15c8.fdc: Log file opened: 5.0.1r101939 g_hStartupLog=000001b0 g_uNtVerCombined=0xa0280000 15c8.fdc: \SystemRoot\System32\ntdll.dll: 15c8.fdc: CreationTime: 2015-07-21T03:30:41.049740900Z 15c8.fdc: LastWriteTime: 2015-07-17T03:04:22.385924800Z 15c8.fdc: ChangeTime: 2015-07-21T07:31:45.234558800Z 15c8.fdc: FileAttributes: 0x20 15c8.fdc: Size: 0x176c38 15c8.fdc: NT Headers: 0xf0 15c8.fdc: Timestamp: 0x55a85cc1 15c8.fdc: Machine: 0x14c - i386 15c8.fdc: Timestamp: 0x55a85cc1 15c8.fdc: Image Version: 10.0 15c8.fdc: SizeOfImage: 0x179000 (1544192) 15c8.fdc: Resource Dir: 0x10e000 LB 0x65720 15c8.fdc: ProductName: Microsoft® Windows® Operating System 15c8.fdc: ProductVersion: 10.0.10240.16392 15c8.fdc: FileVersion: 10.0.10240.16392 (th1_st1.150716-1608) 15c8.fdc: FileDescription: NT Layer DLL 15c8.fdc: \SystemRoot\System32\kernel32.dll: 15c8.fdc: CreationTime: 2015-07-10T08:24:38.139724700Z 15c8.fdc: LastWriteTime: 2015-07-10T08:24:38.139724700Z 15c8.fdc: ChangeTime: 2015-07-17T11:40:25.962843400Z 15c8.fdc: FileAttributes: 0x20 15c8.fdc: Size: 0x986b8 15c8.fdc: NT Headers: 0xf8 15c8.fdc: Timestamp: 0x559f3b86 15c8.fdc: Machine: 0x14c - i386 15c8.fdc: Timestamp: 0x559f3b86 15c8.fdc: Image Version: 10.0 15c8.fdc: SizeOfImage: 0x95000 (610304) 15c8.fdc: Resource Dir: 0x8f000 LB 0x518 15c8.fdc: ProductName: Microsoft® Windows® Operating System 15c8.fdc: ProductVersion: 10.0.10240.16384 15c8.fdc: FileVersion: 10.0.10240.16384 (th1.150709-1700) 15c8.fdc: FileDescription: Windows NT BASE API Client DLL 15c8.fdc: \SystemRoot\System32\KernelBase.dll: 15c8.fdc: CreationTime: 2015-07-10T08:24:56.031660300Z 15c8.fdc: LastWriteTime: 2015-07-10T08:24:56.047288800Z 15c8.fdc: ChangeTime: 2015-07-17T11:40:25.978448500Z 15c8.fdc: FileAttributes: 0x20 15c8.fdc: Size: 0x175610 15c8.fdc: NT Headers: 0xf0 15c8.fdc: Timestamp: 0x559f3b4c 15c8.fdc: Machine: 0x14c - i386 15c8.fdc: Timestamp: 0x559f3b4c 15c8.fdc: Image Version: 10.0 15c8.fdc: SizeOfImage: 0x177000 (1536000) 15c8.fdc: Resource Dir: 0x15b000 LB 0x530 15c8.fdc: ProductName: Microsoft® Windows® Operating System 15c8.fdc: ProductVersion: 10.0.10240.16384 15c8.fdc: FileVersion: 10.0.10240.16384 (th1.150709-1700) 15c8.fdc: FileDescription: Windows NT BASE API Client DLL 15c8.fdc: \SystemRoot\System32\apisetschema.dll: 15c8.fdc: CreationTime: 2015-07-10T08:24:49.281165400Z 15c8.fdc: LastWriteTime: 2015-07-10T08:24:49.281165400Z 15c8.fdc: ChangeTime: 2015-07-17T11:40:21.556582000Z 15c8.fdc: FileAttributes: 0x20 15c8.fdc: Size: 0x16560 15c8.fdc: NT Headers: 0xc8 15c8.fdc: Timestamp: 0x559f4063 15c8.fdc: Machine: 0x14c - i386 15c8.fdc: Timestamp: 0x559f4063 15c8.fdc: Image Version: 10.0 15c8.fdc: SizeOfImage: 0x17000 (94208) 15c8.fdc: Resource Dir: 0x16000 LB 0x3f0 15c8.fdc: ProductName: Microsoft® Windows® Operating System 15c8.fdc: ProductVersion: 10.0.10240.16384 15c8.fdc: FileVersion: 10.0.10240.16384 (th1.150709-1700) 15c8.fdc: FileDescription: ApiSet Schema DLL 15c8.fdc: NtOpenDirectoryObject failed on \Driver: 0xc0000022 15c8.fdc: supR3HardenedWinFindAdversaries: 0x0 15c8.fdc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 15c8.fdc: Calling main() 15c8.fdc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 15c8.fdc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 15c8.fdc: SUPR3HardenedMain: Respawn #1 15c8.fdc: System32: \Device\HarddiskVolume1\Windows\System32 15c8.fdc: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS 15c8.fdc: KnownDllPath: C:\WINDOWS\system32 15c8.fdc: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 15c8.fdc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe) 15c8.fdc: supR3HardNtEnableThreadCreation: 15c8.fdc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77cc2e70 pvNtTerminateThread=77cd0f10 15c8.fdc: supR3HardenedWinDoReSpawn(1): New child 1d68.17a0 [kernel32]. 