VirtualBox

Ticket #15827: VBoxHardening.2.log

File VBoxHardening.2.log, 49.7 KB (added by Calvini_03, 7 years ago)
Line 
18.1218: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000164 g_uNtVerCombined=0xa0295a00
28.1218: \SystemRoot\System32\ntdll.dll:
38.1218: CreationTime: 2016-11-15T17:05:31.223700000Z
48.1218: LastWriteTime: 2016-10-25T09:41:10.545861300Z
58.1218: ChangeTime: 2016-11-16T01:08:00.593833900Z
68.1218: FileAttributes: 0x20
78.1218: Size: 0x1bc248
88.1218: NT Headers: 0xe0
98.1218: Timestamp: 0x580ee321
108.1218: Machine: 0x8664 - amd64
118.1218: Timestamp: 0x580ee321
128.1218: Image Version: 10.0
138.1218: SizeOfImage: 0x1c1000 (1839104)
148.1218: Resource Dir: 0x159000 LB 0x66218
158.1218: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
168.1218: [Raw version resource data: 0x1590f0 LB 0x390, codepage 0x0 (reserved 0x0)]
178.1218: ProductName: Microsoft® Windows® Operating System
188.1218: ProductVersion: 10.0.10586.672
198.1218: FileVersion: 10.0.10586.672 (th2_release_sec.161024-1825)
208.1218: FileDescription: NT Layer DLL
218.1218: \SystemRoot\System32\kernel32.dll:
228.1218: CreationTime: 2016-11-15T17:04:43.982432300Z
238.1218: LastWriteTime: 2016-09-07T05:39:18.648308100Z
248.1218: ChangeTime: 2016-11-16T01:07:29.744767300Z
258.1218: FileAttributes: 0x20
268.1218: Size: 0xac428
278.1218: NT Headers: 0xf0
288.1218: Timestamp: 0x57cf97d5
298.1218: Machine: 0x8664 - amd64
308.1218: Timestamp: 0x57cf97d5
318.1218: Image Version: 10.0
328.1218: SizeOfImage: 0xad000 (708608)
338.1218: Resource Dir: 0xab000 LB 0x528
348.1218: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
358.1218: [Raw version resource data: 0xab0b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
368.1218: ProductName: Microsoft® Windows® Operating System
378.1218: ProductVersion: 10.0.10586.589
388.1218: FileVersion: 10.0.10586.589 (th2_release.160906-1759)
398.1218: FileDescription: Windows NT BASE API Client DLL
408.1218: \SystemRoot\System32\KernelBase.dll:
418.1218: CreationTime: 2017-05-30T14:00:42.601264000Z
428.1218: LastWriteTime: 2017-04-28T04:30:22.219516600Z
438.1218: ChangeTime: 2017-05-30T14:50:22.488131100Z
448.1218: FileAttributes: 0x20
458.1218: Size: 0x1e7c10
468.1218: NT Headers: 0xf0
478.1218: Timestamp: 0x59029143
488.1218: Machine: 0x8664 - amd64
498.1218: Timestamp: 0x59029143
508.1218: Image Version: 10.0
518.1218: SizeOfImage: 0x1e8000 (1998848)
528.1218: Resource Dir: 0x1d1000 LB 0x548
538.1218: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
548.1218: [Raw version resource data: 0x1d10b0 LB 0x3cc, codepage 0x0 (reserved 0x0)]
558.1218: ProductName: Microsoft® Windows® Operating System
568.1218: ProductVersion: 10.0.10586.916
578.1218: FileVersion: 10.0.10586.916 (th2_release_sec.170427-1350)
588.1218: FileDescription: Windows NT BASE API Client DLL
598.1218: \SystemRoot\System32\apisetschema.dll:
608.1218: CreationTime: 2015-10-30T07:17:57.502957900Z
618.1218: LastWriteTime: 2015-10-30T07:17:57.502957900Z
628.1218: ChangeTime: 2016-07-12T23:25:39.617444100Z
638.1218: FileAttributes: 0x20
648.1218: Size: 0x16d60
658.1218: NT Headers: 0xc8
668.1218: Timestamp: 0x5632d94c
678.1218: Machine: 0x8664 - amd64
688.1218: Timestamp: 0x5632d94c
698.1218: Image Version: 10.0
708.1218: SizeOfImage: 0x18000 (98304)
718.1218: Resource Dir: 0x17000 LB 0x400
728.1218: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
738.1218: [Raw version resource data: 0x17060 LB 0x3a0, codepage 0x0 (reserved 0x0)]
748.1218: ProductName: Microsoft® Windows® Operating System
758.1218: ProductVersion: 10.0.10586.0
768.1218: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
778.1218: FileDescription: ApiSet Schema DLL
788.1218: NtOpenDirectoryObject failed on \Driver: 0xc0000022
798.1218: supR3HardenedWinFindAdversaries: 0x20
808.1218: \SystemRoot\System32\drivers\mfeavfk.sys:
818.1218: CreationTime: 2016-07-20T15:46:57.901686700Z
828.1218: LastWriteTime: 2017-03-30T18:00:27.932063500Z
838.1218: ChangeTime: 2017-03-30T18:00:27.932063500Z
848.1218: FileAttributes: 0x20
858.1218: Size: 0x59038
868.1218: NT Headers: 0xe8
878.1218: Timestamp: 0x57856390
888.1218: Machine: 0x8664 - amd64
898.1218: Timestamp: 0x57856390
908.1218: Image Version: 0.0
918.1218: SizeOfImage: 0x59000 (364544)
928.1218: Resource Dir: 0x57000 LB 0x758
938.1218: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
948.1218: [Raw version resource data: 0x57110 LB 0x334, codepage 0x0 (reserved 0x0)]
958.1218: ProductName: SYSCORE
968.1218: ProductVersion: 15.5.0.4030
978.1218: FileVersion: SYSCORE.15.5.0.4030
988.1218: PrivateBuild: SYSCORE.15.5.0.4030 F15,F16,F19
998.1218: FileDescription: Anti-Virus File System Filter Driver
1008.1218: \SystemRoot\System32\drivers\mfefirek.sys:
1018.1218: CreationTime: 2016-07-20T20:48:32.454572700Z
1028.1218: LastWriteTime: 2017-03-30T18:00:31.151271200Z
1038.1218: ChangeTime: 2017-03-30T18:00:31.151271200Z
1048.1218: FileAttributes: 0x20
1058.1218: Size: 0x7d438
1068.1218: NT Headers: 0xf0
1078.1218: Timestamp: 0x578563d4
1088.1218: Machine: 0x8664 - amd64
1098.1218: Timestamp: 0x578563d4
1108.1218: Image Version: 0.0
1118.1218: SizeOfImage: 0x7e000 (516096)
1128.1218: Resource Dir: 0x7a000 LB 0x388
1138.1218: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1148.1218: [Raw version resource data: 0x7a060 LB 0x328, codepage 0x0 (reserved 0x0)]
1158.1218: ProductName: SYSCORE
1168.1218: ProductVersion: 15.5.0.4030
1178.1218: FileVersion: SYSCORE.15.5.0.4030
1188.1218: PrivateBuild: SYSCORE.15.5.0.4030 F17,F18
1198.1218: FileDescription: McAfee Core Firewall Engine Driver
1208.1218: \SystemRoot\System32\drivers\mfehidk.sys:
1218.1218: CreationTime: 2016-07-20T15:46:49.604177900Z
1228.1218: LastWriteTime: 2017-03-30T18:00:28.516261100Z
1238.1218: ChangeTime: 2017-03-30T18:00:28.516261100Z
1248.1218: FileAttributes: 0x20
1258.1218: Size: 0xd6438
1268.1218: NT Headers: 0x100
1278.1218: Timestamp: 0x57856358
1288.1218: Machine: 0x8664 - amd64
1298.1218: Timestamp: 0x57856358
1308.1218: Image Version: 0.0
1318.1218: SizeOfImage: 0xe1000 (921600)
1328.1218: Resource Dir: 0xdd000 LB 0x758
1338.1218: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1348.1218: [Raw version resource data: 0xdd110 LB 0x320, codepage 0x0 (reserved 0x0)]
1358.1218: ProductName: SYSCORE
1368.1218: ProductVersion: 15.5.0.4030
1378.1218: FileVersion: SYSCORE.15.5.0.4030
1388.1218: PrivateBuild: SYSCORE.15.5.0.4030 F14,F15,F16,F18,F20
1398.1218: FileDescription: McAfee Link Driver
1408.1218: \SystemRoot\System32\drivers\mfewfpk.sys:
1418.1218: CreationTime: 2016-07-20T20:45:41.731243700Z
1428.1218: LastWriteTime: 2017-03-30T18:00:29.308150400Z
1438.1218: ChangeTime: 2017-03-30T18:00:29.308150400Z
1448.1218: FileAttributes: 0x20
1458.1218: Size: 0x3dc38
1468.1218: NT Headers: 0x100
1478.1218: Timestamp: 0x57856365
1488.1218: Machine: 0x8664 - amd64
1498.1218: Timestamp: 0x57856365
1508.1218: Image Version: 0.0
1518.1218: SizeOfImage: 0x59000 (364544)
1528.1218: Resource Dir: 0x57000 LB 0x380
1538.1218: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1548.1218: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
1558.1218: ProductName: SYSCORE
1568.1218: ProductVersion: 15.5.0.4030
1578.1218: FileVersion: SYSCORE.15.5.0.4030
1588.1218: PrivateBuild: SYSCORE.15.5.0.4030 F17,F18
1598.1218: FileDescription: Anti-Virus Mini-Firewall Driver
1608.1218: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1618.1218: Calling main()
1628.1218: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1638.1218: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1648.1218: SUPR3HardenedMain: Respawn #1
1658.1218: System32: \Device\HarddiskVolume2\Windows\System32
1668.1218: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
1678.1218: KnownDllPath: C:\Windows\system32
1688.1218: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1698.1218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1708.1218: supR3HardNtEnableThreadCreation:
1718.1218: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffed8016d50 pvNtTerminateThread=00007ffed8045b20
1728.1218: supR3HardenedWinDoReSpawn(1): New child d50.78c [kernel32].
1738.1218: supR3HardNtChildGatherData: PebBaseAddress=0000000000b24000 cbPeb=0x388
1748.1218: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffed7fa0000 uNtDllChildAddr=00007ffed7fa0000
1758.1218: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffed8016d50
1768.1218: supR3HardenedWinSetupChildInit: Start child.
1778.1218: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
1788.1218: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 58 sleeps
1798.1218: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1808.1218: *0000000000000000-000000000085ffff 0x0001/0x0000 0x0000000
1818.1218: *0000000000860000-000000000087ffff 0x0004/0x0004 0x0020000
1828.1218: *0000000000880000-0000000000894fff 0x0002/0x0002 0x0040000
1838.1218: 0000000000895000-000000000089ffff 0x0001/0x0000 0x0000000
1848.1218: *00000000008a0000-000000000099afff 0x0000/0x0004 0x0020000
1858.1218: 000000000099b000-000000000099dfff 0x0104/0x0004 0x0020000
1868.1218: 000000000099e000-000000000099ffff 0x0004/0x0004 0x0020000
1878.1218: *00000000009a0000-00000000009a3fff 0x0002/0x0002 0x0040000
1888.1218: 00000000009a4000-00000000009affff 0x0001/0x0000 0x0000000
1898.1218: *00000000009b0000-00000000009b1fff 0x0004/0x0004 0x0020000
1908.1218: 00000000009b2000-00000000009fffff 0x0001/0x0000 0x0000000
1918.1218: *0000000000a00000-0000000000b23fff 0x0000/0x0004 0x0020000
1928.1218: 0000000000b24000-0000000000b26fff 0x0004/0x0004 0x0020000
1938.1218: 0000000000b27000-0000000000bfffff 0x0000/0x0004 0x0020000
1948.1218: 0000000000c00000-000000007ffdffff 0x0001/0x0000 0x0000000
1958.1218: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1968.1218: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
1978.1218: 000000007fff0000-00007ff6ab8fffff 0x0001/0x0000 0x0000000
1988.1218: *00007ff6ab900000-00007ff6ab922fff 0x0002/0x0002 0x0040000
1998.1218: 00007ff6ab923000-00007ff6ac27ffff 0x0001/0x0000 0x0000000
2008.1218: *00007ff6ac280000-00007ff6ac280fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2018.1218: 00007ff6ac281000-00007ff6ac2f0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2028.1218: 00007ff6ac2f1000-00007ff6ac2f1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2038.1218: 00007ff6ac2f2000-00007ff6ac336fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2048.1218: 00007ff6ac337000-00007ff6ac337fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2058.1218: 00007ff6ac338000-00007ff6ac338fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2068.1218: 00007ff6ac339000-00007ff6ac33dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2078.1218: 00007ff6ac33e000-00007ff6ac33efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2088.1218: 00007ff6ac33f000-00007ff6ac33ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2098.1218: 00007ff6ac340000-00007ff6ac343fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2108.1218: 00007ff6ac344000-00007ff6ac38bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2118.1218: 00007ff6ac38c000-00007ffed7f9ffff 0x0001/0x0000 0x0000000
2128.1218: *00007ffed7fa0000-00007ffed7fa0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2138.1218: 00007ffed7fa1000-00007ffed809dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2148.1218: 00007ffed809e000-00007ffed80defff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2158.1218: 00007ffed80df000-00007ffed80e7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2168.1218: 00007ffed80e8000-00007ffed80f4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2178.1218: 00007ffed80f5000-00007ffed80f5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2188.1218: 00007ffed80f6000-00007ffed80f8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2198.1218: 00007ffed80f9000-00007ffed8160fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2208.1218: 00007ffed8161000-00007ffffffdffff 0x0001/0x0000 0x0000000
2218.1218: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
2228.1218: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
2238.1218: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2248.1218: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
2258.1218: supR3HardNtChildPurify: Done after 548 ms and 0 fixes (loop #0).
2268.1218: supR3HardNtEnableThreadCreation:
227d50.78c: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0295a00
228d50.78c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffed7fa0000 g_uNtVerCombined=0xa0295a00
229d50.78c: ntdll.dll: timestamp 0x580ee321 (rc=VINF_SUCCESS)
230d50.78c: New simple heap: #1 0000000000d00000 LB 0x400000 (for 1839104 allocation)
231d50.78c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
232d50.78c: System32: \Device\HarddiskVolume2\Windows\System32
233d50.78c: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS
234d50.78c: KnownDllPath: C:\Windows\system32
235d50.78c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
236d50.78c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
237d50.78c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
238d50.78c: Registered Dll notification callback with NTDLL.
239d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
240d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
241d50.78c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
242d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed4650000 LB 0x001e8000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
243d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
244d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
245d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed5a00000 LB 0x000ad000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
246d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
247d50.78c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed5a00000 'C:\Windows\system32\KERNEL32.DLL'
248d50.78c: supR3HardenedDllNotificationCallback: load 00007ff6ac280000 LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
249d50.78c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
250d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
251d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
252d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
253d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
254d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'dnsapi.dll'.
255d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\QIPCAP64.dll)
256d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\QIPCAP64.dll
257d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dnsapi.dll'...
258d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dnsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dnsapi.dll' [rcNtRedir=0xc0150008]
259d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'ws2_32.dll'.
260d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'nsi.dll'.
261d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dnsapi.dll)
262d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dnsapi.dll
263d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
264d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
265d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
266d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #65 'user32.dll'.
267d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #67 'gdi32.dll'.
268d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)
269d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
270d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
271d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
272d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
273d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
274d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'.
275d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
276d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
277d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
278d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
279d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
280d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
281d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
282d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
283d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
284d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
285d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
286d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
287d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
288d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
289d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
290d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
291d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
292d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'.
293d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
294d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
295d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
296d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
297d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'.
298d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
299d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
300d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
301d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
302d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
303d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
304d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
305d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
306d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
307d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
308d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
309d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
310d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll)
311d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
312d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
313d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
314d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
315d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
316d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
317d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
318d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
319d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
320d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
321d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
322d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
323d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
324d50.78c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\QIPCAP64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
325d50.78c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust]
326d50.78c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dnsapi.dll [lacks WinVerifyTrust]
327d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed7720000 LB 0x0009d000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
328d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
329d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed5400000 LB 0x0011c000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
330d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
331d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed56b0000 LB 0x0005b000 C:\Windows\system32\sechost.dll [fFlags=0x0]
332d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
333d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed7830000 LB 0x000a7000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
334d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
335d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed51d0000 LB 0x00043000 C:\Windows\system32\cfgmgr32.dll [fFlags=0x0]
336d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
337d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
338d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed5280000 LB 0x0006a000 C:\Windows\system32\bcryptPrimitives.dll [fFlags=0x0]
339d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
340d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
341d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed79b0000 LB 0x0027e000 C:\Windows\system32\combase.dll [fFlags=0x0]
342d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
343d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
344d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'bcryptprimitives.dll'.
345d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll)
346d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll
347d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed7c30000 LB 0x00156000 C:\Windows\system32\USER32.dll [fFlags=0x0]
348d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
349d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed5520000 LB 0x00186000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
350d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
351d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed5ef0000 LB 0x00052000 C:\Windows\system32\shlwapi.dll [fFlags=0x0]
352d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
353d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'gdi32.dll'.
354d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'.
355d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
356d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
357d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed45c0000 LB 0x0000f000 C:\Windows\system32\kernel.appcore.dll [fFlags=0x0]
358d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcrt.dll'.
359d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
360d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll)
361d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll
362d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed5110000 LB 0x000b5000 C:\Windows\system32\shcore.dll [fFlags=0x0]
363d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
364d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'.
365d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
366d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll)
367d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll
368d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed4600000 LB 0x0004b000 C:\Windows\system32\powrprof.dll [fFlags=0x0]
369d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
370d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
371d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll)
372d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
373d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed45e0000 LB 0x00014000 C:\Windows\system32\profapi.dll [fFlags=0x0]
374d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
375d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
376d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed4840000 LB 0x00644000 C:\Windows\system32\windows.storage.dll [fFlags=0x0]
377d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
378d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'.
379d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #59 'combase.dll'.
380d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'profapi.dll'.
381d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll)
382d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll
383d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed5f50000 LB 0x0155c000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
384d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust]
385d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed5930000 LB 0x0006b000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
386d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll [lacks WinVerifyTrust]
387d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed5770000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
388d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
389d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed2f60000 LB 0x000aa000 C:\Windows\SYSTEM32\DNSAPI.dll [fFlags=0x0]
390d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dnsapi.dll [lacks WinVerifyTrust]
391d50.78c: supR3HardenedDllNotificationCallback: load 0000000068000000 LB 0x0005b000 C:\Windows\System32\QIPCAP64.dll [fFlags=0x0]
392d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust]
393d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
394d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
395d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
396d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
397d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
398d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
399d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
400d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
401d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
402d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
403d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
404d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
405d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
406d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
407d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
408d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
409d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
410d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
411d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
412d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
413d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
414d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
415d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
416d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
417d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
418d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
419d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust]
420d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
421d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
422d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
423d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
424d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
425d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
426d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
427d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
428d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
429d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
430d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
431d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
432d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
433d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
434d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
435d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
436d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
437d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
438d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
439d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
440d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
441d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
442d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
443d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
444d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
445d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
446d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
447d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
448d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
449d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
450d50.78c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
451d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed59c0000 LB 0x0003b000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
452d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
453d50.78c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed59c0000 'C:\Windows\system32\IMM32.DLL'
454d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
455d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
456d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\lsihok64.dll)
457d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lsihok64.dll
458d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
459d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
460d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
461d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
462d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
463d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
464d50.78c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\lsihok64.dll (Input=lsihok64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
465d50.78c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\lsihok64.dll [lacks WinVerifyTrust]
466d50.78c: supR3HardenedDllNotificationCallback: load 0000000053bf0000 LB 0x0009b000 C:\Windows\system32\lsihok64.dll [fFlags=0x0]
467d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\lsihok64.dll [lacks WinVerifyTrust]
468d50.78c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000053bf0000 'C:\Windows\system32\lsihok64.dll'
469d50.78c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000068000000 'C:\Windows\System32\QIPCAP64.dll'
470d50.78c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffed8016d50 pvNtTerminateThread=00007ffed8045b20
4718.1218: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 600 ms.
472d50.78c: \SystemRoot\System32\ntdll.dll:
473d50.78c: CreationTime: 2016-11-15T17:05:31.223700000Z
474d50.78c: LastWriteTime: 2016-10-25T09:41:10.545861300Z
475d50.78c: ChangeTime: 2016-11-16T01:08:00.593833900Z
476d50.78c: FileAttributes: 0x20
477d50.840: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
478d50.78c: Size: 0x1bc248
479d50.78c: NT Headers: 0xe0
480d50.78c: Timestamp: 0x580ee321
481d50.78c: Machine: 0x8664 - amd64
482d50.78c: Timestamp: 0x580ee321
483d50.78c: Image Version: 10.0
484d50.78c: SizeOfImage: 0x1c1000 (1839104)
485d50.78c: Resource Dir: 0x159000 LB 0x66218
486d50.78c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
487d50.78c: [Raw version resource data: 0x1590f0 LB 0x390, codepage 0x0 (reserved 0x0)]
488d50.78c: ProductName: Microsoft® Windows® Operating System
489d50.78c: ProductVersion: 10.0.10586.672
490d50.78c: FileVersion: 10.0.10586.672 (th2_release_sec.161024-1825)
491d50.78c: FileDescription: NT Layer DLL
492d50.78c: \SystemRoot\System32\kernel32.dll:
493d50.78c: CreationTime: 2016-11-15T17:04:43.982432300Z
494d50.78c: LastWriteTime: 2016-09-07T05:39:18.648308100Z
495d50.78c: ChangeTime: 2016-11-16T01:07:29.744767300Z
496d50.78c: FileAttributes: 0x20
497d50.78c: Size: 0xac428
498d50.78c: NT Headers: 0xf0
499d50.78c: Timestamp: 0x57cf97d5
500d50.78c: Machine: 0x8664 - amd64
501d50.78c: Timestamp: 0x57cf97d5
502d50.78c: Image Version: 10.0
503d50.78c: SizeOfImage: 0xad000 (708608)
504d50.78c: Resource Dir: 0xab000 LB 0x528
505d50.78c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
506d50.78c: [Raw version resource data: 0xab0b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
507d50.78c: ProductName: Microsoft® Windows® Operating System
508d50.78c: ProductVersion: 10.0.10586.589
509d50.78c: FileVersion: 10.0.10586.589 (th2_release.160906-1759)
510d50.78c: FileDescription: Windows NT BASE API Client DLL
511d50.78c: \SystemRoot\System32\KernelBase.dll:
512d50.78c: CreationTime: 2017-05-30T14:00:42.601264000Z
513d50.78c: LastWriteTime: 2017-04-28T04:30:22.219516600Z
514d50.78c: ChangeTime: 2017-05-30T14:50:22.488131100Z
515d50.78c: FileAttributes: 0x20
516d50.78c: Size: 0x1e7c10
517d50.78c: NT Headers: 0xf0
518d50.78c: Timestamp: 0x59029143
519d50.78c: Machine: 0x8664 - amd64
520d50.78c: Timestamp: 0x59029143
521d50.78c: Image Version: 10.0
522d50.78c: SizeOfImage: 0x1e8000 (1998848)
523d50.78c: Resource Dir: 0x1d1000 LB 0x548
524d50.78c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
525d50.78c: [Raw version resource data: 0x1d10b0 LB 0x3cc, codepage 0x0 (reserved 0x0)]
526d50.78c: ProductName: Microsoft® Windows® Operating System
527d50.78c: ProductVersion: 10.0.10586.916
528d50.78c: FileVersion: 10.0.10586.916 (th2_release_sec.170427-1350)
529d50.78c: FileDescription: Windows NT BASE API Client DLL
530d50.78c: \SystemRoot\System32\apisetschema.dll:
531d50.78c: CreationTime: 2015-10-30T07:17:57.502957900Z
532d50.78c: LastWriteTime: 2015-10-30T07:17:57.502957900Z
533d50.78c: ChangeTime: 2016-07-12T23:25:39.617444100Z
534d50.78c: FileAttributes: 0x20
535d50.78c: Size: 0x16d60
536d50.78c: NT Headers: 0xc8
537d50.78c: Timestamp: 0x5632d94c
538d50.78c: Machine: 0x8664 - amd64
539d50.78c: Timestamp: 0x5632d94c
540d50.78c: Image Version: 10.0
541d50.78c: SizeOfImage: 0x18000 (98304)
542d50.78c: Resource Dir: 0x17000 LB 0x400
543d50.78c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
544d50.78c: [Raw version resource data: 0x17060 LB 0x3a0, codepage 0x0 (reserved 0x0)]
545d50.78c: ProductName: Microsoft® Windows® Operating System
546d50.78c: ProductVersion: 10.0.10586.0
547d50.78c: FileVersion: 10.0.10586.0 (th2_release.151029-1700)
548d50.78c: FileDescription: ApiSet Schema DLL
549d50.78c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
550d50.78c: supR3HardenedWinFindAdversaries: 0x20
551d50.78c: \SystemRoot\System32\drivers\mfeavfk.sys:
552d50.78c: CreationTime: 2016-07-20T15:46:57.901686700Z
553d50.78c: LastWriteTime: 2017-03-30T18:00:27.932063500Z
554d50.78c: ChangeTime: 2017-03-30T18:00:27.932063500Z
555d50.78c: FileAttributes: 0x20
556d50.78c: Size: 0x59038
557d50.78c: NT Headers: 0xe8
558d50.78c: Timestamp: 0x57856390
559d50.78c: Machine: 0x8664 - amd64
560d50.78c: Timestamp: 0x57856390
561d50.78c: Image Version: 0.0
562d50.78c: SizeOfImage: 0x59000 (364544)
563d50.78c: Resource Dir: 0x57000 LB 0x758
564d50.78c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
565d50.78c: [Raw version resource data: 0x57110 LB 0x334, codepage 0x0 (reserved 0x0)]
566d50.78c: ProductName: SYSCORE
567d50.78c: ProductVersion: 15.5.0.4030
568d50.78c: FileVersion: SYSCORE.15.5.0.4030
569d50.78c: PrivateBuild: SYSCORE.15.5.0.4030 F15,F16,F19
570d50.78c: FileDescription: Anti-Virus File System Filter Driver
571d50.78c: \SystemRoot\System32\drivers\mfefirek.sys:
572d50.78c: CreationTime: 2016-07-20T20:48:32.454572700Z
573d50.78c: LastWriteTime: 2017-03-30T18:00:31.151271200Z
574d50.78c: ChangeTime: 2017-03-30T18:00:31.151271200Z
575d50.78c: FileAttributes: 0x20
576d50.78c: Size: 0x7d438
577d50.78c: NT Headers: 0xf0
578d50.78c: Timestamp: 0x578563d4
579d50.78c: Machine: 0x8664 - amd64
580d50.78c: Timestamp: 0x578563d4
581d50.78c: Image Version: 0.0
582d50.78c: SizeOfImage: 0x7e000 (516096)
583d50.78c: Resource Dir: 0x7a000 LB 0x388
584d50.78c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
585d50.78c: [Raw version resource data: 0x7a060 LB 0x328, codepage 0x0 (reserved 0x0)]
586d50.78c: ProductName: SYSCORE
587d50.78c: ProductVersion: 15.5.0.4030
588d50.78c: FileVersion: SYSCORE.15.5.0.4030
589d50.78c: PrivateBuild: SYSCORE.15.5.0.4030 F17,F18
590d50.78c: FileDescription: McAfee Core Firewall Engine Driver
591d50.78c: \SystemRoot\System32\drivers\mfehidk.sys:
592d50.78c: CreationTime: 2016-07-20T15:46:49.604177900Z
593d50.78c: LastWriteTime: 2017-03-30T18:00:28.516261100Z
594d50.78c: ChangeTime: 2017-03-30T18:00:28.516261100Z
595d50.78c: FileAttributes: 0x20
596d50.78c: Size: 0xd6438
597d50.78c: NT Headers: 0x100
598d50.78c: Timestamp: 0x57856358
599d50.78c: Machine: 0x8664 - amd64
600d50.78c: Timestamp: 0x57856358
601d50.78c: Image Version: 0.0
602d50.78c: SizeOfImage: 0xe1000 (921600)
603d50.78c: Resource Dir: 0xdd000 LB 0x758
604d50.78c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
605d50.78c: [Raw version resource data: 0xdd110 LB 0x320, codepage 0x0 (reserved 0x0)]
606d50.78c: ProductName: SYSCORE
607d50.78c: ProductVersion: 15.5.0.4030
608d50.78c: FileVersion: SYSCORE.15.5.0.4030
609d50.78c: PrivateBuild: SYSCORE.15.5.0.4030 F14,F15,F16,F18,F20
610d50.78c: FileDescription: McAfee Link Driver
611d50.78c: \SystemRoot\System32\drivers\mfewfpk.sys:
612d50.78c: CreationTime: 2016-07-20T20:45:41.731243700Z
613d50.78c: LastWriteTime: 2017-03-30T18:00:29.308150400Z
614d50.78c: ChangeTime: 2017-03-30T18:00:29.308150400Z
615d50.78c: FileAttributes: 0x20
616d50.78c: Size: 0x3dc38
617d50.78c: NT Headers: 0x100
618d50.78c: Timestamp: 0x57856365
619d50.78c: Machine: 0x8664 - amd64
620d50.78c: Timestamp: 0x57856365
621d50.78c: Image Version: 0.0
622d50.78c: SizeOfImage: 0x59000 (364544)
623d50.78c: Resource Dir: 0x57000 LB 0x380
624d50.78c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
625d50.78c: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)]
626d50.78c: ProductName: SYSCORE
627d50.78c: ProductVersion: 15.5.0.4030
628d50.78c: FileVersion: SYSCORE.15.5.0.4030
629d50.78c: PrivateBuild: SYSCORE.15.5.0.4030 F17,F18
630d50.78c: FileDescription: Anti-Virus Mini-Firewall Driver
631d50.78c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
632d50.78c: Calling main()
633d50.78c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
634d50.78c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
6358.1218: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000374 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 31 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy