VirtualBox

Ticket #14401: VBoxStartup.log

File VBoxStartup.log, 44.4 KB (added by RedSpartan, 9 years ago)
Line 
115c8.fdc: Log file opened: 5.0.1r101939 g_hStartupLog=000001b0 g_uNtVerCombined=0xa0280000
215c8.fdc: \SystemRoot\System32\ntdll.dll:
315c8.fdc: CreationTime: 2015-07-21T03:30:41.049740900Z
415c8.fdc: LastWriteTime: 2015-07-17T03:04:22.385924800Z
515c8.fdc: ChangeTime: 2015-07-21T07:31:45.234558800Z
615c8.fdc: FileAttributes: 0x20
715c8.fdc: Size: 0x176c38
815c8.fdc: NT Headers: 0xf0
915c8.fdc: Timestamp: 0x55a85cc1
1015c8.fdc: Machine: 0x14c - i386
1115c8.fdc: Timestamp: 0x55a85cc1
1215c8.fdc: Image Version: 10.0
1315c8.fdc: SizeOfImage: 0x179000 (1544192)
1415c8.fdc: Resource Dir: 0x10e000 LB 0x65720
1515c8.fdc: ProductName: Microsoft® Windows® Operating System
1615c8.fdc: ProductVersion: 10.0.10240.16392
1715c8.fdc: FileVersion: 10.0.10240.16392 (th1_st1.150716-1608)
1815c8.fdc: FileDescription: NT Layer DLL
1915c8.fdc: \SystemRoot\System32\kernel32.dll:
2015c8.fdc: CreationTime: 2015-07-10T08:24:38.139724700Z
2115c8.fdc: LastWriteTime: 2015-07-10T08:24:38.139724700Z
2215c8.fdc: ChangeTime: 2015-07-17T11:40:25.962843400Z
2315c8.fdc: FileAttributes: 0x20
2415c8.fdc: Size: 0x986b8
2515c8.fdc: NT Headers: 0xf8
2615c8.fdc: Timestamp: 0x559f3b86
2715c8.fdc: Machine: 0x14c - i386
2815c8.fdc: Timestamp: 0x559f3b86
2915c8.fdc: Image Version: 10.0
3015c8.fdc: SizeOfImage: 0x95000 (610304)
3115c8.fdc: Resource Dir: 0x8f000 LB 0x518
3215c8.fdc: ProductName: Microsoft® Windows® Operating System
3315c8.fdc: ProductVersion: 10.0.10240.16384
3415c8.fdc: FileVersion: 10.0.10240.16384 (th1.150709-1700)
3515c8.fdc: FileDescription: Windows NT BASE API Client DLL
3615c8.fdc: \SystemRoot\System32\KernelBase.dll:
3715c8.fdc: CreationTime: 2015-07-10T08:24:56.031660300Z
3815c8.fdc: LastWriteTime: 2015-07-10T08:24:56.047288800Z
3915c8.fdc: ChangeTime: 2015-07-17T11:40:25.978448500Z
4015c8.fdc: FileAttributes: 0x20
4115c8.fdc: Size: 0x175610
4215c8.fdc: NT Headers: 0xf0
4315c8.fdc: Timestamp: 0x559f3b4c
4415c8.fdc: Machine: 0x14c - i386
4515c8.fdc: Timestamp: 0x559f3b4c
4615c8.fdc: Image Version: 10.0
4715c8.fdc: SizeOfImage: 0x177000 (1536000)
4815c8.fdc: Resource Dir: 0x15b000 LB 0x530
4915c8.fdc: ProductName: Microsoft® Windows® Operating System
5015c8.fdc: ProductVersion: 10.0.10240.16384
5115c8.fdc: FileVersion: 10.0.10240.16384 (th1.150709-1700)
5215c8.fdc: FileDescription: Windows NT BASE API Client DLL
5315c8.fdc: \SystemRoot\System32\apisetschema.dll:
5415c8.fdc: CreationTime: 2015-07-10T08:24:49.281165400Z
5515c8.fdc: LastWriteTime: 2015-07-10T08:24:49.281165400Z
5615c8.fdc: ChangeTime: 2015-07-17T11:40:21.556582000Z
5715c8.fdc: FileAttributes: 0x20
5815c8.fdc: Size: 0x16560
5915c8.fdc: NT Headers: 0xc8
6015c8.fdc: Timestamp: 0x559f4063
6115c8.fdc: Machine: 0x14c - i386
6215c8.fdc: Timestamp: 0x559f4063
6315c8.fdc: Image Version: 10.0
6415c8.fdc: SizeOfImage: 0x17000 (94208)
6515c8.fdc: Resource Dir: 0x16000 LB 0x3f0
6615c8.fdc: ProductName: Microsoft® Windows® Operating System
6715c8.fdc: ProductVersion: 10.0.10240.16384
6815c8.fdc: FileVersion: 10.0.10240.16384 (th1.150709-1700)
6915c8.fdc: FileDescription: ApiSet Schema DLL
7015c8.fdc: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7115c8.fdc: supR3HardenedWinFindAdversaries: 0x0
7215c8.fdc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
7315c8.fdc: Calling main()
7415c8.fdc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
7515c8.fdc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
7615c8.fdc: SUPR3HardenedMain: Respawn #1
7715c8.fdc: System32: \Device\HarddiskVolume1\Windows\System32
7815c8.fdc: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS
7915c8.fdc: KnownDllPath: C:\WINDOWS\system32
8015c8.fdc: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
8115c8.fdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
8215c8.fdc: supR3HardNtEnableThreadCreation:
8315c8.fdc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77cc2e70 pvNtTerminateThread=77cd0f10
8415c8.fdc: supR3HardenedWinDoReSpawn(1): New child 1d68.17a0 [kernel32].
8515c8.fdc: supR3HardNtChildGatherData: PebBaseAddress=7fde3000 cbPeb=0x250
8615c8.fdc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=77c50000 uNtDllChildAddr=77c50000
8715c8.fdc: supR3HardenedWinSetupChildInit: uLdrInitThunk=77cc2e70
8815c8.fdc: supR3HardenedWinSetupChildInit: Start child.
8915c8.fdc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
9015c8.fdc: supR3HardNtChildPurify: Startup delay kludge #1/0: 266 ms, 0 sleeps
9115c8.fdc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
9215c8.fdc: *00000000-ffa4ffff 0x0001/0x0000 0x0000000
9315c8.fdc: *005b0000-0058ffff 0x0004/0x0004 0x0020000
9415c8.fdc: *005d0000-005bbfff 0x0002/0x0002 0x0040000
9515c8.fdc: 005e4000-005d7fff 0x0001/0x0000 0x0000000
9615c8.fdc: *005f0000-004f2fff 0x0000/0x0004 0x0020000
9715c8.fdc: 006ed000-006eafff 0x0104/0x0004 0x0020000
9815c8.fdc: 006ef000-006edfff 0x0004/0x0004 0x0020000
9915c8.fdc: *006f0000-006ebfff 0x0002/0x0002 0x0040000
10015c8.fdc: 006f4000-006e7fff 0x0001/0x0000 0x0000000
10115c8.fdc: *00700000-006fdfff 0x0004/0x0004 0x0020000
10215c8.fdc: 00702000-ffc63fff 0x0001/0x0000 0x0000000
10315c8.fdc: *011a0000-011a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
10415c8.fdc: 011a1000-01216fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
10515c8.fdc: 01217000-01217fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
10615c8.fdc: 01218000-01251fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
10715c8.fdc: 01252000-01252fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
10815c8.fdc: 01253000-01253fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
10915c8.fdc: 01254000-01254fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
11015c8.fdc: 01255000-01255fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
11115c8.fdc: 01256000-01257fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
11215c8.fdc: 01258000-0125afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
11315c8.fdc: 0125b000-0129efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
11415c8.fdc: 0129f000-8a8edfff 0x0001/0x0000 0x0000000
11515c8.fdc: *77c50000-77c50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
11615c8.fdc: 77c51000-77d55fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
11715c8.fdc: 77d56000-77d5afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
11815c8.fdc: 77d5b000-77d5bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
11915c8.fdc: 77d5c000-77d5dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
12015c8.fdc: 77d5e000-77dc8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
12115c8.fdc: 77dc9000-6fdd1fff 0x0001/0x0000 0x0000000
12215c8.fdc: *7fdc0000-7fd9cfff 0x0002/0x0002 0x0040000
12315c8.fdc: *7fde3000-7fde1fff 0x0004/0x0004 0x0020000
12415c8.fdc: 7fde4000-7fdd8fff 0x0001/0x0000 0x0000000
12515c8.fdc: *7fdef000-7fdedfff 0x0004/0x0004 0x0020000
12615c8.fdc: 7fdf0000-7fbfffff 0x0001/0x0000 0x0000000
12715c8.fdc: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000
12815c8.fdc: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000
12915c8.fdc: VirtualBox.exe: timestamp 0x55c1e16e (rc=VINF_SUCCESS)
13015c8.fdc: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
13115c8.fdc: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
13215c8.fdc: supR3HardNtChildPurify: Done after 312 ms and 0 fixes (loop #0).
1331d68.17a0: Log file opened: 5.0.1r101939 g_hStartupLog=00000004 g_uNtVerCombined=0xa0280000
1341d68.17a0: supR3HardenedVmProcessInit: uNtDllAddr=77c50000
13515c8.fdc: supR3HardNtEnableThreadCreation:
1361d68.17a0: ntdll.dll: timestamp 0x55a85cc1 (rc=VINF_SUCCESS)
1371d68.17a0: New simple heap: #1 00810000 LB 0x400000 (for 1544192 allocation)
1381d68.17a0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
1391d68.17a0: System32: \Device\HarddiskVolume1\Windows\System32
1401d68.17a0: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS
1411d68.17a0: KnownDllPath: C:\WINDOWS\system32
1421d68.17a0: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1431d68.17a0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1441d68.17a0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1451d68.17a0: Registered Dll notification callback with NTDLL.
1461d68.17a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
1471d68.17a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
1481d68.17a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000801:<flags> [calling]
1491d68.17a0: supR3HardenedDllNotificationCallback: load 74fe0000 LB 0x00177000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
1501d68.17a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
1511d68.17a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
1521d68.17a0: supR3HardenedDllNotificationCallback: load 75f80000 LB 0x00095000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
1531d68.17a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1541d68.17a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75f80000 'C:\WINDOWS\system32\KERNEL32.DLL'
1551d68.17a0: supR3HardenedDllNotificationCallback: load 011a0000 LB 0x000ff000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
1561d68.17a0: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1571d68.17a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1581d68.17a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1591d68.17a0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77cc2e70 pvNtTerminateThread=77cd0f10
16015c8.fdc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 110 ms.
1611d68.17a0: \SystemRoot\System32\ntdll.dll:
1621d68.17a0: CreationTime: 2015-07-21T03:30:41.049740900Z
1631d68.17a0: LastWriteTime: 2015-07-17T03:04:22.385924800Z
1641d68.17a0: ChangeTime: 2015-07-21T07:31:45.234558800Z
1651d68.17a0: FileAttributes: 0x20
1661d68.17a0: Size: 0x176c38
1671d68.17a0: NT Headers: 0xf0
1681d68.17a0: Timestamp: 0x55a85cc1
1691d68.17a0: Machine: 0x14c - i386
1701d68.17a0: Timestamp: 0x55a85cc1
1711d68.17a0: Image Version: 10.0
1721d68.17a0: SizeOfImage: 0x179000 (1544192)
1731d68.17a0: Resource Dir: 0x10e000 LB 0x65720
1741d68.17a0: ProductName: Microsoft® Windows® Operating System
1751d68.17a0: ProductVersion: 10.0.10240.16392
1761d68.17a0: FileVersion: 10.0.10240.16392 (th1_st1.150716-1608)
1771d68.17a0: FileDescription: NT Layer DLL
1781d68.17a0: \SystemRoot\System32\kernel32.dll:
1791d68.17a0: CreationTime: 2015-07-10T08:24:38.139724700Z
1801d68.17a0: LastWriteTime: 2015-07-10T08:24:38.139724700Z
1811d68.17a0: ChangeTime: 2015-07-17T11:40:25.962843400Z
1821d68.17a0: FileAttributes: 0x20
1831d68.17a0: Size: 0x986b8
1841d68.17a0: NT Headers: 0xf8
1851d68.17a0: Timestamp: 0x559f3b86
1861d68.17a0: Machine: 0x14c - i386
1871d68.17a0: Timestamp: 0x559f3b86
1881d68.17a0: Image Version: 10.0
1891d68.17a0: SizeOfImage: 0x95000 (610304)
1901d68.17a0: Resource Dir: 0x8f000 LB 0x518
1911d68.17a0: ProductName: Microsoft® Windows® Operating System
1921d68.17a0: ProductVersion: 10.0.10240.16384
1931d68.17a0: FileVersion: 10.0.10240.16384 (th1.150709-1700)
1941d68.17a0: FileDescription: Windows NT BASE API Client DLL
1951d68.17a0: \SystemRoot\System32\KernelBase.dll:
1961d68.17a0: CreationTime: 2015-07-10T08:24:56.031660300Z
1971d68.17a0: LastWriteTime: 2015-07-10T08:24:56.047288800Z
1981d68.17a0: ChangeTime: 2015-07-17T11:40:25.978448500Z
1991d68.17a0: FileAttributes: 0x20
2001d68.17a0: Size: 0x175610
2011d68.17a0: NT Headers: 0xf0
2021d68.17a0: Timestamp: 0x559f3b4c
2031d68.17a0: Machine: 0x14c - i386
2041d68.17a0: Timestamp: 0x559f3b4c
2051d68.17a0: Image Version: 10.0
2061d68.17a0: SizeOfImage: 0x177000 (1536000)
2071d68.17a0: Resource Dir: 0x15b000 LB 0x530
2081d68.17a0: ProductName: Microsoft® Windows® Operating System
2091d68.17a0: ProductVersion: 10.0.10240.16384
2101d68.17a0: FileVersion: 10.0.10240.16384 (th1.150709-1700)
2111d68.17a0: FileDescription: Windows NT BASE API Client DLL
2121d68.17a0: \SystemRoot\System32\apisetschema.dll:
2131d68.17a0: CreationTime: 2015-07-10T08:24:49.281165400Z
2141d68.17a0: LastWriteTime: 2015-07-10T08:24:49.281165400Z
2151d68.17a0: ChangeTime: 2015-07-17T11:40:21.556582000Z
2161d68.17a0: FileAttributes: 0x20
2171d68.17a0: Size: 0x16560
2181d68.17a0: NT Headers: 0xc8
2191d68.17a0: Timestamp: 0x559f4063
2201d68.17a0: Machine: 0x14c - i386
2211d68.17a0: Timestamp: 0x559f4063
2221d68.17a0: Image Version: 10.0
2231d68.17a0: SizeOfImage: 0x17000 (94208)
2241d68.17a0: Resource Dir: 0x16000 LB 0x3f0
2251d68.17a0: ProductName: Microsoft® Windows® Operating System
2261d68.17a0: ProductVersion: 10.0.10240.16384
2271d68.17a0: FileVersion: 10.0.10240.16384 (th1.150709-1700)
2281d68.17a0: FileDescription: ApiSet Schema DLL
2291d68.17a0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
2301d68.17a0: supR3HardenedWinFindAdversaries: 0x0
2311d68.17a0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
2321d68.17a0: Calling main()
2331d68.17a0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2341d68.17a0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
2351d68.17a0: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2361d68.17a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2371d68.17a0: SUPR3HardenedMain: Respawn #2
2381d68.17a0: supR3HardNtEnableThreadCreation:
2391d68.17a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll)
2401d68.17a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll
2411d68.17a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000:<flags> [calling]
2421d68.17a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
2431d68.17a0: supR3HardenedDllNotificationCallback: load 73820000 LB 0x00091000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0]
2441d68.17a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
2451d68.17a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73820000 'C:\WINDOWS\system32\apphelp.dll'
2461d68.17a0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77cc2e70 pvNtTerminateThread=77cd0f10
2471d68.17a0: supR3HardenedWinDoReSpawn(2): New child 1eb8.184c [kernel32].
2481d68.17a0: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
2491d68.17a0: supR3HardNtChildGatherData: PebBaseAddress=7f02f000 cbPeb=0x250
2501d68.17a0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=77c50000 uNtDllChildAddr=77c50000
2511d68.17a0: supR3HardenedWinSetupChildInit: uLdrInitThunk=77cc2e70
2521d68.17a0: supR3HardenedWinSetupChildInit: Start child.
2531d68.17a0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2541d68.17a0: supR3HardNtChildPurify: Startup delay kludge #1/0: 281 ms, 0 sleeps
2551d68.17a0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2561d68.17a0: *00000000-ffe1ffff 0x0001/0x0000 0x0000000
2571d68.17a0: *001e0000-001bffff 0x0004/0x0004 0x0020000
2581d68.17a0: *00200000-001ebfff 0x0002/0x0002 0x0040000
2591d68.17a0: 00214000-00207fff 0x0001/0x0000 0x0000000
2601d68.17a0: *00220000-00122fff 0x0000/0x0004 0x0020000
2611d68.17a0: 0031d000-0031afff 0x0104/0x0004 0x0020000
2621d68.17a0: 0031f000-0031dfff 0x0004/0x0004 0x0020000
2631d68.17a0: *00320000-0031bfff 0x0002/0x0002 0x0040000
2641d68.17a0: 00324000-00317fff 0x0001/0x0000 0x0000000
2651d68.17a0: *00330000-0032dfff 0x0004/0x0004 0x0020000
2661d68.17a0: 00332000-ff4c3fff 0x0001/0x0000 0x0000000
2671d68.17a0: *011a0000-011a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2681d68.17a0: 011a1000-01216fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2691d68.17a0: 01217000-01217fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2701d68.17a0: 01218000-01251fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2711d68.17a0: 01252000-01252fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2721d68.17a0: 01253000-01253fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2731d68.17a0: 01254000-01254fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2741d68.17a0: 01255000-01255fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2751d68.17a0: 01256000-01257fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2761d68.17a0: 01258000-0125afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2771d68.17a0: 0125b000-0129efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2781d68.17a0: 0129f000-8a8edfff 0x0001/0x0000 0x0000000
2791d68.17a0: *77c50000-77c50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
2801d68.17a0: 77c51000-77d55fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
2811d68.17a0: 77d56000-77d5afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
2821d68.17a0: 77d5b000-77d5bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
2831d68.17a0: 77d5c000-77d5dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
2841d68.17a0: 77d5e000-77dc8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
2851d68.17a0: 77dc9000-70b91fff 0x0001/0x0000 0x0000000
2861d68.17a0: *7f000000-7efdcfff 0x0002/0x0002 0x0040000
2871d68.17a0: 7f023000-7f017fff 0x0001/0x0000 0x0000000
2881d68.17a0: *7f02e000-7f02cfff 0x0004/0x0004 0x0020000
2891d68.17a0: *7f02f000-7f02dfff 0x0004/0x0004 0x0020000
2901d68.17a0: 7f030000-7e07ffff 0x0001/0x0000 0x0000000
2911d68.17a0: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000
2921d68.17a0: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000
2931d68.17a0: VirtualBox.exe: timestamp 0x55c1e16e (rc=VINF_SUCCESS)
2941d68.17a0: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2951d68.17a0: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
2961d68.17a0: supR3HardNtChildPurify: Done after 391 ms and 0 fixes (loop #0).
2971eb8.184c: Log file opened: 5.0.1r101939 g_hStartupLog=00000004 g_uNtVerCombined=0xa0280000
2981eb8.184c: supR3HardenedVmProcessInit: uNtDllAddr=77c50000
2991d68.17a0: supR3HardenedEarlyCompact: Removed heap 1 (0x810000 LB 0x400000)
3001d68.17a0: supR3HardNtEnableThreadCreation:
3011eb8.184c: ntdll.dll: timestamp 0x55a85cc1 (rc=VINF_SUCCESS)
3021eb8.184c: New simple heap: #1 00440000 LB 0x400000 (for 1544192 allocation)
3031eb8.184c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
3041eb8.184c: System32: \Device\HarddiskVolume1\Windows\System32
3051eb8.184c: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS
3061eb8.184c: KnownDllPath: C:\WINDOWS\system32
3071eb8.184c: supR3HardenedVmProcessInit: Opening vboxdrv...
3081eb8.184c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3091eb8.184c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3101eb8.184c: Registered Dll notification callback with NTDLL.
3111eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
3121eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
3131eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000801:<flags> [calling]
3141eb8.184c: supR3HardenedDllNotificationCallback: load 74fe0000 LB 0x00177000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
3151eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
3161eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
3171eb8.184c: supR3HardenedDllNotificationCallback: load 75f80000 LB 0x00095000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0]
3181eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3191eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75f80000 'C:\WINDOWS\system32\KERNEL32.DLL'
3201eb8.184c: supR3HardenedDllNotificationCallback: load 011a0000 LB 0x000ff000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
3211eb8.184c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3221eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3231eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
3241eb8.184c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77cc2e70 pvNtTerminateThread=77cd0f10
3251d68.17a0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 125 ms.
3261eb8.184c: \SystemRoot\System32\ntdll.dll:
3271eb8.184c: CreationTime: 2015-07-21T03:30:41.049740900Z
3281eb8.184c: LastWriteTime: 2015-07-17T03:04:22.385924800Z
3291eb8.184c: ChangeTime: 2015-07-21T07:31:45.234558800Z
3301eb8.184c: FileAttributes: 0x20
3311eb8.184c: Size: 0x176c38
3321eb8.184c: NT Headers: 0xf0
3331eb8.184c: Timestamp: 0x55a85cc1
3341eb8.184c: Machine: 0x14c - i386
3351eb8.184c: Timestamp: 0x55a85cc1
3361eb8.184c: Image Version: 10.0
3371eb8.184c: SizeOfImage: 0x179000 (1544192)
3381eb8.184c: Resource Dir: 0x10e000 LB 0x65720
3391eb8.184c: ProductName: Microsoft® Windows® Operating System
3401eb8.184c: ProductVersion: 10.0.10240.16392
3411eb8.184c: FileVersion: 10.0.10240.16392 (th1_st1.150716-1608)
3421eb8.184c: FileDescription: NT Layer DLL
3431eb8.184c: \SystemRoot\System32\kernel32.dll:
3441eb8.184c: CreationTime: 2015-07-10T08:24:38.139724700Z
3451eb8.184c: LastWriteTime: 2015-07-10T08:24:38.139724700Z
3461eb8.184c: ChangeTime: 2015-07-17T11:40:25.962843400Z
3471eb8.184c: FileAttributes: 0x20
3481eb8.184c: Size: 0x986b8
3491eb8.184c: NT Headers: 0xf8
3501eb8.184c: Timestamp: 0x559f3b86
3511eb8.184c: Machine: 0x14c - i386
3521eb8.184c: Timestamp: 0x559f3b86
3531eb8.184c: Image Version: 10.0
3541eb8.184c: SizeOfImage: 0x95000 (610304)
3551eb8.184c: Resource Dir: 0x8f000 LB 0x518
3561eb8.184c: ProductName: Microsoft® Windows® Operating System
3571eb8.184c: ProductVersion: 10.0.10240.16384
3581eb8.184c: FileVersion: 10.0.10240.16384 (th1.150709-1700)
3591eb8.184c: FileDescription: Windows NT BASE API Client DLL
3601eb8.184c: \SystemRoot\System32\KernelBase.dll:
3611eb8.184c: CreationTime: 2015-07-10T08:24:56.031660300Z
3621eb8.184c: LastWriteTime: 2015-07-10T08:24:56.047288800Z
3631eb8.184c: ChangeTime: 2015-07-17T11:40:25.978448500Z
3641eb8.184c: FileAttributes: 0x20
3651eb8.184c: Size: 0x175610
3661eb8.184c: NT Headers: 0xf0
3671eb8.184c: Timestamp: 0x559f3b4c
3681eb8.184c: Machine: 0x14c - i386
3691eb8.184c: Timestamp: 0x559f3b4c
3701eb8.184c: Image Version: 10.0
3711eb8.184c: SizeOfImage: 0x177000 (1536000)
3721eb8.184c: Resource Dir: 0x15b000 LB 0x530
3731eb8.184c: ProductName: Microsoft® Windows® Operating System
3741eb8.184c: ProductVersion: 10.0.10240.16384
3751eb8.184c: FileVersion: 10.0.10240.16384 (th1.150709-1700)
3761eb8.184c: FileDescription: Windows NT BASE API Client DLL
3771eb8.184c: \SystemRoot\System32\apisetschema.dll:
3781eb8.184c: CreationTime: 2015-07-10T08:24:49.281165400Z
3791eb8.184c: LastWriteTime: 2015-07-10T08:24:49.281165400Z
3801eb8.184c: ChangeTime: 2015-07-17T11:40:21.556582000Z
3811eb8.184c: FileAttributes: 0x20
3821eb8.184c: Size: 0x16560
3831eb8.184c: NT Headers: 0xc8
3841eb8.184c: Timestamp: 0x559f4063
3851eb8.184c: Machine: 0x14c - i386
3861eb8.184c: Timestamp: 0x559f4063
3871eb8.184c: Image Version: 10.0
3881eb8.184c: SizeOfImage: 0x17000 (94208)
3891eb8.184c: Resource Dir: 0x16000 LB 0x3f0
3901eb8.184c: ProductName: Microsoft® Windows® Operating System
3911eb8.184c: ProductVersion: 10.0.10240.16384
3921eb8.184c: FileVersion: 10.0.10240.16384 (th1.150709-1700)
3931eb8.184c: FileDescription: ApiSet Schema DLL
3941eb8.184c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
3951eb8.184c: supR3HardenedWinFindAdversaries: 0x0
3961eb8.184c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
3971eb8.184c: Calling main()
3981eb8.184c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
3991eb8.184c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
4001eb8.184c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4011eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4021eb8.184c: SUPR3HardenedMain: Final process, opening VBoxDrv...
4031eb8.184c: supR3HardenedEarlyCompact: Removed heap 1 (0x440000 LB 0x400000)
4041eb8.184c: supR3HardNtEnableThreadCreation:
4051eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
4061eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
4071eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000801:<flags> [calling]
4081eb8.184c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4091eb8.184c: supR3HardenedDllNotificationCallback: load 6e2b0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
4101eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4111eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4121eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
4131eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e2b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4141eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4151eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
4161eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e2b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4171eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e2b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4181eb8.184c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4191eb8.184c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'.
4201eb8.184c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
4211eb8.184c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
4221eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wintrust.dll)
4231eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wintrust.dll
4241eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4251eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4261eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll)
4271eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
4281eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
4291eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
4301eb8.184c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4311eb8.184c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msasn1.dll'.
4321eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\crypt32.dll)
4331eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\crypt32.dll
4341eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4351eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4361eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msasn1.dll)
4371eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msasn1.dll
4381eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4391eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4401eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll)
4411eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
4421eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4431eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4441eb8.184c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4451eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4461eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4471eb8.184c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4481eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000801:<flags> [calling]
4491eb8.184c: supR3HardenedDllNotificationCallback: load 75960000 LB 0x000be000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0]
4501eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4511eb8.184c: supR3HardenedDllNotificationCallback: load 74db0000 LB 0x0000e000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0]
4521eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4531eb8.184c: supR3HardenedDllNotificationCallback: load 74e20000 LB 0x00175000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0]
4541eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
4551eb8.184c: supR3HardenedDllNotificationCallback: load 761b0000 LB 0x000c2000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0]
4561eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4571eb8.184c: supR3HardenedDllNotificationCallback: load 75640000 LB 0x00042000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0]
4581eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4591eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75640000 'C:\WINDOWS\system32\Wintrust.dll'
4601eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcrypt.dll)
4611eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcrypt.dll
4621eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000801:<flags> [calling]
4631eb8.184c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
4641eb8.184c: supR3HardenedDllNotificationCallback: load 74ba0000 LB 0x0001d000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
4651eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
4661eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74ba0000 'C:\WINDOWS\system32\bcrypt.dll'
4671eb8.184c: bcrypt.dll loaded at 74ba0000, BCryptOpenAlgorithmProvider at 74ba5cc0, preloading providers:
4681eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll)
4691eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll
4701eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
4711eb8.184c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
4721eb8.184c: supR3HardenedDllNotificationCallback: load 74c40000 LB 0x00059000 C:\WINDOWS\system32\bcryptprimitives.dll [fFlags=0x0]
4731eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
4741eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74c40000 'C:\WINDOWS\system32\bcryptprimitives.dll'
4751eb8.184c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00888d28)
4761eb8.184c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00889268)
4771eb8.184c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00889520)
4781eb8.184c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=008897d8)
4791eb8.184c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00889a90)
4801eb8.184c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00889d48)
4811eb8.184c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0088a000)
4821eb8.184c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0088aa40)
4831eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4841eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
4851eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75640000 'C:\Windows\System32\WINTRUST.DLL'
4861eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4871eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
4881eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75640000 'C:\Windows\System32\WINTRUST.DLL'
4891eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4901eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
4911eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75640000 'C:\Windows\System32\WINTRUST.DLL'
4921eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4931eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
4941eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75640000 'C:\Windows\System32\WINTRUST.DLL'
4951eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4961eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
4971eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75640000 'C:\Windows\System32\WINTRUST.DLL'
4981eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4991eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
5001eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75640000 'C:\Windows\System32\WINTRUST.DLL'
5011eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5021eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
5031eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75640000 'C:\Windows\System32\WINTRUST.DLL'
5041eb8.184c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
5051eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\cryptsp.dll)
5061eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptsp.dll
5071eb8.184c: supR3HardenedDllNotificationCallback: load 747c0000 LB 0x00013000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
5081eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
5091eb8.184c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'.
5101eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rsaenh.dll)
5111eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rsaenh.dll
5121eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
5131eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
5141eb8.184c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5151eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
5161eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
5171eb8.184c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5181eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
5191eb8.184c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5201eb8.184c: supR3HardenedDllNotificationCallback: load 74410000 LB 0x0002f000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
5211eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5221eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74410000 'C:\WINDOWS\system32\rsaenh.dll'
5231eb8.184c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
5241eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\cryptbase.dll)
5251eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
5261eb8.184c: supR3HardenedDllNotificationCallback: load 748d0000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
5271eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
5281eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5291eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
5301eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
5311eb8.184c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5321eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001:<flags> [calling]
5331eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75f80000 'C:\WINDOWS\system32\kernel32.dll'
5341eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5351eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75640000 'C:\Windows\System32\WINTRUST.DLL'
5361eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5371eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000001:<flags> [calling]
5381eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74e20000 'C:\WINDOWS\system32\CRYPT32.dll'
5391eb8.184c: supR3HardenedDllNotificationCallback: load 76190000 LB 0x00019000 C:\WINDOWS\system32\imagehlp.dll [fFlags=0x0]
5401eb8.184c: supHardenedWinVerifyImageByHandle: -> -626 (\Device\HarddiskVolume1\Windows\System32\imagehlp.dll)
5411eb8.184c: Error (rc=0):
5421eb8.184c: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume1\Windows\System32\imagehlp.dll:
5431eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imagehlp.dll
5441eb8.184c: Fatal error:
5451eb8.184c: supR3HardenedDllNotificationCallback: supR3HardenedScreenImage failed on 'C:\WINDOWS\system32\imagehlp.dll' / '\??\C:\WINDOWS\system32\imagehlp.dll': 0xc0000190
5461d68.17a0: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 156 ms, the end);
54715c8.fdc: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 718 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy