VirtualBox

Ticket #17679: VBoxHardening_lmarecha.log

File VBoxHardening_lmarecha.log, 58.1 KB (added by Laurent Marechal, 6 years ago)
Line 
14128.3cf8: Log file opened: 5.2.8r121009 g_hStartupLog=00000000000001d4 g_uNtVerCombined=0xa03fab00
24128.3cf8: \SystemRoot\System32\ntdll.dll:
34128.3cf8: CreationTime: 2018-04-16T09:01:27.085029100Z
44128.3cf8: LastWriteTime: 2018-03-13T07:02:15.839353900Z
54128.3cf8: ChangeTime: 2018-04-17T13:39:51.566849800Z
64128.3cf8: FileAttributes: 0x20
74128.3cf8: Size: 0x1dd100
84128.3cf8: NT Headers: 0xe0
94128.3cf8: Timestamp: 0xe508fc03
104128.3cf8: Machine: 0x8664 - amd64
114128.3cf8: Timestamp: 0xe508fc03
124128.3cf8: Image Version: 10.0
134128.3cf8: SizeOfImage: 0x1e0000 (1966080)
144128.3cf8: Resource Dir: 0x174000 LB 0x6a1d8
154128.3cf8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
164128.3cf8: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
174128.3cf8: ProductName: Microsoft® Windows® Operating System
184128.3cf8: ProductVersion: 10.0.16299.334
194128.3cf8: FileVersion: 10.0.16299.334 (WinBuild.160101.0800)
204128.3cf8: FileDescription: NT Layer DLL
214128.3cf8: \SystemRoot\System32\kernel32.dll:
224128.3cf8: CreationTime: 2017-09-29T13:42:04.954227600Z
234128.3cf8: LastWriteTime: 2017-09-29T13:42:04.954227600Z
244128.3cf8: ChangeTime: 2018-04-17T13:40:24.004114700Z
254128.3cf8: FileAttributes: 0x20
264128.3cf8: Size: 0xab868
274128.3cf8: NT Headers: 0xe8
284128.3cf8: Timestamp: 0xc2cf900
294128.3cf8: Machine: 0x8664 - amd64
304128.3cf8: Timestamp: 0xc2cf900
314128.3cf8: Image Version: 10.0
324128.3cf8: SizeOfImage: 0xae000 (712704)
334128.3cf8: Resource Dir: 0xac000 LB 0x520
344128.3cf8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
354128.3cf8: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
364128.3cf8: ProductName: Microsoft® Windows® Operating System
374128.3cf8: ProductVersion: 10.0.16299.15
384128.3cf8: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
394128.3cf8: FileDescription: Windows NT BASE API Client DLL
404128.3cf8: \SystemRoot\System32\KernelBase.dll:
414128.3cf8: CreationTime: 2018-04-16T09:01:22.921717800Z
424128.3cf8: LastWriteTime: 2018-03-30T05:08:26.893801200Z
434128.3cf8: ChangeTime: 2018-04-17T13:40:24.364280200Z
444128.3cf8: FileAttributes: 0x20
454128.3cf8: Size: 0x265c00
464128.3cf8: NT Headers: 0xf0
474128.3cf8: Timestamp: 0x6369e29f
484128.3cf8: Machine: 0x8664 - amd64
494128.3cf8: Timestamp: 0x6369e29f
504128.3cf8: Image Version: 10.0
514128.3cf8: SizeOfImage: 0x266000 (2514944)
524128.3cf8: Resource Dir: 0x245000 LB 0x548
534128.3cf8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
544128.3cf8: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
554128.3cf8: ProductName: Microsoft® Windows® Operating System
564128.3cf8: ProductVersion: 10.0.16299.371
574128.3cf8: FileVersion: 10.0.16299.371 (WinBuild.160101.0800)
584128.3cf8: FileDescription: Windows NT BASE API Client DLL
594128.3cf8: \SystemRoot\System32\apisetschema.dll:
604128.3cf8: CreationTime: 2017-09-29T13:42:07.095026600Z
614128.3cf8: LastWriteTime: 2017-09-29T13:42:07.095026600Z
624128.3cf8: ChangeTime: 2018-04-20T09:04:54.255417900Z
634128.3cf8: FileAttributes: 0x20
644128.3cf8: Size: 0x1b398
654128.3cf8: NT Headers: 0xc8
664128.3cf8: Timestamp: 0xf30abf31
674128.3cf8: Machine: 0x8664 - amd64
684128.3cf8: Timestamp: 0xf30abf31
694128.3cf8: Image Version: 10.0
704128.3cf8: SizeOfImage: 0x1c000 (114688)
714128.3cf8: Resource Dir: 0x1b000 LB 0x408
724128.3cf8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
734128.3cf8: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
744128.3cf8: ProductName: Microsoft® Windows® Operating System
754128.3cf8: ProductVersion: 10.0.16299.15
764128.3cf8: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
774128.3cf8: FileDescription: ApiSet Schema DLL
784128.3cf8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
794128.3cf8: supR3HardenedWinFindAdversaries: 0x3
804128.3cf8: \SystemRoot\System32\drivers\SysPlant.sys:
814128.3cf8: CreationTime: 2018-04-20T15:25:45.984980400Z
824128.3cf8: LastWriteTime: 2018-04-20T15:25:46.000606600Z
834128.3cf8: ChangeTime: 2018-04-20T15:25:46.078529200Z
844128.3cf8: FileAttributes: 0x20
854128.3cf8: Size: 0x30548
864128.3cf8: NT Headers: 0xf0
874128.3cf8: Timestamp: 0x5a1adc8a
884128.3cf8: Machine: 0x8664 - amd64
894128.3cf8: Timestamp: 0x5a1adc8a
904128.3cf8: Image Version: 5.0
914128.3cf8: SizeOfImage: 0x31000 (200704)
924128.3cf8: Resource Dir: 0x2f000 LB 0x49c
934128.3cf8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
944128.3cf8: [Raw version resource data: 0x2f0b8 LB 0x3e4, codepage 0x4e4 (reserved 0x0)]
954128.3cf8: ProductName: Symantec CMC Firewall
964128.3cf8: ProductVersion: 14.0.3856.1100
974128.3cf8: FileVersion: 14.0.3856.1100
984128.3cf8: FileDescription: Symantec CMC Firewall SysPlant
994128.3cf8: \SystemRoot\System32\sysfer.dll:
1004128.3cf8: CreationTime: 2018-04-20T15:25:45.937970800Z
1014128.3cf8: LastWriteTime: 2018-04-20T15:25:45.969352700Z
1024128.3cf8: ChangeTime: 2018-04-20T15:29:34.391929700Z
1034128.3cf8: FileAttributes: 0x20
1044128.3cf8: Size: 0x7cee8
1054128.3cf8: NT Headers: 0xf8
1064128.3cf8: Timestamp: 0x5a1adc96
1074128.3cf8: Machine: 0x8664 - amd64
1084128.3cf8: Timestamp: 0x5a1adc96
1094128.3cf8: Image Version: 0.0
1104128.3cf8: SizeOfImage: 0x95000 (610304)
1114128.3cf8: Resource Dir: 0x91000 LB 0x490
1124128.3cf8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
1134128.3cf8: [Raw version resource data: 0x910b8 LB 0x3d8, codepage 0x4e4 (reserved 0x0)]
1144128.3cf8: ProductName: Symantec CMC Firewall
1154128.3cf8: ProductVersion: 14.0.3856.1100
1164128.3cf8: FileVersion: 14.0.3856.1100
1174128.3cf8: FileDescription: Symantec CMC Firewall sysfer
1184128.3cf8: \SystemRoot\System32\drivers\symevent64x86.sys:
1194128.3cf8: CreationTime: 2018-04-20T15:27:15.509599700Z
1204128.3cf8: LastWriteTime: 2018-04-20T15:27:15.358389700Z
1214128.3cf8: ChangeTime: 2018-04-20T15:27:15.509599700Z
1224128.3cf8: FileAttributes: 0x20
1234128.3cf8: Size: 0x19098
1244128.3cf8: NT Headers: 0xe0
1254128.3cf8: Timestamp: 0x59fcb42b
1264128.3cf8: Machine: 0x8664 - amd64
1274128.3cf8: Timestamp: 0x59fcb42b
1284128.3cf8: Image Version: 6.2
1294128.3cf8: SizeOfImage: 0x23000 (143360)
1304128.3cf8: Resource Dir: 0x21000 LB 0x3c8
1314128.3cf8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
1324128.3cf8: [Raw version resource data: 0x210b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
1334128.3cf8: ProductName: SYMEVENT
1344128.3cf8: ProductVersion: 14.0.5.9
1354128.3cf8: FileVersion: 14.0.5.9
1364128.3cf8: FileDescription: Symantec Event Library
1374128.3cf8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1384128.3cf8: Calling main()
1394128.3cf8: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
1404128.3cf8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1414128.3cf8: SUPR3HardenedMain: Respawn #1
1424128.3cf8: System32: \Device\HarddiskVolume3\Windows\System32
1434128.3cf8: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
1444128.3cf8: KnownDllPath: C:\WINDOWS\System32
1454128.3cf8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
1464128.3cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
1474128.3cf8: supR3HardNtEnableThreadCreation:
1484128.3cf8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa15f39280 pvNtTerminateThread=00007ffa15f60d10
1494128.3cf8: supR3HardenedWinDoReSpawn(1): New child 108c.3454 [kernel32].
1504128.3cf8: supR3HardNtChildGatherData: PebBaseAddress=0000000000bbb000 cbPeb=0x388
1514128.3cf8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffa15ec0000 uNtDllChildAddr=00007ffa15ec0000
1524128.3cf8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffa15f39280
1534128.3cf8: supR3HardenedWinSetupChildInit: Start child.
1544128.3cf8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
1554128.3cf8: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 33 sleeps
1564128.3cf8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1574128.3cf8: *0000000000000000-00000000008bffff 0x0001/0x0000 0x0000000
1584128.3cf8: *00000000008c0000-00000000008dffff 0x0004/0x0004 0x0020000
1594128.3cf8: *00000000008e0000-00000000008f8fff 0x0002/0x0002 0x0040000
1604128.3cf8: 00000000008f9000-00000000008fffff 0x0001/0x0000 0x0000000
1614128.3cf8: *0000000000900000-00000000009fafff 0x0000/0x0004 0x0020000
1624128.3cf8: 00000000009fb000-00000000009fdfff 0x0104/0x0004 0x0020000
1634128.3cf8: 00000000009fe000-00000000009fffff 0x0004/0x0004 0x0020000
1644128.3cf8: *0000000000a00000-0000000000bbafff 0x0000/0x0004 0x0020000
1654128.3cf8: 0000000000bbb000-0000000000bbdfff 0x0004/0x0004 0x0020000
1664128.3cf8: 0000000000bbe000-0000000000bfffff 0x0000/0x0004 0x0020000
1674128.3cf8: *0000000000c00000-0000000000c03fff 0x0002/0x0002 0x0040000
1684128.3cf8: 0000000000c04000-0000000000c0ffff 0x0001/0x0000 0x0000000
1694128.3cf8: *0000000000c10000-0000000000c10fff 0x0004/0x0004 0x0020000
1704128.3cf8: 0000000000c11000-000000007ffdffff 0x0001/0x0000 0x0000000
1714128.3cf8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1724128.3cf8: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
1734128.3cf8: 000000007fff0000-00007ff6f8f5ffff 0x0001/0x0000 0x0000000
1744128.3cf8: *00007ff6f8f60000-00007ff6f8f82fff 0x0002/0x0002 0x0040000
1754128.3cf8: 00007ff6f8f83000-00007ff6f9a4ffff 0x0001/0x0000 0x0000000
1764128.3cf8: *00007ff6f9a50000-00007ff6f9a50fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1774128.3cf8: 00007ff6f9a51000-00007ff6f9ac1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1784128.3cf8: 00007ff6f9ac2000-00007ff6f9ac2fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1794128.3cf8: 00007ff6f9ac3000-00007ff6f9b08fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1804128.3cf8: 00007ff6f9b09000-00007ff6f9b09fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1814128.3cf8: 00007ff6f9b0a000-00007ff6f9b0afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1824128.3cf8: 00007ff6f9b0b000-00007ff6f9b0ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1834128.3cf8: 00007ff6f9b10000-00007ff6f9b10fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1844128.3cf8: 00007ff6f9b11000-00007ff6f9b11fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1854128.3cf8: 00007ff6f9b12000-00007ff6f9b15fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1864128.3cf8: 00007ff6f9b16000-00007ff6f9b5dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
1874128.3cf8: 00007ff6f9b5e000-00007ff6f9b5ffff 0x0001/0x0000 0x0000000
1884128.3cf8: *00007ff6f9b60000-00007ff6f9b60fff 0x0004/0x0004 0x0020000
1894128.3cf8: 00007ff6f9b61000-00007ffa15ebffff 0x0001/0x0000 0x0000000
1904128.3cf8: *00007ffa15ec0000-00007ffa15ec0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1914128.3cf8: 00007ffa15ec1000-00007ffa15fd2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1924128.3cf8: 00007ffa15fd3000-00007ffa16018fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1934128.3cf8: 00007ffa16019000-00007ffa16020fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1944128.3cf8: 00007ffa16021000-00007ffa1602efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1954128.3cf8: 00007ffa1602f000-00007ffa1602ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1964128.3cf8: 00007ffa16030000-00007ffa16032fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1974128.3cf8: 00007ffa16033000-00007ffa1609ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1984128.3cf8: 00007ffa160a0000-00007ffffffdffff 0x0001/0x0000 0x0000000
1994128.3cf8: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
2004128.3cf8: VBoxHeadless.exe: timestamp 0x5a942b95 (rc=VINF_SUCCESS)
2014128.3cf8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
2024128.3cf8: VBoxHeadless.exe: Differences in section #0 (headers) between file and memory:
2034128.3cf8: 00007ff6f9a50162 / 0x0000162: 00 != 11
2044128.3cf8: 00007ff6f9a50164 / 0x0000164: 00 != 14
2054128.3cf8: Restored 0x400 bytes of original file content at 00007ff6f9a50000
2064128.3cf8: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
2074128.3cf8: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x3
2084128.3cf8: supR3HardNtChildPurify: Startup delay kludge #1/1: 515 ms, 32 sleeps
2094128.3cf8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2104128.3cf8: *0000000000000000-00000000008bffff 0x0001/0x0000 0x0000000
2114128.3cf8: *00000000008c0000-00000000008dffff 0x0004/0x0004 0x0020000
2124128.3cf8: *00000000008e0000-00000000008f8fff 0x0002/0x0002 0x0040000
2134128.3cf8: 00000000008f9000-00000000008fffff 0x0001/0x0000 0x0000000
2144128.3cf8: *0000000000900000-00000000009fafff 0x0000/0x0004 0x0020000
2154128.3cf8: 00000000009fb000-00000000009fdfff 0x0104/0x0004 0x0020000
2164128.3cf8: 00000000009fe000-00000000009fffff 0x0004/0x0004 0x0020000
2174128.3cf8: *0000000000a00000-0000000000bbafff 0x0000/0x0004 0x0020000
2184128.3cf8: 0000000000bbb000-0000000000bbdfff 0x0004/0x0004 0x0020000
2194128.3cf8: 0000000000bbe000-0000000000bfffff 0x0000/0x0004 0x0020000
2204128.3cf8: *0000000000c00000-0000000000c03fff 0x0002/0x0002 0x0040000
2214128.3cf8: 0000000000c04000-0000000000c0ffff 0x0001/0x0000 0x0000000
2224128.3cf8: *0000000000c10000-0000000000c10fff 0x0004/0x0004 0x0020000
2234128.3cf8: 0000000000c11000-000000007ffdffff 0x0001/0x0000 0x0000000
2244128.3cf8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2254128.3cf8: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
2264128.3cf8: 000000007fff0000-00007ff6f8f5ffff 0x0001/0x0000 0x0000000
2274128.3cf8: *00007ff6f8f60000-00007ff6f8f82fff 0x0002/0x0002 0x0040000
2284128.3cf8: 00007ff6f8f83000-00007ff6f9a4ffff 0x0001/0x0000 0x0000000
2294128.3cf8: *00007ff6f9a50000-00007ff6f9a50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2304128.3cf8: 00007ff6f9a51000-00007ff6f9ac1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2314128.3cf8: 00007ff6f9ac2000-00007ff6f9ac2fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2324128.3cf8: 00007ff6f9ac3000-00007ff6f9b08fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2334128.3cf8: 00007ff6f9b09000-00007ff6f9b15fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2344128.3cf8: 00007ff6f9b16000-00007ff6f9b5dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2354128.3cf8: 00007ff6f9b5e000-00007ff6f9b5ffff 0x0001/0x0000 0x0000000
2364128.3cf8: *00007ff6f9b60000-00007ff6f9b60fff 0x0004/0x0004 0x0020000
2374128.3cf8: 00007ff6f9b61000-00007ffa15ebffff 0x0001/0x0000 0x0000000
2384128.3cf8: *00007ffa15ec0000-00007ffa15ec0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2394128.3cf8: 00007ffa15ec1000-00007ffa15fd2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2404128.3cf8: 00007ffa15fd3000-00007ffa16018fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2414128.3cf8: 00007ffa16019000-00007ffa1601cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2424128.3cf8: 00007ffa1601d000-00007ffa16020fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2434128.3cf8: 00007ffa16021000-00007ffa1602efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2444128.3cf8: 00007ffa1602f000-00007ffa1602ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2454128.3cf8: 00007ffa16030000-00007ffa16032fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2464128.3cf8: 00007ffa16033000-00007ffa1609ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2474128.3cf8: 00007ffa160a0000-00007ffffffdffff 0x0001/0x0000 0x0000000
2484128.3cf8: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
2494128.3cf8: supR3HardNtChildPurify: Done after 1078 ms and 1 fixes (loop #1).
2504128.3cf8: supR3HardNtEnableThreadCreation:
251108c.3454: Log file opened: 5.2.8r121009 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa03fab00
252108c.3454: supR3HardenedVmProcessInit: uNtDllAddr=00007ffa15ec0000 g_uNtVerCombined=0xa03fab00
253108c.3454: ntdll.dll: timestamp 0xe508fc03 (rc=VINF_SUCCESS)
254108c.3454: New simple heap: #1 0000000000d20000 LB 0x400000 (for 1966080 allocation)
255108c.3454: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
256108c.3454: System32: \Device\HarddiskVolume3\Windows\System32
257108c.3454: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
258108c.3454: KnownDllPath: C:\WINDOWS\System32
259108c.3454: supR3HardenedVmProcessInit: Opening vboxdrv stub...
260108c.3454: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
261108c.3454: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
262108c.3454: Registered Dll notification callback with NTDLL.
263108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
264108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
265108c.3454: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
266108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa122c0000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
267108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
268108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
269108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa143e0000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
270108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
271108c.3454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa143e0000 'C:\WINDOWS\System32\KERNEL32.DLL'
272108c.3454: supR3HardenedDllNotificationCallback: load 00007ff6f9a50000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
273108c.3454: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
274108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
275108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
276108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
277108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
278108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'dnsapi.dll'.
279108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll)
280108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll
281108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dnsapi.dll'...
282108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'dnsapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dnsapi.dll' [rcNtRedir=0xc0150008]
283108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'ws2_32.dll'.
284108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'.
285108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dnsapi.dll)
286108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dnsapi.dll
287108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
288108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
289108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
290108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #73 'user32.dll'.
