SHARE
TWEET

VBoxHardening.log

a guest Aug 17th, 2016 219 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 910.2008: Log file opened: 5.1.4r110228 g_hStartupLog=000000000000011c g_uNtVerCombined=0xa0295a00
  2. 910.2008: \SystemRoot\System32\ntdll.dll:
  3. 910.2008:     CreationTime:    2016-05-11T12:05:10.014704600Z
  4. 910.2008:     LastWriteTime:   2016-04-23T05:24:28.464629900Z
  5. 910.2008:     ChangeTime:      2016-05-15T20:19:31.012649400Z
  6. 910.2008:     FileAttributes:  0x20
  7. 910.2008:     Size:            0x1bc248
  8. 910.2008:     NT Headers:      0xe0
  9. 910.2008:     Timestamp:       0x571af2eb
  10. 910.2008:     Machine:         0x8664 - amd64
  11. 910.2008:     Timestamp:       0x571af2eb
  12. 910.2008:     Image Version:   10.0
  13. 910.2008:     SizeOfImage:     0x1c1000 (1839104)
  14. 910.2008:     Resource Dir:    0x159000 LB 0x66218
  15. 910.2008:     ProductName:     Microsoft┬« Windows┬« Operating System
  16. 910.2008:     ProductVersion:  10.0.10586.306
  17. 910.2008:     FileVersion:     10.0.10586.306 (th2_release_sec.160422-1850)
  18. 910.2008:     FileDescription: NT Layer DLL
  19. 910.2008: \SystemRoot\System32\kernel32.dll:
  20. 910.2008:     CreationTime:    2015-10-30T07:16:20.331389100Z
  21. 910.2008:     LastWriteTime:   2015-10-30T07:16:20.331389100Z
  22. 910.2008:     ChangeTime:      2016-03-14T17:41:57.967766000Z
  23. 910.2008:     FileAttributes:  0x20
  24. 910.2008:     Size:            0xac430
  25. 910.2008:     NT Headers:      0xf0
  26. 910.2008:     Timestamp:       0x5632d5aa
  27. 910.2008:     Machine:         0x8664 - amd64
  28. 910.2008:     Timestamp:       0x5632d5aa
  29. 910.2008:     Image Version:   10.0
  30. 910.2008:     SizeOfImage:     0xad000 (708608)
  31. 910.2008:     Resource Dir:    0xab000 LB 0x528
  32. 910.2008:     ProductName:     Microsoft┬« Windows┬« Operating System
  33. 910.2008:     ProductVersion:  10.0.10586.0
  34. 910.2008:     FileVersion:     10.0.10586.0 (th2_release.151029-1700)
  35. 910.2008:     FileDescription: Windows NT BASE API Client DLL
  36. 910.2008: \SystemRoot\System32\KernelBase.dll:
  37. 910.2008:     CreationTime:    2016-07-13T07:44:02.748091300Z
  38. 910.2008:     LastWriteTime:   2016-07-01T04:49:21.864958900Z
  39. 910.2008:     ChangeTime:      2016-07-13T11:37:19.901820900Z
  40. 910.2008:     FileAttributes:  0x20
  41. 910.2008:     Size:            0x1e7a10
  42. 910.2008:     NT Headers:      0xf0
  43. 910.2008:     Timestamp:       0x5775e4c5
  44. 910.2008:     Machine:         0x8664 - amd64
  45. 910.2008:     Timestamp:       0x5775e4c5
  46. 910.2008:     Image Version:   10.0
  47. 910.2008:     SizeOfImage:     0x1e8000 (1998848)
  48. 910.2008:     Resource Dir:    0x1d1000 LB 0x548
  49. 910.2008:     ProductName:     Microsoft┬« Windows┬« Operating System
  50. 910.2008:     ProductVersion:  10.0.10586.494
  51. 910.2008:     FileVersion:     10.0.10586.494 (th2_release_sec.160630-1736)
  52. 910.2008:     FileDescription: Windows NT BASE API Client DLL
  53. 910.2008: \SystemRoot\System32\apisetschema.dll:
  54. 910.2008:     CreationTime:    2015-10-30T07:16:42.846943300Z
  55. 910.2008:     LastWriteTime:   2015-10-30T07:16:42.862567900Z
  56. 910.2008:     ChangeTime:      2016-03-14T17:41:53.529567100Z
  57. 910.2008:     FileAttributes:  0x20
  58. 910.2008:     Size:            0x16d60
  59. 910.2008:     NT Headers:      0xc8
  60. 910.2008:     Timestamp:       0x5632d94c
  61. 910.2008:     Machine:         0x8664 - amd64
  62. 910.2008:     Timestamp:       0x5632d94c
  63. 910.2008:     Image Version:   10.0
  64. 910.2008:     SizeOfImage:     0x18000 (98304)
  65. 910.2008:     Resource Dir:    0x17000 LB 0x400
  66. 910.2008:     ProductName:     Microsoft┬« Windows┬« Operating System
  67. 910.2008:     ProductVersion:  10.0.10586.0
  68. 910.2008:     FileVersion:     10.0.10586.0 (th2_release.151029-1700)
  69. 910.2008:     FileDescription: ApiSet Schema DLL
  70. 910.2008: supR3HardenedWinFindAdversaries: 0x80
  71. 910.2008: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
  72. 910.2008:     CreationTime:    2016-01-05T09:38:45.769859200Z
  73. 910.2008:     LastWriteTime:   2016-08-16T15:17:33.175624300Z
  74. 910.2008:     ChangeTime:      2016-08-16T15:17:33.175624300Z
  75. 910.2008:     FileAttributes:  0x20
  76. 910.2008:     Size:            0x2eed8
  77. 910.2008:     NT Headers:      0xe0
  78. 910.2008:     Timestamp:       0x55b855d9
  79. 910.2008:     Machine:         0x8664 - amd64
  80. 910.2008:     Timestamp:       0x55b855d9
  81. 910.2008:     Image Version:   6.1
  82. 910.2008:     SizeOfImage:     0x33000 (208896)
  83. 910.2008:     Resource Dir:    0x31000 LB 0x3b8
  84. 910.2008:     ProductName:     Malwarebytes Anti-Malware
  85. 910.2008:     ProductVersion:  0.3.0.0
  86. 910.2008:     FileVersion:     0.3.0.0
  87. 910.2008:     FileDescription: Malwarebytes Anti-Malware
  88. 910.2008: \SystemRoot\System32\drivers\mwac.sys:
  89. 910.2008:     CreationTime:    2016-01-05T09:38:10.192276800Z
  90. 910.2008:     LastWriteTime:   2016-03-10T12:09:10.000000000Z
  91. 910.2008:     ChangeTime:      2016-05-22T17:27:09.681502800Z
  92. 910.2008:     FileAttributes:  0x20
  93. 910.2008:     Size:            0xff80
  94. 910.2008:     NT Headers:      0xe0
  95. 910.2008:     Timestamp:       0x53a0f444
  96. 910.2008:     Machine:         0x8664 - amd64
  97. 910.2008:     Timestamp:       0x53a0f444
  98. 910.2008:     Image Version:   6.2
  99. 910.2008:     SizeOfImage:     0x13000 (77824)
  100. 910.2008:     Resource Dir:    0x11000 LB 0x3e0
  101. 910.2008:     ProductName:     Malwarebytes Web Access Control
  102. 910.2008:     ProductVersion:  1.0.6.0
  103. 910.2008:     FileVersion:     1.0.6.0
  104. 910.2008:     FileDescription: Malwarebytes Web Access Control
  105. 910.2008: \SystemRoot\System32\drivers\mbamchameleon.sys:
  106. 910.2008:     CreationTime:    2016-01-05T09:38:10.256320100Z
  107. 910.2008:     LastWriteTime:   2016-03-10T12:08:58.000000000Z
  108. 910.2008:     ChangeTime:      2016-05-22T17:27:09.728541000Z
  109. 910.2008:     FileAttributes:  0x20
  110. 910.2008:     Size:            0x22580
  111. 910.2008:     NT Headers:      0xe0
  112. 910.2008:     Timestamp:       0x56a95753
  113. 910.2008:     Machine:         0x8664 - amd64
  114. 910.2008:     Timestamp:       0x56a95753
  115. 910.2008:     Image Version:   6.1
  116. 910.2008:     SizeOfImage:     0x26000 (155648)
  117. 910.2008:     Resource Dir:    0x24000 LB 0xba8
  118. 910.2008:     ProductName:     Malwarebytes Chameleon
  119. 910.2008:     ProductVersion:  1.1.22.0
  120. 910.2008:     FileVersion:     1.1.22.0
  121. 910.2008:     FileDescription: Malwarebytes Chameleon Protection Driver
  122. 910.2008: \SystemRoot\System32\drivers\mbam.sys:
  123. 910.2008:     CreationTime:    2016-01-05T09:38:10.135239900Z
  124. 910.2008:     LastWriteTime:   2016-03-10T12:08:54.000000000Z
  125. 910.2008:     ChangeTime:      2016-05-22T17:27:09.298096400Z
  126. 910.2008:     FileAttributes:  0x20
  127. 910.2008:     Size:            0x6980
  128. 910.2008:     NT Headers:      0xd8
  129. 910.2008:     Timestamp:       0x55ca3257
  130. 910.2008:     Machine:         0x8664 - amd64
  131. 910.2008:     Timestamp:       0x55ca3257
  132. 910.2008:     Image Version:   6.1
  133. 910.2008:     SizeOfImage:     0xa000 (40960)
  134. 910.2008:     Resource Dir:    0x8000 LB 0x3a0
  135. 910.2008:     ProductName:     Malwarebytes Anti-Malware
  136. 910.2008:     ProductVersion:  0.1.16.0
  137. 910.2008:     FileVersion:     0.1.16.0
  138. 910.2008:     FileDescription: Malwarebytes Anti-Malware
  139. 910.2008: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  140. 910.2008: Calling main()
  141. 910.2008: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
  142. 910.2008: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  143. 910.2008: SUPR3HardenedMain: Respawn #1
  144. 910.2008: System32:  \Device\HarddiskVolume4\Windows\System32
  145. 910.2008: WinSxS:    \Device\HarddiskVolume4\Windows\WinSxS
  146. 910.2008: KnownDllPath: C:\WINDOWS\system32
  147. 910.2008: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  148. 910.2008: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  149. 910.2008: supR3HardNtEnableThreadCreation:
  150. 910.2008: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9f7c56d50 pvNtTerminateThread=00007ff9f7c85b30
  151. 910.2008: supR3HardenedWinDoReSpawn(1): New child 24e8.10f0 [kernel32].
  152. 910.2008: supR3HardNtChildGatherData: PebBaseAddress=0000000000746000 cbPeb=0x388
  153. 910.2008: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff9f7be0000 uNtDllChildAddr=00007ff9f7be0000
  154. 910.2008: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9f7c56d50
  155. 910.2008: supR3HardenedWinSetupChildInit: Start child.
  156. 910.2008: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
  157. 910.2008: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 54 sleeps
  158. 910.2008: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
  159. 910.2008:  *0000000000000000-ffffffffffb9ffff 0x0001/0x0000 0x0000000
  160. 910.2008:  *0000000000460000-000000000043ffff 0x0004/0x0004 0x0020000
  161. 910.2008:  *0000000000480000-000000000046afff 0x0002/0x0002 0x0040000
  162. 910.2008:   0000000000495000-0000000000489fff 0x0001/0x0000 0x0000000
  163. 910.2008:  *00000000004a0000-00000000003a4fff 0x0000/0x0004 0x0020000
  164. 910.2008:   000000000059b000-0000000000597fff 0x0104/0x0004 0x0020000
  165. 910.2008:   000000000059e000-000000000059bfff 0x0004/0x0004 0x0020000
  166. 910.2008:  *00000000005a0000-000000000059bfff 0x0002/0x0002 0x0040000
  167. 910.2008:   00000000005a4000-0000000000597fff 0x0001/0x0000 0x0000000
  168. 910.2008:  *00000000005b0000-00000000005adfff 0x0004/0x0004 0x0020000
  169. 910.2008:   00000000005b2000-0000000000563fff 0x0001/0x0000 0x0000000
  170. 910.2008:  *0000000000600000-00000000004b9fff 0x0000/0x0004 0x0020000
  171. 910.2008:   0000000000746000-0000000000742fff 0x0004/0x0004 0x0020000
  172. 910.2008:   0000000000749000-0000000000691fff 0x0000/0x0004 0x0020000
  173. 910.2008:   0000000000800000-ffffffff8101ffff 0x0001/0x0000 0x0000000
  174. 910.2008:  *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
  175. 910.2008:   000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
  176. 910.2008:   000000007fff0000-ffff80099fe6ffff 0x0001/0x0000 0x0000000
  177. 910.2008:  *00007ff760170000-00007ff76014cfff 0x0002/0x0002 0x0040000
  178. 910.2008:   00007ff760193000-00007ff75fbc5fff 0x0001/0x0000 0x0000000
  179. 910.2008:  *00007ff760760000-00007ff760760fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  180. 910.2008:   00007ff760761000-00007ff7607cffff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  181. 910.2008:   00007ff7607d0000-00007ff7607d0fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  182. 910.2008:   00007ff7607d1000-00007ff760815fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  183. 910.2008:   00007ff760816000-00007ff760816fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  184. 910.2008:   00007ff760817000-00007ff760817fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  185. 910.2008:   00007ff760818000-00007ff76081cfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  186. 910.2008:   00007ff76081d000-00007ff76081dfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  187. 910.2008:   00007ff76081e000-00007ff76081efff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  188. 910.2008:   00007ff76081f000-00007ff760822fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  189. 910.2008:   00007ff760823000-00007ff76086afff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  190. 910.2008:   00007ff76086b000-00007ff4c94f5fff 0x0001/0x0000 0x0000000
  191. 910.2008:  *00007ff9f7be0000-00007ff9f7be0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  192. 910.2008:   00007ff9f7be1000-00007ff9f7cddfff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  193. 910.2008:   00007ff9f7cde000-00007ff9f7d1efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  194. 910.2008:   00007ff9f7d1f000-00007ff9f7d27fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  195. 910.2008:   00007ff9f7d28000-00007ff9f7d34fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  196. 910.2008:   00007ff9f7d35000-00007ff9f7d35fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  197. 910.2008:   00007ff9f7d36000-00007ff9f7d38fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  198. 910.2008:   00007ff9f7d39000-00007ff9f7da0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  199. 910.2008:   00007ff9f7da1000-00007ff3efb61fff 0x0001/0x0000 0x0000000
  200. 910.2008:  *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
  201. 910.2008: VirtualBox.exe: timestamp 0x57b358f8 (rc=VINF_SUCCESS)
  202. 910.2008: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  203. 910.2008: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
  204. 910.2008: supR3HardNtChildPurify: Done after 571 ms and 0 fixes (loop #0).
  205. 24e8.10f0: Log file opened: 5.1.4r110228 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0295a00
  206. 24e8.10f0: supR3HardenedVmProcessInit: uNtDllAddr=00007ff9f7be0000 g_uNtVerCombined=0xa0295a00
  207. 24e8.10f0: ntdll.dll: timestamp 0x571af2eb (rc=VINF_SUCCESS)
  208. 24e8.10f0: New simple heap: #1 0000000000900000 LB 0x400000 (for 1839104 allocation)
  209. 24e8.10f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  210. 24e8.10f0: System32:  \Device\HarddiskVolume4\Windows\System32
  211. 24e8.10f0: WinSxS:    \Device\HarddiskVolume4\Windows\WinSxS
  212. 24e8.10f0: KnownDllPath: C:\WINDOWS\system32
  213. 24e8.10f0: supR3HardenedVmProcessInit: Opening vboxdrv stub...
  214. 910.2008: supR3HardNtEnableThreadCreation:
  215. 24e8.10f0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
  216. 24e8.10f0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
  217. 24e8.10f0: Registered Dll notification callback with NTDLL.
  218. 24e8.10f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
  219. 24e8.10f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
  220. 24e8.10f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
  221. 24e8.10f0: supR3HardenedDllNotificationCallback: load   00007ff9f4bb0000 LB 0x001e8000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
  222. 24e8.10f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
  223. 24e8.10f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
  224. 24e8.10f0: supR3HardenedDllNotificationCallback: load   00007ff9f5270000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
  225. 24e8.10f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  226. 24e8.10f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5270000 'C:\WINDOWS\system32\KERNEL32.DLL'
  227. 24e8.10f0: supR3HardenedDllNotificationCallback: load   00007ff760760000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
  228. 24e8.10f0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  229. 24e8.10f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  230. 24e8.10f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  231. 24e8.10f0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9f7c56d50 pvNtTerminateThread=00007ff9f7c85b30
  232. 24e8.10f0: \SystemRoot\System32\ntdll.dll:
  233. 24e8.10f0:     CreationTime:    2016-05-11T12:05:10.014704600Z
  234. 24e8.10f0:     LastWriteTime:   2016-04-23T05:24:28.464629900Z
  235. 24e8.10f0:     ChangeTime:      2016-05-15T20:19:31.012649400Z
  236. 24e8.10f0:     FileAttributes:  0x20
  237. 24e8.10f0:     Size:            0x1bc248
  238. 24e8.10f0:     NT Headers:      0xe0
  239. 24e8.10f0:     Timestamp:       0x571af2eb
  240. 24e8.10f0:     Machine:         0x8664 - amd64
  241. 24e8.10f0:     Timestamp:       0x571af2eb
  242. 24e8.10f0:     Image Version:   10.0
  243. 24e8.10f0:     SizeOfImage:     0x1c1000 (1839104)
  244. 24e8.10f0:     Resource Dir:    0x159000 LB 0x66218
  245. 24e8.10f0:     ProductName:     Microsoft┬« Windows┬« Operating System
  246. 24e8.10f0:     ProductVersion:  10.0.10586.306
  247. 24e8.10f0:     FileVersion:     10.0.10586.306 (th2_release_sec.160422-1850)
  248. 24e8.10f0:     FileDescription: NT Layer DLL
  249. 24e8.10f0: \SystemRoot\System32\kernel32.dll:
  250. 24e8.10f0:     CreationTime:    2015-10-30T07:16:20.331389100Z
  251. 24e8.10f0:     LastWriteTime:   2015-10-30T07:16:20.331389100Z
  252. 24e8.10f0:     ChangeTime:      2016-03-14T17:41:57.967766000Z
  253. 24e8.10f0:     FileAttributes:  0x20
  254. 24e8.10f0:     Size:            0xac430
  255. 24e8.10f0:     NT Headers:      0xf0
  256. 24e8.10f0:     Timestamp:       0x5632d5aa
  257. 24e8.10f0:     Machine:         0x8664 - amd64
  258. 24e8.10f0:     Timestamp:       0x5632d5aa
  259. 24e8.10f0:     Image Version:   10.0
  260. 24e8.10f0:     SizeOfImage:     0xad000 (708608)
  261. 24e8.10f0:     Resource Dir:    0xab000 LB 0x528
  262. 24e8.10f0:     ProductName:     Microsoft┬« Windows┬« Operating System
  263. 24e8.10f0:     ProductVersion:  10.0.10586.0
  264. 24e8.10f0:     FileVersion:     10.0.10586.0 (th2_release.151029-1700)
  265. 24e8.10f0:     FileDescription: Windows NT BASE API Client DLL
  266. 24e8.10f0: \SystemRoot\System32\KernelBase.dll:
  267. 24e8.10f0:     CreationTime:    2016-07-13T07:44:02.748091300Z
  268. 24e8.10f0:     LastWriteTime:   2016-07-01T04:49:21.864958900Z
  269. 24e8.10f0:     ChangeTime:      2016-07-13T11:37:19.901820900Z
  270. 24e8.10f0:     FileAttributes:  0x20
  271. 24e8.10f0:     Size:            0x1e7a10
  272. 24e8.10f0:     NT Headers:      0xf0
  273. 24e8.10f0:     Timestamp:       0x5775e4c5
  274. 24e8.10f0:     Machine:         0x8664 - amd64
  275. 24e8.10f0:     Timestamp:       0x5775e4c5
  276. 24e8.10f0:     Image Version:   10.0
  277. 24e8.10f0:     SizeOfImage:     0x1e8000 (1998848)
  278. 24e8.10f0:     Resource Dir:    0x1d1000 LB 0x548
  279. 24e8.10f0:     ProductName:     Microsoft┬« Windows┬« Operating System
  280. 24e8.10f0:     ProductVersion:  10.0.10586.494
  281. 24e8.10f0:     FileVersion:     10.0.10586.494 (th2_release_sec.160630-1736)
  282. 24e8.10f0:     FileDescription: Windows NT BASE API Client DLL
  283. 24e8.10f0: \SystemRoot\System32\apisetschema.dll:
  284. 24e8.10f0:     CreationTime:    2015-10-30T07:16:42.846943300Z
  285. 24e8.10f0:     LastWriteTime:   2015-10-30T07:16:42.862567900Z
  286. 24e8.10f0:     ChangeTime:      2016-03-14T17:41:53.529567100Z
  287. 24e8.10f0:     FileAttributes:  0x20
  288. 24e8.10f0:     Size:            0x16d60
  289. 24e8.10f0:     NT Headers:      0xc8
  290. 24e8.10f0:     Timestamp:       0x5632d94c
  291. 24e8.10f0:     Machine:         0x8664 - amd64
  292. 24e8.10f0:     Timestamp:       0x5632d94c
  293. 24e8.10f0:     Image Version:   10.0
  294. 24e8.10f0:     SizeOfImage:     0x18000 (98304)
  295. 24e8.10f0:     Resource Dir:    0x17000 LB 0x400
  296. 24e8.10f0:     ProductName:     Microsoft┬« Windows┬« Operating System
  297. 24e8.10f0:     ProductVersion:  10.0.10586.0
  298. 24e8.10f0:     FileVersion:     10.0.10586.0 (th2_release.151029-1700)
  299. 24e8.10f0:     FileDescription: ApiSet Schema DLL
  300. 910.2008: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 88 ms.
  301. 24e8.10f0: supR3HardenedWinFindAdversaries: 0x80
  302. 24e8.10f0: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
  303. 24e8.10f0:     CreationTime:    2016-01-05T09:38:45.769859200Z
  304. 24e8.10f0:     LastWriteTime:   2016-08-16T15:17:33.175624300Z
  305. 24e8.10f0:     ChangeTime:      2016-08-16T15:17:33.175624300Z
  306. 24e8.10f0:     FileAttributes:  0x20
  307. 24e8.10f0:     Size:            0x2eed8
  308. 24e8.10f0:     NT Headers:      0xe0
  309. 24e8.10f0:     Timestamp:       0x55b855d9
  310. 24e8.10f0:     Machine:         0x8664 - amd64
  311. 24e8.10f0:     Timestamp:       0x55b855d9
  312. 24e8.10f0:     Image Version:   6.1
  313. 24e8.10f0:     SizeOfImage:     0x33000 (208896)
  314. 24e8.10f0:     Resource Dir:    0x31000 LB 0x3b8
  315. 24e8.10f0:     ProductName:     Malwarebytes Anti-Malware
  316. 24e8.10f0:     ProductVersion:  0.3.0.0
  317. 24e8.10f0:     FileVersion:     0.3.0.0
  318. 24e8.10f0:     FileDescription: Malwarebytes Anti-Malware
  319. 24e8.10f0: \SystemRoot\System32\drivers\mwac.sys:
  320. 24e8.10f0:     CreationTime:    2016-01-05T09:38:10.192276800Z
  321. 24e8.10f0:     LastWriteTime:   2016-03-10T12:09:10.000000000Z
  322. 24e8.10f0:     ChangeTime:      2016-05-22T17:27:09.681502800Z
  323. 24e8.10f0:     FileAttributes:  0x20
  324. 24e8.10f0:     Size:            0xff80
  325. 24e8.10f0:     NT Headers:      0xe0
  326. 24e8.10f0:     Timestamp:       0x53a0f444
  327. 24e8.10f0:     Machine:         0x8664 - amd64
  328. 24e8.10f0:     Timestamp:       0x53a0f444
  329. 24e8.10f0:     Image Version:   6.2
  330. 24e8.10f0:     SizeOfImage:     0x13000 (77824)
  331. 24e8.10f0:     Resource Dir:    0x11000 LB 0x3e0
  332. 24e8.10f0:     ProductName:     Malwarebytes Web Access Control
  333. 24e8.10f0:     ProductVersion:  1.0.6.0
  334. 24e8.10f0:     FileVersion:     1.0.6.0
  335. 24e8.10f0:     FileDescription: Malwarebytes Web Access Control
  336. 24e8.10f0: \SystemRoot\System32\drivers\mbamchameleon.sys:
  337. 24e8.10f0:     CreationTime:    2016-01-05T09:38:10.256320100Z
  338. 24e8.10f0:     LastWriteTime:   2016-03-10T12:08:58.000000000Z
  339. 24e8.10f0:     ChangeTime:      2016-05-22T17:27:09.728541000Z
  340. 24e8.10f0:     FileAttributes:  0x20
  341. 24e8.10f0:     Size:            0x22580
  342. 24e8.10f0:     NT Headers:      0xe0
  343. 24e8.10f0:     Timestamp:       0x56a95753
  344. 24e8.10f0:     Machine:         0x8664 - amd64
  345. 24e8.10f0:     Timestamp:       0x56a95753
  346. 24e8.10f0:     Image Version:   6.1
  347. 24e8.10f0:     SizeOfImage:     0x26000 (155648)
  348. 24e8.10f0:     Resource Dir:    0x24000 LB 0xba8
  349. 24e8.10f0:     ProductName:     Malwarebytes Chameleon
  350. 24e8.10f0:     ProductVersion:  1.1.22.0
  351. 24e8.10f0:     FileVersion:     1.1.22.0
  352. 24e8.10f0:     FileDescription: Malwarebytes Chameleon Protection Driver
  353. 24e8.10f0: \SystemRoot\System32\drivers\mbam.sys:
  354. 24e8.10f0:     CreationTime:    2016-01-05T09:38:10.135239900Z
  355. 24e8.10f0:     LastWriteTime:   2016-03-10T12:08:54.000000000Z
  356. 24e8.10f0:     ChangeTime:      2016-05-22T17:27:09.298096400Z
  357. 24e8.10f0:     FileAttributes:  0x20
  358. 24e8.10f0:     Size:            0x6980
  359. 24e8.10f0:     NT Headers:      0xd8
  360. 24e8.10f0:     Timestamp:       0x55ca3257
  361. 24e8.10f0:     Machine:         0x8664 - amd64
  362. 24e8.10f0:     Timestamp:       0x55ca3257
  363. 24e8.10f0:     Image Version:   6.1
  364. 24e8.10f0:     SizeOfImage:     0xa000 (40960)
  365. 24e8.10f0:     Resource Dir:    0x8000 LB 0x3a0
  366. 24e8.10f0:     ProductName:     Malwarebytes Anti-Malware
  367. 24e8.10f0:     ProductVersion:  0.1.16.0
  368. 24e8.10f0:     FileVersion:     0.1.16.0
  369. 24e8.10f0:     FileDescription: Malwarebytes Anti-Malware
  370. 24e8.10f0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  371. 24e8.10f0: Calling main()
  372. 24e8.10f0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
  373. 24e8.10f0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  374. 24e8.10f0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  375. 24e8.10f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  376. 24e8.10f0: SUPR3HardenedMain: Respawn #2
  377. 24e8.10f0: supR3HardNtEnableThreadCreation:
  378. 24e8.10f0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\apphelp.dll)
  379. 24e8.10f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\apphelp.dll
  380. 24e8.10f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
  381. 24e8.10f0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
  382. 24e8.10f0: supR3HardenedDllNotificationCallback: load   00007ff9f29f0000 LB 0x00079000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0]
  383. 24e8.10f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
  384. 24e8.10f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f29f0000 'C:\WINDOWS\system32\apphelp.dll'
  385. 24e8.10f0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9f7c56d50 pvNtTerminateThread=00007ff9f7c85b30
  386. 24e8.10f0: supR3HardenedWinDoReSpawn(2): New child 2630.ba4 [kernel32].
  387. 24e8.10f0: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
  388. 24e8.10f0: supR3HardNtChildGatherData: PebBaseAddress=0000000001080000 cbPeb=0x388
  389. 24e8.10f0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff9f7be0000 uNtDllChildAddr=00007ff9f7be0000
  390. 24e8.10f0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff9f7c56d50
  391. 24e8.10f0: supR3HardenedWinSetupChildInit: Start child.
  392. 24e8.10f0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
  393. 24e8.10f0: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 54 sleeps
  394. 24e8.10f0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
  395. 24e8.10f0:  *0000000000000000-ffffffffff07ffff 0x0001/0x0000 0x0000000
  396. 24e8.10f0:  *0000000000f80000-0000000000f5ffff 0x0004/0x0004 0x0020000
  397. 24e8.10f0:  *0000000000fa0000-0000000000f8afff 0x0002/0x0002 0x0040000
  398. 24e8.10f0:   0000000000fb5000-0000000000fa9fff 0x0001/0x0000 0x0000000
  399. 24e8.10f0:  *0000000000fc0000-0000000000fbbfff 0x0002/0x0002 0x0040000
  400. 24e8.10f0:   0000000000fc4000-0000000000fb7fff 0x0001/0x0000 0x0000000
  401. 24e8.10f0:  *0000000000fd0000-0000000000fcdfff 0x0004/0x0004 0x0020000
  402. 24e8.10f0:   0000000000fd2000-0000000000fa3fff 0x0001/0x0000 0x0000000
  403. 24e8.10f0:  *0000000001000000-0000000000f7ffff 0x0000/0x0004 0x0020000
  404. 24e8.10f0:   0000000001080000-000000000107cfff 0x0004/0x0004 0x0020000
  405. 24e8.10f0:   0000000001083000-0000000000f05fff 0x0000/0x0004 0x0020000
  406. 24e8.10f0:  *0000000001200000-0000000001104fff 0x0000/0x0004 0x0020000
  407. 24e8.10f0:   00000000012fb000-00000000012f7fff 0x0104/0x0004 0x0020000
  408. 24e8.10f0:   00000000012fe000-00000000012fbfff 0x0004/0x0004 0x0020000
  409. 24e8.10f0:   0000000001300000-ffffffff8261ffff 0x0001/0x0000 0x0000000
  410. 24e8.10f0:  *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
  411. 24e8.10f0:   000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
  412. 24e8.10f0:   000000007fff0000-ffff80099fa6ffff 0x0001/0x0000 0x0000000
  413. 24e8.10f0:  *00007ff760570000-00007ff76054cfff 0x0002/0x0002 0x0040000
  414. 24e8.10f0:   00007ff760593000-00007ff7603c5fff 0x0001/0x0000 0x0000000
  415. 24e8.10f0:  *00007ff760760000-00007ff760760fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  416. 24e8.10f0:   00007ff760761000-00007ff7607cffff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  417. 24e8.10f0:   00007ff7607d0000-00007ff7607d0fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  418. 24e8.10f0:   00007ff7607d1000-00007ff760815fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  419. 24e8.10f0:   00007ff760816000-00007ff760816fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  420. 24e8.10f0:   00007ff760817000-00007ff760817fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  421. 24e8.10f0:   00007ff760818000-00007ff76081cfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  422. 24e8.10f0:   00007ff76081d000-00007ff76081dfff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  423. 24e8.10f0:   00007ff76081e000-00007ff76081efff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  424. 24e8.10f0:   00007ff76081f000-00007ff760822fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  425. 24e8.10f0:   00007ff760823000-00007ff76086afff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  426. 24e8.10f0:   00007ff76086b000-00007ff4c94f5fff 0x0001/0x0000 0x0000000
  427. 24e8.10f0:  *00007ff9f7be0000-00007ff9f7be0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  428. 24e8.10f0:   00007ff9f7be1000-00007ff9f7cddfff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  429. 24e8.10f0:   00007ff9f7cde000-00007ff9f7d1efff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  430. 24e8.10f0:   00007ff9f7d1f000-00007ff9f7d27fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  431. 24e8.10f0:   00007ff9f7d28000-00007ff9f7d34fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  432. 24e8.10f0:   00007ff9f7d35000-00007ff9f7d35fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  433. 24e8.10f0:   00007ff9f7d36000-00007ff9f7d38fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  434. 24e8.10f0:   00007ff9f7d39000-00007ff9f7da0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
  435. 24e8.10f0:   00007ff9f7da1000-00007ff3efb61fff 0x0001/0x0000 0x0000000
  436. 24e8.10f0:  *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
  437. 24e8.10f0: VirtualBox.exe: timestamp 0x57b358f8 (rc=VINF_SUCCESS)
  438. 24e8.10f0: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  439. 24e8.10f0: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
  440. 24e8.10f0: supR3HardNtChildPurify: Done after 575 ms and 0 fixes (loop #0).
  441. 2630.ba4: Log file opened: 5.1.4r110228 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0295a00
  442. 2630.ba4: supR3HardenedVmProcessInit: uNtDllAddr=00007ff9f7be0000 g_uNtVerCombined=0xa0295a00
  443. 2630.ba4: ntdll.dll: timestamp 0x571af2eb (rc=VINF_SUCCESS)
  444. 2630.ba4: New simple heap: #1 0000000001400000 LB 0x400000 (for 1839104 allocation)
  445. 24e8.10f0: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000900000 LB 0x400000)
  446. 24e8.10f0: supR3HardNtEnableThreadCreation:
  447. 2630.ba4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  448. 2630.ba4: System32:  \Device\HarddiskVolume4\Windows\System32
  449. 2630.ba4: WinSxS:    \Device\HarddiskVolume4\Windows\WinSxS
  450. 2630.ba4: KnownDllPath: C:\WINDOWS\system32
  451. 2630.ba4: supR3HardenedVmProcessInit: Opening vboxdrv...
  452. 2630.ba4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
  453. 2630.ba4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
  454. 2630.ba4: Registered Dll notification callback with NTDLL.
  455. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
  456. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
  457. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
  458. 2630.ba4: supR3HardenedDllNotificationCallback: load   00007ff9f4bb0000 LB 0x001e8000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
  459. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
  460. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
  461. 2630.ba4: supR3HardenedDllNotificationCallback: load   00007ff9f5270000 LB 0x000ad000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
  462. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  463. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5270000 'C:\WINDOWS\system32\KERNEL32.DLL'
  464. 2630.ba4: supR3HardenedDllNotificationCallback: load   00007ff760760000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
  465. 2630.ba4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  466. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  467. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
  468. 2630.ba4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff9f7c56d50 pvNtTerminateThread=00007ff9f7c85b30
  469. 24e8.10f0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 110 ms.
  470. 2630.ba4: \SystemRoot\System32\ntdll.dll:
  471. 2630.ba4:     CreationTime:    2016-05-11T12:05:10.014704600Z
  472. 2630.ba4:     LastWriteTime:   2016-04-23T05:24:28.464629900Z
  473. 2630.ba4:     ChangeTime:      2016-05-15T20:19:31.012649400Z
  474. 2630.ba4:     FileAttributes:  0x20
  475. 2630.ba4:     Size:            0x1bc248
  476. 2630.ba4:     NT Headers:      0xe0
  477. 2630.ba4:     Timestamp:       0x571af2eb
  478. 2630.ba4:     Machine:         0x8664 - amd64
  479. 2630.ba4:     Timestamp:       0x571af2eb
  480. 2630.ba4:     Image Version:   10.0
  481. 2630.ba4:     SizeOfImage:     0x1c1000 (1839104)
  482. 2630.ba4:     Resource Dir:    0x159000 LB 0x66218
  483. 2630.ba4:     ProductName:     Microsoft┬« Windows┬« Operating System
  484. 2630.ba4:     ProductVersion:  10.0.10586.306
  485. 2630.ba4:     FileVersion:     10.0.10586.306 (th2_release_sec.160422-1850)
  486. 2630.ba4:     FileDescription: NT Layer DLL
  487. 2630.ba4: \SystemRoot\System32\kernel32.dll:
  488. 2630.ba4:     CreationTime:    2015-10-30T07:16:20.331389100Z
  489. 2630.ba4:     LastWriteTime:   2015-10-30T07:16:20.331389100Z
  490. 2630.ba4:     ChangeTime:      2016-03-14T17:41:57.967766000Z
  491. 2630.ba4:     FileAttributes:  0x20
  492. 2630.ba4:     Size:            0xac430
  493. 2630.ba4:     NT Headers:      0xf0
  494. 2630.ba4:     Timestamp:       0x5632d5aa
  495. 2630.ba4:     Machine:         0x8664 - amd64
  496. 2630.ba4:     Timestamp:       0x5632d5aa
  497. 2630.ba4:     Image Version:   10.0
  498. 2630.ba4:     SizeOfImage:     0xad000 (708608)
  499. 2630.ba4:     Resource Dir:    0xab000 LB 0x528
  500. 2630.ba4:     ProductName:     Microsoft┬« Windows┬« Operating System
  501. 2630.ba4:     ProductVersion:  10.0.10586.0
  502. 2630.ba4:     FileVersion:     10.0.10586.0 (th2_release.151029-1700)
  503. 2630.ba4:     FileDescription: Windows NT BASE API Client DLL
  504. 2630.ba4: \SystemRoot\System32\KernelBase.dll:
  505. 2630.ba4:     CreationTime:    2016-07-13T07:44:02.748091300Z
  506. 2630.ba4:     LastWriteTime:   2016-07-01T04:49:21.864958900Z
  507. 2630.ba4:     ChangeTime:      2016-07-13T11:37:19.901820900Z
  508. 2630.ba4:     FileAttributes:  0x20
  509. 2630.ba4:     Size:            0x1e7a10
  510. 2630.ba4:     NT Headers:      0xf0
  511. 2630.ba4:     Timestamp:       0x5775e4c5
  512. 2630.ba4:     Machine:         0x8664 - amd64
  513. 2630.ba4:     Timestamp:       0x5775e4c5
  514. 2630.ba4:     Image Version:   10.0
  515. 2630.ba4:     SizeOfImage:     0x1e8000 (1998848)
  516. 2630.ba4:     Resource Dir:    0x1d1000 LB 0x548
  517. 2630.ba4:     ProductName:     Microsoft┬« Windows┬« Operating System
  518. 2630.ba4:     ProductVersion:  10.0.10586.494
  519. 2630.ba4:     FileVersion:     10.0.10586.494 (th2_release_sec.160630-1736)
  520. 2630.ba4:     FileDescription: Windows NT BASE API Client DLL
  521. 2630.ba4: \SystemRoot\System32\apisetschema.dll:
  522. 2630.ba4:     CreationTime:    2015-10-30T07:16:42.846943300Z
  523. 2630.ba4:     LastWriteTime:   2015-10-30T07:16:42.862567900Z
  524. 2630.ba4:     ChangeTime:      2016-03-14T17:41:53.529567100Z
  525. 2630.ba4:     FileAttributes:  0x20
  526. 2630.ba4:     Size:            0x16d60
  527. 2630.ba4:     NT Headers:      0xc8
  528. 2630.ba4:     Timestamp:       0x5632d94c
  529. 2630.ba4:     Machine:         0x8664 - amd64
  530. 2630.ba4:     Timestamp:       0x5632d94c
  531. 2630.ba4:     Image Version:   10.0
  532. 2630.ba4:     SizeOfImage:     0x18000 (98304)
  533. 2630.ba4:     Resource Dir:    0x17000 LB 0x400
  534. 2630.ba4:     ProductName:     Microsoft┬« Windows┬« Operating System
  535. 2630.ba4:     ProductVersion:  10.0.10586.0
  536. 2630.ba4:     FileVersion:     10.0.10586.0 (th2_release.151029-1700)
  537. 2630.ba4:     FileDescription: ApiSet Schema DLL
  538. 2630.ba4: supR3HardenedWinFindAdversaries: 0x80
  539. 2630.ba4: \SystemRoot\System32\drivers\MBAMSwissArmy.sys:
  540. 2630.ba4:     CreationTime:    2016-01-05T09:38:45.769859200Z
  541. 2630.ba4:     LastWriteTime:   2016-08-16T15:17:33.175624300Z
  542. 2630.ba4:     ChangeTime:      2016-08-16T15:17:33.175624300Z
  543. 2630.ba4:     FileAttributes:  0x20
  544. 2630.ba4:     Size:            0x2eed8
  545. 2630.ba4:     NT Headers:      0xe0
  546. 2630.ba4:     Timestamp:       0x55b855d9
  547. 2630.ba4:     Machine:         0x8664 - amd64
  548. 2630.ba4:     Timestamp:       0x55b855d9
  549. 2630.ba4:     Image Version:   6.1
  550. 2630.ba4:     SizeOfImage:     0x33000 (208896)
  551. 2630.ba4:     Resource Dir:    0x31000 LB 0x3b8
  552. 2630.ba4:     ProductName:     Malwarebytes Anti-Malware
  553. 2630.ba4:     ProductVersion:  0.3.0.0
  554. 2630.ba4:     FileVersion:     0.3.0.0
  555. 2630.ba4:     FileDescription: Malwarebytes Anti-Malware
  556. 2630.ba4: \SystemRoot\System32\drivers\mwac.sys:
  557. 2630.ba4:     CreationTime:    2016-01-05T09:38:10.192276800Z
  558. 2630.ba4:     LastWriteTime:   2016-03-10T12:09:10.000000000Z
  559. 2630.ba4:     ChangeTime:      2016-05-22T17:27:09.681502800Z
  560. 2630.ba4:     FileAttributes:  0x20
  561. 2630.ba4:     Size:            0xff80
  562. 2630.ba4:     NT Headers:      0xe0
  563. 2630.ba4:     Timestamp:       0x53a0f444
  564. 2630.ba4:     Machine:         0x8664 - amd64
  565. 2630.ba4:     Timestamp:       0x53a0f444
  566. 2630.ba4:     Image Version:   6.2
  567. 2630.ba4:     SizeOfImage:     0x13000 (77824)
  568. 2630.ba4:     Resource Dir:    0x11000 LB 0x3e0
  569. 2630.ba4:     ProductName:     Malwarebytes Web Access Control
  570. 2630.ba4:     ProductVersion:  1.0.6.0
  571. 2630.ba4:     FileVersion:     1.0.6.0
  572. 2630.ba4:     FileDescription: Malwarebytes Web Access Control
  573. 2630.ba4: \SystemRoot\System32\drivers\mbamchameleon.sys:
  574. 2630.ba4:     CreationTime:    2016-01-05T09:38:10.256320100Z
  575. 2630.ba4:     LastWriteTime:   2016-03-10T12:08:58.000000000Z
  576. 2630.ba4:     ChangeTime:      2016-05-22T17:27:09.728541000Z
  577. 2630.ba4:     FileAttributes:  0x20
  578. 2630.ba4:     Size:            0x22580
  579. 2630.ba4:     NT Headers:      0xe0
  580. 2630.ba4:     Timestamp:       0x56a95753
  581. 2630.ba4:     Machine:         0x8664 - amd64
  582. 2630.ba4:     Timestamp:       0x56a95753
  583. 2630.ba4:     Image Version:   6.1
  584. 2630.ba4:     SizeOfImage:     0x26000 (155648)
  585. 2630.ba4:     Resource Dir:    0x24000 LB 0xba8
  586. 2630.ba4:     ProductName:     Malwarebytes Chameleon
  587. 2630.ba4:     ProductVersion:  1.1.22.0
  588. 2630.ba4:     FileVersion:     1.1.22.0
  589. 2630.ba4:     FileDescription: Malwarebytes Chameleon Protection Driver
  590. 2630.ba4: \SystemRoot\System32\drivers\mbam.sys:
  591. 2630.ba4:     CreationTime:    2016-01-05T09:38:10.135239900Z
  592. 2630.ba4:     LastWriteTime:   2016-03-10T12:08:54.000000000Z
  593. 2630.ba4:     ChangeTime:      2016-05-22T17:27:09.298096400Z
  594. 2630.ba4:     FileAttributes:  0x20
  595. 2630.ba4:     Size:            0x6980
  596. 2630.ba4:     NT Headers:      0xd8
  597. 2630.ba4:     Timestamp:       0x55ca3257
  598. 2630.ba4:     Machine:         0x8664 - amd64
  599. 2630.ba4:     Timestamp:       0x55ca3257
  600. 2630.ba4:     Image Version:   6.1
  601. 2630.ba4:     SizeOfImage:     0xa000 (40960)
  602. 2630.ba4:     Resource Dir:    0x8000 LB 0x3a0
  603. 2630.ba4:     ProductName:     Malwarebytes Anti-Malware
  604. 2630.ba4:     ProductVersion:  0.1.16.0
  605. 2630.ba4:     FileVersion:     0.1.16.0
  606. 2630.ba4:     FileDescription: Malwarebytes Anti-Malware
  607. 2630.ba4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  608. 2630.ba4: Calling main()
  609. 2630.ba4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
  610. 2630.ba4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
  611. 2630.ba4: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
  612. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
  613. 2630.ba4: SUPR3HardenedMain: Final process, opening VBoxDrv...
  614. 2630.ba4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000001400000 LB 0x400000)
  615. 2630.ba4: supR3HardNtEnableThreadCreation:
  616. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
  617. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
  618. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  619. 2630.ba4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  620. 2630.ba4: supR3HardenedDllNotificationCallback: load   00007ff9edd70000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
  621. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  622. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  623. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  624. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9edd70000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
  625. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
  626. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  627. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9edd70000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
  628. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9edd70000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
  629. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  630. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
  631. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
  632. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'rpcrt4.dll'.
  633. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
  634. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
  635. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  636. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  637. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
  638. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
  639. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
  640. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
  641. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  642. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msasn1.dll'.
  643. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
  644. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
  645. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
  646. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
  647. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
  648. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
  649. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  650. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  651. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
  652. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
  653. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
  654. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
  655. 2630.ba4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
  656. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  657. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  658. 2630.ba4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  659. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  660. 2630.ba4: supR3HardenedDllNotificationCallback: load   00007ff9f58c0000 LB 0x0009d000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0]
  661. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  662. 2630.ba4: supR3HardenedDllNotificationCallback: load   00007ff9f4200000 LB 0x00010000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0]
  663. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
  664. 2630.ba4: supR3HardenedDllNotificationCallback: load   00007ff9f4e10000 LB 0x001c8000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0]
  665. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  666. 2630.ba4: supR3HardenedDllNotificationCallback: load   00007ff9f7540000 LB 0x0011c000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0]
  667. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  668. 2630.ba4: supR3HardenedDllNotificationCallback: load   00007ff9f4340000 LB 0x00055000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0]
  669. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  670. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\WINDOWS\system32\Wintrust.dll'
  671. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
  672. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
  673. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
  674. 2630.ba4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  675. 2630.ba4: supR3HardenedDllNotificationCallback: load   00007ff9f4130000 LB 0x00029000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
  676. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  677. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4130000 'C:\WINDOWS\system32\bcrypt.dll'
  678. 2630.ba4: bcrypt.dll loaded at 00007ff9f4130000, BCryptOpenAlgorithmProvider at 00007ff9f4133b50, preloading providers:
  679. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
  680. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
  681. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  682. 2630.ba4: supR3HardenedDllNotificationCallback: load   00007ff9f4b40000 LB 0x0006a000 C:\WINDOWS\system32\bcryptprimitives.dll [fFlags=0x0]
  683. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
  684. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4b40000 'C:\WINDOWS\system32\bcryptprimitives.dll'
  685. 2630.ba4:     BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000019b9a00)
  686. 2630.ba4:     BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000019ba0c0)
  687. 2630.ba4:     BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000019ba390)
  688. 2630.ba4:     BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000019ba6f0)
  689. 2630.ba4:     BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000019bb210)
  690. 2630.ba4:     BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000019bb520)
  691. 2630.ba4:     BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000019bb830)
  692. 2630.ba4:     BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000019bbb00)
  693. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  694. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  695. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  696. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  697. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  698. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  699. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  700. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  701. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  702. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  703. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  704. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  705. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  706. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  707. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  708. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  709. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  710. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  711. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  712. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  713. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  714. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
  715. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
  716. 2630.ba4: supR3HardenedDllNotificationCallback: load   00007ff9f3b80000 LB 0x00017000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
  717. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
  718. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
  719. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
  720. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
  721. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
  722. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
  723. 2630.ba4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
  724. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  725. 2630.ba4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  726. 2630.ba4: supR3HardenedDllNotificationCallback: load   00007ff9f3810000 LB 0x00034000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
  727. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  728. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  729. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
  730. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
  731. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
  732. 2630.ba4: supR3HardenedDllNotificationCallback: load   00007ff9f3ca0000 LB 0x0000b000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
  733. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
  734. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
  735. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
  736. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
  737. 2630.ba4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
  738. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  739. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f5270000 'C:\WINDOWS\system32\kernel32.dll'
  740. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  741. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  742. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  743. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  744. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4e10000 'C:\WINDOWS\system32\CRYPT32.dll'
  745. 2630.ba4: supR3HardenedDllNotificationCallback: load   00007ff9f5dc0000 LB 0x0001c000 C:\WINDOWS\system32\imagehlp.dll [fFlags=0x0]
  746. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  747. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
  748. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
  749. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  750. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  751. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  752. 2630.ba4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  753. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  754. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  755. 2630.ba4: supR3HardenedDllNotificationCallback: load   00007ff9f5640000 LB 0x0005b000 C:\WINDOWS\system32\sechost.dll [fFlags=0x0]
  756. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
  757. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
  758. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
  759. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  760. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
  761. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
  762. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
  763. 2630.ba4: supR3HardenedDllNotificationCallback: load   00007ff9f3200000 LB 0x00024000 C:\WINDOWS\SYSTEM32\gpapi.dll [fFlags=0x0]
  764. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
  765. 2630.ba4: supR3HardenedDllNotificationCallback: load   00007ff9f4270000 LB 0x00014000 C:\WINDOWS\system32\profapi.dll [fFlags=0x0]
  766. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
  767. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
  768. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  769. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
  770. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
  771. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
  772. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
  773. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
  774. 2630.ba4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  775. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  776. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  777. 2630.ba4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  778. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  779. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  780. 2630.ba4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  781. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  782. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  783. 2630.ba4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  784. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  785. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  786. 2630.ba4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  787. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  788. 2630.ba4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  789. 2630.ba4: supR3HardenedDllNotificationCallback: load   00007ff9e4270000 LB 0x0002f000 C:\WINDOWS\system32\cryptnet.dll [fFlags=0x0]
  790. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  791. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  792. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  793. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4270000 'C:\WINDOWS\system32\cryptnet.dll'
  794. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  795. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  796. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4270000 'C:\WINDOWS\system32\cryptnet.dll'
  797. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  798. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  799. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4270000 'C:\WINDOWS\system32\cryptnet.dll'
  800. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  801. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  802. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4270000 'C:\WINDOWS\system32\cryptnet.dll'
  803. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  804. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  805. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4270000 'C:\WINDOWS\system32\cryptnet.dll'
  806. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  807. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
  808. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4270000 'C:\WINDOWS\system32\cryptnet.dll'
  809. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  810. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4270000 'C:\WINDOWS\system32\cryptnet.dll'
  811. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  812. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4270000 'C:\WINDOWS\system32\cryptnet.dll'
  813. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  814. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4270000 'C:\WINDOWS\system32\cryptnet.dll'
  815. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  816. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4270000 'C:\WINDOWS\system32\cryptnet.dll'
  817. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
  818. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4270000 'C:\WINDOWS\system32\cryptnet.dll'
  819. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9e4270000 'C:\WINDOWS\system32\cryptnet.dll'
  820. 2630.ba4: supR3HardenedDllNotificationCallback: load   00007ff9f5aa0000 LB 0x000a7000 C:\WINDOWS\system32\advapi32.dll [fFlags=0x0]
  821. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
  822. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
  823. 2630.ba4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
  824. 2630.ba4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
  825. 2630.ba4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
  826. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  827. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
  828. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
  829. 2630.ba4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  830. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
  831. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
  832. 2630.ba4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
  833. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
  834. 2630.ba4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
  835. 2630.ba4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
  836. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  837. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  838. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  839. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  840. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4e10000 'C:\WINDOWS\system32\crypt32.dll'
  841. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x80092026 (<NULL>) on '\SystemRoot\System32\ntdll.dll'
  842. 2630.ba4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
  843. 2630.ba4: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000001a39700
  844. 2630.ba4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001a39700
  845. 2630.ba4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=056BDD821FDC5EB443883F1928BBEC403ED3FC46
  846. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
  847. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  848. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f7540000 'C:\WINDOWS\system32\rpcrt4.dll'
  849. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  850. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  851. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  852. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  853. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  854. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  855. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  856. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  857. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  858. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  859. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  860. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  861. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
  862. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  863. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4340000 'C:\Windows\System32\WINTRUST.DLL'
  864. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  865. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  866. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  867. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  868. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  869. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4e10000 'C:\WINDOWS\system32\crypt32.dll'
  870. 2630.ba4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1999_for_KB3176493~31bf3856ad364e35~amd64~~10.0.1.7.cat'; file='\SystemRoot\System32\ntdll.dll'
  871. 2630.ba4: g_pfnWinVerifyTrust=00007ff9f43474d0
  872. 2630.ba4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
  873. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  874. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  875. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  876. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
  877. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  878. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f4e10000 'C:\WINDOWS\system32\crypt32.dll'
  879. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x80092026 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
  880. 2630.ba4: supR3HardenedScreenImage/preload: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
  881. 2630.ba4: Error (rc=0):
  882. 2630.ba4: supR3HardenedScreenImage/preload: cached rc=Unknown Status -22919 (0xffffa679) fImage=0 fProtect=0x0 fAccess=0x0 cHits=6 \Device\HarddiskVolume4\Windows\System32\crypt32.dll
  883. 2630.ba4: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
  884. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  885. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  886. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  887. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
  888. 2630.ba4: Error (rc=0):
  889. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=8 \Device\HarddiskVolume4\Windows\System32\crypt32.dll
  890. 2630.ba4: Error (rc=0):
  891. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\system32\crypt32.dll': rcNt=0xc0000190
  892. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\crypt32.dll'
  893. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x80092026 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
  894. 2630.ba4: supR3HardenedScreenImage/preload: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
  895. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  896. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
  897. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  898. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x80092026 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
  899. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
  900. 2630.ba4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000374 pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
  901. 2630.ba4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000001a39700
  902. 2630.ba4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000001a39700
  903. 2630.ba4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=357A4685FBBF5E8A1472AE56D4B122532A042630
  904. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  905. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  906. 2630.ba4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-OneCore-CoreSystem-ds-Package~31bf3856ad364e35~amd64~~10.0.10586.0.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
  907. 2630.ba4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
  908. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
  909. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  910. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  911. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x80092026 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
  912. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
  913. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  914. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  915. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x80092026 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
  916. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
  917. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  918. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  919. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x80092026 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
  920. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
  921. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  922. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  923. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x80092026 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
  924. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
  925. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  926. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  927. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x80092026 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
  928. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
  929. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
  930. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff9f3810000 'C:\WINDOWS\system32\rsaenh.dll'
  931. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
  932. 2630.ba4: Error (rc=0):
  933. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume4\Windows\System32\crypt32.dll
  934. 2630.ba4: Error (rc=0):
  935. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\system32\crypt32.dll': rcNt=0xc0000190
  936. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\crypt32.dll'
  937. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x80092026 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
  938. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
  939. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
  940. 2630.ba4: Error (rc=0):
  941. 2630.ba4: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
  942. 2630.ba4: Error (rc=0):
  943. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\system32\rsaenh.dll' (C:\WINDOWS\system32\rsaenh.dll): rcNt=0xc0000190
  944. 2630.ba4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\rsaenh.dll'
  945. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x8 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
  946. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
  947. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x8 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
  948. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
  949. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x8 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
  950. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
  951. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x8 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
  952. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
  953. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x8 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
  954. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
  955. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x8 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
  956. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
  957. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x8 (<NULL>) on '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
  958. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
  959. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x8 (<NULL>) on '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe'
  960. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe'
  961. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x8 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
  962. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
  963. 2630.ba4: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x8 (<NULL>) on '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
  964. 2630.ba4: supR3HardenedWinVerifyCacheProcessWvtTodos: -22919 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
  965. 2630.ba4: Fatal error:
  966. 2630.ba4: Error loading 'crypt32.dll': 1790 [C:\WINDOWS\system32\crypt32.dll]
  967. 24e8.10f0: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 310 ms, the end);
  968. 910.2008: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1024 ms, the end);
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top