VirtualBox

Ticket #17764: VBoxHardening.log

File VBoxHardening.log, 78.6 KB (added by pepco, 6 years ago)

log file

Line 
12cb8.c7c: Log file opened: 5.2.12r122591 g_hStartupLog=0000000000000220 g_uNtVerCombined=0xa03fab00
22cb8.c7c: \SystemRoot\System32\ntdll.dll:
32cb8.c7c: CreationTime: 2018-05-11T07:30:27.635546000Z
42cb8.c7c: LastWriteTime: 2018-04-15T21:49:20.567835100Z
52cb8.c7c: ChangeTime: 2018-05-14T05:52:56.251684700Z
62cb8.c7c: FileAttributes: 0x20
72cb8.c7c: Size: 0x1dd108
82cb8.c7c: NT Headers: 0xe0
92cb8.c7c: Timestamp: 0xd826f10d
102cb8.c7c: Machine: 0x8664 - amd64
112cb8.c7c: Timestamp: 0xd826f10d
122cb8.c7c: Image Version: 10.0
132cb8.c7c: SizeOfImage: 0x1e0000 (1966080)
142cb8.c7c: Resource Dir: 0x174000 LB 0x6a1d8
152cb8.c7c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
162cb8.c7c: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
172cb8.c7c: ProductName: Microsoft® Windows® Operating System
182cb8.c7c: ProductVersion: 10.0.16299.402
192cb8.c7c: FileVersion: 10.0.16299.402 (WinBuild.160101.0800)
202cb8.c7c: FileDescription: NT Layer DLL
212cb8.c7c: \SystemRoot\System32\kernel32.dll:
222cb8.c7c: CreationTime: 2018-05-11T07:30:10.686786200Z
232cb8.c7c: LastWriteTime: 2018-05-03T07:43:30.892187700Z
242cb8.c7c: ChangeTime: 2018-05-14T05:52:49.954130800Z
252cb8.c7c: FileAttributes: 0x20
262cb8.c7c: Size: 0xab868
272cb8.c7c: NT Headers: 0xe8
282cb8.c7c: Timestamp: 0x309fae94
292cb8.c7c: Machine: 0x8664 - amd64
302cb8.c7c: Timestamp: 0x309fae94
312cb8.c7c: Image Version: 10.0
322cb8.c7c: SizeOfImage: 0xae000 (712704)
332cb8.c7c: Resource Dir: 0xac000 LB 0x520
342cb8.c7c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
352cb8.c7c: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
362cb8.c7c: ProductName: Microsoft® Windows® Operating System
372cb8.c7c: ProductVersion: 10.0.16299.431
382cb8.c7c: FileVersion: 10.0.16299.431 (WinBuild.160101.0800)
392cb8.c7c: FileDescription: Windows NT BASE API Client DLL
402cb8.c7c: \SystemRoot\System32\KernelBase.dll:
412cb8.c7c: CreationTime: 2018-05-11T07:30:03.884147200Z
422cb8.c7c: LastWriteTime: 2018-04-15T21:51:08.343639800Z
432cb8.c7c: ChangeTime: 2018-05-14T05:52:54.923416100Z
442cb8.c7c: FileAttributes: 0x20
452cb8.c7c: Size: 0x265c00
462cb8.c7c: NT Headers: 0xf0
472cb8.c7c: Timestamp: 0xde35406a
482cb8.c7c: Machine: 0x8664 - amd64
492cb8.c7c: Timestamp: 0xde35406a
502cb8.c7c: Image Version: 10.0
512cb8.c7c: SizeOfImage: 0x266000 (2514944)
522cb8.c7c: Resource Dir: 0x245000 LB 0x548
532cb8.c7c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
542cb8.c7c: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
552cb8.c7c: ProductName: Microsoft® Windows® Operating System
562cb8.c7c: ProductVersion: 10.0.16299.402
572cb8.c7c: FileVersion: 10.0.16299.402 (WinBuild.160101.0800)
582cb8.c7c: FileDescription: Windows NT BASE API Client DLL
592cb8.c7c: \SystemRoot\System32\apisetschema.dll:
602cb8.c7c: CreationTime: 2017-09-29T13:42:07.095026600Z
612cb8.c7c: LastWriteTime: 2017-09-29T13:42:07.095026600Z
622cb8.c7c: ChangeTime: 2018-05-11T07:38:16.512838200Z
632cb8.c7c: FileAttributes: 0x20
642cb8.c7c: Size: 0x1b398
652cb8.c7c: NT Headers: 0xc8
662cb8.c7c: Timestamp: 0xf30abf31
672cb8.c7c: Machine: 0x8664 - amd64
682cb8.c7c: Timestamp: 0xf30abf31
692cb8.c7c: Image Version: 10.0
702cb8.c7c: SizeOfImage: 0x1c000 (114688)
712cb8.c7c: Resource Dir: 0x1b000 LB 0x408
722cb8.c7c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
732cb8.c7c: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
742cb8.c7c: ProductName: Microsoft® Windows® Operating System
752cb8.c7c: ProductVersion: 10.0.16299.15
762cb8.c7c: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
772cb8.c7c: FileDescription: ApiSet Schema DLL
782cb8.c7c: Found driver SysPlant (0x1)
792cb8.c7c: Found driver SymNetS (0x2)
802cb8.c7c: Found driver PGDriver (0x20000)
812cb8.c7c: Found driver SRTSPX (0x2)
822cb8.c7c: Found driver SymEvent (0x2)
832cb8.c7c: Found driver SymIRON (0x2)
842cb8.c7c: supR3HardenedWinFindAdversaries: 0x20003
852cb8.c7c: \SystemRoot\System32\drivers\SysPlant.sys:
862cb8.c7c: CreationTime: 2017-05-24T05:09:18.818113600Z
872cb8.c7c: LastWriteTime: 2018-04-05T17:59:11.063293900Z
882cb8.c7c: ChangeTime: 2018-04-05T17:59:11.063293900Z
892cb8.c7c: FileAttributes: 0x20
902cb8.c7c: Size: 0x30548
912cb8.c7c: NT Headers: 0xf0
