29ac.2ff0: Log file opened: 5.1.26r117224 g_hStartupLog=00000000000001d4 g_uNtVerCombined=0xa03fab00 29ac.2ff0: \SystemRoot\System32\ntdll.dll: 29ac.2ff0: CreationTime: 2018-05-10T07:45:29.694271000Z 29ac.2ff0: LastWriteTime: 2018-04-15T21:49:20.567835100Z 29ac.2ff0: ChangeTime: 2018-06-22T11:23:52.548022800Z 29ac.2ff0: FileAttributes: 0x20 29ac.2ff0: Size: 0x1dd108 29ac.2ff0: NT Headers: 0xe0 29ac.2ff0: Timestamp: 0xd826f10d 29ac.2ff0: Machine: 0x8664 - amd64 29ac.2ff0: Timestamp: 0xd826f10d 29ac.2ff0: Image Version: 10.0 29ac.2ff0: SizeOfImage: 0x1e0000 (1966080) 29ac.2ff0: Resource Dir: 0x174000 LB 0x6a1d8 29ac.2ff0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 29ac.2ff0: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)] 29ac.2ff0: ProductName: Microsoft® Windows® Operating System 29ac.2ff0: ProductVersion: 10.0.16299.402 29ac.2ff0: FileVersion: 10.0.16299.402 (WinBuild.160101.0800) 29ac.2ff0: FileDescription: NT Layer DLL 29ac.2ff0: \SystemRoot\System32\kernel32.dll: 29ac.2ff0: CreationTime: 2018-05-10T07:44:14.069270500Z 29ac.2ff0: LastWriteTime: 2018-05-03T07:43:30.892187700Z 29ac.2ff0: ChangeTime: 2018-06-21T21:58:10.715332800Z 29ac.2ff0: FileAttributes: 0x20 29ac.2ff0: Size: 0xab868 29ac.2ff0: NT Headers: 0xe8 29ac.2ff0: Timestamp: 0x309fae94 29ac.2ff0: Machine: 0x8664 - amd64 29ac.2ff0: Timestamp: 0x309fae94 29ac.2ff0: Image Version: 10.0 29ac.2ff0: SizeOfImage: 0xae000 (712704) 29ac.2ff0: Resource Dir: 0xac000 LB 0x520 29ac.2ff0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 29ac.2ff0: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 29ac.2ff0: ProductName: Microsoft® Windows® Operating System 29ac.2ff0: ProductVersion: 10.0.16299.431 29ac.2ff0: FileVersion: 10.0.16299.431 (WinBuild.160101.0800) 29ac.2ff0: FileDescription: Windows NT BASE API Client DLL 29ac.2ff0: \SystemRoot\System32\KernelBase.dll: 29ac.2ff0: CreationTime: 2018-05-10T07:44:26.866145400Z 29ac.2ff0: LastWriteTime: 2018-04-15T21:51:08.343639800Z 29ac.2ff0: ChangeTime: 2018-06-21T21:58:12.211789800Z 29ac.2ff0: FileAttributes: 0x20 29ac.2ff0: Size: 0x265c00 29ac.2ff0: NT Headers: 0xf0 29ac.2ff0: Timestamp: 0xde35406a 29ac.2ff0: Machine: 0x8664 - amd64 29ac.2ff0: Timestamp: 0xde35406a 29ac.2ff0: Image Version: 10.0 29ac.2ff0: SizeOfImage: 0x266000 (2514944) 29ac.2ff0: Resource Dir: 0x245000 LB 0x548 29ac.2ff0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 29ac.2ff0: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 29ac.2ff0: ProductName: Microsoft® Windows® Operating System 29ac.2ff0: ProductVersion: 10.0.16299.402 29ac.2ff0: FileVersion: 10.0.16299.402 (WinBuild.160101.0800) 29ac.2ff0: FileDescription: Windows NT BASE API Client DLL 29ac.2ff0: \SystemRoot\System32\apisetschema.dll: 29ac.2ff0: CreationTime: 2017-09-29T13:42:07.095026600Z 29ac.2ff0: LastWriteTime: 2017-09-29T13:42:07.095026600Z 29ac.2ff0: ChangeTime: 2018-06-22T11:23:22.046763700Z 29ac.2ff0: FileAttributes: 0x20 29ac.2ff0: Size: 0x1b398 29ac.2ff0: NT Headers: 0xc8 29ac.2ff0: Timestamp: 0xf30abf31 29ac.2ff0: Machine: 0x8664 - amd64 29ac.2ff0: Timestamp: 0xf30abf31 29ac.2ff0: Image Version: 10.0 29ac.2ff0: SizeOfImage: 0x1c000 (114688) 29ac.2ff0: Resource Dir: 0x1b000 LB 0x408 29ac.2ff0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 29ac.2ff0: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 29ac.2ff0: ProductName: Microsoft® Windows® Operating System 29ac.2ff0: ProductVersion: 10.0.16299.15 29ac.2ff0: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 29ac.2ff0: FileDescription: ApiSet Schema DLL 29ac.2ff0: NtOpenDirectoryObject failed on \Driver: 0xc0000022 29ac.2ff0: supR3HardenedWinFindAdversaries: 0x3 29ac.2ff0: \SystemRoot\System32\drivers\SysPlant.sys: 29ac.2ff0: CreationTime: 2018-06-21T22:54:45.387467300Z 29ac.2ff0: LastWriteTime: 2018-06-21T22:54:45.387467300Z 29ac.2ff0: ChangeTime: 2018-06-21T22:54:45.387467300Z 29ac.2ff0: FileAttributes: 0x20 29ac.2ff0: Size: 0x30548 29ac.2ff0: NT Headers: 0xf0 29ac.2ff0: Timestamp: 0x5a1adc8a 29ac.2ff0: Machine: 0x8664 - amd64 29ac.2ff0: Timestamp: 0x5a1adc8a 29ac.2ff0: Image Version: 5.0 29ac.2ff0: SizeOfImage: 0x31000 (200704) 29ac.2ff0: Resource Dir: 0x2f000 LB 0x49c 29ac.2ff0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 29ac.2ff0: [Raw version resource data: 0x2f0b8 LB 0x3e4, codepage 0x4e4 (reserved 0x0)] 29ac.2ff0: ProductName: Symantec CMC Firewall 29ac.2ff0: ProductVersion: 14.0.3856.1100 29ac.2ff0: FileVersion: 14.0.3856.1100 29ac.2ff0: FileDescription: Symantec CMC Firewall SysPlant 29ac.2ff0: \SystemRoot\System32\sysfer.dll: 29ac.2ff0: CreationTime: 2018-06-21T22:54:45.371840800Z 29ac.2ff0: LastWriteTime: 2018-06-21T22:54:45.371840800Z 29ac.2ff0: ChangeTime: 2018-06-21T22:59:33.688341600Z 29ac.2ff0: FileAttributes: 0x20 29ac.2ff0: Size: 0x7cee8 29ac.2ff0: NT Headers: 0xf8 29ac.2ff0: Timestamp: 0x5a1adc96 29ac.2ff0: Machine: 0x8664 - amd64 29ac.2ff0: Timestamp: 0x5a1adc96 29ac.2ff0: Image Version: 0.0 29ac.2ff0: SizeOfImage: 0x95000 (610304) 29ac.2ff0: Resource Dir: 0x91000 LB 0x490 29ac.2ff0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 29ac.2ff0: [Raw version resource data: 0x910b8 LB 0x3d8, codepage 0x4e4 (reserved 0x0)] 29ac.2ff0: ProductName: Symantec CMC Firewall 29ac.2ff0: ProductVersion: 14.0.3856.1100 29ac.2ff0: FileVersion: 14.0.3856.1100 29ac.2ff0: FileDescription: Symantec CMC Firewall sysfer 29ac.2ff0: \SystemRoot\System32\drivers\symevent64x86.sys: 29ac.2ff0: CreationTime: 2018-06-21T22:56:51.936529500Z 29ac.2ff0: LastWriteTime: 2018-06-21T22:56:51.514650400Z 29ac.2ff0: ChangeTime: 2018-06-21T22:56:51.514650400Z 29ac.2ff0: FileAttributes: 0x20 29ac.2ff0: Size: 0x19098 29ac.2ff0: NT Headers: 0xe0 29ac.2ff0: Timestamp: 0x59fcb42b 29ac.2ff0: Machine: 0x8664 - amd64 29ac.2ff0: Timestamp: 0x59fcb42b 29ac.2ff0: Image Version: 6.2 29ac.2ff0: SizeOfImage: 0x23000 (143360) 29ac.2ff0: Resource Dir: 0x21000 LB 0x3c8 29ac.2ff0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 29ac.2ff0: [Raw version resource data: 0x210b8 LB 0x310, codepage 0x4e4 (reserved 0x0)] 29ac.2ff0: ProductName: SYMEVENT 29ac.2ff0: ProductVersion: 14.0.5.9 29ac.2ff0: FileVersion: 14.0.5.9 29ac.2ff0: FileDescription: Symantec Event Library 29ac.2ff0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 29ac.2ff0: Calling main() 29ac.2ff0: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0 29ac.2ff0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 29ac.2ff0: SUPR3HardenedMain: Respawn #1 29ac.2ff0: System32: \Device\HarddiskVolume3\Windows\System32 29ac.2ff0: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 29ac.2ff0: KnownDllPath: C:\Windows\System32 29ac.2ff0: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 29ac.2ff0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe) 29ac.2ff0: supR3HardNtEnableThreadCreation: 29ac.2ff0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8ee299280 pvNtTerminateThread=00007ff8ee2c0d10 29ac.2ff0: supR3HardenedWinDoReSpawn(1): New child 2144.209c [kernel32]. 29ac.2ff0: supR3HardNtChildGatherData: PebBaseAddress=00000000003ab000 cbPeb=0x388 29ac.2ff0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff8ee220000 uNtDllChildAddr=00007ff8ee220000 29ac.2ff0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff8ee299280 29ac.2ff0: supR3HardenedWinSetupChildInit: Start child. 29ac.2ff0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 29ac.2ff0: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 61 sleeps 29ac.2ff0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 29ac.2ff0: *0000000000000000-000000000001ffff 0x0001/0x0000 0x0000000 29ac.2ff0: *0000000000020000-000000000003ffff 0x0004/0x0004 0x0020000 29ac.2ff0: *0000000000040000-0000000000058fff 0x0002/0x0002 0x0040000 29ac.2ff0: 0000000000059000-000000000005ffff 0x0001/0x0000 0x0000000 29ac.2ff0: *0000000000060000-000000000015afff 0x0000/0x0004 0x0020000 29ac.2ff0: 000000000015b000-000000000015dfff 0x0104/0x0004 0x0020000 29ac.2ff0: 000000000015e000-000000000015ffff 0x0004/0x0004 0x0020000 29ac.2ff0: *0000000000160000-0000000000163fff 0x0002/0x0002 0x0040000 29ac.2ff0: 0000000000164000-000000000016ffff 0x0001/0x0000 0x0000000 29ac.2ff0: *0000000000170000-0000000000170fff 0x0004/0x0004 0x0020000 29ac.2ff0: 0000000000171000-00000000001fffff 0x0001/0x0000 0x0000000 29ac.2ff0: *0000000000200000-00000000003aafff 0x0000/0x0004 0x0020000 29ac.2ff0: 00000000003ab000-00000000003adfff 0x0004/0x0004 0x0020000 29ac.2ff0: 00000000003ae000-00000000003fffff 0x0000/0x0004 0x0020000 29ac.2ff0: 0000000000400000-000000007ffdffff 0x0001/0x0000 0x0000000 29ac.2ff0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 29ac.2ff0: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 29ac.2ff0: 000000007fff0000-00007ff69bf2ffff 0x0001/0x0000 0x0000000 29ac.2ff0: *00007ff69bf30000-00007ff69bf52fff 0x0002/0x0002 0x0040000 29ac.2ff0: 00007ff69bf53000-00007ff69cd6ffff 0x0001/0x0000 0x0000000 29ac.2ff0: *00007ff69cd70000-00007ff69cd70fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29ac.2ff0: 00007ff69cd71000-00007ff69cde0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29ac.2ff0: 00007ff69cde1000-00007ff69cde1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29ac.2ff0: 00007ff69cde2000-00007ff69ce27fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29ac.2ff0: 00007ff69ce28000-00007ff69ce28fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29ac.2ff0: 00007ff69ce29000-00007ff69ce29fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29ac.2ff0: 00007ff69ce2a000-00007ff69ce2efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29ac.2ff0: 00007ff69ce2f000-00007ff69ce2ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29ac.2ff0: 00007ff69ce30000-00007ff69ce30fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29ac.2ff0: 00007ff69ce31000-00007ff69ce34fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29ac.2ff0: 00007ff69ce35000-00007ff69ce7cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29ac.2ff0: 00007ff69ce7d000-00007ff69ce7ffff 0x0001/0x0000 0x0000000 29ac.2ff0: *00007ff69ce80000-00007ff69ce80fff 0x0004/0x0004 0x0020000 29ac.2ff0: 00007ff69ce81000-00007ff8ee21ffff 0x0001/0x0000 0x0000000 29ac.2ff0: *00007ff8ee220000-00007ff8ee220fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 29ac.2ff0: 00007ff8ee221000-00007ff8ee332fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 29ac.2ff0: 00007ff8ee333000-00007ff8ee378fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 29ac.2ff0: 00007ff8ee379000-00007ff8ee380fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 29ac.2ff0: 00007ff8ee381000-00007ff8ee38efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 29ac.2ff0: 00007ff8ee38f000-00007ff8ee38ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 29ac.2ff0: 00007ff8ee390000-00007ff8ee392fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 29ac.2ff0: 00007ff8ee393000-00007ff8ee3fffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 29ac.2ff0: 00007ff8ee400000-00007ffffffdffff 0x0001/0x0000 0x0000000 29ac.2ff0: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 29ac.2ff0: VBoxHeadless.exe: timestamp 0x5979cfa2 (rc=VINF_SUCCESS) 29ac.2ff0: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 29ac.2ff0: VBoxHeadless.exe: Differences in section #0 (headers) between file and memory: 29ac.2ff0: 00007ff69cd70162 / 0x0000162: 00 != 11 29ac.2ff0: 00007ff69cd70164 / 0x0000164: 00 != 14 29ac.2ff0: Restored 0x400 bytes of original file content at 00007ff69cd70000 29ac.2ff0: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports 29ac.2ff0: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x3 29ac.2ff0: supR3HardNtChildPurify: Startup delay kludge #1/1: 518 ms, 61 sleeps 29ac.2ff0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 29ac.2ff0: *0000000000000000-000000000001ffff 0x0001/0x0000 0x0000000 29ac.2ff0: *0000000000020000-000000000003ffff 0x0004/0x0004 0x0020000 29ac.2ff0: *0000000000040000-0000000000058fff 0x0002/0x0002 0x0040000 29ac.2ff0: 0000000000059000-000000000005ffff 0x0001/0x0000 0x0000000 29ac.2ff0: *0000000000060000-000000000015afff 0x0000/0x0004 0x0020000 29ac.2ff0: 000000000015b000-000000000015dfff 0x0104/0x0004 0x0020000 29ac.2ff0: 000000000015e000-000000000015ffff 0x0004/0x0004 0x0020000 29ac.2ff0: *0000000000160000-0000000000163fff 0x0002/0x0002 0x0040000 29ac.2ff0: 0000000000164000-000000000016ffff 0x0001/0x0000 0x0000000 29ac.2ff0: *0000000000170000-0000000000170fff 0x0004/0x0004 0x0020000 29ac.2ff0: 0000000000171000-00000000001fffff 0x0001/0x0000 0x0000000 29ac.2ff0: *0000000000200000-00000000003aafff 0x0000/0x0004 0x0020000 29ac.2ff0: 00000000003ab000-00000000003adfff 0x0004/0x0004 0x0020000 29ac.2ff0: 00000000003ae000-00000000003fffff 0x0000/0x0004 0x0020000 29ac.2ff0: 0000000000400000-000000007ffdffff 0x0001/0x0000 0x0000000 29ac.2ff0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 29ac.2ff0: *000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 29ac.2ff0: 000000007fff0000-00007ff69bf2ffff 0x0001/0x0000 0x0000000 29ac.2ff0: *00007ff69bf30000-00007ff69bf52fff 0x0002/0x0002 0x0040000 29ac.2ff0: 00007ff69bf53000-00007ff69cd6ffff 0x0001/0x0000 0x0000000 29ac.2ff0: *00007ff69cd70000-00007ff69cd70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29ac.2ff0: 00007ff69cd71000-00007ff69cde0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29ac.2ff0: 00007ff69cde1000-00007ff69cde1fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29ac.2ff0: 00007ff69cde2000-00007ff69ce27fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29ac.2ff0: 00007ff69ce28000-00007ff69ce34fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29ac.2ff0: 00007ff69ce35000-00007ff69ce7cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 29ac.2ff0: 00007ff69ce7d000-00007ff69ce7ffff 0x0001/0x0000 0x0000000 29ac.2ff0: *00007ff69ce80000-00007ff69ce80fff 0x0004/0x0004 0x0020000 29ac.2ff0: 00007ff69ce81000-00007ff8ee21ffff 0x0001/0x0000 0x0000000 29ac.2ff0: *00007ff8ee220000-00007ff8ee220fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 29ac.2ff0: 00007ff8ee221000-00007ff8ee332fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 29ac.2ff0: 00007ff8ee333000-00007ff8ee378fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 29ac.2ff0: 00007ff8ee379000-00007ff8ee37cfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 29ac.2ff0: 00007ff8ee37d000-00007ff8ee380fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 29ac.2ff0: 00007ff8ee381000-00007ff8ee38efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 29ac.2ff0: 00007ff8ee38f000-00007ff8ee38ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 29ac.2ff0: 00007ff8ee390000-00007ff8ee392fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 29ac.2ff0: 00007ff8ee393000-00007ff8ee3fffff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll 29ac.2ff0: 00007ff8ee400000-00007ffffffdffff 0x0001/0x0000 0x0000000 29ac.2ff0: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 29ac.2ff0: supR3HardNtChildPurify: Done after 1122 ms and 1 fixes (loop #1). 29ac.2ff0: supR3HardNtEnableThreadCreation: 2144.209c: Log file opened: 5.1.26r117224 g_hStartupLog=0000000000000008 g_uNtVerCombined=0xa03fab00 2144.209c: supR3HardenedVmProcessInit: uNtDllAddr=00007ff8ee220000 g_uNtVerCombined=0xa03fab00 2144.209c: ntdll.dll: timestamp 0xd826f10d (rc=VINF_SUCCESS) 2144.209c: New simple heap: #1 0000000000500000 LB 0x400000 (for 1966080 allocation) 2144.209c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 2144.209c: System32: \Device\HarddiskVolume3\Windows\System32 2144.209c: WinSxS: \Device\HarddiskVolume3\Windows\WinSxS 2144.209c: KnownDllPath: C:\Windows\System32 2144.209c: supR3HardenedVmProcessInit: Opening vboxdrv stub... 2144.209c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... 2144.209c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... 2144.209c: Registered Dll notification callback with NTDLL. 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll 2144.209c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000004001: [calling] 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ea990000 LB 0x00266000 C:\Windows\System32\KERNELBASE.dll [fFlags=0x0] 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ee0e0000 LB 0x000ae000 C:\Windows\System32\KERNEL32.DLL [fFlags=0x0] 2144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ee0e0000 'C:\Windows\System32\KERNEL32.DLL' 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff69cd70000 LB 0x0010d000 C:\Program Files\Oracle\VirtualBox\VBoxHeadless.exe [fFlags=0x0] 2144.209c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'. 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'dnsapi.dll'. 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dnsapi.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dnsapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dnsapi.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'ws2_32.dll'. 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'nsi.dll'. 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dnsapi.dll) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dnsapi.dll 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #73 'user32.dll'. 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'gdi32.dll'. 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'sechost.dll'. 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #27 'rpcrt4.dll'. 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume3\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\sechost.dll) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'win32u.dll'. 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #34 'gdi32.dll'. 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\user32.dll) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 2144.209c: '\Device\HarddiskVolume3\Windows\System32\win32u.dll' has no imports 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\win32u.dll) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\win32u.dll 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\QIPCAP64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] 2144.209c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff8eb6f0000 LB 0x0009d000 C:\Windows\System32\msvcrt.dll [fFlags=0x0] 2144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ec1f0000 LB 0x0011f000 C:\Windows\System32\RPCRT4.dll [fFlags=0x0] 2144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ee190000 LB 0x0005b000 C:\Windows\System32\sechost.dll [fFlags=0x0] 2144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ebcc0000 LB 0x000a1000 C:\Windows\System32\ADVAPI32.dll [fFlags=0x0] 2144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff8eb5f0000 LB 0x000f6000 C:\Windows\System32\ucrtbase.dll [fFlags=0x0] 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ucrtbase.dll) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ucrtbase.dll 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ea8c0000 LB 0x0004a000 C:\Windows\System32\cfgmgr32.dll [fFlags=0x0] 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ea910000 LB 0x00072000 C:\Windows\System32\bcryptPrimitives.dll [fFlags=0x0] 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff8eb9b0000 LB 0x00308000 C:\Windows\System32\combase.dll [fFlags=0x0] 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'. 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'bcryptprimitives.dll'. 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\combase.dll) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\combase.dll 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ebd70000 LB 0x000a6000 C:\Windows\System32\shcore.dll [fFlags=0x0] 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'rpcrt4.dll'. 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #44 'combase.dll'. 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\SHCore.dll) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\SHCore.dll 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ea680000 LB 0x0009b000 C:\Windows\System32\msvcp_win.dll [fFlags=0x0] 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff8eb350000 LB 0x00020000 C:\Windows\System32\win32u.dll [fFlags=0x0] 2144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ebff0000 LB 0x0018f000 C:\Windows\System32\USER32.dll [fFlags=0x0] 2144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ea720000 LB 0x00193000 C:\Windows\System32\gdi32full.dll [fFlags=0x0] 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcp_win.dll'. 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'gdi32.dll'. 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #35 'user32.dll'. 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'win32u.dll'. 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\gdi32full.dll) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32full.dll 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ec810000 LB 0x00028000 C:\Windows\System32\GDI32.dll [fFlags=0x0] 2144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff8eb930000 LB 0x00051000 C:\Windows\System32\shlwapi.dll [fFlags=0x0] 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #45 'gdi32.dll'. 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #46 'user32.dll'. 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ea600000 LB 0x00011000 C:\Windows\System32\kernel.appcore.dll [fFlags=0x0] 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'. 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'rpcrt4.dll'. 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel.appcore.dll 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ea570000 LB 0x0004c000 C:\Windows\System32\powrprof.dll [fFlags=0x0] 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'rpcrt4.dll'. 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ea5c0000 LB 0x0001b000 C:\Windows\System32\profapi.dll [fFlags=0x0] 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\profapi.dll) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff8eac00000 LB 0x00747000 C:\Windows\System32\windows.storage.dll [fFlags=0x0] 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'. 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'combase.dll'. 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #75 'profapi.dll'. 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\windows.storage.dll) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\windows.storage.dll 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ecb30000 LB 0x01438000 C:\Windows\System32\SHELL32.dll [fFlags=0x0] 2144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ec180000 LB 0x0006c000 C:\Windows\System32\WS2_32.dll [fFlags=0x0] 2144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff8eb8a0000 LB 0x00008000 C:\Windows\System32\NSI.dll [fFlags=0x0] 2144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff8e9be0000 LB 0x000b6000 C:\Windows\SYSTEM32\DNSAPI.dll [fFlags=0x0] 2144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dnsapi.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedDllNotificationCallback: load 0000000068000000 LB 0x00058000 C:\Windows\System32\QIPCAP64.dll [fFlags=0x0] 2144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 2144.209c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2144.209c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ea990000 'api-ms-win-core-synch-l1-2-0' 2144.209c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 2144.209c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2144.209c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ea990000 'api-ms-win-core-fibers-l1-1-1' 2144.209c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-fibers-l1-1-1) -> 0x0, fPresent=1 2144.209c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-fibers-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2144.209c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ea990000 'api-ms-win-core-fibers-l1-1-1' 2144.209c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-synch-l1-2-0) -> 0x0, fPresent=1 2144.209c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-synch-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2144.209c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ea990000 'api-ms-win-core-synch-l1-2-0' 2144.209c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-l1-2-1) -> 0x0, fPresent=1 2144.209c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2144.209c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ea990000 'api-ms-win-core-localization-l1-2-1' 2144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp_win.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp_win.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcp_win.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcp_win.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume3\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\combase.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2144.209c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ee0e0000 'C:\Windows\System32\kernel32.dll' 2144.209c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-string-l1-1-0) -> 0x0, fPresent=1 2144.209c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-string-l1-1-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2144.209c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ea990000 'api-ms-win-core-string-l1-1-0' 2144.209c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-datetime-l1-1-1) -> 0x0, fPresent=1 2144.209c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-datetime-l1-1-1 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2144.209c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ea990000 'api-ms-win-core-datetime-l1-1-1' 2144.209c: supR3HardenedIsApiSetDll: ApiSetQueryApiSetPresence(api-ms-win-core-localization-obsolete-l1-2-0) -> 0x0, fPresent=1 2144.209c: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-2-0 (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000801: [calling] 2144.209c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ea990000 'api-ms-win-core-localization-obsolete-l1-2-0' 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. 2144.209c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'win32u.dll'. 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\imm32.dll) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'win32u.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'win32u.dll' -> '\Device\HarddiskVolume3\Windows\System32\win32u.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\win32u.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... 2144.209c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] 2144.209c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff8ec7e0000 LB 0x0002d000 C:\Windows\System32\IMM32.DLL [fFlags=0x0] 2144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust] 2144.209c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8ec7e0000 'C:\Windows\system32\IMM32.DLL' 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) 2144.209c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL 2144.209c: supR3HardenedDllNotificationCallback: load 00007ff8e9b90000 LB 0x00039000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0] 2144.209c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL [lacks WinVerifyTrust] 2144.209c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000068000000 'C:\Windows\System32\QIPCAP64.dll' 2144.209c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8ee299280 pvNtTerminateThread=00007ff8ee2c0d10 29ac.2ff0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 928 ms. 2144.209c: \SystemRoot\System32\ntdll.dll: 2144.209c: CreationTime: 2018-05-10T07:45:29.694271000Z 2144.209c: LastWriteTime: 2018-04-15T21:49:20.567835100Z 2144.209c: ChangeTime: 2018-06-22T11:23:52.548022800Z 2144.209c: FileAttributes: 0x20 2144.209c: Size: 0x1dd108 2144.209c: NT Headers: 0xe0 2144.209c: Timestamp: 0xd826f10d 2144.209c: Machine: 0x8664 - amd64 2144.209c: Timestamp: 0xd826f10d 2144.209c: Image Version: 10.0 2144.209c: SizeOfImage: 0x1e0000 (1966080) 2144.209c: Resource Dir: 0x174000 LB 0x6a1d8 2144.209c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 2144.209c: [Raw version resource data: 0x1740f0 LB 0x380, codepage 0x0 (reserved 0x0)] 2144.209c: ProductName: Microsoft® Windows® Operating System 2144.209c: ProductVersion: 10.0.16299.402 2144.209c: FileVersion: 10.0.16299.402 (WinBuild.160101.0800) 2144.209c: FileDescription: NT Layer DLL 2144.209c: \SystemRoot\System32\kernel32.dll: 2144.209c: CreationTime: 2018-05-10T07:44:14.069270500Z 2144.209c: LastWriteTime: 2018-05-03T07:43:30.892187700Z 2144.209c: ChangeTime: 2018-06-21T21:58:10.715332800Z 2144.209c: FileAttributes: 0x20 2144.209c: Size: 0xab868 2144.209c: NT Headers: 0xe8 2144.209c: Timestamp: 0x309fae94 2144.209c: Machine: 0x8664 - amd64 2144.209c: Timestamp: 0x309fae94 2144.209c: Image Version: 10.0 2144.209c: SizeOfImage: 0xae000 (712704) 2144.209c: Resource Dir: 0xac000 LB 0x520 2144.209c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2144.209c: [Raw version resource data: 0xac0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)] 2144.209c: ProductName: Microsoft® Windows® Operating System 2144.209c: ProductVersion: 10.0.16299.431 2144.209c: FileVersion: 10.0.16299.431 (WinBuild.160101.0800) 2144.209c: FileDescription: Windows NT BASE API Client DLL 2144.209c: \SystemRoot\System32\KernelBase.dll: 2144.209c: CreationTime: 2018-05-10T07:44:26.866145400Z 2144.209c: LastWriteTime: 2018-04-15T21:51:08.343639800Z 2144.209c: ChangeTime: 2018-06-21T21:58:12.211789800Z 2144.209c: FileAttributes: 0x20 2144.209c: Size: 0x265c00 2144.209c: NT Headers: 0xf0 2144.209c: Timestamp: 0xde35406a 2144.209c: Machine: 0x8664 - amd64 2144.209c: Timestamp: 0xde35406a 2144.209c: Image Version: 10.0 2144.209c: SizeOfImage: 0x266000 (2514944) 2144.209c: Resource Dir: 0x245000 LB 0x548 2144.209c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2144.209c: [Raw version resource data: 0x2450b0 LB 0x3bc, codepage 0x0 (reserved 0x0)] 2144.209c: ProductName: Microsoft® Windows® Operating System 2144.209c: ProductVersion: 10.0.16299.402 2144.209c: FileVersion: 10.0.16299.402 (WinBuild.160101.0800) 2144.209c: FileDescription: Windows NT BASE API Client DLL 2144.209c: \SystemRoot\System32\apisetschema.dll: 2144.209c: CreationTime: 2017-09-29T13:42:07.095026600Z 2144.209c: LastWriteTime: 2017-09-29T13:42:07.095026600Z 2144.209c: ChangeTime: 2018-06-22T11:23:22.046763700Z 2144.209c: FileAttributes: 0x20 2144.209c: Size: 0x1b398 2144.209c: NT Headers: 0xc8 2144.209c: Timestamp: 0xf30abf31 2144.209c: Machine: 0x8664 - amd64 2144.209c: Timestamp: 0xf30abf31 2144.209c: Image Version: 10.0 2144.209c: SizeOfImage: 0x1c000 (114688) 2144.209c: Resource Dir: 0x1b000 LB 0x408 2144.209c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 2144.209c: [Raw version resource data: 0x1b060 LB 0x3a8, codepage 0x0 (reserved 0x0)] 2144.209c: ProductName: Microsoft® Windows® Operating System 2144.209c: ProductVersion: 10.0.16299.15 2144.209c: FileVersion: 10.0.16299.15 (WinBuild.160101.0800) 2144.209c: FileDescription: ApiSet Schema DLL 2144.209c: NtOpenDirectoryObject failed on \Driver: 0xc0000022 2144.209c: supR3HardenedWinFindAdversaries: 0x3 2144.209c: \SystemRoot\System32\drivers\SysPlant.sys: 2144.209c: CreationTime: 2018-06-21T22:54:45.387467300Z 2144.209c: LastWriteTime: 2018-06-21T22:54:45.387467300Z 2144.209c: ChangeTime: 2018-06-21T22:54:45.387467300Z 2144.209c: FileAttributes: 0x20 2144.209c: Size: 0x30548 2144.209c: NT Headers: 0xf0 2144.209c: Timestamp: 0x5a1adc8a 2144.209c: Machine: 0x8664 - amd64 2144.209c: Timestamp: 0x5a1adc8a 2144.209c: Image Version: 5.0 2144.209c: SizeOfImage: 0x31000 (200704) 2144.209c: Resource Dir: 0x2f000 LB 0x49c 2144.209c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2144.209c: [Raw version resource data: 0x2f0b8 LB 0x3e4, codepage 0x4e4 (reserved 0x0)] 2144.209c: ProductName: Symantec CMC Firewall 2144.209c: ProductVersion: 14.0.3856.1100 2144.209c: FileVersion: 14.0.3856.1100 2144.209c: FileDescription: Symantec CMC Firewall SysPlant 2144.209c: \SystemRoot\System32\sysfer.dll: 2144.209c: CreationTime: 2018-06-21T22:54:45.371840800Z 2144.209c: LastWriteTime: 2018-06-21T22:54:45.371840800Z 2144.209c: ChangeTime: 2018-06-21T22:59:33.688341600Z 2144.209c: FileAttributes: 0x20 2144.209c: Size: 0x7cee8 2144.209c: NT Headers: 0xf8 2144.209c: Timestamp: 0x5a1adc96 2144.209c: Machine: 0x8664 - amd64 2144.209c: Timestamp: 0x5a1adc96 2144.209c: Image Version: 0.0 2144.209c: SizeOfImage: 0x95000 (610304) 2144.209c: Resource Dir: 0x91000 LB 0x490 2144.209c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2144.209c: [Raw version resource data: 0x910b8 LB 0x3d8, codepage 0x4e4 (reserved 0x0)] 2144.209c: ProductName: Symantec CMC Firewall 2144.209c: ProductVersion: 14.0.3856.1100 2144.209c: FileVersion: 14.0.3856.1100 2144.209c: FileDescription: Symantec CMC Firewall sysfer 2144.209c: \SystemRoot\System32\drivers\symevent64x86.sys: 2144.209c: CreationTime: 2018-06-21T22:56:51.936529500Z 2144.209c: LastWriteTime: 2018-06-21T22:56:51.514650400Z 2144.209c: ChangeTime: 2018-06-21T22:56:51.514650400Z 2144.209c: FileAttributes: 0x20 2144.209c: Size: 0x19098 2144.209c: NT Headers: 0xe0 2144.209c: Timestamp: 0x59fcb42b 2144.209c: Machine: 0x8664 - amd64 2144.209c: Timestamp: 0x59fcb42b 2144.209c: Image Version: 6.2 2144.209c: SizeOfImage: 0x23000 (143360) 2144.209c: Resource Dir: 0x21000 LB 0x3c8 2144.209c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 2144.209c: [Raw version resource data: 0x210b8 LB 0x310, codepage 0x4e4 (reserved 0x0)] 2144.209c: ProductName: SYMEVENT 2144.209c: ProductVersion: 14.0.5.9 2144.209c: FileVersion: 14.0.5.9 2144.209c: FileDescription: Symantec Event Library 2144.209c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 2144.209c: Calling main() 2144.209c: SUPR3HardenedMain: pszProgName=VBoxHeadless fFlags=0x0 2144.209c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox' 2144.209c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe' has no imports 2144.209c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxHeadless.exe) 2144.209c: SUPR3HardenedMain: Respawn #2 2144.209c: Error (rc=-5640): 2144.209c: More than one thread in process 2144.209c: Error -5640 in supR3HardenedWinReSpawn! (enmWhat=1) 2144.209c: More than one thread in process 29ac.2ff0: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 15 ms, the end);