2cb8.c7c: Log file opened: 5.2.12r122591 g_hStartupLog=0000000000000220 g_uNtVerCombined=0xa03fab00 2cb8.c7c: \SystemRoot\System32\ntdll.dll: 2cb8.c7c: CreationTime: 2018-05-11T07:30:27.635546000Z 2cb8.c7c: LastWriteTime: 2018-04-15T21:49:20.567835100Z 2cb8.c7c: ChangeTime: 2018-05-14T05:52:56.251684700Z 2cb8.c7c: FileAttributes: 0x20 2cb8.c7c: Size: 0x1dd108 2cb8.c7c: NT Headers: 0xe0 2cb8.c7c: Timestamp: 0xd826f10d 2cb8.c7c: Machine: 0x8664 - amd64 2cb8.c7c: Timestamp: 0xd826f10d 2cb8.c7c: Image Version: 10.0 2cb8.c7c: SizeOfImage: 0x1e0000 (1966080) 2cb8.c7c: Resource Dir: 0x174000 LB 0x6a1d8 2cb8.c7c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 2cb8.c7c: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)] 2cb8.c7c: ProductName: Microsoft® Windows® Operating System 2cb8.c7c: ProductVersion: 10.0.16299.402 2cb8.c7c: FileVersion: 10.0.16299.402 (WinBuild.160101.0800) 2cb8.c7c: FileDescription: NT Layer DLL 2cb8.c7c: \SystemRoot\System32\kernel32.dll: 2cb8.c7c: CreationTime: 2018-05-11T07:30:10.686786200Z 2cb8.c7c: LastWriteTime: 2018-05-03T07:43:30.892187700Z 2cb8.c7c: ChangeTime: 2018-05-14T05:52:49.954130800Z 2cb8.c7c: FileAttributes: 0x20 2cb8.c7c: Size: 0xab868 2cb8.c7c: NT Headers: 0xe8 2cb8.c7c: Timestamp: 0x309fae94 2cb8.c7c: Machine: 0x8664 - amd64 2cb8.c7c: Timestamp: 0x309fae94 2cb8.c7c: Image Version: 10.0 2cb8.c7c: SizeOfImage: 0xae000 (712704) 2cb8.c7c: Resource Dir: 0xac000 LB 0x520 2cb8.c7c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2cb8.c7c: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 2cb8.c7c: ProductName: Microsoft® Windows® Operating System 2cb8.c7c: ProductVersion: 10.0.16299.431 2cb8.c7c: FileVersion: 10.0.16299.431 (WinBuild.160101.0800) 2cb8.c7c: FileDescription: Windows NT BASE API Client DLL 2cb8.c7c: \SystemRoot\System32\KernelBase.dll: 2cb8.c7c: CreationTime: 2018-05-11T07:30:03.884147200Z 2cb8.c7c: LastWriteTime: 2018-04-15T21:51:08.343639800Z 2cb8.c7c: ChangeTime: 2018-05-14T05:52:54.923416100Z 2cb8.c7c: FileAttributes: 0x20 2cb8.c7c: Size: 0x265c00 2cb8.c7c: NT Headers: 0xf0 2cb8.c7c: Timestamp: 0xde35406a 2cb8.c7c: Machine: 0x8664 - amd64 2cb8.c7c: Timestamp: 0xde35406a 2cb8.c7c: Image Version: 10.0 2cb8.c7c: SizeOfImage: 0x266000 (2514944) 2cb8.c7c: Resource Dir: 0x245000 LB 0x548 2cb8.c7c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2cb8.c7c: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 2cb8.c7c: ProductName: Microsoft® Windows® Operating System 2cb8.c7c: ProductVersion: 10.0.16299.402 2cb8.c7c: FileVersion: 10.0.16299.402 (WinBuild.160101.0800) 2cb8.c7c: FileDescription: Windows NT BASE API Client DLL 2cb8.c7c: \SystemRoot\System32\apisetschema.dll: 2cb8.c7c: CreationTime: 2017-09-29T13:42:07.095026600Z 2cb8.c7c: LastWriteTime: 2017-09-29T13:42:07.095026600Z 2cb8.c7c: ChangeTime: 2018-05-11T07:38:16.512838200Z 2cb8.c7c: FileAttributes: 0x20 2cb8.c7c: Size: 0x1b398 2cb8.c7c: NT Headers: 0xc8 2cb8.c7c: Timestamp: 0xf30abf31 2cb8.c7c: Machine: 0x8664 - amd64 2cb8.c7c: Timestamp: 0xf30abf31 2cb8.c7c: Image Version: 10.0 2cb8.c7c: SizeOfImage: 0x1c000 (114688) 2cb8.c7c: Resource Dir: 0x1b000 LB 0x408 2cb8.c7c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2cb8.c7c: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 2cb8.c7c: ProductName: Microsoft® Windows® Operating System 2cb8.c7c: ProductVersion: 10.0.16299.15 2cb8.c7c: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 2cb8.c7c: FileDescription: ApiSet Schema DLL 2cb8.c7c: Found driver SysPlant (0x1) 2cb8.c7c: Found driver SymNetS (0x2) 2cb8.c7c: Found driver PGDriver (0x20000) 2cb8.c7c: Found driver SRTSPX (0x2) 2cb8.c7c: Found driver SymEvent (0x2) 2cb8.c7c: Found driver SymIRON (0x2) 2cb8.c7c: supR3HardenedWinFindAdversaries: 0x20003 2cb8.c7c: \SystemRoot\System32\drivers\SysPlant.sys: 2cb8.c7c: CreationTime: 2017-05-24T05:09:18.818113600Z 2cb8.c7c: LastWriteTime: 2018-04-05T17:59:11.063293900Z 2cb8.c7c: ChangeTime: 2018-04-05T17:59:11.063293900Z 2cb8.c7c: FileAttributes: 0x20 2cb8.c7c: Size: 0x30548 2cb8.c7c: NT Headers: 0xf0 2cb8.c7c: Timestamp: 0x5a1adc8a 2cb8.c7c: Machine: 0x8664 - amd64 2cb8.c7c: Timestamp: 0x5a1adc8a 2cb8.c7c: Image Version: 5.0 2cb8.c7c: SizeOfImage: 0x31000 (200704) 2cb8.c7c: Resource Dir: 0x2f000 LB 0x49c 2cb8.c7c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2cb8.c7c: [Raw version resource data: 0x2f0b8 LB 0x3e4, codepage 0x4e4 (reserved 0x0)] 2cb8.c7c: ProductName: Symantec CMC Firewall 2cb8.c7c: ProductVersion: 14.0.3856.1100 2cb8.c7c: FileVersion: 14.0.3856.1100 2cb8.c7c: FileDescription: Symantec CMC Firewall SysPlant 2cb8.c7c: \SystemRoot\System32\sysfer.dll: 2cb8.c7c: CreationTime: 2017-05-24T05:09:18.771232000Z 2cb8.c7c: LastWriteTime: 2018-04-05T17:59:11.047665200Z 2cb8.c7c: ChangeTime: 2018-04-16T06:02:41.528877100Z 2cb8.c7c: FileAttributes: 0x20 2cb8.c7c: Size: 0x7cee8 2cb8.c7c: NT Headers: 0xf8 2cb8.c7c: Timestamp: 0x5a1adc96 2cb8.c7c: Machine: 0x8664 - amd64 2cb8.c7c: Timestamp: 0x5a1adc96 2cb8.c7c: Image Version: 0.0 2cb8.c7c: SizeOfImage: 0x95000 (610304) 2cb8.c7c: Resource Dir: 0x91000 LB 0x490 2cb8.c7c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2cb8.c7c: [Raw version resource data: 0x910b8 LB 0x3d8, codepage 0x4e4 (reserved 0x0)] 2cb8.c7c: ProductName: Symantec CMC Firewall 2cb8.c7c: ProductVersion: 14.0.3856.1100 2cb8.c7c: FileVersion: 14.0.3856.1100 2cb8.c7c: FileDescription: Symantec CMC Firewall sysfer 2cb8.c7c: \SystemRoot\System32\drivers\symevent64x86.sys: 2cb8.c7c: CreationTime: 2017-05-24T05:10:05.493783800Z 2cb8.c7c: LastWriteTime: 2018-04-05T17:25:36.881205200Z 2cb8.c7c: ChangeTime: 2018-04-05T17:59:12.229134600Z 2cb8.c7c: FileAttributes: 0x20 2cb8.c7c: Size: 0x19098 2cb8.c7c: NT Headers: 0xe0 2cb8.c7c: Timestamp: 0x59fcb42b 2cb8.c7c: Machine: 0x8664 - amd64 2cb8.c7c: Timestamp: 0x59fcb42b 2cb8.c7c: Image Version: 6.2 2cb8.c7c: SizeOfImage: 0x23000 (143360) 2cb8.c7c: Resource Dir: 0x21000 LB 0x3c8 2cb8.c7c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2cb8.c7c: [Raw version resource data: 0x210b8 LB 0x310, codepage 0x4e4 (reserved 0x0)] 2cb8.c7c: ProductName: SYMEVENT 2cb8.c7c: ProductVersion: 14.0.5.9 2cb8.c7c: FileVersion: 14.0.5.9 2cb8.c7c: FileDescription: Symantec Event Library 2cb8.c7c: \SystemRoot\System32\drivers\PGDriver.sys: 2cb8.c7c: CreationTime: 2017-09-27T08:14:42.619031800Z 2cb8.c7c: LastWriteTime: 2017-06-22T11:50:20.000000000Z 2cb8.c7c: ChangeTime: 2018-05-14T05:53:29.671428900Z 2cb8.c7c: FileAttributes: 0x20 2cb8.c7c: Size: 0x8490 2cb8.c7c: NT Headers: 0xf8 2cb8.c7c: Timestamp: 0x59394114 2cb8.c7c: Machine: 0x8664 - amd64 2cb8.c7c: Timestamp: 0x59394114 2cb8.c7c: Image Version: 6.3 2cb8.c7c: SizeOfImage: 0xb000 (45056) 2cb8.c7c: Resource Dir: 0x9000 LB 0x430 2cb8.c7c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2cb8.c7c: [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)] 2cb8.c7c: ProductName: Avecto Defendpoint 2cb8.c7c: ProductVersion: 2017.06.08.1 2cb8.c7c: FileVersion: 2017.06.08.1 2cb8.c7c: SpecialBuild: D 2cb8.c7c: FileDescription: Defendpoint Driver 2cb8.c7c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 2cb8.c7c: Calling main() 2cb8.c7c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 2cb8.c7c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 2cb8.c7c: SUPR3HardenedMain: Respawn #1 2cb8.c7c: System32: \Device\HarddiskVolume5\Windows\System32 2cb8.c7c: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS 2cb8.c7c: KnownDllPath: C:\WINDOWS\System32 2cb8.c7c: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 2cb8.c7c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe) 2cb8.c7c: supR3HardNtEnableThreadCreation: 2cb8.c7c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd191c9280 pvNtTerminateThread=00007ffd191f0d10 2cb8.c7c: supR3HardenedWinDoReSpawn(1): New child 2f80.a04 [kernel32]. 2cb8.c7c: supR3HardNtChildGatherData: PebBaseAddress=0000000000369000 cbPeb=0x388 2cb8.c7c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffd19150000 uNtDllChildAddr=00007ffd19150000 2cb8.c7c: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffd191c9280 2cb8.c7c: supR3HardenedWinSetupChildInit: Start child. 2cb8.c7c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms. 2cb8.c7c: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 60 sleeps 2cb8.c7c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 2cb8.c7c: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000 2cb8.c7c: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000 2cb8.c7c: *0000000000030000-0000000000048fff 0x0002/0x0002 0x0040000 2cb8.c7c: 0000000000049000-000000000004ffff 0x0001/0x0000 0x0000000 2cb8.c7c: *0000000000050000-000000000014afff 0x0000/0x0004 0x0020000 2cb8.c7c: 000000000014b000-000000000014dfff 0x0104/0x0004 0x0020000 2cb8.c7c: 000000000014e000-000000000014ffff 0x0004/0x0004 0x0020000 2cb8.c7c: *0000000000150000-0000000000153fff 0x0002/0x0002 0x0040000 2cb8.c7c: 0000000000154000-000000000015ffff 0x0001/0x0000 0x0000000 2cb8.c7c: *0000000000160000-0000000000160fff 0x0004/0x0004 0x0020000 2cb8.c7c: 0000000000161000-000000000016ffff 0x0001/0x0000 0x0000000 2cb8.c7c: *0000000000170000-0000000000170fff 0x0004/0x0004 0x0020000 2cb8.c7c: 0000000000171000-00000000001fffff 0x0001/0x0000 0x0000000 2cb8.c7c: *0000000000200000-0000000000368fff 0x0000/0x0004 0x0020000 2cb8.c7c: 0000000000369000-000000000036bfff 0x0004/0x0004 0x0020000 2cb8.c7c: 000000000036c000-00000000003fffff 0x0000/0x0004 0x0020000 2cb8.c7c: 0000000000400000-000000007ffdffff 0x0001/0x0000 0x0000000 2cb8.c7c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 2cb8.c7c: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 2cb8.c7c: 000000007fff0000-00007ff63048ffff 0x0001/0x0000 0x0000000 2cb8.c7c: *00007ff630490000-00007ff6304b2fff 0x0002/0x0002 0x0040000 2cb8.c7c: 00007ff6304b3000-00007ff63125ffff 0x0001/0x0000 0x0000000 2cb8.c7c: *00007ff631260000-00007ff631260fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 2cb8.c7c: 00007ff631261000-00007ff6312d1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 2cb8.c7c: 00007ff6312d2000-00007ff6312d2fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 2cb8.c7c: 00007ff6312d3000-00007ff631318fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 2cb8.c7c: 00007ff631319000-00007ff631319fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 2cb8.c7c: 00007ff63131a000-00007ff63131afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 2cb8.c7c: 00007ff63131b000-00007ff63131ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 2cb8.c7c: 00007ff631320000-00007ff631320fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 2cb8.c7c: 00007ff631321000-00007ff631321fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 2cb8.c7c: 00007ff631322000-00007ff631325fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 2cb8.c7c: 00007ff631326000-00007ff63136dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 2cb8.c7c: 00007ff63136e000-00007ff63136ffff 0x0001/0x0000 0x0000000 2cb8.c7c: *00007ff631370000-00007ff631370fff 0x0004/0x0004 0x0020000 2cb8.c7c: 00007ff631371000-00007ffd1914ffff 0x0001/0x0000 0x0000000 2cb8.c7c: *00007ffd19150000-00007ffd19150fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 2cb8.c7c: 00007ffd19151000-00007ffd19262fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 2cb8.c7c: 00007ffd19263000-00007ffd192a8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 2cb8.c7c: 00007ffd192a9000-00007ffd192aefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 2cb8.c7c: 00007ffd192af000-00007ffd192affff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 2cb8.c7c: 00007ffd192b0000-00007ffd192b0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 2cb8.c7c: 00007ffd192b1000-00007ffd192befff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 2cb8.c7c: 00007ffd192bf000-00007ffd192bffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 2cb8.c7c: 00007ffd192c0000-00007ffd192c2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 2cb8.c7c: 00007ffd192c3000-00007ffd1932ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 2cb8.c7c: 00007ffd19330000-00007ffffffdffff 0x0001/0x0000 0x0000000 2cb8.c7c: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 2cb8.c7c: VirtualBox.exe: timestamp 0x5af2c2c3 (rc=VINF_SUCCESS) 2cb8.c7c: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 2cb8.c7c: VirtualBox.exe: Differences in section #0 (headers) between file and memory: 2cb8.c7c: 00007ff631260162 / 0x0000162: 00 != 11 2cb8.c7c: 00007ff631260164 / 0x0000164: 00 != 14 2cb8.c7c: Restored 0x400 bytes of original file content at 00007ff631260000 2cb8.c7c: '\Device\HarddiskVolume5\Windows\System32\ntdll.dll' has no imports 2cb8.c7c: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x20003 2cb8.c7c: supR3HardNtChildPurify: Startup delay kludge #1/1: 517 ms, 61 sleeps 2cb8.c7c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 2cb8.c7c: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000 2cb8.c7c: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000 2cb8.c7c: *0000000000030000-0000000000048fff 0x0002/0x0002 0x0040000 2cb8.c7c: 0000000000049000-000000000004ffff 0x0001/0x0000 0x0000000 2cb8.c7c: *0000000000050000-000000000014afff 0x0000/0x0004 0x0020000 2cb8.c7c: 000000000014b000-000000000014dfff 0x0104/0x0004 0x0020000 2cb8.c7c: 000000000014e000-000000000014ffff 0x0004/0x0004 0x0020000 2cb8.c7c: *0000000000150000-0000000000153fff 0x0002/0x0002 0x0040000 2cb8.c7c: 0000000000154000-000000000015ffff 0x0001/0x0000 0x0000000 2cb8.c7c: *0000000000160000-0000000000160fff 0x0004/0x0004 0x0020000 2cb8.c7c: 0000000000161000-000000000016ffff 0x0001/0x0000 0x0000000 2cb8.c7c: *0000000000170000-0000000000170fff 0x0004/0x0004 0x0020000 2cb8.c7c: 0000000000171000-00000000001fffff 0x0001/0x0000 0x0000000 2cb8.c7c: *0000000000200000-0000000000368fff 0x0000/0x0004 0x0020000 2cb8.c7c: 0000000000369000-000000000036bfff 0x0004/0x0004 0x0020000 2cb8.c7c: 000000000036c000-00000000003fffff 0x0000/0x0004 0x0020000 2cb8.c7c: 0000000000400000-000000007ffdffff 0x0001/0x0000 0x0000000 2cb8.c7c: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 2cb8.c7c: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 2cb8.c7c: 000000007fff0000-00007ff63048ffff 0x0001/0x0000 0x0000000 2cb8.c7c: *00007ff630490000-00007ff6304b2fff 0x0002/0x0002 0x0040000 2cb8.c7c: 00007ff6304b3000-00007ff63125ffff 0x0001/0x0000 0x0000000 2cb8.c7c: *00007ff631260000-00007ff631260fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 2cb8.c7c: 00007ff631261000-00007ff6312d1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 2cb8.c7c: 00007ff6312d2000-00007ff6312d2fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 2cb8.c7c: 00007ff6312d3000-00007ff631318fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 2cb8.c7c: 00007ff631319000-00007ff631325fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 2cb8.c7c: 00007ff631326000-00007ff63136dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 2cb8.c7c: 00007ff63136e000-00007ff63136ffff 0x0001/0x0000 0x0000000 2cb8.c7c: *00007ff631370000-00007ff631370fff 0x0004/0x0004 0x0020000 2cb8.c7c: 00007ff631371000-00007ffd1914ffff 0x0001/0x0000 0x0000000 2cb8.c7c: *00007ffd19150000-00007ffd19150fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 2cb8.c7c: 00007ffd19151000-00007ffd19262fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 2cb8.c7c: 00007ffd19263000-00007ffd192a8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 2cb8.c7c: 00007ffd192a9000-00007ffd192acfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 2cb8.c7c: 00007ffd192ad000-00007ffd192b0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 2cb8.c7c: 00007ffd192b1000-00007ffd192befff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 2cb8.c7c: 00007ffd192bf000-00007ffd192bffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 2cb8.c7c: 00007ffd192c0000-00007ffd192c2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 2cb8.c7c: 00007ffd192c3000-00007ffd1932ffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume5\Windows\System32\ntdll.dll 2cb8.c7c: 00007ffd19330000-00007ffffffdffff 0x0001/0x0000 0x0000000 2cb8.c7c: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 2cb8.c7c: supR3HardNtChildPurify: Done after 1094 ms and 1 fixes (loop #1). 2f80.a04: Log file opened: 5.2.12r122591 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa03fab00 2f80.a04: supR3HardenedVmProcessInit: uNtDllAddr=00007ffd19150000 g_uNtVerCombined=0xa03fab00 2f80.a04: ntdll.dll: timestamp 0xd826f10d (rc=VINF_SUCCESS) 2f80.a04: New simple heap: #1 0000000000500000 LB 0x400000 (for 1966080 allocation) 2cb8.c7c: supR3HardNtEnableThreadCreation: 2f80.a04: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 2f80.a04: System32: \Device\HarddiskVolume5\Windows\System32 2f80.a04: WinSxS: \Device\HarddiskVolume5\Windows\WinSxS 2f80.a04: KnownDllPath: C:\WINDOWS\System32 2f80.a04: supR3HardenedVmProcessInit: Opening vboxdrv stub... 2f80.a04: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 2f80.a04: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 2f80.a04: Registered Dll notification callback with NTDLL. 2f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel32.dll) 2f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel32.dll 2f80.a04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 2f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd16390000 LB 0x00266000 C:\WINDOWS\System32\KERNELBASE.dll [fFlags=0x0] 2f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\KernelBase.dll) 2f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\KernelBase.dll 2f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd18b30000 LB 0x000ae000 C:\WINDOWS\System32\KERNEL32.DLL [fFlags=0x0] 2f80.a04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18b30000 'C:\WINDOWS\System32\KERNEL32.DLL' 2f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'. 2f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'. 2f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\advapi32.dll) 2f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\advapi32.dll 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll) 2f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume5\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] 2f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 2f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\sechost.dll) 2f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sechost.dll 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcrt.dll) 2f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcrt.dll 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000: [calling] 2f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd167c0000 LB 0x0009d000 C:\WINDOWS\System32\msvcrt.dll [fFlags=0x0] 2f80.a04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd16d40000 LB 0x0011f000 C:\WINDOWS\System32\RPCRT4.dll [fFlags=0x0] 2f80.a04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd189b0000 LB 0x0005b000 C:\WINDOWS\System32\sechost.dll [fFlags=0x0] 2f80.a04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\sechost.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd18a10000 LB 0x000a1000 C:\WINDOWS\System32\ADVAPI32.DLL [fFlags=0x0] 2f80.a04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18a10000 'C:\WINDOWS\System32\ADVAPI32.DLL' 2f80.a04: supR3HardenedDllNotificationCallback: load 00007ff631260000 LB 0x0010e000 c:\program files\Oracle\virtualbox\VirtualBox.exe [fFlags=0x0] 2f80.a04: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 2f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe) 2f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe 2f80.a04: supR3HardenedMonitor_LdrLoadDll: Refusing to load 'C:\Program Files\Avecto\Privilege Guard Client\PGHook.dll' as it is expected to create undesirable threads that will upset our respawn checks (returning STATUS_TOO_MANY_THREADS) 2f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 2f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'. 2f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'dnsapi.dll'. 2f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\QIPCAP64.dll) 2f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\QIPCAP64.dll 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dnsapi.dll'... 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'dnsapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\dnsapi.dll' [rcNtRedir=0xc0150008] 2f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'ws2_32.dll'. 2f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'. 2f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\dnsapi.dll) 2f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\dnsapi.dll 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume5\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'secur32.dll'. 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'. 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'. 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'. 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'. 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'. 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'. 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr120.dll'. 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'msvcp120.dll'. 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'. 2f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Manufacturer\Endpoint Agent\prntm64.dll) 2f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Program Files\Manufacturer\Endpoint Agent\prntm64.dll 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp120.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp120.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp120.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr120.dll'. 2f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcp120.dll) 2f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcp120.dll 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr120.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr120.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcr120.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcr120.dll) 2f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcr120.dll 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume5\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'combase.dll'. 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'rpcrt4.dll'. 2f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\oleaut32.dll) 2f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\oleaut32.dll 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'. 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'gdi32.dll'. 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #47 'user32.dll'. 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #48 'combase.dll'. 2f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ole32.dll) 2f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ole32.dll 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume5\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'iphlpapi.dll'. 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'bcrypt.dll'. 2f80.48a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\winspool.drv) 2f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\winspool.drv 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\gdi32.dll) 2f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\gdi32.dll 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'. 2f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\user32.dll) 2f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\user32.dll 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'gdi32.dll'. 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'user32.dll'. 2f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\shlwapi.dll) 2f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\shlwapi.dll 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'secur32.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'secur32.dll' -> '\Device\HarddiskVolume5\Windows\System32\secur32.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume5\Windows\System32\secur32.dll) 2f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\secur32.dll 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume5\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\nsi.dll) 2f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\nsi.dll 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume5\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 2f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ws2_32.dll) 2f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ws2_32.dll 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 2f80.48a0: '\Device\HarddiskVolume5\Windows\System32\win32u.dll' has no imports 2f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\win32u.dll) 2f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\win32u.dll 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\bcrypt.dll) 2f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\bcrypt.dll 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL) 2f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'. 2f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\combase.dll) 2f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\combase.dll 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll) 2f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr120.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr120.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcr120.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcr120.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll) 2f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Manufacturer\Endpoint Agent\prntm64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2f80.48a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Manufacturer\Endpoint Agent\prntm64.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\secur32.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\winspool.drv [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcr120.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp120.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 2f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\sspicli.dll) 2f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\sspicli.dll 2f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd06c80000 LB 0x0000c000 C:\WINDOWS\SYSTEM32\Secur32.dll [fFlags=0x0] 2f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\secur32.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd15d40000 LB 0x000f6000 C:\WINDOWS\System32\ucrtbase.dll [fFlags=0x0] 2f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\ucrtbase.dll) 2f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\ucrtbase.dll 2f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd160e0000 LB 0x00072000 C:\WINDOWS\System32\bcryptPrimitives.dll [fFlags=0x0] 2f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd18be0000 LB 0x00308000 C:\WINDOWS\System32\combase.dll [fFlags=0x0] 2f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd15ca0000 LB 0x0009b000 C:\WINDOWS\System32\msvcp_win.dll [fFlags=0x0] 2f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd16600000 LB 0x00020000 C:\WINDOWS\System32\win32u.dll [fFlags=0x0] 2f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd16bb0000 LB 0x0018f000 C:\WINDOWS\System32\USER32.dll [fFlags=0x0] 2f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd15f40000 LB 0x00193000 C:\WINDOWS\System32\gdi32full.dll [fFlags=0x0] 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'. 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'. 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'. 2f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\gdi32full.dll) 2f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\gdi32full.dll 2f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd168a0000 LB 0x00028000 C:\WINDOWS\System32\GDI32.dll [fFlags=0x0] 2f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd16a00000 LB 0x00051000 C:\WINDOWS\System32\SHLWAPI.dll [fFlags=0x0] 2f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shlwapi.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd14910000 LB 0x00039000 C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0] 2f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\IPHLPAPI.DLL [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd15100000 LB 0x00025000 C:\WINDOWS\SYSTEM32\bcrypt.dll [fFlags=0x0] 2f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\bcrypt.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd06cb0000 LB 0x00086000 C:\WINDOWS\SYSTEM32\WINSPOOL.DRV [fFlags=0x0] 2f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume5\Windows\System32\winspool.drv [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd16a60000 LB 0x00149000 C:\WINDOWS\System32\ole32.dll [fFlags=0x0] 2f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ole32.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd168d0000 LB 0x000c5000 C:\WINDOWS\System32\OLEAUT32.dll [fFlags=0x0] 2f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\oleaut32.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd06ea0000 LB 0x000ef000 C:\WINDOWS\SYSTEM32\MSVCR120.dll [fFlags=0x0] 2f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcr120.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd06fb0000 LB 0x000a6000 C:\WINDOWS\SYSTEM32\MSVCP120.dll [fFlags=0x0] 2f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp120.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd153d0000 LB 0x00030000 C:\WINDOWS\SYSTEM32\SSPICLI.DLL [fFlags=0x0] 2f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\sspicli.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffcf0700000 LB 0x0006a000 C:\Program Files\Manufacturer\Endpoint Agent\prntm64.dll [fFlags=0x0] 2f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Program Files\Manufacturer\Endpoint Agent\prntm64.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 2f80.48a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2f80.48a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd16390000 'api-ms-win-core-synch-l1-2-0' 2f80.48a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 2f80.48a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2f80.48a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd16390000 'api-ms-win-core-fibers-l1-1-1' 2f80.48a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 2f80.48a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2f80.48a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd16390000 'api-ms-win-core-fibers-l1-1-1' 2f80.48a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 2f80.48a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2f80.48a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd16390000 'api-ms-win-core-synch-l1-2-0' 2f80.48a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1 2f80.48a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2f80.48a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd16390000 'api-ms-win-core-localization-l1-2-1' 2f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2f80.48a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18b30000 'C:\WINDOWS\System32\kernel32.dll' 2f80.48a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1 2f80.48a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2f80.48a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd16390000 'api-ms-win-core-string-l1-1-0' 2f80.48a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1 2f80.48a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2f80.48a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd16390000 'api-ms-win-core-datetime-l1-1-1' 2f80.48a0: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1 2f80.48a0: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2f80.48a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd16390000 'api-ms-win-core-localization-obsolete-l1-2-0' 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. 2f80.48a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'. 2f80.48a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\imm32.dll) 2f80.48a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\imm32.dll 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume5\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\win32u.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2f80.48a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2f80.48a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 2f80.48a0: supR3HardenedDllNotificationCallback: load 00007ffd18ef0000 LB 0x0002d000 C:\WINDOWS\System32\IMM32.DLL [fFlags=0x0] 2f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\imm32.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18ef0000 'C:\WINDOWS\system32\IMM32.DLL' 2f80.48a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 2f80.48a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2f80.48a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18b30000 'C:\WINDOWS\System32\kernel32.dll' 2f80.48a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffcf0700000 'C:\Program Files\Manufacturer\Endpoint Agent\prntm64.dll' 2f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #73 'user32.dll'. 2f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'gdi32.dll'. 2f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\shell32.dll) 2f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\shell32.dll 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 2f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume5\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume5\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\user32.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\QIPCAP64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2f80.a04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dnsapi.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd15ef0000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [fFlags=0x0] 2f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll) 2f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\cfgmgr32.dll 2f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd18900000 LB 0x000a6000 C:\WINDOWS\System32\shcore.dll [fFlags=0x0] 2f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'rpcrt4.dll'. 2f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'. 2f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\SHCore.dll) 2f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\SHCore.dll 2f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd15530000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [fFlags=0x0] 2f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'. 2f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'. 2f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll) 2f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\kernel.appcore.dll 2f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd154c0000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [fFlags=0x0] 2f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. 2f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\powrprof.dll) 2f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\powrprof.dll 2f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd154a0000 LB 0x0001b000 C:\WINDOWS\System32\profapi.dll [fFlags=0x0] 2f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\profapi.dll) 2f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\profapi.dll 2f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd15550000 LB 0x00747000 C:\WINDOWS\System32\windows.storage.dll [fFlags=0x0] 2f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. 2f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'combase.dll'. 2f80.a04: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'profapi.dll'. 2f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Windows\System32\windows.storage.dll) 2f80.a04: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume5\Windows\System32\windows.storage.dll 2f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd16e60000 LB 0x01438000 C:\WINDOWS\System32\SHELL32.dll [fFlags=0x0] 2f80.a04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\shell32.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd18f20000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [fFlags=0x0] 2f80.a04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\ws2_32.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd18ac0000 LB 0x00008000 C:\WINDOWS\System32\NSI.dll [fFlags=0x0] 2f80.a04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\nsi.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedDllNotificationCallback: load 00007ffd14960000 LB 0x000b6000 C:\WINDOWS\SYSTEM32\DNSAPI.dll [fFlags=0x0] 2f80.a04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\dnsapi.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedDllNotificationCallback: load 0000000068000000 LB 0x0005d000 C:\WINDOWS\System32\QIPCAP64.dll [fFlags=0x0] 2f80.a04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedDllNotificationCallback: Unload 0000000068000000 LB 0x0005d000 C:\WINDOWS\System32\QIPCAP64.dll [flags=0x0] 2f80.a04: supR3HardenedDllNotificationCallback: Unload 00007ffd16e60000 LB 0x01438000 C:\WINDOWS\System32\SHELL32.dll [flags=0x0] 2f80.a04: supR3HardenedDllNotificationCallback: Unload 00007ffd15ef0000 LB 0x0004a000 C:\WINDOWS\System32\cfgmgr32.dll [flags=0x0] 2f80.a04: supR3HardenedDllNotificationCallback: Unload 00007ffd15550000 LB 0x00747000 C:\WINDOWS\System32\windows.storage.dll [flags=0x0] 2f80.a04: supR3HardenedDllNotificationCallback: Unload 00007ffd15530000 LB 0x00011000 C:\WINDOWS\System32\kernel.appcore.dll [flags=0x0] 2f80.a04: supR3HardenedDllNotificationCallback: Unload 00007ffd18900000 LB 0x000a6000 C:\WINDOWS\System32\shcore.dll [flags=0x0] 2f80.a04: supR3HardenedDllNotificationCallback: Unload 00007ffd154c0000 LB 0x0004c000 C:\WINDOWS\System32\powrprof.dll [flags=0x0] 2f80.a04: supR3HardenedDllNotificationCallback: Unload 00007ffd154a0000 LB 0x0001b000 C:\WINDOWS\System32\profapi.dll [flags=0x0] 2f80.a04: supR3HardenedDllNotificationCallback: Unload 00007ffd14960000 LB 0x000b6000 C:\WINDOWS\SYSTEM32\DNSAPI.dll [flags=0x0] 2f80.a04: supR3HardenedDllNotificationCallback: Unload 00007ffd18f20000 LB 0x0006c000 C:\WINDOWS\System32\WS2_32.dll [flags=0x0] 2f80.a04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000142 'C:\WINDOWS\System32\QIPCAP64.dll' 2f80.a04: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffd191c9280 pvNtTerminateThread=00007ffd191f0d10 2cb8.c7c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 632 ms. 2f80.a04: \SystemRoot\System32\ntdll.dll: 2f80.a04: CreationTime: 2018-05-11T07:30:27.635546000Z 2f80.a04: LastWriteTime: 2018-04-15T21:49:20.567835100Z 2f80.a04: ChangeTime: 2018-05-14T05:52:56.251684700Z 2f80.a04: FileAttributes: 0x20 2f80.a04: Size: 0x1dd108 2f80.a04: NT Headers: 0xe0 2f80.a04: Timestamp: 0xd826f10d 2f80.a04: Machine: 0x8664 - amd64 2f80.a04: Timestamp: 0xd826f10d 2f80.a04: Image Version: 10.0 2f80.a04: SizeOfImage: 0x1e0000 (1966080) 2f80.a04: Resource Dir: 0x174000 LB 0x6a1d8 2f80.a04: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 2f80.a04: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)] 2f80.a04: ProductName: Microsoft® Windows® Operating System 2f80.a04: ProductVersion: 10.0.16299.402 2f80.a04: FileVersion: 10.0.16299.402 (WinBuild.160101.0800) 2f80.a04: FileDescription: NT Layer DLL 2f80.a04: \SystemRoot\System32\kernel32.dll: 2f80.a04: CreationTime: 2018-05-11T07:30:10.686786200Z 2f80.a04: LastWriteTime: 2018-05-03T07:43:30.892187700Z 2f80.a04: ChangeTime: 2018-05-14T05:52:49.954130800Z 2f80.a04: FileAttributes: 0x20 2f80.a04: Size: 0xab868 2f80.a04: NT Headers: 0xe8 2f80.a04: Timestamp: 0x309fae94 2f80.a04: Machine: 0x8664 - amd64 2f80.a04: Timestamp: 0x309fae94 2f80.a04: Image Version: 10.0 2f80.a04: SizeOfImage: 0xae000 (712704) 2f80.a04: Resource Dir: 0xac000 LB 0x520 2f80.a04: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2f80.a04: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 2f80.a04: ProductName: Microsoft® Windows® Operating System 2f80.a04: ProductVersion: 10.0.16299.431 2f80.a04: FileVersion: 10.0.16299.431 (WinBuild.160101.0800) 2f80.a04: FileDescription: Windows NT BASE API Client DLL 2f80.a04: \SystemRoot\System32\KernelBase.dll: 2f80.a04: CreationTime: 2018-05-11T07:30:03.884147200Z 2f80.a04: LastWriteTime: 2018-04-15T21:51:08.343639800Z 2f80.a04: ChangeTime: 2018-05-14T05:52:54.923416100Z 2f80.a04: FileAttributes: 0x20 2f80.a04: Size: 0x265c00 2f80.a04: NT Headers: 0xf0 2f80.a04: Timestamp: 0xde35406a 2f80.a04: Machine: 0x8664 - amd64 2f80.a04: Timestamp: 0xde35406a 2f80.a04: Image Version: 10.0 2f80.a04: SizeOfImage: 0x266000 (2514944) 2f80.a04: Resource Dir: 0x245000 LB 0x548 2f80.a04: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2f80.a04: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 2f80.a04: ProductName: Microsoft® Windows® Operating System 2f80.a04: ProductVersion: 10.0.16299.402 2f80.a04: FileVersion: 10.0.16299.402 (WinBuild.160101.0800) 2f80.a04: FileDescription: Windows NT BASE API Client DLL 2f80.a04: \SystemRoot\System32\apisetschema.dll: 2f80.a04: CreationTime: 2017-09-29T13:42:07.095026600Z 2f80.a04: LastWriteTime: 2017-09-29T13:42:07.095026600Z 2f80.a04: ChangeTime: 2018-05-11T07:38:16.512838200Z 2f80.a04: FileAttributes: 0x20 2f80.a04: Size: 0x1b398 2f80.a04: NT Headers: 0xc8 2f80.a04: Timestamp: 0xf30abf31 2f80.a04: Machine: 0x8664 - amd64 2f80.a04: Timestamp: 0xf30abf31 2f80.a04: Image Version: 10.0 2f80.a04: SizeOfImage: 0x1c000 (114688) 2f80.a04: Resource Dir: 0x1b000 LB 0x408 2f80.a04: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2f80.a04: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 2f80.a04: ProductName: Microsoft® Windows® Operating System 2f80.a04: ProductVersion: 10.0.16299.15 2f80.a04: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 2f80.a04: FileDescription: ApiSet Schema DLL 2f80.a04: Found driver SysPlant (0x1) 2f80.a04: Found driver SymNetS (0x2) 2f80.a04: Found driver PGDriver (0x20000) 2f80.a04: Found driver SRTSPX (0x2) 2f80.a04: Found driver SymEvent (0x2) 2f80.a04: Found driver SymIRON (0x2) 2f80.a04: supR3HardenedWinFindAdversaries: 0x20003 2f80.a04: \SystemRoot\System32\drivers\SysPlant.sys: 2f80.a04: CreationTime: 2017-05-24T05:09:18.818113600Z 2f80.a04: LastWriteTime: 2018-04-05T17:59:11.063293900Z 2f80.a04: ChangeTime: 2018-04-05T17:59:11.063293900Z 2f80.a04: FileAttributes: 0x20 2f80.a04: Size: 0x30548 2f80.a04: NT Headers: 0xf0 2f80.a04: Timestamp: 0x5a1adc8a 2f80.a04: Machine: 0x8664 - amd64 2f80.a04: Timestamp: 0x5a1adc8a 2f80.a04: Image Version: 5.0 2f80.a04: SizeOfImage: 0x31000 (200704) 2f80.a04: Resource Dir: 0x2f000 LB 0x49c 2f80.a04: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2f80.a04: [Raw version resource data: 0x2f0b8 LB 0x3e4, codepage 0x4e4 (reserved 0x0)] 2f80.a04: ProductName: Symantec CMC Firewall 2f80.a04: ProductVersion: 14.0.3856.1100 2f80.a04: FileVersion: 14.0.3856.1100 2f80.a04: FileDescription: Symantec CMC Firewall SysPlant 2f80.a04: \SystemRoot\System32\sysfer.dll: 2f80.a04: CreationTime: 2017-05-24T05:09:18.771232000Z 2f80.a04: LastWriteTime: 2018-04-05T17:59:11.047665200Z 2f80.a04: ChangeTime: 2018-04-16T06:02:41.528877100Z 2f80.a04: FileAttributes: 0x20 2f80.a04: Size: 0x7cee8 2f80.a04: NT Headers: 0xf8 2f80.a04: Timestamp: 0x5a1adc96 2f80.a04: Machine: 0x8664 - amd64 2f80.a04: Timestamp: 0x5a1adc96 2f80.a04: Image Version: 0.0 2f80.a04: SizeOfImage: 0x95000 (610304) 2f80.a04: Resource Dir: 0x91000 LB 0x490 2f80.a04: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2f80.a04: [Raw version resource data: 0x910b8 LB 0x3d8, codepage 0x4e4 (reserved 0x0)] 2f80.a04: ProductName: Symantec CMC Firewall 2f80.a04: ProductVersion: 14.0.3856.1100 2f80.a04: FileVersion: 14.0.3856.1100 2f80.a04: FileDescription: Symantec CMC Firewall sysfer 2f80.a04: \SystemRoot\System32\drivers\symevent64x86.sys: 2f80.a04: CreationTime: 2017-05-24T05:10:05.493783800Z 2f80.a04: LastWriteTime: 2018-04-05T17:25:36.881205200Z 2f80.a04: ChangeTime: 2018-04-05T17:59:12.229134600Z 2f80.a04: FileAttributes: 0x20 2f80.a04: Size: 0x19098 2f80.a04: NT Headers: 0xe0 2f80.a04: Timestamp: 0x59fcb42b 2f80.a04: Machine: 0x8664 - amd64 2f80.a04: Timestamp: 0x59fcb42b 2f80.a04: Image Version: 6.2 2f80.a04: SizeOfImage: 0x23000 (143360) 2f80.a04: Resource Dir: 0x21000 LB 0x3c8 2f80.a04: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2f80.a04: [Raw version resource data: 0x210b8 LB 0x310, codepage 0x4e4 (reserved 0x0)] 2f80.a04: ProductName: SYMEVENT 2f80.a04: ProductVersion: 14.0.5.9 2f80.a04: FileVersion: 14.0.5.9 2f80.a04: FileDescription: Symantec Event Library 2f80.a04: \SystemRoot\System32\drivers\PGDriver.sys: 2f80.a04: CreationTime: 2017-09-27T08:14:42.619031800Z 2f80.a04: LastWriteTime: 2017-06-22T11:50:20.000000000Z 2f80.a04: ChangeTime: 2018-05-14T05:53:29.671428900Z 2f80.a04: FileAttributes: 0x20 2f80.a04: Size: 0x8490 2f80.a04: NT Headers: 0xf8 2f80.a04: Timestamp: 0x59394114 2f80.a04: Machine: 0x8664 - amd64 2f80.a04: Timestamp: 0x59394114 2f80.a04: Image Version: 6.3 2f80.a04: SizeOfImage: 0xb000 (45056) 2f80.a04: Resource Dir: 0x9000 LB 0x430 2f80.a04: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2f80.a04: [Raw version resource data: 0x9060 LB 0x3cc, codepage 0x0 (reserved 0x0)] 2f80.a04: ProductName: Avecto Defendpoint 2f80.a04: ProductVersion: 2017.06.08.1 2f80.a04: FileVersion: 2017.06.08.1 2f80.a04: SpecialBuild: D 2f80.a04: FileDescription: Defendpoint Driver 2f80.a04: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 2f80.a04: Calling main() 2f80.a04: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 2f80.a04: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox' 2f80.a04: '\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 2f80.a04: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume5\Program Files\Oracle\VirtualBox\VirtualBox.exe) 2f80.a04: SUPR3HardenedMain: Respawn #2 2f80.a04: supR3HardNtEnableThreadCreation: 2f80.a04: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume5\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 2f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\profapi.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 2f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume5\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 2f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\combase.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume5\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2f80.a04: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume5\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2f80.a04: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume5\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2f80.a04: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000: [calling] 2f80.a04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18a10000 'C:\WINDOWS\System32\ADVAPI32.DLL' 2f80.a04: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(ext-ms-win-kernel32-errorhandling-l1-1-0.dll) -> 0x0, fPresent=1 2f80.a04: supR3HardenedMonitor_LdrLoadDll: pName=ext-ms-win-kernel32-errorhandling-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2f80.a04: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffd18b30000 'ext-ms-win-kernel32-errorhandling-l1-1-0.dll' 2cb8.c7c: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 46 ms, the end);