VirtualBox

Ticket #17856: VBoxHardening.log

File VBoxHardening.log, 58.3 KB (added by SarmaK, 6 years ago)

VboxHardening Log

Line 
129ac.2ff0: Log file opened: 5.1.26r117224 g_hStartupLog=00000000000001d4 g_uNtVerCombined=0xa03fab00
229ac.2ff0: \SystemRoot\System32\ntdll.dll:
329ac.2ff0: CreationTime: 2018-05-10T07:45:29.694271000Z
429ac.2ff0: LastWriteTime: 2018-04-15T21:49:20.567835100Z
529ac.2ff0: ChangeTime: 2018-06-22T11:23:52.548022800Z
629ac.2ff0: FileAttributes: 0x20
729ac.2ff0: Size: 0x1dd108
829ac.2ff0: NT Headers: 0xe0
929ac.2ff0: Timestamp: 0xd826f10d
1029ac.2ff0: Machine: 0x8664 - amd64
1129ac.2ff0: Timestamp: 0xd826f10d
1229ac.2ff0: Image Version: 10.0
1329ac.2ff0: SizeOfImage: 0x1e0000 (1966080)
1429ac.2ff0: Resource Dir: 0x174000 LB 0x6a1d8
1529ac.2ff0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1629ac.2ff0: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1729ac.2ff0: ProductName: Microsoft® Windows® Operating System
1829ac.2ff0: ProductVersion: 10.0.16299.402
1929ac.2ff0: FileVersion: 10.0.16299.402 (WinBuild.160101.0800)
2029ac.2ff0: FileDescription: NT Layer DLL
2129ac.2ff0: \SystemRoot\System32\kernel32.dll:
2229ac.2ff0: CreationTime: 2018-05-10T07:44:14.069270500Z
2329ac.2ff0: LastWriteTime: 2018-05-03T07:43:30.892187700Z
2429ac.2ff0: ChangeTime: 2018-06-21T21:58:10.715332800Z
2529ac.2ff0: FileAttributes: 0x20
2629ac.2ff0: Size: 0xab868
2729ac.2ff0: NT Headers: 0xe8
2829ac.2ff0: Timestamp: 0x309fae94
2929ac.2ff0: Machine: 0x8664 - amd64
3029ac.2ff0: Timestamp: 0x309fae94
3129ac.2ff0: Image Version: 10.0
3229ac.2ff0: SizeOfImage: 0xae000 (712704)
3329ac.2ff0: Resource Dir: 0xac000 LB 0x520
3429ac.2ff0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3529ac.2ff0: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3629ac.2ff0: ProductName: Microsoft® Windows® Operating System
3729ac.2ff0: ProductVersion: 10.0.16299.431
3829ac.2ff0: FileVersion: 10.0.16299.431 (WinBuild.160101.0800)
3929ac.2ff0: FileDescription: Windows NT BASE API Client DLL
4029ac.2ff0: \SystemRoot\System32\KernelBase.dll:
4129ac.2ff0: CreationTime: 2018-05-10T07:44:26.866145400Z
4229ac.2ff0: LastWriteTime: 2018-04-15T21:51:08.343639800Z
4329ac.2ff0: ChangeTime: 2018-06-21T21:58:12.211789800Z
4429ac.2ff0: FileAttributes: 0x20
4529ac.2ff0: Size: 0x265c00
4629ac.2ff0: NT Headers: 0xf0
4729ac.2ff0: Timestamp: 0xde35406a
4829ac.2ff0: Machine: 0x8664 - amd64
4929ac.2ff0: Timestamp: 0xde35406a
5029ac.2ff0: Image Version: 10.0
5129ac.2ff0: SizeOfImage: 0x266000 (2514944)
5229ac.2ff0: Resource Dir: 0x245000 LB 0x548
5329ac.2ff0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5429ac.2ff0: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
5529ac.2ff0: ProductName: Microsoft® Windows® Operating System
5629ac.2ff0: ProductVersion: 10.0.16299.402
5729ac.2ff0: FileVersion: 10.0.16299.402 (WinBuild.160101.0800)
5829ac.2ff0: FileDescription: Windows NT BASE API Client DLL
5929ac.2ff0: \SystemRoot\System32\apisetschema.dll:
6029ac.2ff0: CreationTime: 2017-09-29T13:42:07.095026600Z
6129ac.2ff0: LastWriteTime: 2017-09-29T13:42:07.095026600Z
6229ac.2ff0: ChangeTime: 2018-06-22T11:23:22.046763700Z
6329ac.2ff0: FileAttributes: 0x20
6429ac.2ff0: Size: 0x1b398
6529ac.2ff0: NT Headers: 0xc8
6629ac.2ff0: Timestamp: 0xf30abf31
6729ac.2ff0: Machine: 0x8664 - amd64
6829ac.2ff0: Timestamp: 0xf30abf31
6929ac.2ff0: Image Version: 10.0
7029ac.2ff0: SizeOfImage: 0x1c000 (114688)
7129ac.2ff0: Resource Dir: 0x1b000 LB 0x408
7229ac.2ff0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7329ac.2ff0: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
7429ac.2ff0: ProductName: Microsoft® Windows® Operating System
7529ac.2ff0: ProductVersion: 10.0.16299.15