291108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'gdi32.dll'.
292108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll)
293108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
294108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
295108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
296108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
297108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
298108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
299108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
300108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
301108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
302108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
303108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
304108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
305108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
306108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
307108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
308108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
309108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
310108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
311108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
312108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
313108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
314108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
315108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
316108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
317108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
318108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
319108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
320108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
321108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
322108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
323108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
324108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
325108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
326108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
327108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
328108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
329108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
330108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
331108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
332108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
333108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
334108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll)
335108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
336108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
337108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
338108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
339108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
340108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
341108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
342108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
343108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
344108c.3454: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
345108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
346108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
347108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
348108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
349108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
350108c.3454: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\QIPCAP64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
351108c.3454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust]
352108c.3454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [lacks WinVerifyTrust]
353108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa135b0000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
354108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
355108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa14120000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
356108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
357108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa13c40000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
358108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
359108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa13d40000 LB 0x000a1000 C:\WINDOWS\System32\ADVAPI32.dll [fFlags=0x0]
360108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
361108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa12810000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
362108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
363108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
364108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa13340000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
365108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
366108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
367108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa12550000 LB 0x00072000 C:\WINDOWS\System32\bcryptPrimitives.dll [fFlags=0x0]
368108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
369108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
370108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa14490000 LB 0x00308000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
371108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
372108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'.
373108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
374108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
375108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa13b90000 LB 0x000a6000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
376108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
377108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'rpcrt4.dll'.
378108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
379108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
380108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
381108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa12770000 LB 0x0009b000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
382108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
383108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
384108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa12530000 LB 0x00020000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
385108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
386108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa13420000 LB 0x0018f000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
387108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
388108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa125d0000 LB 0x00193000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
389108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
390108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
391108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
392108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
393108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
394108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
395108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa13390000 LB 0x00028000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
396108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
397108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa13660000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0]
398108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
399108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'gdi32.dll'.
400108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'user32.dll'.
401108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
402108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
403108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa12230000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
404108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
405108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
406108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
407108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
408108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa12250000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
409108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
410108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
411108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
412108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa12210000 LB 0x0001b000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
413108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
414108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
415108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa12ae0000 LB 0x00747000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
416108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
417108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
418108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'combase.dll'.
419108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'profapi.dll'.
420108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
421108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
422108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa14a30000 LB 0x01436000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
423108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
424108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa13df0000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
425108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll [lacks WinVerifyTrust]
426108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa14000000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
427108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
428108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa11880000 LB 0x000b6000 C:\WINDOWS\SYSTEM32\DNSAPI.dll [fFlags=0x0]
429108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [lacks WinVerifyTrust]
430108c.3454: supR3HardenedDllNotificationCallback: load 0000000068000000 LB 0x0005e000 C:\WINDOWS\System32\QIPCAP64.dll [fFlags=0x0]
431108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust]
432108c.3454: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
433108c.3454: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
434108c.3454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa122c0000 'api-ms-win-core-synch-l1-2-0'
435108c.3454: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
436108c.3454: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
437108c.3454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa122c0000 'api-ms-win-core-fibers-l1-1-1'
438108c.3454: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
439108c.3454: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
440108c.3454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa122c0000 'api-ms-win-core-fibers-l1-1-1'
441108c.3454: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
442108c.3454: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
443108c.3454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa122c0000 'api-ms-win-core-synch-l1-2-0'
444108c.3454: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
445108c.3454: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
446108c.3454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa122c0000 'api-ms-win-core-localization-l1-2-1'
447108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
448108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
449108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
450108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
451108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
452108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
453108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
454108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
455108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
456108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
457108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
458108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
459108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
460108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
461108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
462108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
463108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
464108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
465108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
466108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
467108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
468108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
469108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
470108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
471108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
472108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
473108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
474108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
475108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
476108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
477108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
478108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
479108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
480108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
481108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
482108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
483108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
484108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
485108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
486108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
487108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
488108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
489108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
490108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
491108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
492108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
493108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
494108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
495108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
496108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
497108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
498108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
499108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
500108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
501108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
502108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
503108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
504108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
505108c.3454: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
506108c.3454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa143e0000 'C:\WINDOWS\System32\kernel32.dll'
507108c.3454: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
508108c.3454: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
509108c.3454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa122c0000 'api-ms-win-core-string-l1-1-0'
510108c.3454: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
511108c.3454: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
512108c.3454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa122c0000 'api-ms-win-core-datetime-l1-1-1'
513108c.3454: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
514108c.3454: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
515108c.3454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa122c0000 'api-ms-win-core-localization-obsolete-l1-2-0'
516108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
517108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'.
518108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
519108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
520108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
521108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
522108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
523108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
524108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
525108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
526108c.3454: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
527108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa13e60000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
528108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
529108c.3454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa13e60000 'C:\WINDOWS\system32\IMM32.DLL'
530108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL)
531108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
532108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa11830000 LB 0x00039000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
533108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL [lacks WinVerifyTrust]
534108c.3454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000068000000 'C:\WINDOWS\System32\QIPCAP64.dll'
535108c.3454: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa15f39280 pvNtTerminateThread=00007ffa15f60d10
5364128.3cf8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 547 ms.
537108c.3454: \SystemRoot\System32\ntdll.dll:
538108c.3454: CreationTime: 2018-04-16T09:01:27.085029100Z
539108c.3454: LastWriteTime: 2018-03-13T07:02:15.839353900Z
540108c.3454: ChangeTime: 2018-04-17T13:39:51.566849800Z
541108c.3454: FileAttributes: 0x20
542108c.3454: Size: 0x1dd100
543108c.3454: NT Headers: 0xe0
544108c.3454: Timestamp: 0xe508fc03
545108c.3454: Machine: 0x8664 - amd64
546108c.3454: Timestamp: 0xe508fc03
547108c.3454: Image Version: 10.0
548108c.3454: SizeOfImage: 0x1e0000 (1966080)
549108c.3454: Resource Dir: 0x174000 LB 0x6a1d8
550108c.3454: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
551108c.3454: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
552108c.3454: ProductName: Microsoft® Windows® Operating System
553108c.3454: ProductVersion: 10.0.16299.334
554108c.3454: FileVersion: 10.0.16299.334 (WinBuild.160101.0800)
555108c.3454: FileDescription: NT Layer DLL
556108c.3454: \SystemRoot\System32\kernel32.dll:
557108c.3454: CreationTime: 2017-09-29T13:42:04.954227600Z
558108c.3454: LastWriteTime: 2017-09-29T13:42:04.954227600Z
559108c.3454: ChangeTime: 2018-04-17T13:40:24.004114700Z
560108c.3454: FileAttributes: 0x20
561108c.3454: Size: 0xab868
562108c.3454: NT Headers: 0xe8
563108c.3454: Timestamp: 0xc2cf900
564108c.3454: Machine: 0x8664 - amd64
565108c.3454: Timestamp: 0xc2cf900
566108c.3454: Image Version: 10.0
567108c.3454: SizeOfImage: 0xae000 (712704)
568108c.3454: Resource Dir: 0xac000 LB 0x520
569108c.3454: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
570108c.3454: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
571108c.3454: ProductName: Microsoft® Windows® Operating System
572108c.3454: ProductVersion: 10.0.16299.15
573108c.3454: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
574108c.3454: FileDescription: Windows NT BASE API Client DLL
575108c.3454: \SystemRoot\System32\KernelBase.dll:
576108c.3454: CreationTime: 2018-04-16T09:01:22.921717800Z
577108c.3454: LastWriteTime: 2018-03-30T05:08:26.893801200Z
578108c.3454: ChangeTime: 2018-04-17T13:40:24.364280200Z
579108c.3454: FileAttributes: 0x20
580108c.3454: Size: 0x265c00
581108c.3454: NT Headers: 0xf0
582108c.3454: Timestamp: 0x6369e29f
583108c.3454: Machine: 0x8664 - amd64
584108c.3454: Timestamp: 0x6369e29f
585108c.3454: Image Version: 10.0
586108c.3454: SizeOfImage: 0x266000 (2514944)
587108c.3454: Resource Dir: 0x245000 LB 0x548
588108c.3454: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
589108c.3454: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
590108c.3454: ProductName: Microsoft® Windows® Operating System
591108c.3454: ProductVersion: 10.0.16299.371
592108c.3454: FileVersion: 10.0.16299.371 (WinBuild.160101.0800)
593108c.3454: FileDescription: Windows NT BASE API Client DLL
594108c.3454: \SystemRoot\System32\apisetschema.dll:
595108c.3454: CreationTime: 2017-09-29T13:42:07.095026600Z
596108c.3454: LastWriteTime: 2017-09-29T13:42:07.095026600Z
597108c.3454: ChangeTime: 2018-04-20T09:04:54.255417900Z
598108c.3454: FileAttributes: 0x20
599108c.3454: Size: 0x1b398
600108c.3454: NT Headers: 0xc8
601108c.3454: Timestamp: 0xf30abf31
602108c.3454: Machine: 0x8664 - amd64
603108c.3454: Timestamp: 0xf30abf31
604108c.3454: Image Version: 10.0
605108c.3454: SizeOfImage: 0x1c000 (114688)
606108c.3454: Resource Dir: 0x1b000 LB 0x408
607108c.3454: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
608108c.3454: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
609108c.3454: ProductName: Microsoft® Windows® Operating System
610108c.3454: ProductVersion: 10.0.16299.15
611108c.3454: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
612108c.3454: FileDescription: ApiSet Schema DLL
613108c.3454: NtOpenDirectoryObject failed on \Driver: 0xc0000022
614108c.3454: supR3HardenedWinFindAdversaries: 0x3
615108c.3454: \SystemRoot\System32\drivers\SysPlant.sys:
616108c.3454: CreationTime: 2018-04-20T15:25:45.984980400Z
617108c.3454: LastWriteTime: 2018-04-20T15:25:46.000606600Z
618108c.3454: ChangeTime: 2018-04-20T15:25:46.078529200Z
619108c.3454: FileAttributes: 0x20
620108c.3454: Size: 0x30548
621108c.3454: NT Headers: 0xf0
622108c.3454: Timestamp: 0x5a1adc8a
623108c.3454: Machine: 0x8664 - amd64
624108c.3454: Timestamp: 0x5a1adc8a
625108c.3454: Image Version: 5.0
626108c.3454: SizeOfImage: 0x31000 (200704)
627108c.3454: Resource Dir: 0x2f000 LB 0x49c
628108c.3454: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
629108c.3454: [Raw version resource data: 0x2f0b8 LB 0x3e4, codepage 0x4e4 (reserved 0x0)]
630108c.3454: ProductName: Symantec CMC Firewall
631108c.3454: ProductVersion: 14.0.3856.1100
632108c.3454: FileVersion: 14.0.3856.1100
633108c.3454: FileDescription: Symantec CMC Firewall SysPlant
634108c.3454: \SystemRoot\System32\sysfer.dll:
635108c.3454: CreationTime: 2018-04-20T15:25:45.937970800Z
636108c.3454: LastWriteTime: 2018-04-20T15:25:45.969352700Z
637108c.3454: ChangeTime: 2018-04-20T15:29:34.391929700Z
638108c.3454: FileAttributes: 0x20
639108c.3454: Size: 0x7cee8
640108c.3454: NT Headers: 0xf8
641108c.3454: Timestamp: 0x5a1adc96
642108c.3454: Machine: 0x8664 - amd64
643108c.3454: Timestamp: 0x5a1adc96
644108c.3454: Image Version: 0.0
645108c.3454: SizeOfImage: 0x95000 (610304)
646108c.3454: Resource Dir: 0x91000 LB 0x490
647108c.3454: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
648108c.3454: [Raw version resource data: 0x910b8 LB 0x3d8, codepage 0x4e4 (reserved 0x0)]
649108c.3454: ProductName: Symantec CMC Firewall
650108c.3454: ProductVersion: 14.0.3856.1100
651108c.3454: FileVersion: 14.0.3856.1100
652108c.3454: FileDescription: Symantec CMC Firewall sysfer
653108c.3454: \SystemRoot\System32\drivers\symevent64x86.sys:
654108c.3454: CreationTime: 2018-04-20T15:27:15.509599700Z
655108c.3454: LastWriteTime: 2018-04-20T15:27:15.358389700Z
656108c.3454: ChangeTime: 2018-04-20T15:27:15.509599700Z
657108c.3454: FileAttributes: 0x20
658108c.3454: Size: 0x19098
659108c.3454: NT Headers: 0xe0
660108c.3454: Timestamp: 0x59fcb42b
661108c.3454: Machine: 0x8664 - amd64
662108c.3454: Timestamp: 0x59fcb42b
663108c.3454: Image Version: 6.2
664108c.3454: SizeOfImage: 0x23000 (143360)
665108c.3454: Resource Dir: 0x21000 LB 0x3c8
666108c.3454: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
667108c.3454: [Raw version resource data: 0x210b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
668108c.3454: ProductName: SYMEVENT
669108c.3454: ProductVersion: 14.0.5.9
670108c.3454: FileVersion: 14.0.5.9
671108c.3454: FileDescription: Symantec Event Library
672108c.3454: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
673108c.3454: Calling main()
674108c.3454: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
675108c.3454: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
676108c.3454: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
677108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
678108c.3454: SUPR3HardenedMain: Respawn #2
679108c.3454: Error (rc=-5640):
680108c.3454: More than one thread in process
681108c.3454: Error -5640 in supR3HardenedWinReSpawn! (enmWhat=1)
682108c.3454: More than one thread in process
6834128.3cf8: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 31 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy