4128.3cf8: Log file opened: 5.2.8r121009 g_hStartupLog=00000000000001d4 g_uNtVerCombined=0xa03fab00 4128.3cf8: \SystemRoot\System32\ntdll.dll: 4128.3cf8: CreationTime: 2018-04-16T09:01:27.085029100Z 4128.3cf8: LastWriteTime: 2018-03-13T07:02:15.839353900Z 4128.3cf8: ChangeTime: 2018-04-17T13:39:51.566849800Z 4128.3cf8: FileAttributes: 0x20 4128.3cf8: Size: 0x1dd100 4128.3cf8: NT Headers: 0xe0 4128.3cf8: Timestamp: 0xe508fc03 4128.3cf8: Machine: 0x8664 - amd64 4128.3cf8: Timestamp: 0xe508fc03 4128.3cf8: Image Version: 10.0 4128.3cf8: SizeOfImage: 0x1e0000 (1966080) 4128.3cf8: Resource Dir: 0x174000 LB 0x6a1d8 4128.3cf8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 4128.3cf8: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)] 4128.3cf8: ProductName: Microsoft® Windows® Operating System 4128.3cf8: ProductVersion: 10.0.16299.334 4128.3cf8: FileVersion: 10.0.16299.334 (WinBuild.160101.0800) 4128.3cf8: FileDescription: NT Layer DLL 4128.3cf8: \SystemRoot\System32\kernel32.dll: 4128.3cf8: CreationTime: 2017-09-29T13:42:04.954227600Z 4128.3cf8: LastWriteTime: 2017-09-29T13:42:04.954227600Z 4128.3cf8: ChangeTime: 2018-04-17T13:40:24.004114700Z 4128.3cf8: FileAttributes: 0x20 4128.3cf8: Size: 0xab868 4128.3cf8: NT Headers: 0xe8 4128.3cf8: Timestamp: 0xc2cf900 4128.3cf8: Machine: 0x8664 - amd64 4128.3cf8: Timestamp: 0xc2cf900 4128.3cf8: Image Version: 10.0 4128.3cf8: SizeOfImage: 0xae000 (712704) 4128.3cf8: Resource Dir: 0xac000 LB 0x520 4128.3cf8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 4128.3cf8: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 4128.3cf8: ProductName: Microsoft® Windows® Operating System 4128.3cf8: ProductVersion: 10.0.16299.15 4128.3cf8: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 4128.3cf8: FileDescription: Windows NT BASE API Client DLL 4128.3cf8: \SystemRoot\System32\KernelBase.dll: 4128.3cf8: CreationTime: 2018-04-16T09:01:22.921717800Z 4128.3cf8: LastWriteTime: 2018-03-30T05:08:26.893801200Z 4128.3cf8: ChangeTime: 2018-04-17T13:40:24.364280200Z 4128.3cf8: FileAttributes: 0x20 4128.3cf8: Size: 0x265c00 4128.3cf8: NT Headers: 0xf0 4128.3cf8: Timestamp: 0x6369e29f 4128.3cf8: Machine: 0x8664 - amd64 4128.3cf8: Timestamp: 0x6369e29f 4128.3cf8: Image Version: 10.0 4128.3cf8: SizeOfImage: 0x266000 (2514944) 4128.3cf8: Resource Dir: 0x245000 LB 0x548 4128.3cf8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 4128.3cf8: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 4128.3cf8: ProductName: Microsoft® Windows® Operating System 4128.3cf8: ProductVersion: 10.0.16299.371 4128.3cf8: FileVersion: 10.0.16299.371 (WinBuild.160101.0800) 4128.3cf8: FileDescription: Windows NT BASE API Client DLL 4128.3cf8: \SystemRoot\System32\apisetschema.dll: 4128.3cf8: CreationTime: 2017-09-29T13:42:07.095026600Z 4128.3cf8: LastWriteTime: 2017-09-29T13:42:07.095026600Z 4128.3cf8: ChangeTime: 2018-04-20T09:04:54.255417900Z 4128.3cf8: FileAttributes: 0x20 4128.3cf8: Size: 0x1b398 4128.3cf8: NT Headers: 0xc8 4128.3cf8: Timestamp: 0xf30abf31 4128.3cf8: Machine: 0x8664 - amd64 4128.3cf8: Timestamp: 0xf30abf31 4128.3cf8: Image Version: 10.0 4128.3cf8: SizeOfImage: 0x1c000 (114688) 4128.3cf8: Resource Dir: 0x1b000 LB 0x408 4128.3cf8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 4128.3cf8: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 4128.3cf8: ProductName: Microsoft® Windows® Operating System 4128.3cf8: ProductVersion: 10.0.16299.15 4128.3cf8: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 4128.3cf8: FileDescription: ApiSet Schema DLL 4128.3cf8: NtOpenDirectoryObject failed on \Driver: 0xc0000022 4128.3cf8: supR3HardenedWinFindAdversaries: 0x3 4128.3cf8: \SystemRoot\System32\drivers\SysPlant.sys: 4128.3cf8: CreationTime: 2018-04-20T15:25:45.984980400Z 4128.3cf8: LastWriteTime: 2018-04-20T15:25:46.000606600Z 4128.3cf8: ChangeTime: 2018-04-20T15:25:46.078529200Z 4128.3cf8: FileAttributes: 0x20 4128.3cf8: Size: 0x30548 4128.3cf8: NT Headers: 