7629ac.2ff0: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
7729ac.2ff0: FileDescription: ApiSet Schema DLL
7829ac.2ff0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7929ac.2ff0: supR3HardenedWinFindAdversaries: 0x3
8029ac.2ff0: \SystemRoot\System32\drivers\SysPlant.sys:
8129ac.2ff0: CreationTime: 2018-06-21T22:54:45.387467300Z
8229ac.2ff0: LastWriteTime: 2018-06-21T22:54:45.387467300Z
8329ac.2ff0: ChangeTime: 2018-06-21T22:54:45.387467300Z
8429ac.2ff0: FileAttributes: 0x20
8529ac.2ff0: Size: 0x30548
8629ac.2ff0: NT Headers: 0xf0
8729ac.2ff0: Timestamp: 0x5a1adc8a
8829ac.2ff0: Machine: 0x8664 - amd64
8929ac.2ff0: Timestamp: 0x5a1adc8a
9029ac.2ff0: Image Version: 5.0
9129ac.2ff0: SizeOfImage: 0x31000 (200704)
9229ac.2ff0: Resource Dir: 0x2f000 LB 0x49c
9329ac.2ff0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
9429ac.2ff0: [Raw version resource data: 0x2f0b8 LB 0x3e4, codepage 0x4e4 (reserved 0x0)]
9529ac.2ff0: ProductName: Symantec CMC Firewall
9629ac.2ff0: ProductVersion: 14.0.3856.1100
9729ac.2ff0: FileVersion: 14.0.3856.1100
9829ac.2ff0: FileDescription: Symantec CMC Firewall SysPlant
9929ac.2ff0: \SystemRoot\System32\sysfer.dll:
10029ac.2ff0: CreationTime: 2018-06-21T22:54:45.371840800Z
10129ac.2ff0: LastWriteTime: 2018-06-21T22:54:45.371840800Z
10229ac.2ff0: ChangeTime: 2018-06-21T22:59:33.688341600Z
10329ac.2ff0: FileAttributes: 0x20
10429ac.2ff0: Size: 0x7cee8
10529ac.2ff0: NT Headers: 0xf8
10629ac.2ff0: Timestamp: 0x5a1adc96
10729ac.2ff0: Machine: 0x8664 - amd64
10829ac.2ff0: Timestamp: 0x5a1adc96
10929ac.2ff0: Image Version: 0.0
11029ac.2ff0: SizeOfImage: 0x95000 (610304)
11129ac.2ff0: Resource Dir: 0x91000 LB 0x490
11229ac.2ff0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
11329ac.2ff0: [Raw version resource data: 0x910b8 LB 0x3d8, codepage 0x4e4 (reserved 0x0)]
11429ac.2ff0: ProductName: Symantec CMC Firewall
11529ac.2ff0: ProductVersion: 14.0.3856.1100
11629ac.2ff0: FileVersion: 14.0.3856.1100
11729ac.2ff0: FileDescription: Symantec CMC Firewall sysfer
11829ac.2ff0: \SystemRoot\System32\drivers\symevent64x86.sys:
11929ac.2ff0: CreationTime: 2018-06-21T22:56:51.936529500Z
12029ac.2ff0: LastWriteTime: 2018-06-21T22:56:51.514650400Z
12129ac.2ff0: ChangeTime: 2018-06-21T22:56:51.514650400Z
12229ac.2ff0: FileAttributes: 0x20
12329ac.2ff0: Size: 0x19098
12429ac.2ff0: NT Headers: 0xe0
12529ac.2ff0: Timestamp: 0x59fcb42b
12629ac.2ff0: Machine: 0x8664 - amd64
12729ac.2ff0: Timestamp: 0x59fcb42b
12829ac.2ff0: Image Version: 6.2
12929ac.2ff0: SizeOfImage: 0x23000 (143360)
13029ac.2ff0: Resource Dir: 0x21000 LB 0x3c8
13129ac.2ff0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
13229ac.2ff0: [Raw version resource data: 0x210b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
13329ac.2ff0: ProductName: SYMEVENT
13429ac.2ff0: ProductVersion: 14.0.5.9
13529ac.2ff0: FileVersion: 14.0.5.9
13629ac.2ff0: FileDescription: Symantec Event Library
13729ac.2ff0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
13829ac.2ff0: Calling main()
13929ac.2ff0: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
14029ac.2ff0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
14129ac.2ff0: SUPR3HardenedMain: Respawn #1
14229ac.2ff0: System32: \Device\HarddiskVolume3\Windows\System32
14329ac.2ff0: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
14429ac.2ff0: KnownDllPath: C:\Windows\System32
14529ac.2ff0: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
14629ac.2ff0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
14729ac.2ff0: supR3HardNtEnableThreadCreation:
14829ac.2ff0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8ee299280 pvNtTerminateThread=00007ff8ee2c0d10
14929ac.2ff0: supR3HardenedWinDoReSpawn(1): New child 2144.209c [kernel32].
15029ac.2ff0: supR3HardNtChildGatherData: PebBaseAddress=00000000003ab000 cbPeb=0x388
15129ac.2ff0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff8ee220000 uNtDllChildAddr=00007ff8ee220000
15229ac.2ff0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff8ee299280
15329ac.2ff0: supR3HardenedWinSetupChildInit: Start child.
15429ac.2ff0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
15529ac.2ff0: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 61 sleeps
15629ac.2ff0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
15729ac.2ff0: *0000000000000000-000000000001ffff 0x0001/0x0000 0x0000000
15829ac.2ff0: *0000000000020000-000000000003ffff 0x0004/0x0004 0x0020000
15929ac.2ff0: *0000000000040000-0000000000058fff 0x0002/0x0002 0x0040000
16029ac.2ff0: 0000000000059000-000000000005ffff 0x0001/0x0000 0x0000000
16129ac.2ff0: *0000000000060000-000000000015afff 0x0000/0x0004 0x0020000
16229ac.2ff0: 000000000015b000-000000000015dfff 0x0104/0x0004 0x0020000
16329ac.2ff0: 000000000015e000-000000000015ffff 0x0004/0x0004 0x0020000
16429ac.2ff0: *0000000000160000-0000000000163fff 0x0002/0x0002 0x0040000
16529ac.2ff0: 0000000000164000-000000000016ffff 0x0001/0x0000 0x0000000
16629ac.2ff0: *0000000000170000-0000000000170fff 0x0004/0x0004 0x0020000
16729ac.2ff0: 0000000000171000-00000000001fffff 0x0001/0x0000 0x0000000
16829ac.2ff0: *0000000000200000-00000000003aafff 0x0000/0x0004 0x0020000
16929ac.2ff0: 00000000003ab000-00000000003adfff 0x0004/0x0004 0x0020000
17029ac.2ff0: 00000000003ae000-00000000003fffff 0x0000/0x0004 0x0020000
17129ac.2ff0: 0000000000400000-000000007ffdffff 0x0001/0x0000 0x0000000
17229ac.2ff0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
17329ac.2ff0: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
17429ac.2ff0: 000000007fff0000-00007ff69bf2ffff 0x0001/0x0000 0x0000000
17529ac.2ff0: *00007ff69bf30000-00007ff69bf52fff 0x0002/0x0002 0x0040000
17629ac.2ff0: 00007ff69bf53000-00007ff69cd6ffff 0x0001/0x0000 0x0000000
17729ac.2ff0: *00007ff69cd70000-00007ff69cd70fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
17829ac.2ff0: 00007ff69cd71000-00007ff69cde0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
17929ac.2ff0: 00007ff69cde1000-00007ff69cde1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
18029ac.2ff0: 00007ff69cde2000-00007ff69ce27fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
18129ac.2ff0: 00007ff69ce28000-00007ff69ce28fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
18229ac.2ff0: 00007ff69ce29000-00007ff69ce29fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
18329ac.2ff0: 00007ff69ce2a000-00007ff69ce2efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
18429ac.2ff0: 00007ff69ce2f000-00007ff69ce2ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
18529ac.2ff0: 00007ff69ce30000-00007ff69ce30fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
18629ac.2ff0: 00007ff69ce31000-00007ff69ce34fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
18729ac.2ff0: 00007ff69ce35000-00007ff69ce7cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
18829ac.2ff0: 00007ff69ce7d000-00007ff69ce7ffff 0x0001/0x0000 0x0000000
18929ac.2ff0: *00007ff69ce80000-00007ff69ce80fff 0x0004/0x0004 0x0020000
19029ac.2ff0: 00007ff69ce81000-00007ff8ee21ffff 0x0001/0x0000 0x0000000
19129ac.2ff0: *00007ff8ee220000-00007ff8ee220fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
19229ac.2ff0: 00007ff8ee221000-00007ff8ee332fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
19329ac.2ff0: 00007ff8ee333000-00007ff8ee378fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
19429ac.2ff0: 00007ff8ee379000-00007ff8ee380fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
19529ac.2ff0: 00007ff8ee381000-00007ff8ee38efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
19629ac.2ff0: 00007ff8ee38f000-00007ff8ee38ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
19729ac.2ff0: 00007ff8ee390000-00007ff8ee392fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
19829ac.2ff0: 00007ff8ee393000-00007ff8ee3fffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
19929ac.2ff0: 00007ff8ee400000-00007ffffffdffff 0x0001/0x0000 0x0000000
20029ac.2ff0: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
20129ac.2ff0: VBoxHeadless.exe: timestamp 0x5979cfa2 (rc=VINF_SUCCESS)
20229ac.2ff0: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
20329ac.2ff0: VBoxHeadless.exe: Differences in section #0 (headers) between file and memory:
20429ac.2ff0: 00007ff69cd70162 / 0x0000162: 00 != 11
20529ac.2ff0: 00007ff69cd70164 / 0x0000164: 00 != 14
20629ac.2ff0: Restored 0x400 bytes of original file content at 00007ff69cd70000
20729ac.2ff0: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
20829ac.2ff0: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x3
20929ac.2ff0: supR3HardNtChildPurify: Startup delay kludge #1/1: 518 ms, 61 sleeps
21029ac.2ff0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
21129ac.2ff0: *0000000000000000-000000000001ffff 0x0001/0x0000 0x0000000
21229ac.2ff0: *0000000000020000-000000000003ffff 0x0004/0x0004 0x0020000
21329ac.2ff0: *0000000000040000-0000000000058fff 0x0002/0x0002 0x0040000
21429ac.2ff0: 0000000000059000-000000000005ffff 0x0001/0x0000 0x0000000
21529ac.2ff0: *0000000000060000-000000000015afff 0x0000/0x0004 0x0020000
21629ac.2ff0: 000000000015b000-000000000015dfff 0x0104/0x0004 0x0020000
21729ac.2ff0: 000000000015e000-000000000015ffff 0x0004/0x0004 0x0020000
21829ac.2ff0: *0000000000160000-0000000000163fff 0x0002/0x0002 0x0040000
21929ac.2ff0: 0000000000164000-000000000016ffff 0x0001/0x0000 0x0000000
22029ac.2ff0: *0000000000170000-0000000000170fff 0x0004/0x0004 0x0020000
22129ac.2ff0: 0000000000171000-00000000001fffff 0x0001/0x0000 0x0000000
22229ac.2ff0: *0000000000200000-00000000003aafff 0x0000/0x0004 0x0020000
22329ac.2ff0: 00000000003ab000-00000000003adfff 0x0004/0x0004 0x0020000
22429ac.2ff0: 00000000003ae000-00000000003fffff 0x0000/0x0004 0x0020000
22529ac.2ff0: 0000000000400000-000000007ffdffff 0x0001/0x0000 0x0000000
22629ac.2ff0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
22729ac.2ff0: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
22829ac.2ff0: 000000007fff0000-00007ff69bf2ffff 0x0001/0x0000 0x0000000
22929ac.2ff0: *00007ff69bf30000-00007ff69bf52fff 0x0002/0x0002 0x0040000
23029ac.2ff0: 00007ff69bf53000-00007ff69cd6ffff 0x0001/0x0000 0x0000000
23129ac.2ff0: *00007ff69cd70000-00007ff69cd70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
23229ac.2ff0: 00007ff69cd71000-00007ff69cde0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
23329ac.2ff0: 00007ff69cde1000-00007ff69cde1fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
23429ac.2ff0: 00007ff69cde2000-00007ff69ce27fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
23529ac.2ff0: 00007ff69ce28000-00007ff69ce34fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
23629ac.2ff0: 00007ff69ce35000-00007ff69ce7cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
23729ac.2ff0: 00007ff69ce7d000-00007ff69ce7ffff 0x0001/0x0000 0x0000000
23829ac.2ff0: *00007ff69ce80000-00007ff69ce80fff 0x0004/0x0004 0x0020000
23929ac.2ff0: 00007ff69ce81000-00007ff8ee21ffff 0x0001/0x0000 0x0000000
24029ac.2ff0: *00007ff8ee220000-00007ff8ee220fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
24129ac.2ff0: 00007ff8ee221000-00007ff8ee332fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
24229ac.2ff0: 00007ff8ee333000-00007ff8ee378fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
24329ac.2ff0: 00007ff8ee379000-00007ff8ee37cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
24429ac.2ff0: 00007ff8ee37d000-00007ff8ee380fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
24529ac.2ff0: 00007ff8ee381000-00007ff8ee38efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
24629ac.2ff0: 00007ff8ee38f000-00007ff8ee38ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
24729ac.2ff0: 00007ff8ee390000-00007ff8ee392fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
24829ac.2ff0: 00007ff8ee393000-00007ff8ee3fffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
24929ac.2ff0: 00007ff8ee400000-00007ffffffdffff 0x0001/0x0000 0x0000000
25029ac.2ff0: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000
25129ac.2ff0: supR3HardNtChildPurify: Done after 1122 ms and 1 fixes (loop #1).
25229ac.2ff0: supR3HardNtEnableThreadCreation:
2532144.209c: Log file opened: 5.1.26r117224 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa03fab00
2542144.209c: supR3HardenedVmProcessInit: uNtDllAddr=00007ff8ee220000 g_uNtVerCombined=0xa03fab00
2552144.209c: ntdll.dll: timestamp 0xd826f10d (rc=VINF_SUCCESS)
2562144.209c: New simple heap: #1 0000000000500000 LB 0x400000 (for 1966080 allocation)
2572144.209c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
2582144.209c: System32: \Device\HarddiskVolume3\Windows\System32
2592144.209c: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS
2602144.209c: KnownDllPath: C:\Windows\System32
2612144.209c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2622144.209c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2632144.209c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2642144.209c: Registered Dll notification callback with NTDLL.
2652144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
2662144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
2672144.209c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
2682144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ea990000 LB 0x00266000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0]
2692144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
2702144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
2712144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ee0e0000 LB 0x000ae000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0]
2722144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2732144.209c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ee0e0000 'C:\Windows\System32\KERNEL32.DLL'
2742144.209c: supR3HardenedDllNotificationCallback: load 00007ff69cd70000 LB 0x0010d000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0]
2752144.209c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
2762144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
2772144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe
2782144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
2792144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
2802144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'dnsapi.dll'.
2812144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll)
2822144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll
2832144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dnsapi.dll'...
2842144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dnsapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dnsapi.dll' [rcNtRedir=0xc0150008]
2852144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'ws2_32.dll'.
2862144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'.
2872144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dnsapi.dll)
2882144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dnsapi.dll
2892144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2902144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2912144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2922144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #73 'user32.dll'.
2932144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'gdi32.dll'.
2942144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll)
2952144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
2962144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2972144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2982144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2992144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
3002144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
3012144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
3022144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
3032144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3042144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3052144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
3062144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
3072144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
3082144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
3092144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
3102144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
3112144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
3122144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3132144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3142144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
3152144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
3162144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3172144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3182144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
3192144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
3202144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3212144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3222144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
3232144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
3242144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
3252144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
3262144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3272144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3282144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
3292144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
3302144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
3312144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
3322144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
3332144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3342144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3352144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
3362144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll)
3372144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
3382144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3392144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3402144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
3412144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3422144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3432144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
3442144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
3452144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
3462144.209c: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports
3472144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll)
3482144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll
3492144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3502144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3512144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
3522144.209c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\QIPCAP64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
3532144.209c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust]
3542144.209c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [lacks WinVerifyTrust]
3552144.209c: supR3HardenedDllNotificationCallback: load 00007ff8eb6f0000 LB 0x0009d000 C:\Windows\System32\msvcrt.dll [fFlags=0x0]
3562144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
3572144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ec1f0000 LB 0x0011f000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0]
3582144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
3592144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ee190000 LB 0x0005b000 C:\Windows\System32\sechost.dll [fFlags=0x0]
3602144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
3612144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ebcc0000 LB 0x000a1000 C:\Windows\System32\ADVAPI32.dll [fFlags=0x0]
3622144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
3632144.209c: supR3HardenedDllNotificationCallback: load 00007ff8eb5f0000 LB 0x000f6000 C:\Windows\System32\ucrtbase.dll [fFlags=0x0]
3642144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll)
3652144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll
3662144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ea8c0000 LB 0x0004a000 C:\Windows\System32\cfgmgr32.dll [fFlags=0x0]
3672144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
3682144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
3692144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ea910000 LB 0x00072000 C:\Windows\System32\bcryptPrimitives.dll [fFlags=0x0]
3702144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
3712144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
3722144.209c: supR3HardenedDllNotificationCallback: load 00007ff8eb9b0000 LB 0x00308000 C:\Windows\System32\combase.dll [fFlags=0x0]
3732144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
3742144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'.
3752144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll)
3762144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll
3772144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ebd70000 LB 0x000a6000 C:\Windows\System32\shcore.dll [fFlags=0x0]
3782144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3792144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'rpcrt4.dll'.
3802144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'.
3812144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll)
3822144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll
3832144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ea680000 LB 0x0009b000 C:\Windows\System32\msvcp_win.dll [fFlags=0x0]
3842144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll)
3852144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll
3862144.209c: supR3HardenedDllNotificationCallback: load 00007ff8eb350000 LB 0x00020000 C:\Windows\System32\win32u.dll [fFlags=0x0]
3872144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
3882144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ebff0000 LB 0x0018f000 C:\Windows\System32\USER32.dll [fFlags=0x0]
3892144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
3902144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ea720000 LB 0x00193000 C:\Windows\System32\gdi32full.dll [fFlags=0x0]
3912144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
3922144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'.
3932144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'.
3942144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'.
3952144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll)
3962144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll
3972144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ec810000 LB 0x00028000 C:\Windows\System32\GDI32.dll [fFlags=0x0]
3982144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
3992144.209c: supR3HardenedDllNotificationCallback: load 00007ff8eb930000 LB 0x00051000 C:\Windows\System32\shlwapi.dll [fFlags=0x0]
4002144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
4012144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'gdi32.dll'.
4022144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'user32.dll'.
4032144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
4042144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
4052144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ea600000 LB 0x00011000 C:\Windows\System32\kernel.appcore.dll [fFlags=0x0]
4062144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
4072144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'.
4082144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll)
4092144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll
4102144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ea570000 LB 0x0004c000 C:\Windows\System32\powrprof.dll [fFlags=0x0]
4112144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'.
4122144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll)
4132144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
4142144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ea5c0000 LB 0x0001b000 C:\Windows\System32\profapi.dll [fFlags=0x0]
4152144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
4162144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
4172144.209c: supR3HardenedDllNotificationCallback: load 00007ff8eac00000 LB 0x00747000 C:\Windows\System32\windows.storage.dll [fFlags=0x0]
4182144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4192144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
4202144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'combase.dll'.
4212144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'profapi.dll'.
4222144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll)
4232144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll
4242144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ecb30000 LB 0x01438000 C:\Windows\System32\SHELL32.dll [fFlags=0x0]
4252144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust]
4262144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ec180000 LB 0x0006c000 C:\Windows\System32\WS2_32.dll [fFlags=0x0]
4272144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll [lacks WinVerifyTrust]
4282144.209c: supR3HardenedDllNotificationCallback: load 00007ff8eb8a0000 LB 0x00008000 C:\Windows\System32\NSI.dll [fFlags=0x0]
4292144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust]
4302144.209c: supR3HardenedDllNotificationCallback: load 00007ff8e9be0000 LB 0x000b6000 C:\Windows\SYSTEM32\DNSAPI.dll [fFlags=0x0]
4312144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [lacks WinVerifyTrust]
4322144.209c: supR3HardenedDllNotificationCallback: load 0000000068000000 LB 0x00058000 C:\Windows\System32\QIPCAP64.dll [fFlags=0x0]
4332144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust]
4342144.209c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
4352144.209c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4362144.209c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ea990000 'api-ms-win-core-synch-l1-2-0'
4372144.209c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
4382144.209c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4392144.209c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ea990000 'api-ms-win-core-fibers-l1-1-1'
4402144.209c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1
4412144.209c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4422144.209c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ea990000 'api-ms-win-core-fibers-l1-1-1'
4432144.209c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1
4442144.209c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4452144.209c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ea990000 'api-ms-win-core-synch-l1-2-0'
4462144.209c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1
4472144.209c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
4482144.209c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ea990000 'api-ms-win-core-localization-l1-2-1'
4492144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4502144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
4512144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
4522144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
4532144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
4542144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
4552144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
4562144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4572144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4582144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4592144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4602144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4612144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4622144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4632144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4642144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4652144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4662144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4672144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4682144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4692144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4702144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4712144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
4722144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
4732144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
4742144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
4752144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
4762144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
4772144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4782144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4792144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4802144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
4812144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
4822144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
4832144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
4842144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
4852144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
4862144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
4872144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
4882144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
4892144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
4902144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
4912144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust]
4922144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
4932144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
4942144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust]
4952144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4962144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4972144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4982144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4992144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5002144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5012144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
5022144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
5032144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5042144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5052144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5062144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5072144.209c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5082144.209c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ee0e0000 'C:\Windows\System32\kernel32.dll'
5092144.209c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1
5102144.209c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5112144.209c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ea990000 'api-ms-win-core-string-l1-1-0'
5122144.209c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1
5132144.209c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5142144.209c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ea990000 'api-ms-win-core-datetime-l1-1-1'
5152144.209c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1
5162144.209c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
5172144.209c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ea990000 'api-ms-win-core-localization-obsolete-l1-2-0'
5182144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
5192144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'.
5202144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
5212144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
5222144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
5232144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
5242144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust]
5252144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
5262144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
5272144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
5282144.209c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
5292144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ec7e0000 LB 0x0002d000 C:\Windows\System32\IMM32.DLL [fFlags=0x0]
5302144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
5312144.209c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ec7e0000 'C:\Windows\system32\IMM32.DLL'
5322144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL)
5332144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
5342144.209c: supR3HardenedDllNotificationCallback: load 00007ff8e9b90000 LB 0x00039000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
5352144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL [lacks WinVerifyTrust]
5362144.209c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000068000000 'C:\Windows\System32\QIPCAP64.dll'
5372144.209c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8ee299280 pvNtTerminateThread=00007ff8ee2c0d10
53829ac.2ff0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 928 ms.
5392144.209c: \SystemRoot\System32\ntdll.dll:
5402144.209c: CreationTime: 2018-05-10T07:45:29.694271000Z
5412144.209c: LastWriteTime: 2018-04-15T21:49:20.567835100Z
5422144.209c: ChangeTime: 2018-06-22T11:23:52.548022800Z
5432144.209c: FileAttributes: 0x20
5442144.209c: Size: 0x1dd108
5452144.209c: NT Headers: 0xe0
5462144.209c: Timestamp: 0xd826f10d
5472144.209c: Machine: 0x8664 - amd64
5482144.209c: Timestamp: 0xd826f10d
5492144.209c: Image Version: 10.0
5502144.209c: SizeOfImage: 0x1e0000 (1966080)
5512144.209c: Resource Dir: 0x174000 LB 0x6a1d8
5522144.209c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
5532144.209c: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
5542144.209c: ProductName: Microsoft® Windows® Operating System
5552144.209c: ProductVersion: 10.0.16299.402
5562144.209c: FileVersion: 10.0.16299.402 (WinBuild.160101.0800)
5572144.209c: FileDescription: NT Layer DLL
5582144.209c: \SystemRoot\System32\kernel32.dll:
5592144.209c: CreationTime: 2018-05-10T07:44:14.069270500Z
5602144.209c: LastWriteTime: 2018-05-03T07:43:30.892187700Z
5612144.209c: ChangeTime: 2018-06-21T21:58:10.715332800Z
5622144.209c: FileAttributes: 0x20
5632144.209c: Size: 0xab868
5642144.209c: NT Headers: 0xe8
5652144.209c: Timestamp: 0x309fae94
5662144.209c: Machine: 0x8664 - amd64
5672144.209c: Timestamp: 0x309fae94
5682144.209c: Image Version: 10.0
5692144.209c: SizeOfImage: 0xae000 (712704)
5702144.209c: Resource Dir: 0xac000 LB 0x520
5712144.209c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5722144.209c: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
5732144.209c: ProductName: Microsoft® Windows® Operating System
5742144.209c: ProductVersion: 10.0.16299.431
5752144.209c: FileVersion: 10.0.16299.431 (WinBuild.160101.0800)
5762144.209c: FileDescription: Windows NT BASE API Client DLL
5772144.209c: \SystemRoot\System32\KernelBase.dll:
5782144.209c: CreationTime: 2018-05-10T07:44:26.866145400Z
5792144.209c: LastWriteTime: 2018-04-15T21:51:08.343639800Z
5802144.209c: ChangeTime: 2018-06-21T21:58:12.211789800Z
5812144.209c: FileAttributes: 0x20
5822144.209c: Size: 0x265c00
5832144.209c: NT Headers: 0xf0
5842144.209c: Timestamp: 0xde35406a
5852144.209c: Machine: 0x8664 - amd64
5862144.209c: Timestamp: 0xde35406a
5872144.209c: Image Version: 10.0
5882144.209c: SizeOfImage: 0x266000 (2514944)
5892144.209c: Resource Dir: 0x245000 LB 0x548
5902144.209c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5912144.209c: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
5922144.209c: ProductName: Microsoft® Windows® Operating System
5932144.209c: ProductVersion: 10.0.16299.402
5942144.209c: FileVersion: 10.0.16299.402 (WinBuild.160101.0800)
5952144.209c: FileDescription: Windows NT BASE API Client DLL
5962144.209c: \SystemRoot\System32\apisetschema.dll:
5972144.209c: CreationTime: 2017-09-29T13:42:07.095026600Z
5982144.209c: LastWriteTime: 2017-09-29T13:42:07.095026600Z
5992144.209c: ChangeTime: 2018-06-22T11:23:22.046763700Z
6002144.209c: FileAttributes: 0x20
6012144.209c: Size: 0x1b398
6022144.209c: NT Headers: 0xc8
6032144.209c: Timestamp: 0xf30abf31
6042144.209c: Machine: 0x8664 - amd64
6052144.209c: Timestamp: 0xf30abf31
6062144.209c: Image Version: 10.0
6072144.209c: SizeOfImage: 0x1c000 (114688)
6082144.209c: Resource Dir: 0x1b000 LB 0x408
6092144.209c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6102144.209c: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
6112144.209c: ProductName: Microsoft® Windows® Operating System
6122144.209c: ProductVersion: 10.0.16299.15
6132144.209c: FileVersion: 10.0.16299.15 (WinBuild.160101.0800)
6142144.209c: FileDescription: ApiSet Schema DLL
6152144.209c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
6162144.209c: supR3HardenedWinFindAdversaries: 0x3
6172144.209c: \SystemRoot\System32\drivers\SysPlant.sys:
6182144.209c: CreationTime: 2018-06-21T22:54:45.387467300Z
6192144.209c: LastWriteTime: 2018-06-21T22:54:45.387467300Z
6202144.209c: ChangeTime: 2018-06-21T22:54:45.387467300Z
6212144.209c: FileAttributes: 0x20
6222144.209c: Size: 0x30548
6232144.209c: NT Headers: 0xf0
6242144.209c: Timestamp: 0x5a1adc8a
6252144.209c: Machine: 0x8664 - amd64
6262144.209c: Timestamp: 0x5a1adc8a
6272144.209c: Image Version: 5.0
6282144.209c: SizeOfImage: 0x31000 (200704)
6292144.209c: Resource Dir: 0x2f000 LB 0x49c
6302144.209c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6312144.209c: [Raw version resource data: 0x2f0b8 LB 0x3e4, codepage 0x4e4 (reserved 0x0)]
6322144.209c: ProductName: Symantec CMC Firewall
6332144.209c: ProductVersion: 14.0.3856.1100
6342144.209c: FileVersion: 14.0.3856.1100
6352144.209c: FileDescription: Symantec CMC Firewall SysPlant
6362144.209c: \SystemRoot\System32\sysfer.dll:
6372144.209c: CreationTime: 2018-06-21T22:54:45.371840800Z
6382144.209c: LastWriteTime: 2018-06-21T22:54:45.371840800Z
6392144.209c: ChangeTime: 2018-06-21T22:59:33.688341600Z
6402144.209c: FileAttributes: 0x20
6412144.209c: Size: 0x7cee8
6422144.209c: NT Headers: 0xf8
6432144.209c: Timestamp: 0x5a1adc96
6442144.209c: Machine: 0x8664 - amd64
6452144.209c: Timestamp: 0x5a1adc96
6462144.209c: Image Version: 0.0
6472144.209c: SizeOfImage: 0x95000 (610304)
6482144.209c: Resource Dir: 0x91000 LB 0x490
6492144.209c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6502144.209c: [Raw version resource data: 0x910b8 LB 0x3d8, codepage 0x4e4 (reserved 0x0)]
6512144.209c: ProductName: Symantec CMC Firewall
6522144.209c: ProductVersion: 14.0.3856.1100
6532144.209c: FileVersion: 14.0.3856.1100
6542144.209c: FileDescription: Symantec CMC Firewall sysfer
6552144.209c: \SystemRoot\System32\drivers\symevent64x86.sys:
6562144.209c: CreationTime: 2018-06-21T22:56:51.936529500Z
6572144.209c: LastWriteTime: 2018-06-21T22:56:51.514650400Z
6582144.209c: ChangeTime: 2018-06-21T22:56:51.514650400Z
6592144.209c: FileAttributes: 0x20
6602144.209c: Size: 0x19098
6612144.209c: NT Headers: 0xe0
6622144.209c: Timestamp: 0x59fcb42b
6632144.209c: Machine: 0x8664 - amd64
6642144.209c: Timestamp: 0x59fcb42b
6652144.209c: Image Version: 6.2
6662144.209c: SizeOfImage: 0x23000 (143360)
6672144.209c: Resource Dir: 0x21000 LB 0x3c8
6682144.209c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6692144.209c: [Raw version resource data: 0x210b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
6702144.209c: ProductName: SYMEVENT
6712144.209c: ProductVersion: 14.0.5.9
6722144.209c: FileVersion: 14.0.5.9
6732144.209c: FileDescription: Symantec Event Library
6742144.209c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
6752144.209c: Calling main()
6762144.209c: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0
6772144.209c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
6782144.209c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports
6792144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe)
6802144.209c: SUPR3HardenedMain: Respawn #2
6812144.209c: Error (rc=-5640):
6822144.209c: More than one thread in process
6832144.209c: Error -5640 in supR3HardenedWinReSpawn! (enmWhat=1)
6842144.209c: More than one thread in process
68529ac.2ff0: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 15 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy