VirtualBox

Ticket #18412: VBoxHardening.log

File VBoxHardening.log, 44.1 KB (added by kiko, 6 years ago)

VBoxHardening Log File

Line 
115280.15284: Log file opened: 6.0.4r128413 g_hStartupLog=0000000000000208 g_uNtVerCombined=0xa042ee00
215280.15284: \SystemRoot\System32\ntdll.dll:
315280.15284: CreationTime: 2018-12-13T16:50:55.558770800Z
415280.15284: LastWriteTime: 2018-12-08T08:04:53.786979100Z
515280.15284: ChangeTime: 2019-01-11T14:39:01.932916100Z
615280.15284: FileAttributes: 0x20
715280.15284: Size: 0x1da720
815280.15284: NT Headers: 0xe8
915280.15284: Timestamp: 0x7e614c22
1015280.15284: Machine: 0x8664 - amd64
1115280.15284: Timestamp: 0x7e614c22
1215280.15284: Image Version: 10.0
1315280.15284: SizeOfImage: 0x1e1000 (1970176)
1415280.15284: Resource Dir: 0x174000 LB 0x6b3e8
1515280.15284: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1615280.15284: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1715280.15284: ProductName: Microsoft® Windows® Operating System
1815280.15284: ProductVersion: 10.0.17134.471
1915280.15284: FileVersion: 10.0.17134.471 (WinBuild.160101.0800)
2015280.15284: FileDescription: NT Layer DLL
2115280.15284: \SystemRoot\System32\kernel32.dll:
2215280.15284: CreationTime: 2018-04-11T23:34:40.510607900Z
2315280.15284: LastWriteTime: 2018-04-11T23:34:40.510607900Z
2415280.15284: ChangeTime: 2018-10-16T17:49:54.581213500Z
2515280.15284: FileAttributes: 0x20
2615280.15284: Size: 0xafef8
2715280.15284: NT Headers: 0xe8
2815280.15284: Timestamp: 0x5f488a51
2915280.15284: Machine: 0x8664 - amd64
3015280.15284: Timestamp: 0x5f488a51
3115280.15284: Image Version: 10.0
3215280.15284: SizeOfImage: 0xb2000 (729088)
3315280.15284: Resource Dir: 0xb0000 LB 0x520
3415280.15284: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3515280.15284: [Raw version resource data: 0xb00b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3615280.15284: ProductName: Microsoft® Windows® Operating System
3715280.15284: ProductVersion: 10.0.17134.1
3815280.15284: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
3915280.15284: FileDescription: Windows NT BASE API Client DLL
4015280.15284: \SystemRoot\System32\KernelBase.dll:
4115280.15284: CreationTime: 2018-12-13T16:50:58.523003700Z
4215280.15284: LastWriteTime: 2018-11-09T02:47:52.285920600Z
4315280.15284: ChangeTime: 2019-01-11T14:39:01.892821900Z
4415280.15284: FileAttributes: 0x20
4515280.15284: Size: 0x273b78
4615280.15284: NT Headers: 0xf0
4715280.15284: Timestamp: 0x428de48c
4815280.15284: Machine: 0x8664 - amd64
4915280.15284: Timestamp: 0x428de48c
5015280.15284: Image Version: 10.0
5115280.15284: SizeOfImage: 0x273000 (2568192)
5215280.15284: Resource Dir: 0x251000 LB 0x548
5315280.15284: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5415280.15284: [Raw version resource data: 0x2510b0 LB 0x3bc, codepage 0x0 (reserved 0x0)]
5515280.15284: ProductName: Microsoft® Windows® Operating System
5615280.15284: ProductVersion: 10.0.17134.441
5715280.15284: FileVersion: 10.0.17134.441 (WinBuild.160101.0800)
5815280.15284: FileDescription: Windows NT BASE API Client DLL