0xf0 4128.3cf8: Timestamp: 0x5a1adc8a 4128.3cf8: Machine: 0x8664 - amd64 4128.3cf8: Timestamp: 0x5a1adc8a 4128.3cf8: Image Version: 5.0 4128.3cf8: SizeOfImage: 0x31000 (200704) 4128.3cf8: Resource Dir: 0x2f000 LB 0x49c 4128.3cf8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 4128.3cf8: [Raw version resource data: 0x2f0b8 LB 0x3e4, codepage 0x4e4 (reserved 0x0)] 4128.3cf8: ProductName: Symantec CMC Firewall 4128.3cf8: ProductVersion: 14.0.3856.1100 4128.3cf8: FileVersion: 14.0.3856.1100 4128.3cf8: FileDescription: Symantec CMC Firewall SysPlant 4128.3cf8: \SystemRoot\System32\sysfer.dll: 4128.3cf8: CreationTime: 2018-04-20T15:25:45.937970800Z 4128.3cf8: LastWriteTime: 2018-04-20T15:25:45.969352700Z 4128.3cf8: ChangeTime: 2018-04-20T15:29:34.391929700Z 4128.3cf8: FileAttributes: 0x20 4128.3cf8: Size: 0x7cee8 4128.3cf8: NT Headers: 0xf8 4128.3cf8: Timestamp: 0x5a1adc96 4128.3cf8: Machine: 0x8664 - amd64 4128.3cf8: Timestamp: 0x5a1adc96 4128.3cf8: Image Version: 0.0 4128.3cf8: SizeOfImage: 0x95000 (610304) 4128.3cf8: Resource Dir: 0x91000 LB 0x490 4128.3cf8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 4128.3cf8: [Raw version resource data: 0x910b8 LB 0x3d8, codepage 0x4e4 (reserved 0x0)] 4128.3cf8: ProductName: Symantec CMC Firewall 4128.3cf8: ProductVersion: 14.0.3856.1100 4128.3cf8: FileVersion: 14.0.3856.1100 4128.3cf8: FileDescription: Symantec CMC Firewall sysfer 4128.3cf8: \SystemRoot\System32\drivers\symevent64x86.sys: 4128.3cf8: CreationTime: 2018-04-20T15:27:15.509599700Z 4128.3cf8: LastWriteTime: 2018-04-20T15:27:15.358389700Z 4128.3cf8: ChangeTime: 2018-04-20T15:27:15.509599700Z 4128.3cf8: FileAttributes: 0x20 4128.3cf8: Size: 0x19098 4128.3cf8: NT Headers: 0xe0 4128.3cf8: Timestamp: 0x59fcb42b 4128.3cf8: Machine: 0x8664 - amd64 4128.3cf8: Timestamp: 0x59fcb42b 4128.3cf8: Image Version: 6.2 4128.3cf8: SizeOfImage: 0x23000 (143360) 4128.3cf8: Resource Dir: 0x21000 LB 0x3c8 4128.3cf8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 4128.3cf8: [Raw version resource data: 0x210b8 LB 0x310, codepage 0x4e4 (reserved 0x0)] 4128.3cf8: ProductName: SYMEVENT 4128.3cf8: ProductVersion: 14.0.5.9 4128.3cf8: FileVersion: 14.0.5.9 4128.3cf8: FileDescription: Symantec Event Library 4128.3cf8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 4128.3cf8: Calling main() 4128.3cf8: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0 4128.3cf8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 4128.3cf8: SUPR3HardenedMain: Respawn #1 4128.3cf8: System32: \Device\HarddiskVolume3\Windows\System32 4128.3cf8: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 4128.3cf8: KnownDllPath: C:\WINDOWS\System32 4128.3cf8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 4128.3cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe) 4128.3cf8: supR3HardNtEnableThreadCreation: 4128.3cf8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa15f39280 pvNtTerminateThread=00007ffa15f60d10 4128.3cf8: supR3HardenedWinDoReSpawn(1): New child 108c.3454 [kernel32]. 4128.3cf8: supR3HardNtChildGatherData: PebBaseAddress=0000000000bbb000 cbPeb=0x388 4128.3cf8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffa15ec0000 uNtDllChildAddr=00007ffa15ec0000 4128.3cf8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffa15f39280 4128.3cf8: supR3HardenedWinSetupChildInit: Start child. 4128.3cf8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 4128.3cf8: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 33 sleeps 4128.3cf8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 4128.3cf8: *0000000000000000-00000000008bffff 0x0001/0x0000 0x0000000 4128.3cf8: *00000000008c0000-00000000008dffff 0x0004/0x0004 0x0020000 4128.3cf8: *00000000008e0000-00000000008f8fff 0x0002/0x0002 0x0040000 4128.3cf8: 00000000008f9000-00000000008fffff 0x0001/0x0000 0x0000000 4128.3cf8: *0000000000900000-00000000009fafff 0x0000/0x0004 0x0020000 4128.3cf8: 00000000009fb000-00000000009fdfff 0x0104/0x0004 0x0020000 4128.3cf8: 00000000009fe000-00000000009fffff 0x0004/0x0004 0x0020000 4128.3cf8: *0000000000a00000-0000000000bbafff 0x0000/0x0004 0x0020000 4128.3cf8: 0000000000bbb000-0000000000bbdfff 0x0004/0x0004 0x0020000 4128.3cf8: 0000000000bbe000-0000000000bfffff 0x0000/0x0004 0x0020000 4128.3cf8: *0000000000c00000-0000000000c03fff 0x0002/0x0002 0x0040000 4128.3cf8: 0000000000c04000-0000000000c0ffff 0x0001/0x0000 0x0000000 4128.3cf8: *0000000000c10000-0000000000c10fff 0x0004/0x0004 0x0020000 4128.3cf8: 0000000000c11000-000000007ffdffff 0x0001/0x0000 0x0000000 4128.3cf8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 4128.3cf8: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 4128.3cf8: 000000007fff0000-00007ff6f8f5ffff 0x0001/0x0000 0x0000000 4128.3cf8: *00007ff6f8f60000-00007ff6f8f82fff 0x0002/0x0002 0x0040000 4128.3cf8: 00007ff6f8f83000-00007ff6f9a4ffff 0x0001/0x0000 0x0000000 4128.3cf8: *00007ff6f9a50000-00007ff6f9a50fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4128.3cf8: 00007ff6f9a51000-00007ff6f9ac1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4128.3cf8: 00007ff6f9ac2000-00007ff6f9ac2fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4128.3cf8: 00007ff6f9ac3000-00007ff6f9b08fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4128.3cf8: 00007ff6f9b09000-00007ff6f9b09fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4128.3cf8: 00007ff6f9b0a000-00007ff6f9b0afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4128.3cf8: 00007ff6f9b0b000-00007ff6f9b0ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4128.3cf8: 00007ff6f9b10000-00007ff6f9b10fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4128.3cf8: 00007ff6f9b11000-00007ff6f9b11fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4128.3cf8: 00007ff6f9b12000-00007ff6f9b15fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4128.3cf8: 00007ff6f9b16000-00007ff6f9b5dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4128.3cf8: 00007ff6f9b5e000-00007ff6f9b5ffff 0x0001/0x0000 0x0000000 4128.3cf8: *00007ff6f9b60000-00007ff6f9b60fff 0x0004/0x0004 0x0020000 4128.3cf8: 00007ff6f9b61000-00007ffa15ebffff 0x0001/0x0000 0x0000000 4128.3cf8: *00007ffa15ec0000-00007ffa15ec0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4128.3cf8: 00007ffa15ec1000-00007ffa15fd2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4128.3cf8: 00007ffa15fd3000-00007ffa16018fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4128.3cf8: 00007ffa16019000-00007ffa16020fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4128.3cf8: 00007ffa16021000-00007ffa1602efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4128.3cf8: 00007ffa1602f000-00007ffa1602ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4128.3cf8: 00007ffa16030000-00007ffa16032fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4128.3cf8: 00007ffa16033000-00007ffa1609ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4128.3cf8: 00007ffa160a0000-00007ffffffdffff 0x0001/0x0000 0x0000000 4128.3cf8: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 4128.3cf8: VBoxHeadless.exe: timestamp 0x5a942b95 (rc=VINF_SUCCESS) 4128.3cf8: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 4128.3cf8: VBoxHeadless.exe: Differences in section #0 (headers) between file and memory: 4128.3cf8: 00007ff6f9a50162 / 0x0000162: 00 != 11 4128.3cf8: 00007ff6f9a50164 / 0x0000164: 00 != 14 4128.3cf8: Restored 0x400 bytes of original file content at 00007ff6f9a50000 4128.3cf8: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 4128.3cf8: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x3 4128.3cf8: supR3HardNtChildPurify: Startup delay kludge #1/1: 515 ms, 32 sleeps 4128.3cf8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 4128.3cf8: *0000000000000000-00000000008bffff 0x0001/0x0000 0x0000000 4128.3cf8: *00000000008c0000-00000000008dffff 0x0004/0x0004 0x0020000 4128.3cf8: *00000000008e0000-00000000008f8fff 0x0002/0x0002 0x0040000 4128.3cf8: 00000000008f9000-00000000008fffff 0x0001/0x0000 0x0000000 4128.3cf8: *0000000000900000-00000000009fafff 0x0000/0x0004 0x0020000 4128.3cf8: 00000000009fb000-00000000009fdfff 0x0104/0x0004 0x0020000 4128.3cf8: 00000000009fe000-00000000009fffff 0x0004/0x0004 0x0020000 4128.3cf8: *0000000000a00000-0000000000bbafff 0x0000/0x0004 0x0020000 4128.3cf8: 0000000000bbb000-0000000000bbdfff 0x0004/0x0004 0x0020000 4128.3cf8: 0000000000bbe000-0000000000bfffff 0x0000/0x0004 0x0020000 4128.3cf8: *0000000000c00000-0000000000c03fff 0x0002/0x0002 0x0040000 4128.3cf8: 0000000000c04000-0000000000c0ffff 0x0001/0x0000 0x0000000 4128.3cf8: *0000000000c10000-0000000000c10fff 0x0004/0x0004 0x0020000 4128.3cf8: 0000000000c11000-000000007ffdffff 0x0001/0x0000 0x0000000 4128.3cf8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 4128.3cf8: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 4128.3cf8: 000000007fff0000-00007ff6f8f5ffff 0x0001/0x0000 0x0000000 4128.3cf8: *00007ff6f8f60000-00007ff6f8f82fff 0x0002/0x0002 0x0040000 4128.3cf8: 00007ff6f8f83000-00007ff6f9a4ffff 0x0001/0x0000 0x0000000 4128.3cf8: *00007ff6f9a50000-00007ff6f9a50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4128.3cf8: 00007ff6f9a51000-00007ff6f9ac1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4128.3cf8: 00007ff6f9ac2000-00007ff6f9ac2fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4128.3cf8: 00007ff6f9ac3000-00007ff6f9b08fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4128.3cf8: 00007ff6f9b09000-00007ff6f9b15fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4128.3cf8: 00007ff6f9b16000-00007ff6f9b5dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 4128.3cf8: 00007ff6f9b5e000-00007ff6f9b5ffff 0x0001/0x0000 0x0000000 4128.3cf8: *00007ff6f9b60000-00007ff6f9b60fff 0x0004/0x0004 0x0020000 4128.3cf8: 00007ff6f9b61000-00007ffa15ebffff 0x0001/0x0000 0x0000000 4128.3cf8: *00007ffa15ec0000-00007ffa15ec0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4128.3cf8: 00007ffa15ec1000-00007ffa15fd2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4128.3cf8: 00007ffa15fd3000-00007ffa16018fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4128.3cf8: 00007ffa16019000-00007ffa1601cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4128.3cf8: 00007ffa1601d000-00007ffa16020fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4128.3cf8: 00007ffa16021000-00007ffa1602efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4128.3cf8: 00007ffa1602f000-00007ffa1602ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4128.3cf8: 00007ffa16030000-00007ffa16032fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4128.3cf8: 00007ffa16033000-00007ffa1609ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 4128.3cf8: 00007ffa160a0000-00007ffffffdffff 0x0001/0x0000 0x0000000 4128.3cf8: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 4128.3cf8: supR3HardNtChildPurify: Done after 1078 ms and 1 fixes (loop #1). 4128.3cf8: supR3HardNtEnableThreadCreation: 108c.3454: Log file opened: 5.2.8r121009 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa03fab00 108c.3454: supR3HardenedVmProcessInit: uNtDllAddr=00007ffa15ec0000 g_uNtVerCombined=0xa03fab00 108c.3454: ntdll.dll: timestamp 0xe508fc03 (rc=VINF_SUCCESS) 108c.3454: New simple heap: #1 0000000000d20000 LB 0x400000 (for 1966080 allocation) 108c.3454: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 108c.3454: System32: \Device\HarddiskVolume3\Windows\System32 108c.3454: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 108c.3454: KnownDllPath: C:\WINDOWS\System32 108c.3454: supR3HardenedVmProcessInit: Opening vboxdrv stub... 108c.3454: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 108c.3454: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 108c.3454: Registered Dll notification callback with NTDLL. 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll 108c.3454: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa122c0000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa143e0000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] 108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa143e0000 'C:\WINDOWS\System32\KERNEL32.DLL' 108c.3454: supR3HardenedDllNotificationCallback: load 00007ff6f9a50000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0] 108c.3454: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'. 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'dnsapi.dll'. 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dnsapi.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'dnsapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dnsapi.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'ws2_32.dll'. 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'. 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dnsapi.dll) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dnsapi.dll 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #73 'user32.dll'. 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'gdi32.dll'. 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'. 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'. 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'. 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 108c.3454: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\QIPCAP64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 108c.3454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa135b0000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0] 108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa14120000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0] 108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa13c40000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0] 108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa13d40000 LB 0x000a1000 C:\WINDOWS\System32\ADVAPI32.dll [fFlags=0x0] 108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa12810000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0] 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll 108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa13340000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0] 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll 108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa12550000 LB 0x00072000 C:\WINDOWS\System32\bcryptPrimitives.dll [fFlags=0x0] 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll 108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa14490000 LB 0x00308000 C:\WINDOWS\System32\combase.dll [fFlags=0x0] 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'. 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll 108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa13b90000 LB 0x000a6000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0] 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'rpcrt4.dll'. 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'. 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll 108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa12770000 LB 0x0009b000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0] 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll 108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa12530000 LB 0x00020000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0] 108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa13420000 LB 0x0018f000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0] 108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa125d0000 LB 0x00193000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0] 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'. 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'. 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'. 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll 108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa13390000 LB 0x00028000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0] 108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa13660000 LB 0x00051000 C:\WINDOWS\System32\shlwapi.dll [fFlags=0x0] 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'gdi32.dll'. 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'user32.dll'. 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll 108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa12230000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0] 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'. 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'. 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll 108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa12250000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0] 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll 108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa12210000 LB 0x0001b000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0] 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll 108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa12ae0000 LB 0x00747000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0] 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'combase.dll'. 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'profapi.dll'. 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll 108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa14a30000 LB 0x01436000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0] 108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa13df0000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0] 108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa14000000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0] 108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa11880000 LB 0x000b6000 C:\WINDOWS\SYSTEM32\DNSAPI.dll [fFlags=0x0] 108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedDllNotificationCallback: load 0000000068000000 LB 0x0005e000 C:\WINDOWS\System32\QIPCAP64.dll [fFlags=0x0] 108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 108c.3454: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 108c.3454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa122c0000 'api-ms-win-core-synch-l1-2-0' 108c.3454: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 108c.3454: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 108c.3454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa122c0000 'api-ms-win-core-fibers-l1-1-1' 108c.3454: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 108c.3454: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 108c.3454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa122c0000 'api-ms-win-core-fibers-l1-1-1' 108c.3454: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 108c.3454: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 108c.3454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa122c0000 'api-ms-win-core-synch-l1-2-0' 108c.3454: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1 108c.3454: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 108c.3454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa122c0000 'api-ms-win-core-localization-l1-2-1' 108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 108c.3454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa143e0000 'C:\WINDOWS\System32\kernel32.dll' 108c.3454: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1 108c.3454: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 108c.3454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa122c0000 'api-ms-win-core-string-l1-1-0' 108c.3454: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1 108c.3454: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 108c.3454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa122c0000 'api-ms-win-core-datetime-l1-1-1' 108c.3454: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1 108c.3454: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 108c.3454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa122c0000 'api-ms-win-core-localization-obsolete-l1-2-0' 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. 108c.3454: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'. 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 108c.3454: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 108c.3454: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa13e60000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0] 108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust] 108c.3454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffa13e60000 'C:\WINDOWS\system32\IMM32.DLL' 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) 108c.3454: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL 108c.3454: supR3HardenedDllNotificationCallback: load 00007ffa11830000 LB 0x00039000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0] 108c.3454: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL [lacks WinVerifyTrust] 108c.3454: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000068000000 'C:\WINDOWS\System32\QIPCAP64.dll' 108c.3454: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffa15f39280 pvNtTerminateThread=00007ffa15f60d10 4128.3cf8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 547 ms. 108c.3454: \SystemRoot\System32\ntdll.dll: 108c.3454: CreationTime: 2018-04-16T09:01:27.085029100Z 108c.3454: LastWriteTime: 2018-03-13T07:02:15.839353900Z 108c.3454: ChangeTime: 2018-04-17T13:39:51.566849800Z 108c.3454: FileAttributes: 0x20 108c.3454: Size: 0x1dd100 108c.3454: NT Headers: 0xe0 108c.3454: Timestamp: 0xe508fc03 108c.3454: Machine: 0x8664 - amd64 108c.3454: Timestamp: 0xe508fc03 108c.3454: Image Version: 10.0 108c.3454: SizeOfImage: 0x1e0000 (1966080) 108c.3454: Resource Dir: 0x174000 LB 0x6a1d8 108c.3454: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 108c.3454: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)] 108c.3454: ProductName: Microsoft® Windows® Operating System 108c.3454: ProductVersion: 10.0.16299.334 108c.3454: FileVersion: 10.0.16299.334 (WinBuild.160101.0800) 108c.3454: FileDescription: NT Layer DLL 108c.3454: \SystemRoot\System32\kernel32.dll: 108c.3454: CreationTime: 2017-09-29T13:42:04.954227600Z 108c.3454: LastWriteTime: 2017-09-29T13:42:04.954227600Z 108c.3454: ChangeTime: 2018-04-17T13:40:24.004114700Z 108c.3454: FileAttributes: 0x20 108c.3454: Size: 0xab868 108c.3454: NT Headers: 0xe8 108c.3454: Timestamp: 0xc2cf900 108c.3454: Machine: 0x8664 - amd64 108c.3454: Timestamp: 0xc2cf900 108c.3454: Image Version: 10.0 108c.3454: SizeOfImage: 0xae000 (712704) 108c.3454: Resource Dir: 0xac000 LB 0x520 108c.3454: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 108c.3454: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 108c.3454: ProductName: Microsoft® Windows® Operating System 108c.3454: ProductVersion: 10.0.16299.15 108c.3454: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 108c.3454: FileDescription: Windows NT BASE API Client DLL 108c.3454: \SystemRoot\System32\KernelBase.dll: 108c.3454: CreationTime: 2018-04-16T09:01:22.921717800Z 108c.3454: LastWriteTime: 2018-03-30T05:08:26.893801200Z 108c.3454: ChangeTime: 2018-04-17T13:40:24.364280200Z 108c.3454: FileAttributes: 0x20 108c.3454: Size: 0x265c00 108c.3454: NT Headers: 0xf0 108c.3454: Timestamp: 0x6369e29f 108c.3454: Machine: 0x8664 - amd64 108c.3454: Timestamp: 0x6369e29f 108c.3454: Image Version: 10.0 108c.3454: SizeOfImage: 0x266000 (2514944) 108c.3454: Resource Dir: 0x245000 LB 0x548 108c.3454: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 108c.3454: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 108c.3454: ProductName: Microsoft® Windows® Operating System 108c.3454: ProductVersion: 10.0.16299.371 108c.3454: FileVersion: 10.0.16299.371 (WinBuild.160101.0800) 108c.3454: FileDescription: Windows NT BASE API Client DLL 108c.3454: \SystemRoot\System32\apisetschema.dll: 108c.3454: CreationTime: 2017-09-29T13:42:07.095026600Z 108c.3454: LastWriteTime: 2017-09-29T13:42:07.095026600Z 108c.3454: ChangeTime: 2018-04-20T09:04:54.255417900Z 108c.3454: FileAttributes: 0x20 108c.3454: Size: 0x1b398 108c.3454: NT Headers: 0xc8 108c.3454: Timestamp: 0xf30abf31 108c.3454: Machine: 0x8664 - amd64 108c.3454: Timestamp: 0xf30abf31 108c.3454: Image Version: 10.0 108c.3454: SizeOfImage: 0x1c000 (114688) 108c.3454: Resource Dir: 0x1b000 LB 0x408 108c.3454: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 108c.3454: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 108c.3454: ProductName: Microsoft® Windows® Operating System 108c.3454: ProductVersion: 10.0.16299.15 108c.3454: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 108c.3454: FileDescription: ApiSet Schema DLL 108c.3454: NtOpenDirectoryObject failed on \Driver: 0xc0000022 108c.3454: supR3HardenedWinFindAdversaries: 0x3 108c.3454: \SystemRoot\System32\drivers\SysPlant.sys: 108c.3454: CreationTime: 2018-04-20T15:25:45.984980400Z 108c.3454: LastWriteTime: 2018-04-20T15:25:46.000606600Z 108c.3454: ChangeTime: 2018-04-20T15:25:46.078529200Z 108c.3454: FileAttributes: 0x20 108c.3454: Size: 0x30548 108c.3454: NT Headers: 0xf0 108c.3454: Timestamp: 0x5a1adc8a 108c.3454: Machine: 0x8664 - amd64 108c.3454: Timestamp: 0x5a1adc8a 108c.3454: Image Version: 5.0 108c.3454: SizeOfImage: 0x31000 (200704) 108c.3454: Resource Dir: 0x2f000 LB 0x49c 108c.3454: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 108c.3454: [Raw version resource data: 0x2f0b8 LB 0x3e4, codepage 0x4e4 (reserved 0x0)] 108c.3454: ProductName: Symantec CMC Firewall 108c.3454: ProductVersion: 14.0.3856.1100 108c.3454: FileVersion: 14.0.3856.1100 108c.3454: FileDescription: Symantec CMC Firewall SysPlant 108c.3454: \SystemRoot\System32\sysfer.dll: 108c.3454: CreationTime: 2018-04-20T15:25:45.937970800Z 108c.3454: LastWriteTime: 2018-04-20T15:25:45.969352700Z 108c.3454: ChangeTime: 2018-04-20T15:29:34.391929700Z 108c.3454: FileAttributes: 0x20 108c.3454: Size: 0x7cee8 108c.3454: NT Headers: 0xf8 108c.3454: Timestamp: 0x5a1adc96 108c.3454: Machine: 0x8664 - amd64 108c.3454: Timestamp: 0x5a1adc96 108c.3454: Image Version: 0.0 108c.3454: SizeOfImage: 0x95000 (610304) 108c.3454: Resource Dir: 0x91000 LB 0x490 108c.3454: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 108c.3454: [Raw version resource data: 0x910b8 LB 0x3d8, codepage 0x4e4 (reserved 0x0)] 108c.3454: ProductName: Symantec CMC Firewall 108c.3454: ProductVersion: 14.0.3856.1100 108c.3454: FileVersion: 14.0.3856.1100 108c.3454: FileDescription: Symantec CMC Firewall sysfer 108c.3454: \SystemRoot\System32\drivers\symevent64x86.sys: 108c.3454: CreationTime: 2018-04-20T15:27:15.509599700Z 108c.3454: LastWriteTime: 2018-04-20T15:27:15.358389700Z 108c.3454: ChangeTime: 2018-04-20T15:27:15.509599700Z 108c.3454: FileAttributes: 0x20 108c.3454: Size: 0x19098 108c.3454: NT Headers: 0xe0 108c.3454: Timestamp: 0x59fcb42b 108c.3454: Machine: 0x8664 - amd64 108c.3454: Timestamp: 0x59fcb42b 108c.3454: Image Version: 6.2 108c.3454: SizeOfImage: 0x23000 (143360) 108c.3454: Resource Dir: 0x21000 LB 0x3c8 108c.3454: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 108c.3454: [Raw version resource data: 0x210b8 LB 0x310, codepage 0x4e4 (reserved 0x0)] 108c.3454: ProductName: SYMEVENT 108c.3454: ProductVersion: 14.0.5.9 108c.3454: FileVersion: 14.0.5.9 108c.3454: FileDescription: Symantec Event Library 108c.3454: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 108c.3454: Calling main() 108c.3454: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0 108c.3454: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 108c.3454: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 108c.3454: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe) 108c.3454: SUPR3HardenedMain: Respawn #2 108c.3454: Error (rc=-5640): 108c.3454: More than one thread in process 108c.3454: Error -5640 in supR3HardenedWinReSpawn! (enmWhat=1) 108c.3454: More than one thread in process 4128.3cf8: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 31 ms, the end);