922cb8.c7c: Timestamp: 0x5a1adc8a
932cb8.c7c: Machine: 0x8664 - amd64
942cb8.c7c: Timestamp: 0x5a1adc8a
952cb8.c7c: Image Version: 5.0
962cb8.c7c: SizeOfImage: 0x31000 (200704)
972cb8.c7c: Resource Dir: 0x2f000 LB 0x49c
982cb8.c7c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
992cb8.c7c: [Raw version resource data: 0x2f0b8 LB 0x3e4, codepage 0x4e4 (reserved 0x0)]
1002cb8.c7c: ProductName: Symantec CMC Firewall
1012cb8.c7c: ProductVersion: 14.0.3856.1100
1022cb8.c7c: FileVersion: 14.0.3856.1100
1032cb8.c7c: FileDescription: Symantec CMC Firewall SysPlant
1042cb8.c7c: \SystemRoot\System32\sysfer.dll:
1052cb8.c7c: CreationTime: 2017-05-24T05:09:18.771232000Z
1062cb8.c7c: LastWriteTime: 2018-04-05T17:59:11.047665200Z
1072cb8.c7c: ChangeTime: 2018-04-16T06:02:41.528877100Z
1082cb8.c7c: FileAttributes: 0x20
1092cb8.c7c: Size: 0x7cee8
1102cb8.c7c: NT Headers: 0xf8
1112cb8.c7c: Timestamp: 0x5a1adc96
1122cb8.c7c: Machine: 0x8664 - amd64
1132cb8.c7c: Timestamp: 0x5a1adc96
1142cb8.c7c: Image Version: 0.0
1152cb8.c7c: SizeOfImage: 0x95000 (610304)
1162cb8.c7c: Resource Dir: 0x91000 LB 0x490
1172cb8.c7c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
1182cb8.c7c: [Raw version resource data: 0x910b8 LB 0x3d8, codepage 0x4e4 (reserved 0x0)]
1192cb8.c7c: ProductName: Symantec CMC Firewall
1202cb8.c7c: ProductVersion: 14.0.3856.1100
1212cb8.c7c: FileVersion: 14.0.3856.1100
1222cb8.c7c: FileDescription: Symantec CMC Firewall sysfer
1232cb8.c7c: \SystemRoot\System32\drivers\symevent64x86.sys:
1242cb8.c7c: CreationTime: 2017-05-24T05:10:05.493783800Z
1252cb8.c7c: LastWriteTime: 2018-04-05T17:25:36.881205200Z
1262cb8.c7c: ChangeTime: 2018-04-05T17:59:12.229134600Z
1272cb8.c7c: FileAttributes: 0x20
1282cb8.c7c: Size: 0x19098
1292cb8.c7c: NT Headers: 0xe0
1302cb8.c7c: Timestamp: 0x59fcb42b
1312cb8.c7c: Machine: 0x8664 - amd64
1322cb8.c7c: Timestamp: 0x59fcb42b
1332cb8.c7c: Image Version: 6.2
1342cb8.c7c: SizeOfImage: 0x23000 (143360)
1352cb8.c7c: Resource Dir: 0x21000 LB 0x3c8
1362cb8.c7c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
1372cb8.c7c: [Raw version resource data: 0x210b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
1382cb8.c7c: ProductName: SYMEVENT
1392cb8.c7c: ProductVersion: 14.0.5.9
1402cb8.c7c: FileVersion: 14.0.5.9
1412cb8.c7c: FileDescription: Symantec Event Library
1422cb8.c7c: \SystemRoot\System32\drivers\PGDriver.sys:
1432cb8.c7c: CreationTime: 2017-09-27T08:14:42.619031800Z
1442cb8.c7c: LastWriteTime: 2017-06-22T11:50:20.000000000Z
1452cb8.c7c: ChangeTime: 2018-05-14T05:53:29.671428900Z
1462cb8.c7c: FileAttributes: 0x20
1472cb8.c7c: Size: 0x8490
1482cb8.c7c: NT Headers: 0xf8
1492cb8.c7c: Timestamp: 0x59394114
1502cb8.c7c: Machine: 0x8664 - amd64
1512cb8.c7c: Timestamp: 0x59394114
1522cb8.c7c: Image Version: 6.3
1532cb8.c7c: SizeOfImage: 0xb000 (45056)
1542cb8.c7c: Resource Dir: 0x9000 LB 0x430
1552cb8.c7c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1562cb8.c7c: [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
1572cb8.c7c: ProductName: Avecto Defendpoint
1582cb8.c7c: ProductVersion: 2017.06.08.1
1592cb8.c7c: FileVersion: 2017.06.08.1
1602cb8.c7c: SpecialBuild: D
1612cb8.c7c: FileDescription: Defendpoint Driver
1622cb8.c7c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
1632cb8.c7c: Calling main()
1642cb8.c7c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1652cb8.c7c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
1662cb8.c7c: SUPR3HardenedMain: Respawn #1
1672cb8.c7c: System32: \Device\HarddiskVolume5\Windows\System32
1682cb8.c7c: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
1692cb8.c7c: KnownDllPath: C:\WINDOWS\System32
1702cb8.c7c: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1712cb8.c7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1722cb8.c7c: supR3HardNtEnableThreadCreation:
1732cb8.c7c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd191c9280 pvNtTerminateThread=00007ffd191f0d10
1742cb8.c7c: supR3HardenedWinDoReSpawn(1): New child 2f80.a04 [kernel32].
1752cb8.c7c: supR3HardNtChildGatherData: PebBaseAddress=0000000000369000 cbPeb=0x388
1762cb8.c7c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffd19150000 uNtDllChildAddr=00007ffd19150000
1772cb8.c7c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffd191c9280
1782cb8.c7c: supR3HardenedWinSetupChildInit: Start child.
1792cb8.c7c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
1802cb8.c7c: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 60 sleeps
1812cb8.c7c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1822cb8.c7c: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
1832cb8.c7c: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
1842cb8.c7c: *0000000000030000-0000000000048fff 0x0002/0x0002 0x0040000
1852cb8.c7c: 0000000000049000-000000000004ffff 0x0001/0x0000 0x0000000
1862cb8.c7c: *0000000000050000-000000000014afff 0x0000/0x0004 0x0020000
1872cb8.c7c: 000000000014b000-000000000014dfff 0x0104/0x0004 0x0020000
1882cb8.c7c: 000000000014e000-000000000014ffff 0x0004/0x0004 0x0020000
1892cb8.c7c: *0000000000150000-0000000000153fff 0x0002/0x0002 0x0040000
1902cb8.c7c: 0000000000154000-000000000015ffff 0x0001/0x0000 0x0000000
1912cb8.c7c: *0000000000160000-0000000000160fff 0x0004/0x0004 0x0020000
1922cb8.c7c: 0000000000161000-000000000016ffff 0x0001/0x0000 0x0000000
1932cb8.c7c: *0000000000170000-0000000000170fff 0x0004/0x0004 0x0020000
1942cb8.c7c: 0000000000171000-00000000001fffff 0x0001/0x0000 0x0000000
1952cb8.c7c: *0000000000200000-0000000000368fff 0x0000/0x0004 0x0020000
1962cb8.c7c: 0000000000369000-000000000036bfff 0x0004/0x0004 0x0020000
1972cb8.c7c: 000000000036c000-00000000003fffff 0x0000/0x0004 0x0020000
1982cb8.c7c: 0000000000400000-000000007ffdffff 0x0001/0x0000 0x0000000
1992cb8.c7c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2002cb8.c7c: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
2012cb8.c7c: 000000007fff0000-00007ff63048ffff 0x0001/0x0000 0x0000000
2022cb8.c7c: *00007ff630490000-00007ff6304b2fff 0x0002/0x0002 0x0040000
2032cb8.c7c: 00007ff6304b3000-00007ff63125ffff 0x0001/0x0000 0x0000000
2042cb8.c7c: *00007ff631260000-00007ff631260fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2052cb8.c7c: 00007ff631261000-00007ff6312d1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2062cb8.c7c: 00007ff6312d2000-00007ff6312d2fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2072cb8.c7c: 00007ff6312d3000-00007ff631318fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2082cb8.c7c: 00007ff631319000-00007ff631319fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2092cb8.c7c: 00007ff63131a000-00007ff63131afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2102cb8.c7c: 00007ff63131b000-00007ff63131ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2112cb8.c7c: 00007ff631320000-00007ff631320fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2122cb8.c7c: 00007ff631321000-00007ff631321fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2132cb8.c7c: 00007ff631322000-00007ff631325fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2142cb8.c7c: 00007ff631326000-00007ff63136dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2152cb8.c7c: 00007ff63136e000-00007ff63136ffff 0x0001/0x0000 0x0000000
2162cb8.c7c: *00007ff631370000-00007ff631370fff 0x0004/0x0004 0x0020000
2172cb8.c7c: 00007ff631371000-00007ffd1914ffff 0x0001/0x0000 0x0000000
2182cb8.c7c: *00007ffd19150000-00007ffd19150fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2192cb8.c7c: 00007ffd19151000-00007ffd19262fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2202cb8.c7c: 00007ffd19263000-00007ffd192a8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2212cb8.c7c: 00007ffd192a9000-00007ffd192aefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2222cb8.c7c: 00007ffd192af000-00007ffd192affff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2232cb8.c7c: 00007ffd192b0000-00007ffd192b0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2242cb8.c7c: 00007ffd192b1000-00007ffd192befff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2252cb8.c7c: 00007ffd192bf000-00007ffd192bffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2262cb8.c7c: 00007ffd192c0000-00007ffd192c2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2272cb8.c7c: 00007ffd192c3000-00007ffd1932ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2282cb8.c7c: 00007ffd19330000-00007ffffffdffff 0x0001/0x0000 0x0000000
2292cb8.c7c: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
2302cb8.c7c: VirtualBox.exe: timestamp 0x5af2c2c3 (rc=VINF_SUCCESS)
2312cb8.c7c: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2322cb8.c7c: VirtualBox.exe: Differences in section #0 (headers) between file and memory:
2332cb8.c7c: 00007ff631260162 / 0x0000162: 00 != 11
2342cb8.c7c: 00007ff631260164 / 0x0000164: 00 != 14
2352cb8.c7c: Restored 0x400 bytes of original file content at 00007ff631260000
2362cb8.c7c: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports
2372cb8.c7c: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x20003
2382cb8.c7c: supR3HardNtChildPurify: Startup delay kludge #1/1: 517 ms, 61 sleeps
2392cb8.c7c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2402cb8.c7c: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
2412cb8.c7c: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
2422cb8.c7c: *0000000000030000-0000000000048fff 0x0002/0x0002 0x0040000
2432cb8.c7c: 0000000000049000-000000000004ffff 0x0001/0x0000 0x0000000
2442cb8.c7c: *0000000000050000-000000000014afff 0x0000/0x0004 0x0020000
2452cb8.c7c: 000000000014b000-000000000014dfff 0x0104/0x0004 0x0020000
2462cb8.c7c: 000000000014e000-000000000014ffff 0x0004/0x0004 0x0020000
2472cb8.c7c: *0000000000150000-0000000000153fff 0x0002/0x0002 0x0040000
2482cb8.c7c: 0000000000154000-000000000015ffff 0x0001/0x0000 0x0000000
2492cb8.c7c: *0000000000160000-0000000000160fff 0x0004/0x0004 0x0020000
2502cb8.c7c: 0000000000161000-000000000016ffff 0x0001/0x0000 0x0000000
2512cb8.c7c: *0000000000170000-0000000000170fff 0x0004/0x0004 0x0020000
2522cb8.c7c: 0000000000171000-00000000001fffff 0x0001/0x0000 0x0000000
2532cb8.c7c: *0000000000200000-0000000000368fff 0x0000/0x0004 0x0020000
2542cb8.c7c: 0000000000369000-000000000036bfff 0x0004/0x0004 0x0020000
2552cb8.c7c: 000000000036c000-00000000003fffff 0x0000/0x0004 0x0020000
2562cb8.c7c: 0000000000400000-000000007ffdffff 0x0001/0x0000 0x0000000
2572cb8.c7c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2582cb8.c7c: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
2592cb8.c7c: 000000007fff0000-00007ff63048ffff 0x0001/0x0000 0x0000000
2602cb8.c7c: *00007ff630490000-00007ff6304b2fff 0x0002/0x0002 0x0040000
2612cb8.c7c: 00007ff6304b3000-00007ff63125ffff 0x0001/0x0000 0x0000000
2622cb8.c7c: *00007ff631260000-00007ff631260fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2632cb8.c7c: 00007ff631261000-00007ff6312d1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2642cb8.c7c: 00007ff6312d2000-00007ff6312d2fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2652cb8.c7c: 00007ff6312d3000-00007ff631318fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2662cb8.c7c: 00007ff631319000-00007ff631325fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2672cb8.c7c: 00007ff631326000-00007ff63136dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
2682cb8.c7c: 00007ff63136e000-00007ff63136ffff 0x0001/0x0000 0x0000000
2692cb8.c7c: *00007ff631370000-00007ff631370fff 0x0004/0x0004 0x0020000
2702cb8.c7c: 00007ff631371000-00007ffd1914ffff 0x0001/0x0000 0x0000000
2712cb8.c7c: *00007ffd19150000-00007ffd19150fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2722cb8.c7c: 00007ffd19151000-00007ffd19262fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2732cb8.c7c: 00007ffd19263000-00007ffd192a8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2742cb8.c7c: 00007ffd192a9000-00007ffd192acfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2752cb8.c7c: 00007ffd192ad000-00007ffd192b0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2762cb8.c7c: 00007ffd192b1000-00007ffd192befff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2772cb8.c7c: 00007ffd192bf000-00007ffd192bffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2782cb8.c7c: 00007ffd192c0000-00007ffd192c2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2792cb8.c7c: 00007ffd192c3000-00007ffd1932ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll
2802cb8.c7c: 00007ffd19330000-00007ffffffdffff 0x0001/0x0000 0x0000000
2812cb8.c7c: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
2822cb8.c7c: supR3HardNtChildPurify: Done after 1094 ms and 1 fixes (loop #1).
2832f80.a04: Log file opened: 5.2.12r122591 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00
2842f80.a04: supR3HardenedVmProcessInit: uNtDllAddr=00007ffd19150000 g_uNtVerCombined=0xa03fab00
2852f80.a04: ntdll.dll: timestamp 0xd826f10d (rc=VINF_SUCCESS)
2862f80.a04: New simple heap: #1 0000000000500000 LB 0x400000 (for 1966080 allocation)
2872cb8.c7c: supR3HardNtEnableThreadCreation:
2882f80.a04: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
2892f80.a04: System32: \Device\HarddiskVolume5\Windows\System32
2902f80.a04: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS
2912f80.a04: KnownDllPath: C:\WINDOWS\System32
2922f80.a04: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2932f80.a04: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2942f80.a04: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2952f80.a04: Registered Dll notification callback with NTDLL.
2962f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll)
2972f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll
2982f80.a04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
2992f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd16390000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
3002f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll)
3012f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll
3022f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd18b30000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
3032f80.a04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3042f80.a04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18b30000 'C:\WINDOWS\System32\KERNEL32.DLL'
3052f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3062f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
3072f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
3082f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\advapi32.dll)
3092f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\advapi32.dll
3102f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3112f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3122f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll)
3132f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll
3142f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
3152f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume5\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
3162f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
3172f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\sechost.dll)
3182f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sechost.dll
3192f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3202f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3212f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcrt.dll)
3222f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcrt.dll
3232f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3242f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3252f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
3262f80.a04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
3272f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd167c0000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
3282f80.a04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
3292f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd16d40000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
3302f80.a04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
3312f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd189b0000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
3322f80.a04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\sechost.dll [lacks WinVerifyTrust]
3332f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd18a10000 LB 0x000a1000 C:\WINDOWS\System32\ADVAPI32.DLL [fFlags=0x0]
3342f80.a04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
3352f80.a04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18a10000 'C:\WINDOWS\System32\ADVAPI32.DLL'
3362f80.a04: supR3HardenedDllNotificationCallback: load 00007ff631260000 LB 0x0010e000 c:\program files\Oracle\virtualbox\VirtualBox.exe [fFlags=0x0]
3372f80.a04: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3382f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3392f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe
3402f80.a04: supR3HardenedMonitor_LdrLoadDll: Refusing to load 'C:\Program Files\Avecto\Privilege Guard Client\PGHook.dll' as it is expected to create undesirable threads that will upset our respawn checks (returning STATUS_TOO_MANY_THREADS)
3412f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
3422f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
3432f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'dnsapi.dll'.
3442f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\QIPCAP64.dll)
3452f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\QIPCAP64.dll
3462f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dnsapi.dll'...
3472f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'dnsapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\dnsapi.dll' [rcNtRedir=0xc0150008]
3482f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'ws2_32.dll'.
3492f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'.
3502f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\dnsapi.dll)
3512f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\dnsapi.dll
3522f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
3532f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
3542f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'secur32.dll'.
3552f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'.
3562f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
3572f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
3582f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
3592f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
3602f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
3612f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr120.dll'.
