8.1218: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000164 g_uNtVerCombined=0xa0295a00 8.1218: \SystemRoot\System32\ntdll.dll: 8.1218: CreationTime: 2016-11-15T17:05:31.223700000Z 8.1218: LastWriteTime: 2016-10-25T09:41:10.545861300Z 8.1218: ChangeTime: 2016-11-16T01:08:00.593833900Z 8.1218: FileAttributes: 0x20 8.1218: Size: 0x1bc248 8.1218: NT Headers: 0xe0 8.1218: Timestamp: 0x580ee321 8.1218: Machine: 0x8664 - amd64 8.1218: Timestamp: 0x580ee321 8.1218: Image Version: 10.0 8.1218: SizeOfImage: 0x1c1000 (1839104) 8.1218: Resource Dir: 0x159000 LB 0x66218 8.1218: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 8.1218: [Raw version resource data: 0x1590f0 LB 0x390, codepage 0x0 (reserved 0x0)] 8.1218: ProductName: Microsoft® Windows® Operating System 8.1218: ProductVersion: 10.0.10586.672 8.1218: FileVersion: 10.0.10586.672 (th2_release_sec.161024-1825) 8.1218: FileDescription: NT Layer DLL 8.1218: \SystemRoot\System32\kernel32.dll: 8.1218: CreationTime: 2016-11-15T17:04:43.982432300Z 8.1218: LastWriteTime: 2016-09-07T05:39:18.648308100Z 8.1218: ChangeTime: 2016-11-16T01:07:29.744767300Z 8.1218: FileAttributes: 0x20 8.1218: Size: 0xac428 8.1218: NT Headers: 0xf0 8.1218: Timestamp: 0x57cf97d5 8.1218: Machine: 0x8664 - amd64 8.1218: Timestamp: 0x57cf97d5 8.1218: Image Version: 10.0 8.1218: SizeOfImage: 0xad000 (708608) 8.1218: Resource Dir: 0xab000 LB 0x528 8.1218: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 8.1218: [Raw version resource data: 0xab0b0 LB 0x3ac, codepage 0x0 (reserved 0x0)] 8.1218: ProductName: Microsoft® Windows® Operating System 8.1218: ProductVersion: 10.0.10586.589 8.1218: FileVersion: 10.0.10586.589 (th2_release.160906-1759) 8.1218: FileDescription: Windows NT BASE API Client DLL 8.1218: \SystemRoot\System32\KernelBase.dll: 8.1218: CreationTime: 2017-05-30T14:00:42.601264000Z 8.1218: LastWriteTime: 2017-04-28T04:30:22.219516600Z 8.1218: ChangeTime: 2017-05-30T14:50:22.488131100Z 8.1218: FileAttributes: 0x20 8.1218: Size: 0x1e7c10 8.1218: NT Headers: 0xf0 8.1218: Timestamp: 0x59029143 8.1218: Machine: 0x8664 - amd64 8.1218: Timestamp: 0x59029143 8.1218: Image Version: 10.0 8.1218: SizeOfImage: 0x1e8000 (1998848) 8.1218: Resource Dir: 0x1d1000 LB 0x548 8.1218: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] 8.1218: [Raw version resource data: 0x1d10b0 LB 0x3cc, codepage 0x0 (reserved 0x0)] 8.1218: ProductName: Microsoft® Windows® Operating System 8.1218: ProductVersion: 10.0.10586.916 8.1218: FileVersion: 10.0.10586.916 (th2_release_sec.170427-1350) 8.1218: FileDescription: Windows NT BASE API Client DLL 8.1218: \SystemRoot\System32\apisetschema.dll: 8.1218: CreationTime: 2015-10-30T07:17:57.502957900Z 8.1218: LastWriteTime: 2015-10-30T07:17:57.502957900Z 8.1218: ChangeTime: 2016-07-12T23:25:39.617444100Z 8.1218: FileAttributes: 0x20 8.1218: Size: 0x16d60 8.1218: NT Headers: 0xc8 8.1218: Timestamp: 0x5632d94c 8.1218: Machine: 0x8664 - amd64 8.1218: Timestamp: 0x5632d94c 8.1218: Image Version: 10.0 8.1218: SizeOfImage: 0x18000 (98304) 8.1218: Resource Dir: 0x17000 LB 0x400 8.1218: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 8.1218: [Raw version resource data: 0x17060 LB 0x3a0, codepage 0x0 (reserved 0x0)] 8.1218: ProductName: Microsoft® Windows® Operating System 8.1218: ProductVersion: 10.0.10586.0 8.1218: FileVersion: 10.0.10586.0 (th2_release.151029-1700) 8.1218: FileDescription: ApiSet Schema DLL 8.1218: NtOpenDirectoryObject failed on \Driver: 0xc0000022 8.1218: supR3HardenedWinFindAdversaries: 0x20 8.1218: \SystemRoot\System32\drivers\mfeavfk.sys: 8.1218: CreationTime: 2016-07-20T15:46:57.901686700Z 8.1218: LastWriteTime: 2017-03-30T18:00:27.932063500Z 8.1218: ChangeTime: 2017-03-30T18:00:27.932063500Z 8.1218: FileAttributes: 0x20 8.1218: Size: 0x59038 8.1218: NT Headers: 0xe8 8.1218: Timestamp: 0x57856390 8.1218: Machine: 0x8664 - amd64 8.1218: Timestamp: 0x57856390 8.1218: Image Version: 0.0 8.1218: SizeOfImage: 0x59000 (364544) 8.1218: Resource Dir: 0x57000 LB 0x758 8.1218: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 8.1218: [Raw version resource data: 0x57110 LB 0x334, codepage 0x0 (reserved 0x0)] 8.1218: ProductName: SYSCORE 8.1218: ProductVersion: 15.5.0.4030 8.1218: FileVersion: SYSCORE.15.5.0.4030 8.1218: PrivateBuild: SYSCORE.15.5.0.4030 F15,F16,F19 8.1218: FileDescription: Anti-Virus File System Filter Driver 8.1218: \SystemRoot\System32\drivers\mfefirek.sys: 8.1218: CreationTime: 2016-07-20T20:48:32.454572700Z 8.1218: LastWriteTime: 2017-03-30T18:00:31.151271200Z 8.1218: ChangeTime: 2017-03-30T18:00:31.151271200Z 8.1218: FileAttributes: 0x20 8.1218: Size: 0x7d438 8.1218: NT Headers: 0xf0 8.1218: Timestamp: 0x578563d4 8.1218: Machine: 0x8664 - amd64 8.1218: Timestamp: 0x578563d4 8.1218: Image Version: 0.0 8.1218: SizeOfImage: 0x7e000 (516096) 8.1218: Resource Dir: 0x7a000 LB 0x388 8.1218: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 8.1218: [Raw version resource data: 0x7a060 LB 0x328, codepage 0x0 (reserved 0x0)] 8.1218: ProductName: SYSCORE 8.1218: ProductVersion: 15.5.0.4030 8.1218: FileVersion: SYSCORE.15.5.0.4030 8.1218: PrivateBuild: SYSCORE.15.5.0.4030 F17,F18 8.1218: FileDescription: McAfee Core Firewall Engine Driver 8.1218: \SystemRoot\System32\drivers\mfehidk.sys: 8.1218: CreationTime: 2016-07-20T15:46:49.604177900Z 8.1218: LastWriteTime: 2017-03-30T18:00:28.516261100Z 8.1218: ChangeTime: 2017-03-30T18:00:28.516261100Z 8.1218: FileAttributes: 0x20 8.1218: Size: 0xd6438 8.1218: NT Headers: 0x100 8.1218: Timestamp: 0x57856358 8.1218: Machine: 0x8664 - amd64 8.1218: Timestamp: 0x57856358 8.1218: Image Version: 0.0 8.1218: SizeOfImage: 0xe1000 (921600) 8.1218: Resource Dir: 0xdd000 LB 0x758 8.1218: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] 8.1218: [Raw version resource data: 0xdd110 LB 0x320, codepage 0x0 (reserved 0x0)] 8.1218: ProductName: SYSCORE 8.1218: ProductVersion: 15.5.0.4030 8.1218: FileVersion: SYSCORE.15.5.0.4030 8.1218: PrivateBuild: SYSCORE.15.5.0.4030 F14,F15,F16,F18,F20 8.1218: FileDescription: McAfee Link Driver 8.1218: \SystemRoot\System32\drivers\mfewfpk.sys: 8.1218: CreationTime: 2016-07-20T20:45:41.731243700Z 8.1218: LastWriteTime: 2017-03-30T18:00:29.308150400Z 8.1218: ChangeTime: 2017-03-30T18:00:29.308150400Z 8.1218: FileAttributes: 0x20 8.1218: Size: 0x3dc38 8.1218: NT Headers: 0x100 8.1218: Timestamp: 0x57856365 8.1218: Machine: 0x8664 - amd64 8.1218: Timestamp: 0x57856365 8.1218: Image Version: 0.0 8.1218: SizeOfImage: 0x59000 (364544) 8.1218: Resource Dir: 0x57000 LB 0x380 8.1218: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] 8.1218: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)] 8.1218: ProductName: SYSCORE 8.1218: ProductVersion: 15.5.0.4030 8.1218: FileVersion: SYSCORE.15.5.0.4030 8.1218: PrivateBuild: SYSCORE.15.5.0.4030 F17,F18 8.1218: FileDescription: Anti-Virus Mini-Firewall Driver 8.1218: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 8.1218: Calling main() 8.1218: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 8.1218: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 8.1218: SUPR3HardenedMain: Respawn #1 8.1218: System32: \Device\HarddiskVolume2\Windows\System32 8.1218: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS 8.1218: KnownDllPath: C:\Windows\system32 8.1218: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 8.1218: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) 8.1218: supR3HardNtEnableThreadCreation: 8.1218: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffed8016d50 pvNtTerminateThread=00007ffed8045b20 8.1218: supR3HardenedWinDoReSpawn(1): New child d50.78c [kernel32]. 8.1218: supR3HardNtChildGatherData: PebBaseAddress=0000000000b24000 cbPeb=0x388 8.1218: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ffed7fa0000 uNtDllChildAddr=00007ffed7fa0000 8.1218: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ffed8016d50 8.1218: supR3HardenedWinSetupChildInit: Start child. 8.1218: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms. 8.1218: supR3HardNtChildPurify: Startup delay kludge #1/0: 516 ms, 58 sleeps 8.1218: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION 8.1218: *0000000000000000-000000000085ffff 0x0001/0x0000 0x0000000 8.1218: *0000000000860000-000000000087ffff 0x0004/0x0004 0x0020000 8.1218: *0000000000880000-0000000000894fff 0x0002/0x0002 0x0040000 8.1218: 0000000000895000-000000000089ffff 0x0001/0x0000 0x0000000 8.1218: *00000000008a0000-000000000099afff 0x0000/0x0004 0x0020000 8.1218: 000000000099b000-000000000099dfff 0x0104/0x0004 0x0020000 8.1218: 000000000099e000-000000000099ffff 0x0004/0x0004 0x0020000 8.1218: *00000000009a0000-00000000009a3fff 0x0002/0x0002 0x0040000 8.1218: 00000000009a4000-00000000009affff 0x0001/0x0000 0x0000000 8.1218: *00000000009b0000-00000000009b1fff 0x0004/0x0004 0x0020000 8.1218: 00000000009b2000-00000000009fffff 0x0001/0x0000 0x0000000 8.1218: *0000000000a00000-0000000000b23fff 0x0000/0x0004 0x0020000 8.1218: 0000000000b24000-0000000000b26fff 0x0004/0x0004 0x0020000 8.1218: 0000000000b27000-0000000000bfffff 0x0000/0x0004 0x0020000 8.1218: 0000000000c00000-000000007ffdffff 0x0001/0x0000 0x0000000 8.1218: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000 8.1218: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000 8.1218: 000000007fff0000-00007ff6ab8fffff 0x0001/0x0000 0x0000000 8.1218: *00007ff6ab900000-00007ff6ab922fff 0x0002/0x0002 0x0040000 8.1218: 00007ff6ab923000-00007ff6ac27ffff 0x0001/0x0000 0x0000000 8.1218: *00007ff6ac280000-00007ff6ac280fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 8.1218: 00007ff6ac281000-00007ff6ac2f0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 8.1218: 00007ff6ac2f1000-00007ff6ac2f1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 8.1218: 00007ff6ac2f2000-00007ff6ac336fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 8.1218: 00007ff6ac337000-00007ff6ac337fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 8.1218: 00007ff6ac338000-00007ff6ac338fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 8.1218: 00007ff6ac339000-00007ff6ac33dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 8.1218: 00007ff6ac33e000-00007ff6ac33efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 8.1218: 00007ff6ac33f000-00007ff6ac33ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 8.1218: 00007ff6ac340000-00007ff6ac343fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 8.1218: 00007ff6ac344000-00007ff6ac38bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe 8.1218: 00007ff6ac38c000-00007ffed7f9ffff 0x0001/0x0000 0x0000000 8.1218: *00007ffed7fa0000-00007ffed7fa0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 8.1218: 00007ffed7fa1000-00007ffed809dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 8.1218: 00007ffed809e000-00007ffed80defff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 8.1218: 00007ffed80df000-00007ffed80e7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 8.1218: 00007ffed80e8000-00007ffed80f4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 8.1218: 00007ffed80f5000-00007ffed80f5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 8.1218: 00007ffed80f6000-00007ffed80f8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 8.1218: 00007ffed80f9000-00007ffed8160fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll 8.1218: 00007ffed8161000-00007ffffffdffff 0x0001/0x0000 0x0000000 8.1218: *00007ffffffe0000-00007ffffffeffff 0x0001/0x0002 0x0020000 8.1218: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS) 8.1218: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports 8.1218: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports 8.1218: supR3HardNtChildPurify: Done after 548 ms and 0 fixes (loop #0). 8.1218: supR3HardNtEnableThreadCreation: d50.78c: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0xa0295a00 d50.78c: supR3HardenedVmProcessInit: uNtDllAddr=00007ffed7fa0000 g_uNtVerCombined=0xa0295a00 d50.78c: ntdll.dll: timestamp 0x580ee321 (rc=VINF_SUCCESS) d50.78c: New simple heap: #1 0000000000d00000 LB 0x400000 (for 1839104 allocation) d50.78c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' d50.78c: System32: \Device\HarddiskVolume2\Windows\System32 d50.78c: WinSxS: \Device\HarddiskVolume2\Windows\WinSxS d50.78c: KnownDllPath: C:\Windows\system32 d50.78c: supR3HardenedVmProcessInit: Opening vboxdrv stub... d50.78c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk... d50.78c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk... d50.78c: Registered Dll notification callback with NTDLL. d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll) d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll d50.78c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801: [calling] d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed4650000 LB 0x001e8000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0] d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll) d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed5a00000 LB 0x000ad000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0] d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed5a00000 'C:\Windows\system32\KERNEL32.DLL' d50.78c: supR3HardenedDllNotificationCallback: load 00007ff6ac280000 LB 0x0010c000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0] d50.78c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe) d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'. d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'. d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'dnsapi.dll'. d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\QIPCAP64.dll) d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\QIPCAP64.dll d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dnsapi.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dnsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dnsapi.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'ws2_32.dll'. d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'nsi.dll'. d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dnsapi.dll) d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dnsapi.dll d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #65 'user32.dll'. d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #67 'gdi32.dll'. d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'. d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'rpcrt4.dll'. d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll) d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll) d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume2\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'. d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sechost.dll) d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll) d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'user32.dll'. d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll) d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'gdi32.dll'. d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\user32.dll) d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008] d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'. d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\QIPCAP64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] d50.78c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dnsapi.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed7720000 LB 0x0009d000 C:\Windows\system32\msvcrt.dll [fFlags=0x0] d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed5400000 LB 0x0011c000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0] d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed56b0000 LB 0x0005b000 C:\Windows\system32\sechost.dll [fFlags=0x0] d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed7830000 LB 0x000a7000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0] d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed51d0000 LB 0x00043000 C:\Windows\system32\cfgmgr32.dll [fFlags=0x0] d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed5280000 LB 0x0006a000 C:\Windows\system32\bcryptPrimitives.dll [fFlags=0x0] d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll) d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed79b0000 LB 0x0027e000 C:\Windows\system32\combase.dll [fFlags=0x0] d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'. d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'bcryptprimitives.dll'. d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\combase.dll) d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\combase.dll d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed7c30000 LB 0x00156000 C:\Windows\system32\USER32.dll [fFlags=0x0] d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed5520000 LB 0x00186000 C:\Windows\system32\GDI32.dll [fFlags=0x0] d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed5ef0000 LB 0x00052000 C:\Windows\system32\shlwapi.dll [fFlags=0x0] d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #41 'gdi32.dll'. d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #42 'user32.dll'. d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll) d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed45c0000 LB 0x0000f000 C:\Windows\system32\kernel.appcore.dll [fFlags=0x0] d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcrt.dll'. d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'. d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll) d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel.appcore.dll d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed5110000 LB 0x000b5000 C:\Windows\system32\shcore.dll [fFlags=0x0] d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'rpcrt4.dll'. d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'. d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\SHCore.dll) d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\SHCore.dll d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed4600000 LB 0x0004b000 C:\Windows\system32\powrprof.dll [fFlags=0x0] d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'. d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed45e0000 LB 0x00014000 C:\Windows\system32\profapi.dll [fFlags=0x0] d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\profapi.dll) d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed4840000 LB 0x00644000 C:\Windows\system32\windows.storage.dll [fFlags=0x0] d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'. d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'rpcrt4.dll'. d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #59 'combase.dll'. d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #66 'profapi.dll'. d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\windows.storage.dll) d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\windows.storage.dll d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed5f50000 LB 0x0155c000 C:\Windows\system32\SHELL32.dll [fFlags=0x0] d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed5930000 LB 0x0006b000 C:\Windows\system32\WS2_32.dll [fFlags=0x0] d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed5770000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0] d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed2f60000 LB 0x000aa000 C:\Windows\SYSTEM32\DNSAPI.dll [fFlags=0x0] d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dnsapi.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedDllNotificationCallback: load 0000000068000000 LB 0x0005b000 C:\Windows\System32\QIPCAP64.dll [fFlags=0x0] d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\QIPCAP64.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'. d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\imm32.dll) d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume2\Windows\System32\combase.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\combase.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009: [calling] d50.78c: supR3HardenedDllNotificationCallback: load 00007ffed59c0000 LB 0x0003b000 C:\Windows\system32\IMM32.DLL [fFlags=0x0] d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ffed59c0000 'C:\Windows\system32\IMM32.DLL' d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'. d50.78c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'. d50.78c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\lsihok64.dll) d50.78c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lsihok64.dll d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'... d50.78c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008] d50.78c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\lsihok64.dll (Input=lsihok64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001: [calling] d50.78c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\lsihok64.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedDllNotificationCallback: load 0000000053bf0000 LB 0x0009b000 C:\Windows\system32\lsihok64.dll [fFlags=0x0] d50.78c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\lsihok64.dll [lacks WinVerifyTrust] d50.78c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000053bf0000 'C:\Windows\system32\lsihok64.dll' d50.78c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000068000000 'C:\Windows\System32\QIPCAP64.dll' d50.78c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ffed8016d50 pvNtTerminateThread=00007ffed8045b20 8.1218: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 600 ms. d50.78c: \SystemRoot\System32\ntdll.dll: d50.78c: CreationTime: 2016-11-15T17:05:31.223700000Z d50.78c: LastWriteTime: 2016-10-25T09:41:10.545861300Z d50.78c: ChangeTime: 2016-11-16T01:08:00.593833900Z d50.78c: FileAttributes: 0x20 d50.840: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust] d50.78c: Size: 0x1bc248 d50.78c: NT Headers: 0xe0 d50.78c: Timestamp: 0x580ee321 d50.78c: Machine: 0x8664 - amd64 d50.78c: Timestamp: 0x580ee321 d50.78c: Image Version: 10.0 d50.78c: SizeOfImage: 0x1c1000 (1839104) d50.78c: Resource Dir: 0x159000 LB 0x66218 d50.78c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] d50.78c: [Raw version resource data: 0x1590f0 LB 0x390, codepage 0x0 (reserved 0x0)] d50.78c: ProductName: Microsoft® Windows® Operating System d50.78c: ProductVersion: 10.0.10586.672 d50.78c: FileVersion: 10.0.10586.672 (th2_release_sec.161024-1825) d50.78c: FileDescription: NT Layer DLL d50.78c: \SystemRoot\System32\kernel32.dll: d50.78c: CreationTime: 2016-11-15T17:04:43.982432300Z d50.78c: LastWriteTime: 2016-09-07T05:39:18.648308100Z d50.78c: ChangeTime: 2016-11-16T01:07:29.744767300Z d50.78c: FileAttributes: 0x20 d50.78c: Size: 0xac428 d50.78c: NT Headers: 0xf0 d50.78c: Timestamp: 0x57cf97d5 d50.78c: Machine: 0x8664 - amd64 d50.78c: Timestamp: 0x57cf97d5 d50.78c: Image Version: 10.0 d50.78c: SizeOfImage: 0xad000 (708608) d50.78c: Resource Dir: 0xab000 LB 0x528 d50.78c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] d50.78c: [Raw version resource data: 0xab0b0 LB 0x3ac, codepage 0x0 (reserved 0x0)] d50.78c: ProductName: Microsoft® Windows® Operating System d50.78c: ProductVersion: 10.0.10586.589 d50.78c: FileVersion: 10.0.10586.589 (th2_release.160906-1759) d50.78c: FileDescription: Windows NT BASE API Client DLL d50.78c: \SystemRoot\System32\KernelBase.dll: d50.78c: CreationTime: 2017-05-30T14:00:42.601264000Z d50.78c: LastWriteTime: 2017-04-28T04:30:22.219516600Z d50.78c: ChangeTime: 2017-05-30T14:50:22.488131100Z d50.78c: FileAttributes: 0x20 d50.78c: Size: 0x1e7c10 d50.78c: NT Headers: 0xf0 d50.78c: Timestamp: 0x59029143 d50.78c: Machine: 0x8664 - amd64 d50.78c: Timestamp: 0x59029143 d50.78c: Image Version: 10.0 d50.78c: SizeOfImage: 0x1e8000 (1998848) d50.78c: Resource Dir: 0x1d1000 LB 0x548 d50.78c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)] d50.78c: [Raw version resource data: 0x1d10b0 LB 0x3cc, codepage 0x0 (reserved 0x0)] d50.78c: ProductName: Microsoft® Windows® Operating System d50.78c: ProductVersion: 10.0.10586.916 d50.78c: FileVersion: 10.0.10586.916 (th2_release_sec.170427-1350) d50.78c: FileDescription: Windows NT BASE API Client DLL d50.78c: \SystemRoot\System32\apisetschema.dll: d50.78c: CreationTime: 2015-10-30T07:17:57.502957900Z d50.78c: LastWriteTime: 2015-10-30T07:17:57.502957900Z d50.78c: ChangeTime: 2016-07-12T23:25:39.617444100Z d50.78c: FileAttributes: 0x20 d50.78c: Size: 0x16d60 d50.78c: NT Headers: 0xc8 d50.78c: Timestamp: 0x5632d94c d50.78c: Machine: 0x8664 - amd64 d50.78c: Timestamp: 0x5632d94c d50.78c: Image Version: 10.0 d50.78c: SizeOfImage: 0x18000 (98304) d50.78c: Resource Dir: 0x17000 LB 0x400 d50.78c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] d50.78c: [Raw version resource data: 0x17060 LB 0x3a0, codepage 0x0 (reserved 0x0)] d50.78c: ProductName: Microsoft® Windows® Operating System d50.78c: ProductVersion: 10.0.10586.0 d50.78c: FileVersion: 10.0.10586.0 (th2_release.151029-1700) d50.78c: FileDescription: ApiSet Schema DLL d50.78c: NtOpenDirectoryObject failed on \Driver: 0xc0000022 d50.78c: supR3HardenedWinFindAdversaries: 0x20 d50.78c: \SystemRoot\System32\drivers\mfeavfk.sys: d50.78c: CreationTime: 2016-07-20T15:46:57.901686700Z d50.78c: LastWriteTime: 2017-03-30T18:00:27.932063500Z d50.78c: ChangeTime: 2017-03-30T18:00:27.932063500Z d50.78c: FileAttributes: 0x20 d50.78c: Size: 0x59038 d50.78c: NT Headers: 0xe8 d50.78c: Timestamp: 0x57856390 d50.78c: Machine: 0x8664 - amd64 d50.78c: Timestamp: 0x57856390 d50.78c: Image Version: 0.0 d50.78c: SizeOfImage: 0x59000 (364544) d50.78c: Resource Dir: 0x57000 LB 0x758 d50.78c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] d50.78c: [Raw version resource data: 0x57110 LB 0x334, codepage 0x0 (reserved 0x0)] d50.78c: ProductName: SYSCORE d50.78c: ProductVersion: 15.5.0.4030 d50.78c: FileVersion: SYSCORE.15.5.0.4030 d50.78c: PrivateBuild: SYSCORE.15.5.0.4030 F15,F16,F19 d50.78c: FileDescription: Anti-Virus File System Filter Driver d50.78c: \SystemRoot\System32\drivers\mfefirek.sys: d50.78c: CreationTime: 2016-07-20T20:48:32.454572700Z d50.78c: LastWriteTime: 2017-03-30T18:00:31.151271200Z d50.78c: ChangeTime: 2017-03-30T18:00:31.151271200Z d50.78c: FileAttributes: 0x20 d50.78c: Size: 0x7d438 d50.78c: NT Headers: 0xf0 d50.78c: Timestamp: 0x578563d4 d50.78c: Machine: 0x8664 - amd64 d50.78c: Timestamp: 0x578563d4 d50.78c: Image Version: 0.0 d50.78c: SizeOfImage: 0x7e000 (516096) d50.78c: Resource Dir: 0x7a000 LB 0x388 d50.78c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] d50.78c: [Raw version resource data: 0x7a060 LB 0x328, codepage 0x0 (reserved 0x0)] d50.78c: ProductName: SYSCORE d50.78c: ProductVersion: 15.5.0.4030 d50.78c: FileVersion: SYSCORE.15.5.0.4030 d50.78c: PrivateBuild: SYSCORE.15.5.0.4030 F17,F18 d50.78c: FileDescription: McAfee Core Firewall Engine Driver d50.78c: \SystemRoot\System32\drivers\mfehidk.sys: d50.78c: CreationTime: 2016-07-20T15:46:49.604177900Z d50.78c: LastWriteTime: 2017-03-30T18:00:28.516261100Z d50.78c: ChangeTime: 2017-03-30T18:00:28.516261100Z d50.78c: FileAttributes: 0x20 d50.78c: Size: 0xd6438 d50.78c: NT Headers: 0x100 d50.78c: Timestamp: 0x57856358 d50.78c: Machine: 0x8664 - amd64 d50.78c: Timestamp: 0x57856358 d50.78c: Image Version: 0.0 d50.78c: SizeOfImage: 0xe1000 (921600) d50.78c: Resource Dir: 0xdd000 LB 0x758 d50.78c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)] d50.78c: [Raw version resource data: 0xdd110 LB 0x320, codepage 0x0 (reserved 0x0)] d50.78c: ProductName: SYSCORE d50.78c: ProductVersion: 15.5.0.4030 d50.78c: FileVersion: SYSCORE.15.5.0.4030 d50.78c: PrivateBuild: SYSCORE.15.5.0.4030 F14,F15,F16,F18,F20 d50.78c: FileDescription: McAfee Link Driver d50.78c: \SystemRoot\System32\drivers\mfewfpk.sys: d50.78c: CreationTime: 2016-07-20T20:45:41.731243700Z d50.78c: LastWriteTime: 2017-03-30T18:00:29.308150400Z d50.78c: ChangeTime: 2017-03-30T18:00:29.308150400Z d50.78c: FileAttributes: 0x20 d50.78c: Size: 0x3dc38 d50.78c: NT Headers: 0x100 d50.78c: Timestamp: 0x57856365 d50.78c: Machine: 0x8664 - amd64 d50.78c: Timestamp: 0x57856365 d50.78c: Image Version: 0.0 d50.78c: SizeOfImage: 0x59000 (364544) d50.78c: Resource Dir: 0x57000 LB 0x380 d50.78c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)] d50.78c: [Raw version resource data: 0x57060 LB 0x320, codepage 0x0 (reserved 0x0)] d50.78c: ProductName: SYSCORE d50.78c: ProductVersion: 15.5.0.4030 d50.78c: FileVersion: SYSCORE.15.5.0.4030 d50.78c: PrivateBuild: SYSCORE.15.5.0.4030 F17,F18 d50.78c: FileDescription: Anti-Virus Mini-Firewall Driver d50.78c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' d50.78c: Calling main() d50.78c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2 d50.78c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox' 8.1218: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000374 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 31 ms, the end);