15c8.fdc: supR3HardNtChildGatherData: PebBaseAddress=7fde3000 cbPeb=0x250 15c8.fdc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=77c50000 uNtDllChildAddr=77c50000 15c8.fdc: supR3HardenedWinSetupChildInit: uLdrInitThunk=77cc2e70 15c8.fdc: supR3HardenedWinSetupChildInit: Start child. 15c8.fdc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 15c8.fdc: supR3HardNtChildPurify: Startup delay kludge #1/0: 266 ms, 0 sleeps 15c8.fdc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 15c8.fdc: *00000000-ffa4ffff 0x0001/0x0000 0x0000000 15c8.fdc: *005b0000-0058ffff 0x0004/0x0004 0x0020000 15c8.fdc: *005d0000-005bbfff 0x0002/0x0002 0x0040000 15c8.fdc: 005e4000-005d7fff 0x0001/0x0000 0x0000000 15c8.fdc: *005f0000-004f2fff 0x0000/0x0004 0x0020000 15c8.fdc: 006ed000-006eafff 0x0104/0x0004 0x0020000 15c8.fdc: 006ef000-006edfff 0x0004/0x0004 0x0020000 15c8.fdc: *006f0000-006ebfff 0x0002/0x0002 0x0040000 15c8.fdc: 006f4000-006e7fff 0x0001/0x0000 0x0000000 15c8.fdc: *00700000-006fdfff 0x0004/0x0004 0x0020000 15c8.fdc: 00702000-ffc63fff 0x0001/0x0000 0x0000000 15c8.fdc: *011a0000-011a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 15c8.fdc: 011a1000-01216fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 15c8.fdc: 01217000-01217fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 15c8.fdc: 01218000-01251fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 15c8.fdc: 01252000-01252fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 15c8.fdc: 01253000-01253fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 15c8.fdc: 01254000-01254fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 15c8.fdc: 01255000-01255fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 15c8.fdc: 01256000-01257fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 15c8.fdc: 01258000-0125afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 15c8.fdc: 0125b000-0129efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 15c8.fdc: 0129f000-8a8edfff 0x0001/0x0000 0x0000000 15c8.fdc: *77c50000-77c50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 15c8.fdc: 77c51000-77d55fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 15c8.fdc: 77d56000-77d5afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 15c8.fdc: 77d5b000-77d5bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 15c8.fdc: 77d5c000-77d5dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 15c8.fdc: 77d5e000-77dc8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 15c8.fdc: 77dc9000-6fdd1fff 0x0001/0x0000 0x0000000 15c8.fdc: *7fdc0000-7fd9cfff 0x0002/0x0002 0x0040000 15c8.fdc: *7fde3000-7fde1fff 0x0004/0x0004 0x0020000 15c8.fdc: 7fde4000-7fdd8fff 0x0001/0x0000 0x0000000 15c8.fdc: *7fdef000-7fdedfff 0x0004/0x0004 0x0020000 15c8.fdc: 7fdf0000-7fbfffff 0x0001/0x0000 0x0000000 15c8.fdc: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000 15c8.fdc: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000 15c8.fdc: VirtualBox.exe: timestamp 0x55c1e16e (rc=VINF_SUCCESS) 15c8.fdc: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 15c8.fdc: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports 15c8.fdc: supR3HardNtChildPurify: Done after 312 ms and 0 fixes (loop #0). 1d68.17a0: Log file opened: 5.0.1r101939 g_hStartupLog=00000004 g_uNtVerCombined=0xa0280000 1d68.17a0: supR3HardenedVmProcessInit: uNtDllAddr=77c50000 15c8.fdc: supR3HardNtEnableThreadCreation: 1d68.17a0: ntdll.dll: timestamp 0x55a85cc1 (rc=VINF_SUCCESS) 1d68.17a0: New simple heap: #1 00810000 LB 0x400000 (for 1544192 allocation) 1d68.17a0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 1d68.17a0: System32: \Device\HarddiskVolume1\Windows\System32 1d68.17a0: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS 1d68.17a0: KnownDllPath: C:\WINDOWS\system32 1d68.17a0: supR3HardenedVmProcessInit: Opening vboxdrv stub... 1d68.17a0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 1d68.17a0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 1d68.17a0: Registered Dll notification callback with NTDLL. 1d68.17a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll) 1d68.17a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll 1d68.17a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000801: [calling] 1d68.17a0: supR3HardenedDllNotificationCallback: load 74fe0000 LB 0x00177000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0] 1d68.17a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll) 1d68.17a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll 1d68.17a0: supR3HardenedDllNotificationCallback: load 75f80000 LB 0x00095000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0] 1d68.17a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1d68.17a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75f80000 'C:\WINDOWS\system32\KERNEL32.DLL' 1d68.17a0: supR3HardenedDllNotificationCallback: load 011a0000 LB 0x000ff000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 1d68.17a0: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1d68.17a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1d68.17a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 1d68.17a0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77cc2e70 pvNtTerminateThread=77cd0f10 15c8.fdc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 110 ms. 1d68.17a0: \SystemRoot\System32\ntdll.dll: 1d68.17a0: CreationTime: 2015-07-21T03:30:41.049740900Z 1d68.17a0: LastWriteTime: 2015-07-17T03:04:22.385924800Z 1d68.17a0: ChangeTime: 2015-07-21T07:31:45.234558800Z 1d68.17a0: FileAttributes: 0x20 1d68.17a0: Size: 0x176c38 1d68.17a0: NT Headers: 0xf0 1d68.17a0: Timestamp: 0x55a85cc1 1d68.17a0: Machine: 0x14c - i386 1d68.17a0: Timestamp: 0x55a85cc1 1d68.17a0: Image Version: 10.0 1d68.17a0: SizeOfImage: 0x179000 (1544192) 1d68.17a0: Resource Dir: 0x10e000 LB 0x65720 1d68.17a0: ProductName: Microsoft® Windows® Operating System 1d68.17a0: ProductVersion: 10.0.10240.16392 1d68.17a0: FileVersion: 10.0.10240.16392 (th1_st1.150716-1608) 1d68.17a0: FileDescription: NT Layer DLL 1d68.17a0: \SystemRoot\System32\kernel32.dll: 1d68.17a0: CreationTime: 2015-07-10T08:24:38.139724700Z 1d68.17a0: LastWriteTime: 2015-07-10T08:24:38.139724700Z 1d68.17a0: ChangeTime: 2015-07-17T11:40:25.962843400Z 1d68.17a0: FileAttributes: 0x20 1d68.17a0: Size: 0x986b8 1d68.17a0: NT Headers: 0xf8 1d68.17a0: Timestamp: 0x559f3b86 1d68.17a0: Machine: 0x14c - i386 1d68.17a0: Timestamp: 0x559f3b86 1d68.17a0: Image Version: 10.0 1d68.17a0: SizeOfImage: 0x95000 (610304) 1d68.17a0: Resource Dir: 0x8f000 LB 0x518 1d68.17a0: ProductName: Microsoft® Windows® Operating System 1d68.17a0: ProductVersion: 10.0.10240.16384 1d68.17a0: FileVersion: 10.0.10240.16384 (th1.150709-1700) 1d68.17a0: FileDescription: Windows NT BASE API Client DLL 1d68.17a0: \SystemRoot\System32\KernelBase.dll: 1d68.17a0: CreationTime: 2015-07-10T08:24:56.031660300Z 1d68.17a0: LastWriteTime: 2015-07-10T08:24:56.047288800Z 1d68.17a0: ChangeTime: 2015-07-17T11:40:25.978448500Z 1d68.17a0: FileAttributes: 0x20 1d68.17a0: Size: 0x175610 1d68.17a0: NT Headers: 0xf0 1d68.17a0: Timestamp: 0x559f3b4c 1d68.17a0: Machine: 0x14c - i386 1d68.17a0: Timestamp: 0x559f3b4c 1d68.17a0: Image Version: 10.0 1d68.17a0: SizeOfImage: 0x177000 (1536000) 1d68.17a0: Resource Dir: 0x15b000 LB 0x530 1d68.17a0: ProductName: Microsoft® Windows® Operating System 1d68.17a0: ProductVersion: 10.0.10240.16384 1d68.17a0: FileVersion: 10.0.10240.16384 (th1.150709-1700) 1d68.17a0: FileDescription: Windows NT BASE API Client DLL 1d68.17a0: \SystemRoot\System32\apisetschema.dll: 1d68.17a0: CreationTime: 2015-07-10T08:24:49.281165400Z 1d68.17a0: LastWriteTime: 2015-07-10T08:24:49.281165400Z 1d68.17a0: ChangeTime: 2015-07-17T11:40:21.556582000Z 1d68.17a0: FileAttributes: 0x20 1d68.17a0: Size: 0x16560 1d68.17a0: NT Headers: 0xc8 1d68.17a0: Timestamp: 0x559f4063 1d68.17a0: Machine: 0x14c - i386 1d68.17a0: Timestamp: 0x559f4063 1d68.17a0: Image Version: 10.0 1d68.17a0: SizeOfImage: 0x17000 (94208) 1d68.17a0: Resource Dir: 0x16000 LB 0x3f0 1d68.17a0: ProductName: Microsoft® Windows® Operating System 1d68.17a0: ProductVersion: 10.0.10240.16384 1d68.17a0: FileVersion: 10.0.10240.16384 (th1.150709-1700) 1d68.17a0: FileDescription: ApiSet Schema DLL 1d68.17a0: NtOpenDirectoryObject failed on \Driver: 0xc0000022 1d68.17a0: supR3HardenedWinFindAdversaries: 0x0 1d68.17a0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 1d68.17a0: Calling main() 1d68.17a0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1d68.17a0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 1d68.17a0: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1d68.17a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1d68.17a0: SUPR3HardenedMain: Respawn #2 1d68.17a0: supR3HardNtEnableThreadCreation: 1d68.17a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll) 1d68.17a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll 1d68.17a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000: [calling] 1d68.17a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 1d68.17a0: supR3HardenedDllNotificationCallback: load 73820000 LB 0x00091000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0] 1d68.17a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust] 1d68.17a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73820000 'C:\WINDOWS\system32\apphelp.dll' 1d68.17a0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77cc2e70 pvNtTerminateThread=77cd0f10 1d68.17a0: supR3HardenedWinDoReSpawn(2): New child 1eb8.184c [kernel32]. 1d68.17a0: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless) 1d68.17a0: supR3HardNtChildGatherData: PebBaseAddress=7f02f000 cbPeb=0x250 1d68.17a0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=77c50000 uNtDllChildAddr=77c50000 1d68.17a0: supR3HardenedWinSetupChildInit: uLdrInitThunk=77cc2e70 1d68.17a0: supR3HardenedWinSetupChildInit: Start child. 1d68.17a0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 1d68.17a0: supR3HardNtChildPurify: Startup delay kludge #1/0: 281 ms, 0 sleeps 1d68.17a0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 1d68.17a0: *00000000-ffe1ffff 0x0001/0x0000 0x0000000 1d68.17a0: *001e0000-001bffff 0x0004/0x0004 0x0020000 1d68.17a0: *00200000-001ebfff 0x0002/0x0002 0x0040000 1d68.17a0: 00214000-00207fff 0x0001/0x0000 0x0000000 1d68.17a0: *00220000-00122fff 0x0000/0x0004 0x0020000 1d68.17a0: 0031d000-0031afff 0x0104/0x0004 0x0020000 1d68.17a0: 0031f000-0031dfff 0x0004/0x0004 0x0020000 1d68.17a0: *00320000-0031bfff 0x0002/0x0002 0x0040000 1d68.17a0: 00324000-00317fff 0x0001/0x0000 0x0000000 1d68.17a0: *00330000-0032dfff 0x0004/0x0004 0x0020000 1d68.17a0: 00332000-ff4c3fff 0x0001/0x0000 0x0000000 1d68.17a0: *011a0000-011a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 1d68.17a0: 011a1000-01216fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 1d68.17a0: 01217000-01217fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 1d68.17a0: 01218000-01251fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 1d68.17a0: 01252000-01252fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 1d68.17a0: 01253000-01253fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 1d68.17a0: 01254000-01254fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 1d68.17a0: 01255000-01255fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 1d68.17a0: 01256000-01257fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 1d68.17a0: 01258000-0125afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 1d68.17a0: 0125b000-0129efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 1d68.17a0: 0129f000-8a8edfff 0x0001/0x0000 0x0000000 1d68.17a0: *77c50000-77c50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 1d68.17a0: 77c51000-77d55fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 1d68.17a0: 77d56000-77d5afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 1d68.17a0: 77d5b000-77d5bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 1d68.17a0: 77d5c000-77d5dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 1d68.17a0: 77d5e000-77dc8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll 1d68.17a0: 77dc9000-70b91fff 0x0001/0x0000 0x0000000 1d68.17a0: *7f000000-7efdcfff 0x0002/0x0002 0x0040000 1d68.17a0: 7f023000-7f017fff 0x0001/0x0000 0x0000000 1d68.17a0: *7f02e000-7f02cfff 0x0004/0x0004 0x0020000 1d68.17a0: *7f02f000-7f02dfff 0x0004/0x0004 0x0020000 1d68.17a0: 7f030000-7e07ffff 0x0001/0x0000 0x0000000 1d68.17a0: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000 1d68.17a0: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000 1d68.17a0: VirtualBox.exe: timestamp 0x55c1e16e (rc=VINF_SUCCESS) 1d68.17a0: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1d68.17a0: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports 1d68.17a0: supR3HardNtChildPurify: Done after 391 ms and 0 fixes (loop #0). 1eb8.184c: Log file opened: 5.0.1r101939 g_hStartupLog=00000004 g_uNtVerCombined=0xa0280000 1eb8.184c: supR3HardenedVmProcessInit: uNtDllAddr=77c50000 1d68.17a0: supR3HardenedEarlyCompact: Removed heap 1 (0x810000 LB 0x400000) 1d68.17a0: supR3HardNtEnableThreadCreation: 1eb8.184c: ntdll.dll: timestamp 0x55a85cc1 (rc=VINF_SUCCESS) 1eb8.184c: New simple heap: #1 00440000 LB 0x400000 (for 1544192 allocation) 1eb8.184c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 1eb8.184c: System32: \Device\HarddiskVolume1\Windows\System32 1eb8.184c: WinSxS: \Device\HarddiskVolume1\Windows\WinSxS 1eb8.184c: KnownDllPath: C:\WINDOWS\system32 1eb8.184c: supR3HardenedVmProcessInit: Opening vboxdrv... 1eb8.184c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 1eb8.184c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 1eb8.184c: Registered Dll notification callback with NTDLL. 1eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll) 1eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000801: [calling] 1eb8.184c: supR3HardenedDllNotificationCallback: load 74fe0000 LB 0x00177000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0] 1eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll) 1eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll 1eb8.184c: supR3HardenedDllNotificationCallback: load 75f80000 LB 0x00095000 C:\WINDOWS\system32\KERNEL32.DLL [fFlags=0x0] 1eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75f80000 'C:\WINDOWS\system32\KERNEL32.DLL' 1eb8.184c: supR3HardenedDllNotificationCallback: load 011a0000 LB 0x000ff000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] 1eb8.184c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe 1eb8.184c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77cc2e70 pvNtTerminateThread=77cd0f10 1d68.17a0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 125 ms. 1eb8.184c: \SystemRoot\System32\ntdll.dll: 1eb8.184c: CreationTime: 2015-07-21T03:30:41.049740900Z 1eb8.184c: LastWriteTime: 2015-07-17T03:04:22.385924800Z 1eb8.184c: ChangeTime: 2015-07-21T07:31:45.234558800Z 1eb8.184c: FileAttributes: 0x20 1eb8.184c: Size: 0x176c38 1eb8.184c: NT Headers: 0xf0 1eb8.184c: Timestamp: 0x55a85cc1 1eb8.184c: Machine: 0x14c - i386 1eb8.184c: Timestamp: 0x55a85cc1 1eb8.184c: Image Version: 10.0 1eb8.184c: SizeOfImage: 0x179000 (1544192) 1eb8.184c: Resource Dir: 0x10e000 LB 0x65720 1eb8.184c: ProductName: Microsoft® Windows® Operating System 1eb8.184c: ProductVersion: 10.0.10240.16392 1eb8.184c: FileVersion: 10.0.10240.16392 (th1_st1.150716-1608) 1eb8.184c: FileDescription: NT Layer DLL 1eb8.184c: \SystemRoot\System32\kernel32.dll: 1eb8.184c: CreationTime: 2015-07-10T08:24:38.139724700Z 1eb8.184c: LastWriteTime: 2015-07-10T08:24:38.139724700Z 1eb8.184c: ChangeTime: 2015-07-17T11:40:25.962843400Z 1eb8.184c: FileAttributes: 0x20 1eb8.184c: Size: 0x986b8 1eb8.184c: NT Headers: 0xf8 1eb8.184c: Timestamp: 0x559f3b86 1eb8.184c: Machine: 0x14c - i386 1eb8.184c: Timestamp: 0x559f3b86 1eb8.184c: Image Version: 10.0 1eb8.184c: SizeOfImage: 0x95000 (610304) 1eb8.184c: Resource Dir: 0x8f000 LB 0x518 1eb8.184c: ProductName: Microsoft® Windows® Operating System 1eb8.184c: ProductVersion: 10.0.10240.16384 1eb8.184c: FileVersion: 10.0.10240.16384 (th1.150709-1700) 1eb8.184c: FileDescription: Windows NT BASE API Client DLL 1eb8.184c: \SystemRoot\System32\KernelBase.dll: 1eb8.184c: CreationTime: 2015-07-10T08:24:56.031660300Z 1eb8.184c: LastWriteTime: 2015-07-10T08:24:56.047288800Z 1eb8.184c: ChangeTime: 2015-07-17T11:40:25.978448500Z 1eb8.184c: FileAttributes: 0x20 1eb8.184c: Size: 0x175610 1eb8.184c: NT Headers: 0xf0 1eb8.184c: Timestamp: 0x559f3b4c 1eb8.184c: Machine: 0x14c - i386 1eb8.184c: Timestamp: 0x559f3b4c 1eb8.184c: Image Version: 10.0 1eb8.184c: SizeOfImage: 0x177000 (1536000) 1eb8.184c: Resource Dir: 0x15b000 LB 0x530 1eb8.184c: ProductName: Microsoft® Windows® Operating System 1eb8.184c: ProductVersion: 10.0.10240.16384 1eb8.184c: FileVersion: 10.0.10240.16384 (th1.150709-1700) 1eb8.184c: FileDescription: Windows NT BASE API Client DLL 1eb8.184c: \SystemRoot\System32\apisetschema.dll: 1eb8.184c: CreationTime: 2015-07-10T08:24:49.281165400Z 1eb8.184c: LastWriteTime: 2015-07-10T08:24:49.281165400Z 1eb8.184c: ChangeTime: 2015-07-17T11:40:21.556582000Z 1eb8.184c: FileAttributes: 0x20 1eb8.184c: Size: 0x16560 1eb8.184c: NT Headers: 0xc8 1eb8.184c: Timestamp: 0x559f4063 1eb8.184c: Machine: 0x14c - i386 1eb8.184c: Timestamp: 0x559f4063 1eb8.184c: Image Version: 10.0 1eb8.184c: SizeOfImage: 0x17000 (94208) 1eb8.184c: Resource Dir: 0x16000 LB 0x3f0 1eb8.184c: ProductName: Microsoft® Windows® Operating System 1eb8.184c: ProductVersion: 10.0.10240.16384 1eb8.184c: FileVersion: 10.0.10240.16384 (th1.150709-1700) 1eb8.184c: FileDescription: ApiSet Schema DLL 1eb8.184c: NtOpenDirectoryObject failed on \Driver: 0xc0000022 1eb8.184c: supR3HardenedWinFindAdversaries: 0x0 1eb8.184c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 1eb8.184c: Calling main() 1eb8.184c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 1eb8.184c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox' 1eb8.184c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 1eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe) 1eb8.184c: SUPR3HardenedMain: Final process, opening VBoxDrv... 1eb8.184c: supR3HardenedEarlyCompact: Removed heap 1 (0x440000 LB 0x400000) 1eb8.184c: supR3HardNtEnableThreadCreation: 1eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll) 1eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000801: [calling] 1eb8.184c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedDllNotificationCallback: load 6e2b0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0] 1eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e2b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 1eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e2b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e2b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL' 1eb8.184c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1eb8.184c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msasn1.dll'. 1eb8.184c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'. 1eb8.184c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'. 1eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wintrust.dll) 1eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wintrust.dll 1eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 1eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 1eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll) 1eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll 1eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'... 1eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008] 1eb8.184c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 1eb8.184c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'msasn1.dll'. 1eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\crypt32.dll) 1eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\crypt32.dll 1eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 1eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 1eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msasn1.dll) 1eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msasn1.dll 1eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll) 1eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll 1eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'... 1eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008] 1eb8.184c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 1eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 1eb8.184c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000801: [calling] 1eb8.184c: supR3HardenedDllNotificationCallback: load 75960000 LB 0x000be000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0] 1eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedDllNotificationCallback: load 74db0000 LB 0x0000e000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0] 1eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedDllNotificationCallback: load 74e20000 LB 0x00175000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0] 1eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedDllNotificationCallback: load 761b0000 LB 0x000c2000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0] 1eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedDllNotificationCallback: load 75640000 LB 0x00042000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0] 1eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75640000 'C:\WINDOWS\system32\Wintrust.dll' 1eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcrypt.dll) 1eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcrypt.dll 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000801: [calling] 1eb8.184c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedDllNotificationCallback: load 74ba0000 LB 0x0001d000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0] 1eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74ba0000 'C:\WINDOWS\system32\bcrypt.dll' 1eb8.184c: bcrypt.dll loaded at 74ba0000, BCryptOpenAlgorithmProvider at 74ba5cc0, preloading providers: 1eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll) 1eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] 1eb8.184c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedDllNotificationCallback: load 74c40000 LB 0x00059000 C:\WINDOWS\system32\bcryptprimitives.dll [fFlags=0x0] 1eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74c40000 'C:\WINDOWS\system32\bcryptprimitives.dll' 1eb8.184c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00888d28) 1eb8.184c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00889268) 1eb8.184c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00889520) 1eb8.184c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=008897d8) 1eb8.184c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00889a90) 1eb8.184c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00889d48) 1eb8.184c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0088a000) 1eb8.184c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0088aa40) 1eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75640000 'C:\Windows\System32\WINTRUST.DLL' 1eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75640000 'C:\Windows\System32\WINTRUST.DLL' 1eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75640000 'C:\Windows\System32\WINTRUST.DLL' 1eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75640000 'C:\Windows\System32\WINTRUST.DLL' 1eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75640000 'C:\Windows\System32\WINTRUST.DLL' 1eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75640000 'C:\Windows\System32\WINTRUST.DLL' 1eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75640000 'C:\Windows\System32\WINTRUST.DLL' 1eb8.184c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'. 1eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\cryptsp.dll) 1eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptsp.dll 1eb8.184c: supR3HardenedDllNotificationCallback: load 747c0000 LB 0x00013000 C:\WINDOWS\SYSTEM32\CRYPTSP.dll [fFlags=0x0] 1eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'bcrypt.dll'. 1eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rsaenh.dll) 1eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rsaenh.dll 1eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 1eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 1eb8.184c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 1eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 1eb8.184c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] 1eb8.184c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedDllNotificationCallback: load 74410000 LB 0x0002f000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0] 1eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74410000 'C:\WINDOWS\system32\rsaenh.dll' 1eb8.184c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'. 1eb8.184c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\cryptbase.dll) 1eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptbase.dll 1eb8.184c: supR3HardenedDllNotificationCallback: load 748d0000 LB 0x0000a000 C:\WINDOWS\SYSTEM32\CRYPTBASE.dll [fFlags=0x0] 1eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 1eb8.184c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 1eb8.184c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000001: [calling] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75f80000 'C:\WINDOWS\system32\kernel32.dll' 1eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75640000 'C:\Windows\System32\WINTRUST.DLL' 1eb8.184c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000001: [calling] 1eb8.184c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74e20000 'C:\WINDOWS\system32\CRYPT32.dll' 1eb8.184c: supR3HardenedDllNotificationCallback: load 76190000 LB 0x00019000 C:\WINDOWS\system32\imagehlp.dll [fFlags=0x0] 1eb8.184c: supHardenedWinVerifyImageByHandle: -> -626 (\Device\HarddiskVolume1\Windows\System32\imagehlp.dll) 1eb8.184c: Error (rc=0): 1eb8.184c: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -626 (0xfffffd8e) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume1\Windows\System32\imagehlp.dll: 1eb8.184c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imagehlp.dll 1eb8.184c: Fatal error: 1eb8.184c: supR3HardenedDllNotificationCallback: supR3HardenedScreenImage failed on 'C:\WINDOWS\system32\imagehlp.dll' / '\??\C:\WINDOWS\system32\imagehlp.dll': 0xc0000190 1d68.17a0: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 156 ms, the end); 15c8.fdc: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 718 ms, the end);