3622f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'msvcp120.dll'.
3632f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
3642f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Manufacturer\Endpoint Agent\prntm64.dll)
3652f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Manufacturer\Endpoint Agent\prntm64.dll
3662f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3672f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3682f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
3692f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp120.dll'...
3702f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp120.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp120.dll' [rcNtRedir=0xc0150008]
3712f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr120.dll'.
3722f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcp120.dll)
3732f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcp120.dll
3742f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr120.dll'...
3752f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr120.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcr120.dll' [rcNtRedir=0xc0150008]
3762f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcr120.dll)
3772f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcr120.dll
3782f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3792f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3802f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
3812f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
3822f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
3832f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\oleaut32.dll)
3842f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\oleaut32.dll
3852f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3862f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3872f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
3882f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'gdi32.dll'.
3892f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'user32.dll'.
3902f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'combase.dll'.
3912f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ole32.dll)
3922f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ole32.dll
3932f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
3942f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume5\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
3952f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3962f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'iphlpapi.dll'.
3972f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'bcrypt.dll'.
3982f80.48a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\winspool.drv)
3992f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winspool.drv
4002f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
4012f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
4022f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\gdi32.dll)
4032f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\gdi32.dll
4042f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
4052f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
4062f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
4072f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
4082f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\user32.dll)
4092f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\user32.dll
4102f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
4112f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
4122f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
4132f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'gdi32.dll'.
4142f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'user32.dll'.
4152f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\shlwapi.dll)
4162f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\shlwapi.dll
4172f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'secur32.dll'...
4182f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'secur32.dll' -> '\Device\HarddiskVolume5\Windows\System32\secur32.dll' [rcNtRedir=0xc0150008]
4192f80.48a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\secur32.dll)
4202f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\secur32.dll
4212f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
4222f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume5\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
4232f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\nsi.dll)
4242f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\nsi.dll
4252f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
4262f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
4272f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
4282f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ws2_32.dll)
4292f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ws2_32.dll
4302f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4312f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4322f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4332f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
4342f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
4352f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
4362f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
4372f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
4382f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
4392f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4402f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4412f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4422f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
4432f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
4442f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
4452f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
4462f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
4472f80.48a0: '\Device\HarddiskVolume5\Windows\System32\win32u.dll' has no imports
4482f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\win32u.dll)
4492f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\win32u.dll
4502f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
4512f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
4522f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\bcrypt.dll)
4532f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\bcrypt.dll
4542f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
4552f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
4562f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL)
4572f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL
4582f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4592f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4602f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4612f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
4622f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
4632f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
4642f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'.
4652f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\combase.dll)
4662f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\combase.dll
4672f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
4682f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
4692f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
4702f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
4712f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
4722f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
4732f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4742f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4752f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4762f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4772f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4782f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4792f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
4802f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
4812f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [lacks WinVerifyTrust]
4822f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
4832f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
4842f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll)
4852f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll
4862f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr120.dll'...
4872f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr120.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcr120.dll' [rcNtRedir=0xc0150008]
4882f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcr120.dll [lacks WinVerifyTrust]
4892f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
4902f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
4912f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll)
4922f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll
4932f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4942f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4952f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4962f80.48a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Manufacturer\Endpoint Agent\prntm64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
4972f80.48a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Manufacturer\Endpoint Agent\prntm64.dll [lacks WinVerifyTrust]
4982f80.48a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\secur32.dll [lacks WinVerifyTrust]
4992f80.48a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\winspool.drv [lacks WinVerifyTrust]
5002f80.48a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcr120.dll [lacks WinVerifyTrust]
5012f80.48a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp120.dll [lacks WinVerifyTrust]
5022f80.48a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL [lacks WinVerifyTrust]
5032f80.48a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5042f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
5052f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\sspicli.dll)
5062f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sspicli.dll
5072f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd06c80000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\Secur32.dll [fFlags=0x0]
5082f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\secur32.dll [lacks WinVerifyTrust]
5092f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd15d40000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
5102f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ucrtbase.dll)
5112f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ucrtbase.dll
5122f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd160e0000 LB 0x00072000 C:\WINDOWS\System32\bcryptPrimitives.dll [fFlags=0x0]
5132f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5142f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd18be0000 LB 0x00308000 C:\WINDOWS\System32\combase.dll [fFlags=0x0]
5152f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [lacks WinVerifyTrust]
5162f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd15ca0000 LB 0x0009b000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0]
5172f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
5182f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd16600000 LB 0x00020000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0]
5192f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [lacks WinVerifyTrust]
5202f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd16bb0000 LB 0x0018f000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0]
5212f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
5222f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd15f40000 LB 0x00193000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0]
5232f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
5242f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
5252f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
5262f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
5272f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\gdi32full.dll)
5282f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\gdi32full.dll
5292f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd168a0000 LB 0x00028000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0]
5302f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
5312f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd16a00000 LB 0x00051000 C:\WINDOWS\System32\SHLWAPI.dll [fFlags=0x0]
5322f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
5332f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd14910000 LB 0x00039000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
5342f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL [lacks WinVerifyTrust]
5352f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd15100000 LB 0x00025000 C:\WINDOWS\SYSTEM32\bcrypt.dll [fFlags=0x0]
5362f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5372f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd06cb0000 LB 0x00086000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
5382f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\winspool.drv [lacks WinVerifyTrust]
5392f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd16a60000 LB 0x00149000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0]
5402f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll [lacks WinVerifyTrust]
5412f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd168d0000 LB 0x000c5000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0]
5422f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll [lacks WinVerifyTrust]
5432f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd06ea0000 LB 0x000ef000 C:\WINDOWS\SYSTEM32\MSVCR120.dll [fFlags=0x0]
5442f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcr120.dll [lacks WinVerifyTrust]
5452f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd06fb0000 LB 0x000a6000 C:\WINDOWS\SYSTEM32\MSVCP120.dll [fFlags=0x0]
5462f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp120.dll [lacks WinVerifyTrust]
5472f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd153d0000 LB 0x00030000 C:\WINDOWS\SYSTEM32\SSPICLI.DLL [fFlags=0x0]
5482f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\sspicli.dll [lacks WinVerifyTrust]
5492f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffcf0700000 LB 0x0006a000 C:\Program Files\Manufacturer\Endpoint Agent\prntm64.dll [fFlags=0x0]
5502f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Manufacturer\Endpoint Agent\prntm64.dll [lacks WinVerifyTrust]
5512f80.48a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
5522f80.48a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5532f80.48a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd16390000 'api-ms-win-core-synch-l1-2-0'
5542f80.48a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
5552f80.48a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5562f80.48a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd16390000 'api-ms-win-core-fibers-l1-1-1'
5572f80.48a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
5582f80.48a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5592f80.48a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd16390000 'api-ms-win-core-fibers-l1-1-1'
5602f80.48a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
5612f80.48a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5622f80.48a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd16390000 'api-ms-win-core-synch-l1-2-0'
5632f80.48a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
5642f80.48a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5652f80.48a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd16390000 'api-ms-win-core-localization-l1-2-1'
5662f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5672f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
5682f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
5692f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [lacks WinVerifyTrust]
5702f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
5712f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
5722f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
5732f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
5742f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
5752f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
5762f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
5772f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
5782f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
5792f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5802f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5812f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5822f80.48a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5832f80.48a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18b30000 'C:\WINDOWS\System32\kernel32.dll'
5842f80.48a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
5852f80.48a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5862f80.48a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd16390000 'api-ms-win-core-string-l1-1-0'
5872f80.48a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
5882f80.48a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5892f80.48a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd16390000 'api-ms-win-core-datetime-l1-1-1'
5902f80.48a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
5912f80.48a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5922f80.48a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd16390000 'api-ms-win-core-localization-obsolete-l1-2-0'
5932f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
5942f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'.
5952f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\imm32.dll)
5962f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\imm32.dll
5972f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
5982f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
5992f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [lacks WinVerifyTrust]
6002f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6012f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6022f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
6032f80.48a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
6042f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd18ef0000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0]
6052f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imm32.dll [lacks WinVerifyTrust]
6062f80.48a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18ef0000 'C:\WINDOWS\system32\IMM32.DLL'
6072f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6082f80.48a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6092f80.48a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18b30000 'C:\WINDOWS\System32\kernel32.dll'
6102f80.48a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf0700000 'C:\Program Files\Manufacturer\Endpoint Agent\prntm64.dll'
6112f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6122f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #73 'user32.dll'.
6132f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'gdi32.dll'.
6142f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\shell32.dll)
6152f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\shell32.dll
6162f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
6172f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
6182f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
6192f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6202f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6212f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
6222f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6232f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6242f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust]
6252f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6262f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6272f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6282f80.a04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\QIPCAP64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
6292f80.a04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust]
6302f80.a04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dnsapi.dll [lacks WinVerifyTrust]
6312f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd15ef0000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0]
6322f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll)
6332f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll
6342f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd18900000 LB 0x000a6000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0]
6352f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6362f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'rpcrt4.dll'.
6372f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
6382f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\SHCore.dll)
6392f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\SHCore.dll
6402f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd15530000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0]
6412f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
6422f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
6432f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll)
6442f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll
6452f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd154c0000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0]
6462f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
6472f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\powrprof.dll)
6482f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\powrprof.dll
6492f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd154a0000 LB 0x0001b000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0]
6502f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\profapi.dll)
6512f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\profapi.dll
6522f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd15550000 LB 0x00747000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0]
6532f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6542f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
6552f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'combase.dll'.
6562f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'profapi.dll'.
6572f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\windows.storage.dll)
6582f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\windows.storage.dll
6592f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd16e60000 LB 0x01438000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0]
6602f80.a04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll [lacks WinVerifyTrust]
6612f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd18f20000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0]
6622f80.a04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll [lacks WinVerifyTrust]
6632f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd18ac0000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0]
6642f80.a04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\nsi.dll [lacks WinVerifyTrust]
6652f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd14960000 LB 0x000b6000 C:\WINDOWS\SYSTEM32\DNSAPI.dll [fFlags=0x0]
6662f80.a04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dnsapi.dll [lacks WinVerifyTrust]
6672f80.a04: supR3HardenedDllNotificationCallback: load 0000000068000000 LB 0x0005d000 C:\WINDOWS\System32\QIPCAP64.dll [fFlags=0x0]
6682f80.a04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust]
6692f80.a04: supR3HardenedDllNotificationCallback: Unload 0000000068000000 LB 0x0005d000 C:\WINDOWS\System32\QIPCAP64.dll [flags=0x0]
6702f80.a04: supR3HardenedDllNotificationCallback: Unload 00007ffd16e60000 LB 0x01438000 C:\WINDOWS\System32\SHELL32.dll [flags=0x0]
6712f80.a04: supR3HardenedDllNotificationCallback: Unload 00007ffd15ef0000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [flags=0x0]
6722f80.a04: supR3HardenedDllNotificationCallback: Unload 00007ffd15550000 LB 0x00747000 C:\WINDOWS\System32\windows.storage.dll [flags=0x0]
6732f80.a04: supR3HardenedDllNotificationCallback: Unload 00007ffd15530000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [flags=0x0]
6742f80.a04: supR3HardenedDllNotificationCallback: Unload 00007ffd18900000 LB 0x000a6000 C:\WINDOWS\System32\shcore.dll [flags=0x0]
6752f80.a04: supR3HardenedDllNotificationCallback: Unload 00007ffd154c0000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [flags=0x0]
6762f80.a04: supR3HardenedDllNotificationCallback: Unload 00007ffd154a0000 LB 0x0001b000 C:\WINDOWS\System32\profapi.dll [flags=0x0]
6772f80.a04: supR3HardenedDllNotificationCallback: Unload 00007ffd14960000 LB 0x000b6000 C:\WINDOWS\SYSTEM32\DNSAPI.dll [flags=0x0]
6782f80.a04: supR3HardenedDllNotificationCallback: Unload 00007ffd18f20000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [flags=0x0]
6792f80.a04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000142 'C:\WINDOWS\System32\QIPCAP64.dll'
6802f80.a04: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd191c9280 pvNtTerminateThread=00007ffd191f0d10
6812cb8.c7c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 632 ms.
6822f80.a04: \SystemRoot\System32\ntdll.dll:
6832f80.a04: CreationTime: 2018-05-11T07:30:27.635546000Z
6842f80.a04: LastWriteTime: 2018-04-15T21:49:20.567835100Z
6852f80.a04: ChangeTime: 2018-05-14T05:52:56.251684700Z
6862f80.a04: FileAttributes: 0x20
6872f80.a04: Size: 0x1dd108
6882f80.a04: NT Headers: 0xe0
6892f80.a04: Timestamp: 0xd826f10d
6902f80.a04: Machine: 0x8664 - amd64
6912f80.a04: Timestamp: 0xd826f10d
6922f80.a04: Image Version: 10.0
6932f80.a04: SizeOfImage: 0x1e0000 (1966080)
6942f80.a04: Resource Dir: 0x174000 LB 0x6a1d8
6952f80.a04: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
6962f80.a04: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
6972f80.a04: ProductName: Microsoft® Windows® Operating System
6982f80.a04: ProductVersion: 10.0.16299.402
6992f80.a04: FileVersion: 10.0.16299.402 (WinBuild.160101.0800)
7002f80.a04: FileDescription: NT Layer DLL
7012f80.a04: \SystemRoot\System32\kernel32.dll:
7022f80.a04: CreationTime: 2018-05-11T07:30:10.686786200Z
7032f80.a04: LastWriteTime: 2018-05-03T07:43:30.892187700Z
7042f80.a04: ChangeTime: 2018-05-14T05:52:49.954130800Z
7052f80.a04: FileAttributes: 0x20
7062f80.a04: Size: 0xab868
7072f80.a04: NT Headers: 0xe8
7082f80.a04: Timestamp: 0x309fae94
7092f80.a04: Machine: 0x8664 - amd64
7102f80.a04: Timestamp: 0x309fae94
7112f80.a04: Image Version: 10.0
7122f80.a04: SizeOfImage: 0xae000 (712704)
7132f80.a04: Resource Dir: 0xac000 LB 0x520
7142f80.a04: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7152f80.a04: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
7162f80.a04: ProductName: Microsoft® Windows® Operating System
7172f80.a04: ProductVersion: 10.0.16299.431
7182f80.a04: FileVersion: 10.0.16299.431 (WinBuild.160101.0800)
7192f80.a04: FileDescription: Windows NT BASE API Client DLL
7202f80.a04: \SystemRoot\System32\KernelBase.dll:
7212f80.a04: CreationTime: 2018-05-11T07:30:03.884147200Z
7222f80.a04: LastWriteTime: 2018-04-15T21:51:08.343639800Z
7232f80.a04: ChangeTime: 2018-05-14T05:52:54.923416100Z
7242f80.a04: FileAttributes: 0x20
7252f80.a04: Size: 0x265c00
7262f80.a04: NT Headers: 0xf0
7272f80.a04: Timestamp: 0xde35406a
7282f80.a04: Machine: 0x8664 - amd64
7292f80.a04: Timestamp: 0xde35406a
7302f80.a04: Image Version: 10.0
7312f80.a04: SizeOfImage: 0x266000 (2514944)
7322f80.a04: Resource Dir: 0x245000 LB 0x548
7332f80.a04: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7342f80.a04: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
7352f80.a04: ProductName: Microsoft® Windows® Operating System
7362f80.a04: ProductVersion: 10.0.16299.402
7372f80.a04: FileVersion: 10.0.16299.402 (WinBuild.160101.0800)
7382f80.a04: FileDescription: Windows NT BASE API Client DLL
7392f80.a04: \SystemRoot\System32\apisetschema.dll:
7402f80.a04: CreationTime: 2017-09-29T13:42:07.095026600Z
7412f80.a04: LastWriteTime: 2017-09-29T13:42:07.095026600Z
7422f80.a04: ChangeTime: 2018-05-11T07:38:16.512838200Z
7432f80.a04: FileAttributes: 0x20
7442f80.a04: Size: 0x1b398
7452f80.a04: NT Headers: 0xc8
7462f80.a04: Timestamp: 0xf30abf31
7472f80.a04: Machine: 0x8664 - amd64
7482f80.a04: Timestamp: 0xf30abf31
7492f80.a04: Image Version: 10.0
7502f80.a04: SizeOfImage: 0x1c000 (114688)
7512f80.a04: Resource Dir: 0x1b000 LB 0x408
7522f80.a04: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7532f80.a04: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
7542f80.a04: ProductName: Microsoft® Windows® Operating System
7552f80.a04: ProductVersion: 10.0.16299.15
7562f80.a04: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
7572f80.a04: FileDescription: ApiSet Schema DLL
7582f80.a04: Found driver SysPlant (0x1)
7592f80.a04: Found driver SymNetS (0x2)
7602f80.a04: Found driver PGDriver (0x20000)
7612f80.a04: Found driver SRTSPX (0x2)
7622f80.a04: Found driver SymEvent (0x2)
7632f80.a04: Found driver SymIRON (0x2)
7642f80.a04: supR3HardenedWinFindAdversaries: 0x20003
7652f80.a04: \SystemRoot\System32\drivers\SysPlant.sys:
7662f80.a04: CreationTime: 2017-05-24T05:09:18.818113600Z
7672f80.a04: LastWriteTime: 2018-04-05T17:59:11.063293900Z
7682f80.a04: ChangeTime: 2018-04-05T17:59:11.063293900Z
7692f80.a04: FileAttributes: 0x20
7702f80.a04: Size: 0x30548
7712f80.a04: NT Headers: 0xf0
7722f80.a04: Timestamp: 0x5a1adc8a
7732f80.a04: Machine: 0x8664 - amd64
7742f80.a04: Timestamp: 0x5a1adc8a
7752f80.a04: Image Version: 5.0
7762f80.a04: SizeOfImage: 0x31000 (200704)
7772f80.a04: Resource Dir: 0x2f000 LB 0x49c
7782f80.a04: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7792f80.a04: [Raw version resource data: 0x2f0b8 LB 0x3e4, codepage 0x4e4 (reserved 0x0)]
7802f80.a04: ProductName: Symantec CMC Firewall
7812f80.a04: ProductVersion: 14.0.3856.1100
7822f80.a04: FileVersion: 14.0.3856.1100
7832f80.a04: FileDescription: Symantec CMC Firewall SysPlant
7842f80.a04: \SystemRoot\System32\sysfer.dll:
7852f80.a04: CreationTime: 2017-05-24T05:09:18.771232000Z
7862f80.a04: LastWriteTime: 2018-04-05T17:59:11.047665200Z
7872f80.a04: ChangeTime: 2018-04-16T06:02:41.528877100Z
7882f80.a04: FileAttributes: 0x20
7892f80.a04: Size: 0x7cee8
7902f80.a04: NT Headers: 0xf8
7912f80.a04: Timestamp: 0x5a1adc96
7922f80.a04: Machine: 0x8664 - amd64
7932f80.a04: Timestamp: 0x5a1adc96
7942f80.a04: Image Version: 0.0
7952f80.a04: SizeOfImage: 0x95000 (610304)
7962f80.a04: Resource Dir: 0x91000 LB 0x490
7972f80.a04: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7982f80.a04: [Raw version resource data: 0x910b8 LB 0x3d8, codepage 0x4e4 (reserved 0x0)]
7992f80.a04: ProductName: Symantec CMC Firewall
8002f80.a04: ProductVersion: 14.0.3856.1100
8012f80.a04: FileVersion: 14.0.3856.1100
8022f80.a04: FileDescription: Symantec CMC Firewall sysfer
8032f80.a04: \SystemRoot\System32\drivers\symevent64x86.sys:
8042f80.a04: CreationTime: 2017-05-24T05:10:05.493783800Z
8052f80.a04: LastWriteTime: 2018-04-05T17:25:36.881205200Z
8062f80.a04: ChangeTime: 2018-04-05T17:59:12.229134600Z
8072f80.a04: FileAttributes: 0x20
8082f80.a04: Size: 0x19098
8092f80.a04: NT Headers: 0xe0
8102f80.a04: Timestamp: 0x59fcb42b
8112f80.a04: Machine: 0x8664 - amd64
8122f80.a04: Timestamp: 0x59fcb42b
8132f80.a04: Image Version: 6.2
8142f80.a04: SizeOfImage: 0x23000 (143360)
8152f80.a04: Resource Dir: 0x21000 LB 0x3c8
8162f80.a04: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
8172f80.a04: [Raw version resource data: 0x210b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
8182f80.a04: ProductName: SYMEVENT
8192f80.a04: ProductVersion: 14.0.5.9
8202f80.a04: FileVersion: 14.0.5.9
8212f80.a04: FileDescription: Symantec Event Library
8222f80.a04: \SystemRoot\System32\drivers\PGDriver.sys:
8232f80.a04: CreationTime: 2017-09-27T08:14:42.619031800Z
8242f80.a04: LastWriteTime: 2017-06-22T11:50:20.000000000Z
8252f80.a04: ChangeTime: 2018-05-14T05:53:29.671428900Z
8262f80.a04: FileAttributes: 0x20
8272f80.a04: Size: 0x8490
8282f80.a04: NT Headers: 0xf8
8292f80.a04: Timestamp: 0x59394114
8302f80.a04: Machine: 0x8664 - amd64
8312f80.a04: Timestamp: 0x59394114
8322f80.a04: Image Version: 6.3
8332f80.a04: SizeOfImage: 0xb000 (45056)
8342f80.a04: Resource Dir: 0x9000 LB 0x430
8352f80.a04: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8362f80.a04: [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
8372f80.a04: ProductName: Avecto Defendpoint
8382f80.a04: ProductVersion: 2017.06.08.1
8392f80.a04: FileVersion: 2017.06.08.1
8402f80.a04: SpecialBuild: D
8412f80.a04: FileDescription: Defendpoint Driver
8422f80.a04: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
8432f80.a04: Calling main()
8442f80.a04: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
8452f80.a04: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox'
8462f80.a04: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
8472f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe)
8482f80.a04: SUPR3HardenedMain: Respawn #2
8492f80.a04: supR3HardNtEnableThreadCreation:
8502f80.a04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
8512f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
8522f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
8532f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\profapi.dll [lacks WinVerifyTrust]
8542f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
8552f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
8562f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [lacks WinVerifyTrust]
8572f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8582f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8592f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8602f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8612f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8622f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8632f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8642f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8652f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8662f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8672f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8682f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8692f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8702f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8712f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8722f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
8732f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
8742f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [lacks WinVerifyTrust]
8752f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8762f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8772f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8782f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8792f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8802f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8812f80.a04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000:<flags> [calling]
8822f80.a04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18a10000 'C:\WINDOWS\System32\ADVAPI32.DLL'
8832f80.a04: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-kernel32-errorhandling-l1-1-0.dll) -> 0x0, fPresent=1
8842f80.a04: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-kernel32-errorhandling-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
8852f80.a04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18b30000 'ext-ms-win-kernel32-errorhandling-l1-1-0.dll'
8862cb8.c7c: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 46 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy