT Headers: 0xd0
  405. 2e38.c8: Timestamp: 0x33775897
  406. 2e38.c8: Machine: 0x8664 - amd64
  407. 2e38.c8: Timestamp: 0x33775897
  408. 2e38.c8: Image Version: 10.0
  409. 2e38.c8: SizeOfImage: 0x1d000 (118784)
  410. 2e38.c8: Resource Dir: 0x1c000 LB 0x408
  411. 2e38.c8: ProductName: Microsoft® Windows® Operating System
  412. 2e38.c8: ProductVersion: 10.0.17763.1
  413. 2e38.c8: FileVersion: 10.0.17763.1 (WinBuild.160101.0800)
  414. 2e38.c8: FileDescription: ApiSet Schema DLL
  415. 2e38.c8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
  416. 2e38.c8: supR3HardenedWinFindAdversaries: 0x0
  417. 2e38.c8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
  418. 2e38.c8: Calling main()
  419. 2e38.c8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
  420. 2e38.c8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
  421. 2e38.c8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  422. 2e38.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  423. 2e38.c8: SUPR3HardenedMain: Final process, opening VBoxDrv...
  424. 2e38.c8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000c10000 LB 0x400000)
  425. 2e38.c8: supR3HardNtEnableThreadCreation:
  426. 2e38.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
  427. 2e38.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
  428. 2e38.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  429. 2e38.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  430. 2e38.c8: supR3HardenedDllNotificationCallback: load 00007ffb7c8f0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
  431. 2e38.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  432. 2e38.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  433. 2e38.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  434. 2e38.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
  435. 2e38.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  436. 2e38.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  437. 2e38.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
  438. 2e38.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7c8f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
  439. 2e38.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  440. 2e38.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
  441. 2e38.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
  442. 2e38.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
  443. 2e38.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
  444. 2e38.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
  445. 2e38.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  446. 2e38.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  447. 2e38.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
  448. 2e38.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
  449. 2e38.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
  450. 2e38.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
  451. 2e38.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'msasn1.dll'.
  452. 2e38.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
  453. 2e38.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
  454. 2e38.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
  455. 2e38.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
  456. 2e38.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
  457. 2e38.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
  458. 2e38.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  459. 2e38.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  460. 2e38.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
  461. 2e38.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
  462. 2e38.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
  463. 2e38.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
  464. 2e38.c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
  465. 2e38.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  466. 2e38.c8: supR3HardenedDllNotificationCallback: load 00007ffb82d60000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
  467. 2e38.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  468. 2e38.c8: supR3HardenedDllNotificationCallback: load 00007ffb7ef40000 LB 0x00012000 C:\WINDOWS\System32\MSASN1.dll [fFlags=0x0]
  469. 2e38.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
  470. 2e38.c8: supR3HardenedDllNotificationCallback: load 00007ffb7f120000 LB 0x000fc000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
  471. 2e38.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ucrtbase.dll)
  472. 2e38.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ucrtbase.dll
  473. 2e38.c8: supR3HardenedDllNotificationCallback: load 00007ffb7fbf0000 LB 0x001db000 C:\WINDOWS\System32\CRYPT32.dll [fFlags=0x0]
  474. 2e38.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  475. 2e38.c8: supR3HardenedDllNotificationCallback: load 00007ffb82a40000 LB 0x00122000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
  476. 2e38.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  477. 2e38.c8: supR3HardenedDllNotificationCallback: load 00007ffb7f220000 LB 0x00058000 C:\WINDOWS\System32\Wintrust.dll [fFlags=0x0]
  478. 2e38.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  479. 2e38.c8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  480. 2e38.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7fdd0000 'api-ms-win-core-synch-l1-2-0'
  481. 2e38.c8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  482. 2e38.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7fdd0000 'api-ms-win-core-fibers-l1-1-1'
  483. 2e38.c8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  484. 2e38.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7fdd0000 'api-ms-win-core-fibers-l1-1-1'
  485. 2e38.c8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  486. 2e38.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7fdd0000 'api-ms-win-core-synch-l1-2-0'
  487. 2e38.c8: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  488. 2e38.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7fdd0000 'api-ms-win-core-localization-l1-2-1'
  489. 2e38.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffb7f220000 'C:\WINDOWS\system32\Wintrust.dll'
  490. 2e38.c8: supHardenedWinVerifyImageByHandle: -> -626 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
  491. 2e38.c8: Error (rc=0):
  492. 2e38.c8: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Windows\System32\bcrypt.dll: Grown load config (192 to 264 bytes) includes non-zero bytes: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 ba 01 80 01 00 00 00 00 00 00 00 00 00 00 00
  493. 2e38.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
  494. 2e38.c8: Error (rc=0):
  495. 2e38.c8: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\system32\bcrypt.dll' (C:\WINDOWS\system32\bcrypt.dll): rcNt=0xc0000190
  496. 2e38.c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\bcrypt.dll'
  497. 2e38.c8: Warning! Failed to load bcrypt.dll
  498. 2e38.c8: supR3HardenedDllNotificationCallback: load 00007ffb7f280000 LB 0x00017000 C:\WINDOWS\System32\CRYPTSP.dll [fFlags=0x0]
  499. 2e38.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
  500. 2e38.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
  501. 2e38.c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'bcrypt.dll'.
  502. 2e38.c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
  503. 2e38.c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
  504. 2e38.c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
  505. 2e38.c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
  506. 2e38.c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -626 (0xfffffd8e)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  507. 2e38.c8: Error (rc=0):
  508. 2e38.c8: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
  509. 2e38.c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  510. 2e38.c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  511. 2e38.c8: supR3HardenedDllNotificationCallback: load 00007ffb7fbc0000 LB 0x00026000 C:\WINDOWS\System32\bcrypt.dll [fFlags=0x0]
  512. 2e38.c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -626 (0xfffffd8e)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  513. 2e38.c8: Error (rc=0):
  514. 2e38.c8: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
  515. 2e38.c8: Fatal error:
  516. 2e38.c8: supR3HardenedDllNotificationCallback: supR3HardenedScreenImage failed on 'C:\WINDOWS\System32\bcrypt.dll' / '\??\C:\WINDOWS\System32\bcrypt.dll': 0xc0000190
  517. 24a0.2c14: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 102 ms, the end);
  518. 1680.27a0: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 584 ms, the end);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!