5915280.15284: \SystemRoot\System32\apisetschema.dll:
6015280.15284: CreationTime: 2018-04-11T23:34:44.042150700Z
6115280.15284: LastWriteTime: 2018-04-11T23:34:44.042150700Z
6215280.15284: ChangeTime: 2018-10-17T03:33:33.166637900Z
6315280.15284: FileAttributes: 0x20
6415280.15284: Size: 0x1bd98
6515280.15284: NT Headers: 0xd0
6615280.15284: Timestamp: 0xd02ff418
6715280.15284: Machine: 0x8664 - amd64
6815280.15284: Timestamp: 0xd02ff418
6915280.15284: Image Version: 10.0
7015280.15284: SizeOfImage: 0x1c000 (114688)
7115280.15284: Resource Dir: 0x1b000 LB 0x408
7215280.15284: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7315280.15284: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)]
7415280.15284: ProductName: Microsoft® Windows® Operating System
7515280.15284: ProductVersion: 10.0.17134.1
7615280.15284: FileVersion: 10.0.17134.1 (WinBuild.160101.0800)
7715280.15284: FileDescription: ApiSet Schema DLL
7815280.15284: Found driver SysPlant (0x1)
7915280.15284: Found driver SymNetS (0x2)
8015280.15284: Found driver SRTSPX (0x2)
8115280.15284: Found driver SymEvent (0x2)
8215280.15284: Found driver SymIRON (0x2)
8315280.15284: supR3HardenedWinFindAdversaries: 0x20003
8415280.15284: \SystemRoot\System32\drivers\SysPlant.sys:
8515280.15284: CreationTime: 2018-08-28T09:15:42.319332800Z
8615280.15284: LastWriteTime: 2018-08-28T09:15:42.334959000Z
8715280.15284: ChangeTime: 2018-10-17T03:49:29.414925900Z
8815280.15284: FileAttributes: 0x20
8915280.15284: Size: 0x30548
9015280.15284: NT Headers: 0xf0
9115280.15284: Timestamp: 0x5a1adc8a
9215280.15284: Machine: 0x8664 - amd64
9315280.15284: Timestamp: 0x5a1adc8a
9415280.15284: Image Version: 5.0
9515280.15284: SizeOfImage: 0x31000 (200704)
9615280.15284: Resource Dir: 0x2f000 LB 0x49c
9715280.15284: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
9815280.15284: [Raw version resource data: 0x2f0b8 LB 0x3e4, codepage 0x4e4 (reserved 0x0)]
9915280.15284: ProductName: Symantec CMC Firewall
10015280.15284: ProductVersion: 14.0.3856.1100
10115280.15284: FileVersion: 14.0.3856.1100
10215280.15284: FileDescription: Symantec CMC Firewall SysPlant
10315280.15284: \SystemRoot\System32\sysfer.dll:
10415280.15284: CreationTime: 2018-08-28T09:15:42.303705500Z
10515280.15284: LastWriteTime: 2018-08-28T09:15:42.319332800Z
10615280.15284: ChangeTime: 2018-10-17T03:49:29.383683100Z
10715280.15284: FileAttributes: 0x20
10815280.15284: Size: 0x7cee8
10915280.15284: NT Headers: 0xf8
11015280.15284: Timestamp: 0x5a1adc96
11115280.15284: Machine: 0x8664 - amd64
11215280.15284: Timestamp: 0x5a1adc96
11315280.15284: Image Version: 0.0
11415280.15284: SizeOfImage: 0x95000 (610304)
11515280.15284: Resource Dir: 0x91000 LB 0x490
11615280.15284: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
11715280.15284: [Raw version resource data: 0x910b8 LB 0x3d8, codepage 0x4e4 (reserved 0x0)]
11815280.15284: ProductName: Symantec CMC Firewall
11915280.15284: ProductVersion: 14.0.3856.1100
12015280.15284: FileVersion: 14.0.3856.1100
12115280.15284: FileDescription: Symantec CMC Firewall sysfer
12215280.15284: \SystemRoot\System32\drivers\symevent64x86.sys:
12315280.15284: CreationTime: 2018-08-28T09:17:30.775623300Z
12415280.15284: LastWriteTime: 2018-08-28T09:17:30.728705100Z
12515280.15284: ChangeTime: 2018-10-17T03:49:29.414925900Z
12615280.15284: FileAttributes: 0x20
12715280.15284: Size: 0x19098
12815280.15284: NT Headers: 0xe0
12915280.15284: Timestamp: 0x59fcb42b
13015280.15284: Machine: 0x8664 - amd64
13115280.15284: Timestamp: 0x59fcb42b
13215280.15284: Image Version: 6.2
13315280.15284: SizeOfImage: 0x23000 (143360)
13415280.15284: Resource Dir: 0x21000 LB 0x3c8
13515280.15284: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
13615280.15284: [Raw version resource data: 0x210b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
13715280.15284: ProductName: SYMEVENT
13815280.15284: ProductVersion: 14.0.5.9
13915280.15284: FileVersion: 14.0.5.9
14015280.15284: FileDescription: Symantec Event Library
14115280.15284: \SystemRoot\System32\drivers\PGDriver.sys:
14215280.15284: CreationTime: 2018-08-28T09:20:10.777418200Z
14315280.15284: LastWriteTime: 2018-04-26T14:49:56.000000000Z
14415280.15284: ChangeTime: 2019-01-30T09:26:41.156203900Z
14515280.15284: FileAttributes: 0x20
14615280.15284: Size: 0xf9f8
14715280.15284: NT Headers: 0xf0
14815280.15284: Timestamp: 0x5a99601a
14915280.15284: Machine: 0x8664 - amd64
15015280.15284: Timestamp: 0x5a99601a
15115280.15284: Image Version: 10.0
15215280.15284: SizeOfImage: 0x11000 (69632)
15315280.15284: Resource Dir: 0xf000 LB 0xec0
15415280.15284: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
15515280.15284: [Raw version resource data: 0xfaf0 LB 0x3cc, codepage 0x0 (reserved 0x0)]
15615280.15284: ProductName: Avecto Defendpoint
15715280.15284: ProductVersion: 2018.03.02.1
15815280.15284: FileVersion: 2018.03.02.1
15915280.15284: SpecialBuild: D
16015280.15284: FileDescription: Defendpoint Driver
16115280.15284: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
16215280.15284: Calling main()
16315280.15284: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
16415280.15284: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
16515280.15284: SUPR3HardenedMain: Respawn #1
16615280.15284: System32: \Device\HarddiskVolume4\Windows\System32
16715280.15284: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
16815280.15284: KnownDllPath: C:\WINDOWS\System32
16915280.15284: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
17015280.15284: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
17115280.15284: supR3HardNtEnableThreadCreation:
17215280.15284: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd04174f90 pvNtTerminateThread=00007ffd0419b3f0
17315280.15284: supR3HardenedWinDoReSpawn(1): New child 152b8.152bc [kernel32].
17415280.15284: supR3HardNtChildGatherData: PebBaseAddress=00000000007c3000 cbPeb=0x388
17515280.15284: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffd04100000 uNtDllChildAddr=00007ffd04100000
17615280.15284: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffd04174f90
17715280.15284: supR3HardenedWinSetupChildInit: Start child.
17815280.15284: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
17915280.15284: supR3HardNtChildPurify: Startup delay kludge #1/0: 519 ms, 59 sleeps
18015280.15284: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
18115280.15284: *0000000000000000-000000000051ffff 0x0001/0x0000 0x0000000
18215280.15284: *0000000000520000-000000000053ffff 0x0004/0x0004 0x0020000
18315280.15284: *0000000000540000-0000000000558fff 0x0002/0x0002 0x0040000
18415280.15284: 0000000000559000-000000000055ffff 0x0001/0x0000 0x0000000
18515280.15284: *0000000000560000-0000000000563fff 0x0002/0x0002 0x0040000
18615280.15284: 0000000000564000-000000000056ffff 0x0001/0x0000 0x0000000
18715280.15284: *0000000000570000-0000000000570fff 0x0004/0x0004 0x0020000
18815280.15284: 0000000000571000-000000000057ffff 0x0001/0x0000 0x0000000
18915280.15284: *0000000000580000-0000000000580fff 0x0004/0x0004 0x0020000
19015280.15284: 0000000000581000-00000000005fffff 0x0001/0x0000 0x0000000
19115280.15284: *0000000000600000-00000000007c2fff 0x0000/0x0004 0x0020000
19215280.15284: 00000000007c3000-00000000007c5fff 0x0004/0x0004 0x0020000
19315280.15284: 00000000007c6000-00000000007fffff 0x0000/0x0004 0x0020000
19415280.15284: *0000000000800000-00000000008fafff 0x0000/0x0004 0x0020000
19515280.15284: 00000000008fb000-00000000008fdfff 0x0104/0x0004 0x0020000
19615280.15284: 00000000008fe000-00000000008fffff 0x0004/0x0004 0x0020000
19715280.15284: 0000000000900000-000000007ffdffff 0x0001/0x0000 0x0000000
19815280.15284: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
19915280.15284: 000000007ffe1000-00007ff59b83ffff 0x0001/0x0000 0x0000000
20015280.15284: *00007ff59b840000-00007ff59b862fff 0x0002/0x0002 0x0040000
20115280.15284: 00007ff59b863000-00007ff6043bffff 0x0001/0x0000 0x0000000
20215280.15284: *00007ff6043c0000-00007ff6043c0fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
20315280.15284: 00007ff6043c1000-00007ff604433fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
20415280.15284: 00007ff604434000-00007ff604434fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
20515280.15284: 00007ff604435000-00007ff60447bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
20615280.15284: 00007ff60447c000-00007ff60447cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
20715280.15284: 00007ff60447d000-00007ff60447dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
20815280.15284: 00007ff60447e000-00007ff604482fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
20915280.15284: 00007ff604483000-00007ff604483fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
21015280.15284: 00007ff604484000-00007ff604484fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
21115280.15284: 00007ff604485000-00007ff604488fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
21215280.15284: 00007ff604489000-00007ff6044d1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
21315280.15284: 00007ff6044d2000-00007ff6044dffff 0x0001/0x0000 0x0000000
21415280.15284: *00007ff6044e0000-00007ff6044e0fff 0x0004/0x0004 0x0020000
21515280.15284: 00007ff6044e1000-00007ffd040fffff 0x0001/0x0000 0x0000000
21615280.15284: *00007ffd04100000-00007ffd04100fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
21715280.15284: 00007ffd04101000-00007ffd0420ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
21815280.15284: 00007ffd04210000-00007ffd04255fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
21915280.15284: 00007ffd04256000-00007ffd0425bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
22015280.15284: 00007ffd0425c000-00007ffd0425cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
22115280.15284: 00007ffd0425d000-00007ffd04260fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
22215280.15284: 00007ffd04261000-00007ffd0426efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
22315280.15284: 00007ffd0426f000-00007ffd0426ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
22415280.15284: 00007ffd04270000-00007ffd04272fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
22515280.15284: 00007ffd04273000-00007ffd042e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
22615280.15284: 00007ffd042e1000-00007ffffffeffff 0x0001/0x0000 0x0000000
22715280.15284: VirtualBoxVM.exe: timestamp 0x5c4b51f3 (rc=VINF_SUCCESS)
22815280.15284: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
22915280.15284: VirtualBoxVM.exe: Differences in section #0 (headers) between file and memory:
23015280.15284: 00007ff6043c0162 / 0x0000162: 00 != 12
23115280.15284: 00007ff6043c0164 / 0x0000164: 00 != 14
23215280.15284: Restored 0x400 bytes of original file content at 00007ff6043c0000
23315280.15284: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
23415280.15284: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x20003
23515280.15284: supR3HardNtChildPurify: Startup delay kludge #1/1: 518 ms, 59 sleeps
23615280.15284: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
23715280.15284: *0000000000000000-000000000051ffff 0x0001/0x0000 0x0000000
23815280.15284: *0000000000520000-000000000053ffff 0x0004/0x0004 0x0020000
23915280.15284: *0000000000540000-0000000000558fff 0x0002/0x0002 0x0040000
24015280.15284: 0000000000559000-000000000055ffff 0x0001/0x0000 0x0000000
24115280.15284: *0000000000560000-0000000000563fff 0x0002/0x0002 0x0040000
24215280.15284: 0000000000564000-000000000056ffff 0x0001/0x0000 0x0000000
24315280.15284: *0000000000570000-0000000000570fff 0x0004/0x0004 0x0020000
24415280.15284: 0000000000571000-000000000057ffff 0x0001/0x0000 0x0000000
24515280.15284: *0000000000580000-0000000000580fff 0x0004/0x0004 0x0020000
24615280.15284: 0000000000581000-00000000005fffff 0x0001/0x0000 0x0000000
24715280.15284: *0000000000600000-00000000007c2fff 0x0000/0x0004 0x0020000
24815280.15284: 00000000007c3000-00000000007c5fff 0x0004/0x0004 0x0020000
24915280.15284: 00000000007c6000-00000000007fffff 0x0000/0x0004 0x0020000
25015280.15284: *0000000000800000-00000000008fafff 0x0000/0x0004 0x0020000
25115280.15284: 00000000008fb000-00000000008fdfff 0x0104/0x0004 0x0020000
25215280.15284: 00000000008fe000-00000000008fffff 0x0004/0x0004 0x0020000
25315280.15284: 0000000000900000-000000007ffdffff 0x0001/0x0000 0x0000000
25415280.15284: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
25515280.15284: 000000007ffe1000-00007ff59b83ffff 0x0001/0x0000 0x0000000
25615280.15284: *00007ff59b840000-00007ff59b862fff 0x0002/0x0002 0x0040000
25715280.15284: 00007ff59b863000-00007ff6043bffff 0x0001/0x0000 0x0000000
25815280.15284: *00007ff6043c0000-00007ff6043c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
25915280.15284: 00007ff6043c1000-00007ff604433fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
26015280.15284: 00007ff604434000-00007ff604434fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
26115280.15284: 00007ff604435000-00007ff60447bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
26215280.15284: 00007ff60447c000-00007ff604488fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
26315280.15284: 00007ff604489000-00007ff6044d1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
26415280.15284: 00007ff6044d2000-00007ff6044dffff 0x0001/0x0000 0x0000000
26515280.15284: *00007ff6044e0000-00007ff6044e0fff 0x0004/0x0004 0x0020000
26615280.15284: 00007ff6044e1000-00007ffd040fffff 0x0001/0x0000 0x0000000
26715280.15284: *00007ffd04100000-00007ffd04100fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
26815280.15284: 00007ffd04101000-00007ffd0420ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
26915280.15284: 00007ffd04210000-00007ffd04255fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
27015280.15284: 00007ffd04256000-00007ffd04259fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
27115280.15284: 00007ffd0425a000-00007ffd04260fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
27215280.15284: 00007ffd04261000-00007ffd0426efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
27315280.15284: 00007ffd0426f000-00007ffd0426ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
27415280.15284: 00007ffd04270000-00007ffd04272fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
27515280.15284: 00007ffd04273000-00007ffd042e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume4\Windows\System32\ntdll.dll
27615280.15284: 00007ffd042e1000-00007ffffffeffff 0x0001/0x0000 0x0000000
27715280.15284: supR3HardNtChildPurify: Done after 1068 ms and 1 fixes (loop #1).
27815280.15284: supR3HardNtEnableThreadCreation:
279152b8.152bc: Log file opened: 6.0.4r128413 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa042ee00
280152b8.152bc: supR3HardenedVmProcessInit: uNtDllAddr=00007ffd04100000 g_uNtVerCombined=0xa042ee00
281152b8.152bc: ntdll.dll: timestamp 0x7e614c22 (rc=VINF_SUCCESS)
282152b8.152bc: New simple heap: #1 0000000000a00000 LB 0x400000 (for 1970176 allocation)
283152b8.152bc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox'
284152b8.152bc: System32: \Device\HarddiskVolume4\Windows\System32
285152b8.152bc: WinSxS: \Device\HarddiskVolume4\Windows\WinSxS
286152b8.152bc: KnownDllPath: C:\WINDOWS\System32
287152b8.152bc: supR3HardenedVmProcessInit: Opening vboxdrv stub...
288152b8.152bc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
289152b8.152bc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
290152b8.152bc: Registered Dll notification callback with NTDLL.
291152b8.152bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
292152b8.152bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
293152b8.152bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001:<flags> [calling]
294152b8.152bc: supR3HardenedDllNotificationCallback: load 00007ffd007c0000 LB 0x00273000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0]
295152b8.152bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
296152b8.152bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
297152b8.152bc: supR3HardenedDllNotificationCallback: load 00007ffd03c90000 LB 0x000b2000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0]
298152b8.152bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
299152b8.152bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd03c90000 'C:\WINDOWS\System32\KERNEL32.DLL'
300152b8.152bc: supR3HardenedDllNotificationCallback: load 00007ff6043c0000 LB 0x00112000 c:\program files\Oracle\virtualbox\VirtualBoxVM.exe [fFlags=0x0]
301152b8.152bc: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
302152b8.152bc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
303152b8.152bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
304152b8.152bc: supR3HardenedMonitor_LdrLoadDll: Refusing to load 'C:\Program Files\Avecto\Privilege Guard Client\PGHook.dll' as it is expected to create undesirable threads that will upset our respawn checks (returning STATUS_TOO_MANY_THREADS)
305152b8.152bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
306152b8.152bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
307152b8.152bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'dnsapi.dll'.
308152b8.152bc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll)
309152b8.152bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll
310152b8.152bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dnsapi.dll'...
311152b8.152bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'dnsapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\dnsapi.dll' [rcNtRedir=0xc0150008]
312152b8.152bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ws2_32.dll'.
313152b8.152bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'nsi.dll'.
314152b8.152bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dnsapi.dll)
315152b8.152bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dnsapi.dll
316152b8.152bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
317152b8.152bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
318152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'secur32.dll'.
319152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'.
320152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
321152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
322152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
323152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
324152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
325152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr120.dll'.
326152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'msvcp120.dll'.
327152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
328152b8.152e4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Program Files\Manufacturer\Endpoint Agent\prntm64.dll)
329152b8.152e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Manufacturer\Endpoint Agent\prntm64.dll
330152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
331152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
332152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
333152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'.
334152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'.
335152b8.152e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
336152b8.152e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
337152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp120.dll'...
338152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp120.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp120.dll' [rcNtRedir=0xc0150008]
339152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr120.dll'.
340152b8.152e4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Windows\System32\msvcp120.dll)
341152b8.152e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcp120.dll
342152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr120.dll'...
343152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr120.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcr120.dll' [rcNtRedir=0xc0150008]
344152b8.152e4: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume4\Windows\System32\msvcr120.dll)
345152b8.152e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcr120.dll
346152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
347152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
348152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'.
349152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'.
350152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
351152b8.152e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll)
352152b8.152e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
353152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
354152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
355152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'.
356152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'gdi32.dll'.
357152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #49 'user32.dll'.
358152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #50 'combase.dll'.
359152b8.152e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll)
360152b8.152e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
361152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
362152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
363152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
364152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'propsys.dll'.
365152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'iphlpapi.dll'.
366152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'bcrypt.dll'.
367152b8.152e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\winspool.drv)
368152b8.152e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winspool.drv
369152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
370152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
371152b8.152e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
372152b8.152e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
373152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
374152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
375152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'.
376152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'.
377152b8.152e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
378152b8.152e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
379152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
380152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
381152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
382152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'gdi32.dll'.
383152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'user32.dll'.
384152b8.152e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
385152b8.152e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
386152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'secur32.dll'...
387152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'secur32.dll' -> '\Device\HarddiskVolume4\Windows\System32\secur32.dll' [rcNtRedir=0xc0150008]
388152b8.152e4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\secur32.dll)
389152b8.152e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\secur32.dll
390152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
391152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
392152b8.152e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll)
393152b8.152e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll
394152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
395152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
396152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
397152b8.152e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll)
398152b8.152e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
399152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
400152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
401152b8.152e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
402152b8.152e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
403152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
404152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
405152b8.152e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
406152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
407152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
408152b8.152e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
409152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
410152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
411152b8.152e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
412152b8.152e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
413152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
414152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
415152b8.152e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
416152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'...
417152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume4\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008]
418152b8.152e4: '\Device\HarddiskVolume4\Windows\System32\win32u.dll' has no imports
419152b8.152e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\win32u.dll)
420152b8.152e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\win32u.dll
421152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
422152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
423152b8.152e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
424152b8.152e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
425152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
426152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
427152b8.152e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL)
428152b8.152e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
429152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
430152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume4\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
431152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
432152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'oleaut32.dll'.
433152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'rpcrt4.dll'.
434152b8.152e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\propsys.dll)
435152b8.152e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\propsys.dll
436152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
437152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
438152b8.152e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
439152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
440152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
441152b8.152bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
442152b8.152bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #74 'user32.dll'.
443152b8.152bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #76 'gdi32.dll'.
444152b8.152bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll)
445152b8.152bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
446152b8.152bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
447152b8.152bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
448152b8.152bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
449152b8.152bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
450152b8.152bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
451152b8.152bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
452152b8.152bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
453152b8.152bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
454152b8.152bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
455152b8.152bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
456152b8.152bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
457152b8.152bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
458152b8.152bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
459152b8.152bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
460152b8.152bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
461152b8.152bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
462152b8.152bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
463152b8.152bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll [lacks WinVerifyTrust]
464152b8.152bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
465152b8.152bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
466152b8.152bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
467152b8.152bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\QIPCAP64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
468152b8.152bc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume4\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust]
469152b8.152bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dnsapi.dll [lacks WinVerifyTrust]
470152b8.152bc: supR3HardenedDllNotificationCallback: load 00007ffd03f30000 LB 0x0009e000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0]
471152b8.152bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
472152b8.152bc: supR3HardenedDllNotificationCallback: load 00007ffd03a80000 LB 0x00124000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0]
473152b8.152bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
474152b8.152bc: supR3HardenedDllNotificationCallback: load 00007ffd01590000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0]
475152b8.152bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
476152b8.152bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
477152b8.152bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
478152b8.152bc: supR3HardenedDllNotificationCallback: load 00007ffd01be0000 LB 0x000a1000 C:\WINDOWS\System32\ADVAPI32.dll [fFlags=0x0]
479152b8.152bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
480152b8.152bc: supR3HardenedDllNotificationCallback: load 00007ffd00570000 LB 0x000fa000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0]
481152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
482152b8.152e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'.
483152b8.152e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
484152b8.152e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
485152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
486152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
487152b8.152e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
488152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
489152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
490152b8.152e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
491152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
492152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
493152b8.152e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
494152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
495152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
496152b8.152e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
497152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
498152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
499152b8.152e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
500152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'...
501152b8.152e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008]
50215280.15284: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 458 ms, CloseEvents);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy